Good luck, I hope it works out for you this round. You may want to check under services – DNS resolver – General settings. That python mode is enabled. I don’t know I can’t remember if PFblocker-NG turns it on automatically when you install it or if you have to do it manually. Or even if it is necessary
It is solved now, I have removed error.log and pfblockerng.log . Remove check from keep setting in general tab then saved and re-check on keep setting and then save. Force update and every thing worked like a charm .
Well, as you can probably guess, there is no easy answer here. We all have varying needs, some only want to block ads, others try to keep their kids safe and this is one tool in the toolshed. Others are looking to GEOBLOCK... Me, not so much geoblock, as ad blocking and 'not-nice' sites, along with blocking public DNS, together with nat rules to redirect IOT back to PFSense for DNS. It took months of trial and error to come up with a workable mix, the lists are not maintained by BBcan (with the exception of his) but by 3rd parties. List owners can change as the lists are bought by new owners sometimes. Sometimes a list works well, then not so. Sometimes they are abandoned and don't get updated or disappear. So this is not a 'set and forget'. I pop into PFSense about once a month just to check that the lists are updating, or if there are newer lists that may do better that I could test out. It's the nature of internet security; it really IS shooting ducks in a barrel...
If you've had issues in the past with it, perhaps the way to go is to wade in a little at a time. Start with IP blocking only. Select the lists that appear to do what you are looking for, example, Emerging Threats, Talos, and I use cins army. You can round it out with a coinblocker and maybe a few others in other categories. Work with those for long enough to confirm they aren't blocking things that are causing issues. You could also go to their websites and read about their lists to determine what you think is important.
Once that is stable, you can do something similar with the DNSBL lists. Nothing is turnkey here. Things take time.
In the current climate blocking VPN end points is currenlty very useful. It appears at the moment about 50% of the scanners are from VPN sites. So from pfBlockerNG-devel using this feed in a block list is useful https://raw.githubusercontent.com/ejrv/VPNs/master/vpn-ipv4.txt
This 'telemetry' crap is common as dirt. Telemetry my arce. They are collecting data about usage- like where you go on the internet. See it with Firefox (incoming.telemetry.mozilla.org), my phones once I switched them to my internet carrier (v-collector.dp.aws.charter.com), MS does it (v10.vortex-win.data.microsoft.com)... you name it, they are trying to make a buck off your usage. Malwarebytes also has that 'browser guard'. I keep saying NO and sure enough it pops up again 'please turn me on'. Where else to better see where you are going, than with a plugin in the browser?
These days, many AV products are moving away from local 'definition' files/local scanning, to cloud based scanning. I get it, real time scanning, zero day bla bla. But I wonder what they are storing up there 'in the cloud'- their servers, and how it affects computer performance. Malwarebytes is on the mild side here- we use Fireeye at work and their xagt process can chew up 80% of the processor- you really feel it. Horrible. Maybe Malwarebytes has a central control console (not familiar with what they offer for business use) where you can turn telemetry off without having to manually do it on 200 machines...
@jperezme You may be looking for pfBlockerNG-devel, which we've had in use at all clients for several years and I've seen the package maintainer recommend. It looks like non-devel still does have some updates...two commits last year that weren't Netgate URLs or copyright dates. But -devel has way more functionality. We could not get the MaxMind codes to work with the non-devel version.
Hmm. There have been a few pfSense and pfBlockerNG updates since the instructions were posted. I wonder if something has changed that would affect that command. Unfortunately, I am not knowledgable enough to troubleshoot that - I was basically following a recipe to make this work. Sorry I can't be of more help here.
@lpd7 You can do that or create your own custom list then be sure to add to firewall floating rule with the quick set option check and that blocks quickly, instantly...I am away from my system and unable to share screen shots...hopefully someone will share.
E vi dirò subito che il treno dei casinò è una cosa abbastanza divertente, perché quando guardate i casinò dovete prestare attenzione a un sacco di cose, che inizia con il fatto che dovete prestare attenzione al fatto che il casinò sia sicuro o meno. E c'è anche un mucchio di altre sfumature a cui prestare attenzione quando si sceglie un casinò. Ma per non sprecare il vostro tempo, vi suggerisco di andare su questo sito https://icasinononaams.com/casino-online-europei/ , perché c'è già un buon casinò che è stato testato da migliaia di giocatori.
re the rep files https://dev.maxmind.com/geoip/whats-new-in-geoip2
"Finally, we also include a represented_country key for some records. This is used when the IP address belongs to something like a military base. The represented_country is the country that the base represents. This can be useful for managing content licensing, among other uses."
You do know you can use pfBlocker to create aliases using GeoIP country codes, under Firewall -> pfBlockerNG -> IP -> IPv4.
Allow SSH/SFTP access to a host in my DMZ from the UK & Ireland only.
pfBlockerng-devel, by itself, does nothing.
True, on the Firewall > pfBlockerNG > Feeds page it shows sources that could consider using.
pfBlockerng-devel has no affiliation with them (exception : the PRI5 BBcan177 feed maybe).
You should assure yourself that these sources do what you want, and that they (still) exist.
Most of them are created and maintained by a person or small group of persons, and as such, these feeds come, and go.
Btw : it has been seen that sources (feeds) included their own IP and/or host name as a DNSBL ^^
@akuma1x Thanks I will look these up. I like videos compared to text due to my learning style but the drawback is that there is the potential for wasted time due to older versions, superficial info or just plain lousy content which is why referrals is a good way to filter out the noise. Thanks again.
While using pfsense 220.127.116.11 pfblockerng allowed the selection of AS Numbers. But that has disappeared in the 2.1.4_26 version supported by pfsense 2.5.2. Can anyone advise what happened or how I can block a site by ASN