I'm not an expert but I used 3cx with pfsense for 3 years at my previous job.

I had the same issue with no audio on one side on two different occasions with 3cx. 1. was when I did not have the full cone NAT configured properly. I don't have access to 3cx anymore but I remember there was a network troubleshooting utility. Until I fixed the NAT problem it would not return successful. This might help https://www.3cx.com/docs/pfsense-firewall/

The other time I had a similar issue was because the user vpn was not routing and using NAT instead. After I changed the OpenVPN config to routing and added the VPN static routes in pfsense pointing to the VPN server it worked.

I also remember there were instances where we would receive calls from external entities that used VOIP and those connections did not need to go through our SIP provider. I realized this because I had originally opened the SIP ports with the src address of the SIP provider, and most calls would work except from some specific vendors. After opening up the the SIP ports from "any" those vendors started working as well.

As far as iTalkBB, I have never used it, but pfBlockerNG just uses regular firewall rules. You can turn on logging and see if something is a miss. Or even faster test just temporarily disable the firewall rules and see if stuff starts working.

I have noticed the Geo IP is not 100%, so maybe you are running into an issue there. It was recommended somewhere that you don't block the world. I prefer to do the reverse which is just to allow specific countries.

Hope this helps!

@bbcan177 Thanks. I fixed it the usual way: delete and add it back in :-)

@gertjan You misunderstand me...

Firewall has a LAN IP.

I installed it from a workstation with a fixed ip.... not given by DHCP

@gertjan Can you share me Skype id or phone number for help. if you no issue.

I turned off inbound filtering completely instead and left the logging on for the outbound traffic.
It would be great if we could configure inbound and outbound logging separately in pfBlocker.

@wc2l Visit the Feeds tab, after every pfBlockerNG-devel update, there are some changes.

https://kriskintel.com/feeds/ktip_covid_domains.txt works fine here.

@jpvonhemel said in shopify sites:

When I disable pfblockerng, or add the domain to the whitelist, the sites load. I am not at home now, I’ll get back on the other questions, I know I the ip they resolve to is the same, and that is from Shopify.

Yeah, I ran across a similar event when I was trying to get to Maglite.com. I didn't disable pfBlockerNG, I just caught the Shopify by time stamp in the alert tab and did a temporary unlock on it. Maglite.com then worked.

@gertjan I ended up figuring out the problem, not that I remember what it ended up being to be totally honest though. thank you!

BBcan177 got ahold of me and suggested I move to the 3.0 devel version. That, and a force update of rules, fixed the issues. Plus, the new version has amazing features!

@bob-dig
It is not so crappy. ;)
Sorry to bother you - I will post everything you needed know to prevent you from signing up.

Thanks for your support !

@wizardofwhere I would get pfSense running good first before adding packages while you read up on what you want to accomplish as it sounds like you're somehow locking yourself out every 3hrs.

@bbcan177 that typing error was occured during making this post I tried to edit it but it does not let me to do so. its 192.168.100.0/24 .

Regards

@ex1580 I appreciate the post. I have the same TLD CN block and couldn't get past the OUT OF SYNC error until encountering your post. This does seem to be a defect on the surface but I'm interested to see how it ultimately resolves.

@harison Just off the top of my head I'd say to make sure that this setting is unchecked in Services/DNS Resolver/General Settings:

d2f51175-a5a1-4dcd-b29f-4fa90bf826ad-image.png

The above causes unbound to stop and reload itself every time a client requests a DHCP lease. During that time DNS resolution does not happen and therefore nothing trying to be reached by a domain name (www.google.com) can be reached on the net (unless it is already cached in the DNS).

Other than that, I think we're going to need a lot more info to help you. As a start, I'd suggest screenshots of your DNS and pfblocker settings as well as Status/System Logs/System/DNS Resolver and Status/System Logs/Gateways when the issue is happening.

When the web "crashes" can you ping 8.8.8.8 from the WAN as the source address in Diagnostics/Ping? What about www.google.com?

@bbcan177 said in "DNSBL Listening interface" best choice with VLANs?:

just keep it as "lan" and use the Permit firewall rule option to create a floating permit rule that will allow the other lan segments to access the DNSBL listening interface

Hello all,

I also work with the pfblocker and the DNSBL feeds.

What do I have to set so that the lists only work on the interface LAN?

Currently, I have the lists working on all interfaces.

I don't want that

@bbcan177 Thanks. I was hoping for a less involved solution. Though, I'll take what I can get.

@teamits
in other forums, they manage it the way, that maintainer/admin/mod is only allowed to post in that single thread. each version gives a new thread with the version specific changes. That will keep a history of the versions.

users can continue asking questions or whatever in different threads

@tzvia I had it set to 2.5. I had no idea that this setting impacts packages, especially since there's clear mention about this being related to firmware update...weird design.
Anyway, after changing it to 2.4.5, the _15 is gone from the list. Which I guess is ok.
Thanks.