Believe it or not, I simply rebooted the first pfSense machine (the one that manifested the "not active" pfBlocker CARP VIP after every hourly or manual forced pfB update) and lo and behold, now it actually works. The all time classic IT Crowd quote from Gary "Have you tried turning it off and on again" worked once again! I am baffled.

@Gertjan
This was almost 15 hours after the install. It's not done it again, pfBlocker is on a once daily update, so hopefully it doesn't do it again.

@SteveITS
The "new-rules-not-applied" article you linked led me to Status > Filter Reload where I saw a loading error of pfB and adjusted a setting in the Advanced>NAT tab which fixed the problem.
Thank you for this quick response.

@michmoor oh damn, im so sorry. forget what i say... im going back to school! shame on me

@areckethennu It's probably a bad thing to reply to myself, but I reported this to the Phishing Army list OP and he said he'd fix it shortly. So, hopefully, things will resolve themselves soon.

@SteveITS said in DNSBL just Work when DNS Resolver Enable:

“UnKnown” is not a functional problem, you can ignore it.

While technically true - If I get an unknown for the dns I am using - it points to badly managed dns... Why would there not be a PTR for everything on your network ;)

If your going to setup forward zones, you might as well setup the reverse zones for the IP ranges you use on your network. pfsense makes it easy because you put in the host override, the ptr is auto there for that host, etc.

@SteveITS Got it! Thank you!!

Geo41.png
GeoIP4.png
Geo5-fwrule.png
GeoIP6-status.png

@Yet_learningPFSense said in I want to block the IP addresses assigned by ISPs to general households.:

I have noticed some IP addresses belonging to providers in Korea and Africa (confirmed using whois, such as *.telecom) which appear somewhat suspicious to me.

Where did you notice them? The net is a noisy place - you will see noise from all over the planet hitting your wan IP.. So? They are dropped by default.

If you have some port forwards open, just allow the IPs you want to allow. For example, my plex server the only thing that can talk to it are IPs from the US, and currently Morocco (since have family currently living there).. And the list of known IPs that plex uses to validate your server is available to the public.. And the known IPs that monitor if my plex is working, and notifies me if its down.

Simple enough to do in pfblocker - because you can create lists based upon country (geoip data) or other Ips you want to allow - uptime robot and statuscake for example doing the monitoring provide lists of IPs they use.

Or did you notice your devices connecting outbound to these weird IPs? in other countries?

@SteveITS Hmmm I see what you mean, I'll have to see if I can duplicate this. My setup right now though is to use block lists and then I use alias lists for any allowances I am making, so I think that avoids dedup issues.

@Bartballon hello let me try to help, how is the PfSense configuration set to resolve is it going to WAN 8.8.8.8 or 1.1.1.1 or the domain controller? Do you have a host override for a proxy also?

Also I found
"If unbound does not start correctly after entering custom options, add server: on a line at the top of the custom options text area."

Ref:
https://docs.netgate.com/pfsense/en/latest/services/dns/resolver-config.html

I found another post on this with a working version of what you want to do, user was asking how to make it resolve faster. Maybe this will help?

https://forum.netgate.com/topic/144091/ad-domain-controller-as-local-dns-forwarding-to-pfsense/10

https://forum.netgate.com/topic/140346/forward-dns-queries-to-active-directory-dns-server/9

@SteveITS I've tried with two different ISP, nothing happened bro.

a90b0839-aefc-4aa9-9dc2-16ce235bb115-image.png

@Gertjan
Thanks for your help :-)

For repair -> pfSense-upgrade -d -c

As soon as I post that it goes back down..

@SteveITS
Setting the State to OFF just disables the feed but it does not delete it. I'm trying to find a way to delete the feed.

It looks as though there is a bug in pfB. Time to call in the big gun, BBCan177.

I was also looking for a solution to this. Looking for a way to block just tictok videos, but keep Facebook running again it's all under Facebook's domain so you can't have one without the other. Alot of tedious fine tuning and I am sure you could find away with certificates installed but devices that are running splice or transparent would not see the specifics.

@michmoor Thank you. I had been using the same PFBlocker list that I installed about three months ago, but recently it seemed to have added the ranking page to the block list, probably due to the inclusion of ads. Since I want to view the ranking page, I resolved the issue by adding it to the whitelist.

@RandyWIlliams1

The best advise is already mentioned above !
The real issue is probably mentioned in the fine print, shown when you subscribed : they (paramount) give you content that you want ... but they give more then that : content that you don't want.
They said : you also paid for this non-wanted content (actually : you want it, as you accepted the fine print), and we (paramount) pay engineers that take care of the 'you will see what we send you, no matter what' (yep, you pay them to make your life ... let's say : less easy ?!)
So : the stop paying them - or upgrade from 'Plus' to 'Gold'.

If I was working for paramount, and they asked me - with a nice pay rise as a reward : make a system that blast adds all over our customers screen, I would make something like this :
Have the add pages loaded with some javascript build in.
When the browser finished showing this page, the javascript signals back with some sort of token.
This token frees up the 'right' to see some more content.
Now, when you block this add, .... you block everything.
(I'm just inventing this of course).

True, pfBlockerng can do a lot for you.
But it's not a activate-it-and-forget-it tool. You have to check it, and worse : understand what it does, why it does what it does, and what it can't do.

Sometimes the simplest solution is also the good solution ;)

edit : whitelisting the IP of the device you are using paramount is also 'a solution'.

I am experiencing this same issue even on 23.05+ and the latest release of pfBlockerNG 3.2.0_5. When the widget is enabled to clear the daily counters, the blocks get cleared, but not the queries which skews the percentages. Even if I clear them manually from the widget, sometimes I have to do it multiple times to get the actual query count to clear. To be fair, this has always been an issue since I started using pfSense about 9 months ago (22.05+, 23.01+, and now 23.05+).

I reported this before, but no one ever responded. Not the end of the world. The one feature I miss having from Pi-hole is the default view of the last 24 hours of activity on the main screen.

@SteveITS Yeah I realized afterwards that I hadn't clicked the github link lol, doesn't look like that much of an update though.

And thanks for the Redmine link, I should've checked there too. No updates on that one in quite a while though sadly.

Once I enabled python mode in DNSBL and removing thing from ubound custom option views etc setting and then save and select reload and click run from update tab . Once it is done I overse dns failed :/

C:\Users\laptop>nslookup fortinet.com DNS request timed out. timeout was 2 seconds. Server: UnKnown Address: 172.16.16.254 DNS request timed out. timeout was 2 seconds. DNS request timed out. timeout was 2 seconds. DNS request timed out. timeout was 2 seconds. DNS request timed out. timeout was 2 seconds. *** Request to UnKnown timed-out

172.16.16.254 is my LAN IP or you can say act as dns as well.

As I revert back setting swtiching pfblockerng from python mode to unbound and add custom option for adding view bypass ips things work fine .

C:\Users\scorpoin>nslookup fortinet.com Server: pfSense.local.landomain Address: 172.16.16.254 Non-authoritative answer: Name: fortinet.com Addresses: 54.177.212.176 54.151.118.105

I don't get it what am I doing wrong ?

Regards

@smolka_J

Well all I did for now removed all TLD entries and added it into DNSBL whitelist and DNSBL custom list to block for now. It does not take much time as it was in previous. Yellow triangle is gone as well.

@kiekar

Right, that is a reason to use some (GEO) IP blocking for incoming connection on WAN.

@provels They changed the method a couple versions ago. It isn't really documented as such but that's a feature of tmpfs. (I suggested that doc change but it was declined because it could use all the allocated RAM)

https://docs.netgate.com/pfsense/en/latest/releases/22-01_2-6-0.html#operating-system
Changed: Convert RAM disks to tmpfs #12145

edit: https://www.reddit.com/r/linuxquestions/comments/fjxiv2/does_tmpfs_ramdisk_use_up_allocated_ram_even_when/

I've filed a bug report with a potential patch:
https://redmine.pfsense.org/issues/14409

@nollipfsense

Hello and thank you for your reply.

The access is from outside via an IP address to an internal client. (Nat)

@emikaadeo Had the impression you created the post on Reddit. Whenever there is a design implementation and one ask why, one should immediately ask oneself, why not. I see no issue(s) with how it's done. If I were those maintainers, I would directly ask BBcan177 instead of publicly claiming it's wack as well as share how they would do it differently...simple respect, isn't it?

@johnpoz Of course, it is just a "test" :) hahaha. I am also testing cbs,nbc, and other main stream media.

@bigsy said in Failure when starting pfb_dnsbl service:

@cmcdonald Working for me now on 23.05-RC (lighttpd: 1.4.69 -> 1.4.69_1). Many thanks!

Same here.

@spyderturbo007 Can you post one update attempt from your pfblockerng.log log file? (pfB/Logs tab)

I went through and re-organized my list, strengthened the character sets on a few hundred lines to combine and eliminate others and added a few, de-duplicated what was left, so far no errors on either box. All was gathered from through the communities, slightly tweaked, and here for any whom want to use, test, or improve upon. pfSene pfBlockerng regex list 5-4-23.txt