@talaverde said in pfBlocker and High Availability CARP working?:

@jegr Gotcha. So, should I configure both nodes, each pointing to each other? With the main pfSense XMLRPC Sync, only the primary node is configured. Would this be the same with the pfB 'sync' tab? Or, as initially mentioned in this message, should I have both nodes configured to sync to each other? (I hope that makes sense). thanks.

Aye, pfSense Sync is always Master to Standby not the other way round. There's only one case I'm aware (the top part of the HA sync - pfsync settings) that actually speaks with each other rather than master to standby. So configure pfBNG to replicate from master to standby node (use sync settings would be easiest) and the standby node should receive the configuration for the package :)

@rmalla said in pfblockerNG - Do not Block on specific specific Interface:

@bbcan177 Dear BB, first of all, thanks for creating this great package. I've been playing with it for a couple of days but can't seem to find the correct config for me.

I have a kind of specific situation. I have my WAN (which fails regularly), so I have setup a USB Drive from my local cellphone company (which is very reliable, but I only have 5 GB per month quota). I have them setup as a Failover Wan, meaning, when WAN goes offline the USB goes online automatically.

The problem I've had the last couple of months is that my WAN goes offline (we don't even notice when its offline) and my family keeps on using the internet as usual (youtube, netflix, facebook etc etc) so the USB drive runs out in a matter of days.

So I would like to only block all the high bandwith services on the USB Drive (opt1 inteface), so when my wan is offline, everybody is able to use the internet, but not use the high bandwith services.

Is this possible with the current version of Pfblocker?

My bottom line is that I would like to apply the PFBlocker to the opt1, but not to the WAN interface.

Hello All,

Any news on this?

@bbrendon said in Best use of pfBlocker:

@stewart Yea, this is the way I do it. I create an alias in pfblocker and then make rules using it. Basically I say "if packet is not in goodcountries then block". This was the only way to do it a year or so ago and there might be new ways, but I haven't tried.

With pfBlockerNG-devel, you don't need to link the the GeoIP files anymore... it will still work, but you can now change the State field to the new GeoIP option :)

You can also use Auto-Rules and configure the Advanced In/Outbound Rule options to configure more settings for the Firewall Rules.

@tagit446 said in Question about included Feeds:

I could not even imagine all of the effort put into choosing certain feeds to be included. I know there are alot out there and its hard \

I started a new sub-Reddit for pfBlockerNG and started a Thread for Feed Feedback!
https://www.reddit.com/r/pfBlockerNG/comments/9t1w6o/pfblockerngdevel_feed_feedback/

Thank you for all of your hard work, pfBlockerNG is just absolutely brilliant!

Thanks!

@bbcan177
Thank you, that worked great!

@talaverde

Anything that is blocked will be logged to the Reports/Alerts tab. You can also use the Alerts Filter to refine searches. You can also increase the Alert Settings to increase the number of displayed events.

In Chrome, you can use this URL:

To see the DNS events. Anything blocked by DNSBL will be seen as blocked domains resolve to the DNSBL VIP Address.

@talaverde

I would think you issues might be that IPs/Domains are being blocked. Review the Alerts Tab for more details. You have sufficient hardware to handle pfBlockerNG.

You can also increase the pfSense DNS Resolver Log Verbosity to 2 and review the resolver.log for additional clues to see if there are other issues.

I, also, have been trying to make my DNS as secure as possible while using CARP, pfBlockerNG (devel) and PIA VPN. I tried configuring the Quad9 DNS, but ended up with a large list of DNS responses in dnsleaktest.com. According to the PIA KB / support, they say that as long as you use their DNS servers (209.222.18.222 & 209.222.18.218), your DNS is running inside their encrypted VPN tunnel anyway, so SSL/TLS isn't necessary. That logic seems sound. When properly configured, dnsleaktest.com responses with only one (PIA) DNS server. This is the only configuration I've found to do so. At this point, I've given up on Quad9.

I might be wrong. Having 12 Quad9 DNS servers respond to my DNS test may be better than one PIA VPN DNS server responding. I just don't trust seeing 12+ as I can't keep track of them all and don't like that many servers logging my data, even if they are (supposedly) anonymous.

Further, I've found PIA VPN to be the only one with their own DNS servers. I spent a lot of time testing out ExpressVPN. It's supposedly faster, but I did not find that to be true. Best guess, that is just based on some 'paid for' reviews.

@slimypizza

Click on the ! icons in the Alerts Tab. It will show several different Threat Lookup tools.

Take a look at :
https://forum.netgate.com/topic/129365/bypassing-dnsbl-for-specific-ips

Resolved by enabling System > Advanced > Firewall/NAT tab > Disable all auto-added VPN rules.

@xraisen said in pfBlockerNG Wizard tool:

I have installed it and located the dnsbl_default.php to edit and put a police logo. Because here in the Philippines, it's a nationwide banning of Porn. At least my clients will be educated under R.A of the Philippines

You shouldn't edit the "default" web page. Best to copy this file to a new file and then select this new file in the DNSBL tab.

On a package installation, the default file will be replaced.

Check/Lower the size of Log Settings (max lines) in the General Tab

@bbcan177 Something else I actually came across as well, is it looks like pfBlockerNG is filtering the port based on a different rule? (A different name shows up): here

@jacotec said in Keeping google ad injections blocked but allow google shopping search results?:

Is there ANY way to allow clicking on these search results but leaving the google advertise injections blocked? Something like "whitelist googleadservices if the host website is google.com"?

No its one way or the other unfortunately... Just need to tell people to not click on the Google search results that have "AD" in the Title.

@retestreak said in pfBlockerNG cURL 28 Error when updating DNSBL:

[ raw.githubusercontent.com ] Domain listed in DNSBL

Whitelist that domain from the Alerts tab.

Thank you.

please check this answer https://forum.netgate.com/topic/96636/netflix-vpn-block-how-to-fix/19