@ronpfs said in pfBlockerNG-devel 3.0.0_10 won't uninstall: @smoothrunnings What version of pfsense? There was a "fix" to install unbound 1.13.1 Unbound crashes periodically with signal 11 Version 2.5.0-RELEASE (amd64) built on Tue Feb 16 08:56:29 EST 2021 FreeBSD 12.2-STABLE Currently system is on the latest version.

@ronpfs a pleasure. In your example there is a date, the missing data is the year. Feb 23 17:19:24 pfSense filterlog: 9,,,1000000103,xl0,match,block,in,4,0x0

@gertjan will try 800k

@mhab12 said in No pfBlockerNG alerts after update to 2102: Perhaps the log file locations are different after update to pfS+/2102? The file format changed, 2.5.0 is not using clog.

@BBcan177 Well, did a clean reinstall today and - Unbound python mode love is back ! What was it ? No clue, suspect that package updates did not worked well after 2.5.0. upgrade. Thanks all !

@beachbum2021 Often when the count is wrong, it is because you have identical Header/Label names. I can't tell much without more information on your setup.

@gertjan ok thank you :-)

@gertjan Is it possible to redirect blacklisted domains to a chose website ? (So, other than the internal 10.10.10.1 from pfblockerNG/pfsense appliance) Before, I used adguardHome which redirected every BL to a pixelserv-tls website. And it worked well, I'd like to reproduce this setup.

@daddygo Finally found the answer for the issue. There are option available to me. Disconnect Alexa or Add device-metrics-???.Amazon.com to DNSBL white list if it’s not already included. Replace ??? with relevant text [image: 1613660410341-bc97945d-752d-419d-8348-8bf3487051cf.jpeg] Hope it helps anyone out there with a similar issue.

Same problem happens when I type gpioctl 2 0 to disable the leds. Segmentation fault, core dumped.

@wolfsden3 said in New SafeSearch feature borked: the one that works LOL. What didn't work (well) using unbound, is that it reads all these files (the ones you listed) : 362 + 111 + 52.207.941 ( !!) + 2421 + 300 + 2272 == thousands of lines to be re parsed at process (re) start. There are systems that will takes tens of seconds (minutes) to so, and during this time the system goes to 100 %and DNS isn't working. That's why python mode was used : the python module handles the files, unbound just invokes the python "external' script to do the DNSBL business. IMHO : the so called "python mode" will be the only one being used in the future. The mode where files are included from the main unbound.conf will be abandoned. Give it a try ;)

@sweety i am here because I have similar problems. Mine is: ug(Removed due to SafeSearch conflict) uk(Removed due to SafeSearch conflict)unicom|university|uno|uol|ups| uy(Removed due to SafeSearch conflict) uz(Removed due to SafeSearch conflict)va|vacations|vana|vanguard| vc(Removed due to SafeSearch conflict) ...so dumb. There's NO CONFLICT! What's that have to do with FireFox's dumb DNS lookup in the browser if it's to be blocked? FFS these browsers are getting aggressive. So my white lists aren't working either as a result of this feature. TLD Whitelist - Missing data | mailchi.mp | No IP found! | For you to use your Windows DNS servers you simply need to setup your network like this: PC's = your windows DNS servers as their DNS servers Servers = your PFSense as their DNS servers PFSense = your outside DNS provider like OpenDNS, Google, Quad 9, etc, etc. It's not terribly difficult. Good luck!

@ronpfs said in pfBlockerNG-devel v3.0.0_9: @fireodo I am with Unbound Python mode, so I can't verify the difference in file between mode. But this may be normal, Hmmm, if I deactivate the DNS over HTTPS/TLS Blocking the Whitelist is reduced to 3 (in the pfblocker Widget - and also in the pfbdnsblsuppression.txt)

@teamits said in If i use pfBlockerNG will that take first hit before Suricata?: @cool_corona I reread your post and I understand your point. I guess I don't particularly care "who" is port scanning if they can't get in. I just assume "outside is bad." :) (also I missed that you weren't the OP, from the emailed notification) As I understand you, uour usage case is that someone scanning 10000 ports would get blocked before they get to the one open port, vs. if there was only one port open the LAN instance of Suricata wouldn't detect that as a port scan. It would trigger only if they sent a packet that would be forwarded by the one open port and blocked by the LAN instance. In that case the LAN instance is double scanning the packets, so I'm not sure there is as much benefit of scanning there? The LAN alerts might still be more useful for finding the LAN IP of outgoing traffic. Possibly, a way to reduce the double scanning would be to have only rules for port scanning enabled on WAN? Exactly the way I am doing it :)

@tac57 https://www.reddit.com/r/pfBlockerNG/comments/ldzsh3/can_no_longer_whitelist_ips_bug_or_user_error/