Got yea so even if you change the listening interface under the tab dnsbl from Lan to one of the Vlans it doesn't matter because as long pfsense is resolving all DNS queries they will be filtered. Thanks for the info.

@BBcan177 Thanks for pointing that one out to me, I will give it a try. Maybe an idea (but of course it's all up to you) to add this one in feature releases. Thanks for your quick help and of course a great package!!

Cheers Qinn

Is there a compelling reason for you to use floating rules? I only ask because I have a similar configuration, but using interface-specific firewall rules instead of floating, and I don't experience any issue with the "log packets handled by this rule" option being enabled automatically. It sounds like your configuration should work, but if using interface-specific rules instead is an option, it may at least be worth trying.

@bbcan177 Yes I can see so many and I just have seen there is a government one too lol

I shall take a look at the link

Many thanks

@darkopopo said in DNSBL Certificate errors:

I have disable loggin for Facbook in DNSBL Feeads.
Now when I do nslookup www.facebook.com I get addres: 0.0.0.0 and the Firefox error that the page does not exist.
How can I redirect to block page (dnsbl_default.php) ?

You can't... when you null route to 0.0.0.0 it doesn't do any logging, and hence no certificate errors... Next versions will leverage the python integration of Unbound which will allow for more integration, such as improved logging for null routing and logging of all permitted DNS requests but that is a ways off...

Thanks for your reply :D
the last 2 days i am studying how pfblockerng works and it turns out it can block the ad sites and harmful sites perfectly! such a great package and i am glad that i can finish this project finally.

@randomvmteam said in pfblockerNG generating PHP errors:

would it be easier to submit issues I find directly to the github page? (assuming pfsense/pfsense-packages)

Forum would be better.

Hi,

Thanks for your reply. I restored a VM backup up to the time the logging stopped. When reconfiguring pfblocker I made a change to the VIP address to be anything other then ending in a .1 and changed the max lines per log to 1000 instead of 20000. This seems to have solved my problem. Logging works now with all packages I have installed.

@kom O thank you for your help
I just didn't want to mess anything up lol

Thank you very much.

@dgall said in PFBLOCKER DNSBL Shallalist not working when I click on google links:

BBcab177 do you have a recommended list for blocking social media ? Steves list unfortunately blocked many things that had nothing to do with social media.

I would think the Category Blacklist(s) would be the best for that. Either Shallalist or UT1. YMMV

There is Squid Blacklist that is an option, but it is a paid service. You will have to download the Category template seperately in order to configure it:

fetch -o /usr/local/pkg/pfblockerng/squidblacklist_global_usage "https://gist.githubusercontent.com/BBcan177/b91d3c25667d326411b6fc4eb5c1f080/raw"

@bbcan177 said in pfblockernG-Dev Coinblocker and Cryptojackers URLs changes:

now available for both pfSense branches.

2.3.5-RELEASE-p2 (amd64) and 2.3.X DEVEL only offer 2.2.1.

@riaanwest said in pfblockerng:

Basically making pfblockerng to create an alias for each category referenced in shallalist so you can create manual firewall rules using those aliases pointing to lets say social networks?

You can't use FW_Rules with DNSBL tables.

DNSBL operate on the Domain Name space.

Firewall rules operate on the IP space.

@jwj said in Not understanding this ip block (https://ipinfo.io/AS32934):

So, it looks like ipv6 "tab" lists get incorrectly setup as ipv4 rules. And it looks like this has been fixed in the devel version.

Yes this is fixed in pfBlockerNG-devel

@mloiterman said in PHP Error on exhausted memory:

2.1.4_8

Best to move to pfBlockerNG-devel which will fix that issue.

perfect thanks!

I am so looking forward to the new version.
the dev version is excellent :)

So it looks like the openvpn range had the range it was last configured for, but not some of the others that had failed.

[2.4.3-RELEASE][root@pfsense.home]/root: ifconfig | grep inet inet6 fe80::224:b2ff:fedf:a196%bge0 prefixlen 64 scopeid 0x1 inet 73.82.108.146 netmask 0xfffffe00 broadcast 255.255.255.255 inet6 fe80::2e0:66ff:fe6a:c58f%bge1 prefixlen 64 scopeid 0x2 inet 10.10.0.1 netmask 0xffffff00 broadcast 10.10.0.255 inet 10.254.254.254 netmask 0xffffffff broadcast 10.254.254.254 inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3 inet 127.0.0.1 netmask 0xff000000 inet6 fe80::2e0:66ff:fe6a:c58f%bge1.2 prefixlen 64 scopeid 0x7 inet 10.1.0.1 netmask 0xffffff00 broadcast 10.1.0.255 inet6 fe80::2e0:66ff:fe6a:c58f%bge1.5 prefixlen 64 scopeid 0x8 inet 10.2.0.1 netmask 0xffffff00 broadcast 10.2.0.255 inet6 fe80::224:b2ff:fedf:a196%ovpns1 prefixlen 64 scopeid 0x9 inet 10.2.10.1 --> 10.2.10.2 netmask 0xffffffff inet6 fe80::224:b2ff:fedf:a196%ovpns2 prefixlen 64 scopeid 0xa inet 10.1.10.1 --> 10.1.10.2 netmask 0xffffffff

I think that my choice works out fine though, 10.254.254.254 is way out of the way.

@labradorg13 https://www.reddit.com/r/PFSENSE/comments/8lnugz/pfblockerng_devel_version_released/