No its for all versions

@GregBinSD said in Shallalist and UT1 lists not working on 2.4.5-RELEASE/pfBlockerNG-devel 2.2.5_29: Can you tell me how long that might be? The pfSense devs need to review and approve. Hopefully next week.

@Gertjan @t41k2m3 Thank you for the details. I’ll make the jump to the -devel package first then. Are there any specific posts/blogs you would recommend to get up to speed on any critical changes or potential gotchas that might extend my maintenance window? My router is usually hovering around 3% CPU and 19% memory utilization with pfblocker, squid, squidguard, snort, and a few other pkgs running. these stats are with no inbound OpenVPN client tunnels active or outbound IPsec VPN to my Oracle Cloud IaaS tenancy up. Still, plenty of resource capacity.

I still get nothing, In the post above i always get the same error , "Missing DNSBL stats and/or Unbound DNSBL conf file - Rebuilding" V/r Tony

Really nobody did it?

Hello! Are you using ram disks in System/Advanced/Miscellaneous? This sounds oddly similar to these : https://forum.netgate.com/topic/151591/sort-4-not-downloading-vrt-rules/ https://forum.netgate.com/topic/151634/php-errors/ John

Uh...Base64 is not a number base. It is a method for encoding binary values as text strings. See Wikipedia here: https://en.wikipedia.org/wiki/Base64.

you can add list from DNSBL / DNSBL groups and press ADD, insert that link save and enable it for the regex stuff i found this on redmine https://www.reddit.com/r/pfBlockerNG/comments/d01qod/can_pfblocker_block_urls_by_regex/ez56ta3/ This will be available in the next major release as it will utilize the Unbound python integration. it's 6 months old idk how are things going on about it update here https://www.reddit.com/r/PFSENSE/comments/fj1ks8/migrating_from_pihole_to_pfblockerng/ Will be in the next pfBlockerNG-devel release when pfSense 2.4.5 is released.

@techman2005 I just looked up scan.nextcloud.com and it resolved to 95.217.53.149, so you may need to actually edit the file /var/log/pfblockerng/ip_blocklog and remove the IP. I don't understand why it didn't adjust the data when you added the domain, saved, and reload. You could scroll to the right of that log file to see the list it belong to and try adding the IP to the custom list I think...maybe @BBcan177 can step in.

Spent more time reviewing the changes I made. If I am not mistaken the pfB_Top_v4 alias is made by enabling GeoIP blocking (any of the lists there). In my case I enabled Top Spammers list and with action 'deny outbound'. After disabling 'GeoIP Top Spammers' the ubuntu updates began working.

Hello All. I would like to ask about the following. I have some IPs bundled in an ALIAS and these IPs should bypass pfBlockerNG. When I unselect these IPs by their dedicated VPN-Interface in "Select Outbound Firewall Interface", these IPs are still get filtered by pfBlocker. Is this the reason for for this because of checking the option for floating rules (Open VPN) in DNSBL firewall rules? Nevertheless, I found wesfox's link for bypassing single IPs. Would this be the right way to bypass pfBlockerNG for some LAN IPs? Thx for your support in advance.

@A-Former-User said in TLD white list not working: @wolfsden3 said in TLD white list not working: Well thanks for the discussion, I learned a few things that I'll implement at other locations. Looks like they have 760k DNS queries per day on that FW. I'm not sure if that's a lot or not. Minimizing DNS queries is my next project although the FW is doing it's job and fairly well I think. I'll fart around with this. I'm not sure if other sites are experiencing this too. They might very well be. Thanks again. last thing i promise. below i have screenshot and posted my firewall rules: Floating: [image: 1583339383333-float.png] WAN: [image: 1583339397881-wan.png] LAN: [image: 1583339407228-lan.png] GUESTVLAN: [image: 1583339423550-guest.png] blacked out information is just rules for my openvpn I just got to say I like your firewall arrangement...bravo!

Managed to choke pfSense with 4GB ram and pfBlockerNG to not answer to icmp echo anymore. So my theory stands: Add more memory.

I’ll try less feeds. It’s a sg-1100 appliance so I can’t add memory

@timboau-0 said in pfBlockerNG and Suricata (IPS) interaction: OK, I'm thinking that makes sense - so unless there was an attack against the actual firewall - any traffic that did make it through malicious or not would be 'seen' traversing through to the LAN. Yes, this is correct. The LAN is the best place to put an IDS/IPS 99% of the time. A major reason is so, when using NAT, the IP addresses you see in alerts will be the actual LAN host addresses instead of the NAT IP. When you put the IDS/IPS on the WAN, all internal host traffic shows up under the WAN public IP due to NAT. So finding what internal host generated an alert is very difficult.

I stopped using chrome and switched to the Brave browser (Download from the official site- https://brave.com). I forgot about advertising on YouTube. Brave was created by Brendan Eich, one of the founders of the JavaScript programming language, using the Blink engine (developed by Google). All popular browsers are created on this engine - Opera, FireFox and Chrome itself.