@wc2l Visit the Feeds tab, after every pfBlockerNG-devel update, there are some changes. https://kriskintel.com/feeds/ktip_covid_domains.txt works fine here.

@jpvonhemel said in shopify sites: When I disable pfblockerng, or add the domain to the whitelist, the sites load. I am not at home now, I’ll get back on the other questions, I know I the ip they resolve to is the same, and that is from Shopify. Yeah, I ran across a similar event when I was trying to get to Maglite.com. I didn't disable pfBlockerNG, I just caught the Shopify by time stamp in the alert tab and did a temporary unlock on it. Maglite.com then worked.

@gertjan I ended up figuring out the problem, not that I remember what it ended up being to be totally honest though. thank you!

BBcan177 got ahold of me and suggested I move to the 3.0 devel version. That, and a force update of rules, fixed the issues. Plus, the new version has amazing features!

@bob-dig It is not so crappy. ;) Sorry to bother you - I will post everything you needed know to prevent you from signing up. Thanks for your support !

@wizardofwhere I would get pfSense running good first before adding packages while you read up on what you want to accomplish as it sounds like you're somehow locking yourself out every 3hrs.

@bbcan177 that typing error was occured during making this post I tried to edit it but it does not let me to do so. its 192.168.100.0/24 . Regards

@ex1580 I appreciate the post. I have the same TLD CN block and couldn't get past the OUT OF SYNC error until encountering your post. This does seem to be a defect on the surface but I'm interested to see how it ultimately resolves.

@harison Just off the top of my head I'd say to make sure that this setting is unchecked in Services/DNS Resolver/General Settings: [image: 1615557859064-d2f51175-a5a1-4dcd-b29f-4fa90bf826ad-image.png] The above causes unbound to stop and reload itself every time a client requests a DHCP lease. During that time DNS resolution does not happen and therefore nothing trying to be reached by a domain name (www.google.com) can be reached on the net (unless it is already cached in the DNS). Other than that, I think we're going to need a lot more info to help you. As a start, I'd suggest screenshots of your DNS and pfblocker settings as well as Status/System Logs/System/DNS Resolver and Status/System Logs/Gateways when the issue is happening. When the web "crashes" can you ping 8.8.8.8 from the WAN as the source address in Diagnostics/Ping? What about www.google.com?

@bbcan177 said in "DNSBL Listening interface" best choice with VLANs?: just keep it as "lan" and use the Permit firewall rule option to create a floating permit rule that will allow the other lan segments to access the DNSBL listening interface Hello all, I also work with the pfblocker and the DNSBL feeds. What do I have to set so that the lists only work on the interface LAN? Currently, I have the lists working on all interfaces. I don't want that

@bbcan177 Thanks. I was hoping for a less involved solution. Though, I'll take what I can get.

@teamits in other forums, they manage it the way, that maintainer/admin/mod is only allowed to post in that single thread. each version gives a new thread with the version specific changes. That will keep a history of the versions. users can continue asking questions or whatever in different threads

@tzvia I had it set to 2.5. I had no idea that this setting impacts packages, especially since there's clear mention about this being related to firmware update...weird design. Anyway, after changing it to 2.4.5, the _15 is gone from the list. Which I guess is ok. Thanks.

@illern p1 fixed the kernel lock issue but this is another :(

@guilty Figured out the issue. Google Wifi was causing this behavior. The only way I found out was hard wiring in. So Google wifi is doing something with the DNS requests as they come in.... why they do that...who knows. I was planning on removing Google Wifi soon. This is yet another reason to get rid of it.

@bbcan177 said in pfBlockerNG 2.1x - fix for Talos feed and Cloudflare 1.1.1.1 DNS: > I hear you Man, I'm with you, you communicate poorly, these people believe in you, so in nothing else. OPEN SOURCE

Zombie thread resurrection as this issue is back due to a regression. Link to new thread: https://forum.netgate.com/topic/161817/pfblockerng-2-1x-fix-for-talos-feed-and-cloudflare-1-1-1-1-dns

@rjk13230 ??? pfB has only ever had a entry under the Firewall menu that I'm aware of.

@mcury said in pfblockerng 3.0.0_15 not available in 2.4.5p1: I really don't want to run with only one cpu Right, I was just pointing that out as an apparent workaround until the PHP issues are fixed, for someone who can't downgrade and doesn't want to run with out Snort or pfBlocker. Haven't tried it myself. re: 3100 date: blog post: Introducing the SG-3100 Firewall Appliance by Doug McIntire on 05 Sep 2017