@ronpfs a pleasure. In your example there is a date, the missing data is the year. Feb 23 17:19:24 pfSense filterlog: 9,,,1000000103,xl0,match,block,in,4,0x0

@gertjan will try 800k

@mhab12 said in No pfBlockerNG alerts after update to 2102: Perhaps the log file locations are different after update to pfS+/2102? The file format changed, 2.5.0 is not using clog.

@BBcan177 Well, did a clean reinstall today and - Unbound python mode love is back ! What was it ? No clue, suspect that package updates did not worked well after 2.5.0. upgrade. Thanks all !

@beachbum2021 Often when the count is wrong, it is because you have identical Header/Label names. I can't tell much without more information on your setup.

@gertjan ok thank you :-)

@gertjan Is it possible to redirect blacklisted domains to a chose website ? (So, other than the internal 10.10.10.1 from pfblockerNG/pfsense appliance) Before, I used adguardHome which redirected every BL to a pixelserv-tls website. And it worked well, I'd like to reproduce this setup.

@daddygo Finally found the answer for the issue. There are option available to me. Disconnect Alexa or Add device-metrics-???.Amazon.com to DNSBL white list if it’s not already included. Replace ??? with relevant text [image: 1613660410341-bc97945d-752d-419d-8348-8bf3487051cf.jpeg] Hope it helps anyone out there with a similar issue.

Same problem happens when I type gpioctl 2 0 to disable the leds. Segmentation fault, core dumped.

@wolfsden3 said in New SafeSearch feature borked: the one that works LOL. What didn't work (well) using unbound, is that it reads all these files (the ones you listed) : 362 + 111 + 52.207.941 ( !!) + 2421 + 300 + 2272 == thousands of lines to be re parsed at process (re) start. There are systems that will takes tens of seconds (minutes) to so, and during this time the system goes to 100 %and DNS isn't working. That's why python mode was used : the python module handles the files, unbound just invokes the python "external' script to do the DNSBL business. IMHO : the so called "python mode" will be the only one being used in the future. The mode where files are included from the main unbound.conf will be abandoned. Give it a try ;)

@sweety i am here because I have similar problems. Mine is: ug(Removed due to SafeSearch conflict) uk(Removed due to SafeSearch conflict)unicom|university|uno|uol|ups| uy(Removed due to SafeSearch conflict) uz(Removed due to SafeSearch conflict)va|vacations|vana|vanguard| vc(Removed due to SafeSearch conflict) ...so dumb. There's NO CONFLICT! What's that have to do with FireFox's dumb DNS lookup in the browser if it's to be blocked? FFS these browsers are getting aggressive. So my white lists aren't working either as a result of this feature. TLD Whitelist - Missing data | mailchi.mp | No IP found! | For you to use your Windows DNS servers you simply need to setup your network like this: PC's = your windows DNS servers as their DNS servers Servers = your PFSense as their DNS servers PFSense = your outside DNS provider like OpenDNS, Google, Quad 9, etc, etc. It's not terribly difficult. Good luck!

@ronpfs said in pfBlockerNG-devel v3.0.0_9: @fireodo I am with Unbound Python mode, so I can't verify the difference in file between mode. But this may be normal, Hmmm, if I deactivate the DNS over HTTPS/TLS Blocking the Whitelist is reduced to 3 (in the pfblocker Widget - and also in the pfbdnsblsuppression.txt)

@teamits said in If i use pfBlockerNG will that take first hit before Suricata?: @cool_corona I reread your post and I understand your point. I guess I don't particularly care "who" is port scanning if they can't get in. I just assume "outside is bad." :) (also I missed that you weren't the OP, from the emailed notification) As I understand you, uour usage case is that someone scanning 10000 ports would get blocked before they get to the one open port, vs. if there was only one port open the LAN instance of Suricata wouldn't detect that as a port scan. It would trigger only if they sent a packet that would be forwarded by the one open port and blocked by the LAN instance. In that case the LAN instance is double scanning the packets, so I'm not sure there is as much benefit of scanning there? The LAN alerts might still be more useful for finding the LAN IP of outgoing traffic. Possibly, a way to reduce the double scanning would be to have only rules for port scanning enabled on WAN? Exactly the way I am doing it :)

@tac57 https://www.reddit.com/r/pfBlockerNG/comments/ldzsh3/can_no_longer_whitelist_ips_bug_or_user_error/

@srig Hi! The only domain I whitelisted for the Ikea gateway to work was webhook.logentries.com. But now I got rid of the Ikea gateway. I hate it when a device will not work when you block all the telemetry and "phone-home" domains.

So I have multiple subnets, as follows: VLAN30 (10.27.200.0/24) - LAN (Servers, no DHCP) VLAN202 (10.27.202.0/24) - IoT VLAN204 (10.27.204.0/24) - DHCP (Clients, non-server devices) All my devices that are not servers connect to VLAN204, except my AppleTV and any IoT devices (including IP Cameras), these are on VLAN202. I have an ANY* rule from VLAN30 and VLAN204 to all other VLANS. VLAN202 can only talk out of the WAN interface and are blocked from communicating with VLAN30, but can talk to VLAN204, with the exception of DHCP, DNS, and mDNS, those can talk to VLAN30. I have pfBlocker Outbound rules set for VLAN30, 202, and 204, and Inbound for WAN. I have no NAT to the IoT network. I also don't use this firhol, which is most likely a huge difference. So, one thing is that since my iPhone, on VLAN204 can talk to my Phillips Hue on VLAN202, and vice versa, and I have mDNS reflection enabled, I think that is the key. The Homekit hub is only needed when the client device (iPhone) cannot directly talk to the IoT device, it then routes through iCloud. I'm not sure where you are applying the alias to, I will try to duplicate you setup if possible and see if I break things (the wife would be happy for sure).