@johnpoz said in Deny all except a country: will then see it normal pfse Thanks you very much, it is very clear and there are not post that explain it as well

I will keep an eye out for it - maybe you have some app trying to use it? Just took a look at my log for dot.. Only my shield TV is hitting it now and then.. Seems to try once an hour ;) [image: 1627298290320-dot.png] And good thing is - its trying it to the dns I have set it to use.

@gertjan said in py_error.log errors: maxmindb and _sqlite3 modules not found: But sometimes I (re) discover that the GUI does have it's advantages. I agree with this, pfS GUI is sophisticated, but there are some things it can't even do...

@steveits I disabled many things of pfBlocker NG (which is the latest version) I think my guess was right, the rules were not correctly (re-)loaded because of the IPv4 + IPv6 Alias which pfBlockerNG (DNSBL) automatically generates. Editing these aliases is evil (and does not really work permanently) so I disabled the DNSBL feature and now everything (re-)loads fine.... Cheers 4920441

@marc05 yes indeed, if the rule exists it is checked against it, unless you match with a quick rule then it stops matching further at that point. Advantage of floating rules you can make them quick rules. If you want to reduce the checks you would want to prune rules or try consolidate them etc. or structure quick rules for known good traffic.

Anyone? No one? pfSense is allowing stuff to bypass the firewall if it's whitelisted in SquidGuard and no one is alarmed about that?

@ronpfs said in Resolver Live Sync: @stewart Resolver Live Sync is using unbound-control(8) to modify unbound internal database instead or restarting unbound. Glad to hear that. Is anything lost or does anything change that we would see? Or is it all back-end and everything presents the same to the users? I assume we check that box and all we see is that Unbound doesn't restart as often.

I have this issue also with pfblocker and the Amazon app (Android). I whitelist the domains that I saw in the report log but I still have the dog screen come up stating "UH-OH Something went wrong on our end." What's odd is that this only happens when searching and it only happens when searching certain terms. Has anyone found the exact domains to whitelist? (aan.amazon.com did not do it for me)

@jegr yes Ive had that checked. been running Pfblocker for the past 3 upgrades on the same pf instance.

i have the same error to after upgrading from 2.5.1 to to 2.5.2

@gertjan Thank You. Works great!!

If you have nothing running on 80, it shouldn't be a problem - but that alias is every IP on your firewall. For such a rule it would be bad practice to use such an alias. Would you mind PM the domain your using for acme - curious to see who the SOA is for this domain.

I have made the changes in this thread related to the 2.5.2 upgrade and pfBlockerNG. I think the issue is now fixed https://forum.netgate.com/topic/165000/error-loading-firewall-rules