How to reproduce:
1) Install pfBlockerNG-devel, and configure DNSBL in python mode
2) Enable RAM disk for /var
3) After reboot, all files associated with pfblockerng are deleted:
4) ...and unbound doesn't start:
But I have no RAM disks, as 'my case' is like many others : not much RAM, but loads of (SSD) disk space.
So, no step 2 for me. The issue becomes a none issue.
The issue is real, that's not the question.
please ignore/delete my previous post.
When Global loggings Enabled, it takes priority, and is in effect, no matter the option shows inside the log's settings. when disabled, logs show back to what you changed it to.
There is no workaround for HTTPS. It works on HTTP because pfblocker serves up the page when it blocks a site. Since the page is unencrypted the browser just serves up the page it's given. Pfblocker acts as a Man-In-The-Middle between the browser and the intended server and injects a non-asked for page.
By its design, HTTPS works by the browser verifying that the security certificate of the server it is trying to connect to is from the same domain it is intending to reach. So in pfblocker's case if it tries to serve up the blocked page the browser will not display it because it did not come from the validated server it was trying to reach. The browser then displays a security warning and won't load the page that it was served.
As an aside I noticed that there is a Facebook DNSBL feed in pfblocker that I had not noticed before:
@dma_pf Thank you! I see that I am not using DHCP Registration so I think I am good to go. Took the plunge. Noticed a few things.
The memory utilization is actually higher. Not sure if there is a lot of initial work going on due to the change, but it's almost doubled from 8% of 8GB to 16%.
Under reports, the DNSBL area isn't showing the blocks in red anymore even though the (DNSBL Block Event color). The background is simply white.
Working as intended. I wasn't seeing the DNS Reply Events previously in unbound mode.
Alias Native would have the same net effect, using it would involve more processing when updating the list but less processing while using the list
Technically it would be the other way around, Alias Native does not look for duplicates.
However you should all probably read this thread which seems to have found that Alias Deny will remove IPs found in other lists which may not be the result you want, if rules for both lists are not denying the same port.
@nogbadthebad Andy, thanks for that tip! My wife's out until this afternoon but I'll definitely look into what you suggest. I never knew you could do that on an iphone (not much of an apple guy). I'll let you guys know what I find out.
What's the best way to uninstall the current version and install the correct version? I tried installing it on my home version and the DHCP server went nuts. Uninstall, reboot, then install the devel version?
It was a long time ago that I made the switch and my memory is a bit foggy. To the best of my memory I just installed the devel version. But doing a complete uninstall would not be a bad way to do it either. Just make sure that you do a full backup of your complete system first. And before uninstalling or doing an update of the current version make sure that you have the following enabled in the pfblocker settings:
There is an issue with DHCP in the devel version. Once you update you should switch this setting off in DNS Resolver settings:
If you do have specific clients that you need to register in DNS assign them a static IP address and enable this setting in DNS Resolver:
@bambos Hi, I would suggest you start with the set up wizard for pfBlocker-NG-devel.
The learning curve for pf bocker can be steep, so go slow and read everything......twice.
In addition, go to the help on your pfSense dashboard, then click pf Sense book and navagate to pf blocker package and read up. just type pf blocker in the search of the book.This will give you a good start and basic understanding.Screenshot from 2022-02-22 08-46-26.pngScreenshot from 2022-02-22 09-10-59.png
@keyser I'm sorry that I'm ressurecting my old thread on this topic again, but I just installed 22.01 (ZFS reinstall) on my 6100 and that in turn updated pfBlockerNG to the latest version 3.1.0_1 version.
I'm sorry to report that has brought back the Unbound disk write issue (with the same config).
My box went from doing about 130KB/s writes to about 550KB/s now. About 30% of that comes curtesy of the ZFS filesystem, but still it's at least a tripeling of Unbound diskwrites...
I'm beginning to wonder if Netgate considered the wear ZFS would cause on the small eMMC. appliances. If the write endurance rating is "industry standard" on the built-in eMMc, this level of write IO will kill my box within 2 years (And that's only because it's a 16Gb SG-6100).
The same config in my SG-2100 will kill the eMMC within a year.