@ronpfs
Disabling the package prior updating did the job.

@BBcan177
I had to do a clean install of pfSense to make python mode work. Not sure why. It was a two year old working configuration with multiple updates and never had an issue.

Now with python mode can I let go of unbound dns now or still need to use it? I have an internal well configured BIND dns which I would like to use instead of unbound.

Possible workaround after a brief off-thread conversation: I set GeoIP Top Spammers to Alias Native and then disabled it again. I then manually ran the cron entry "/usr/local/bin/php /usr/local/www/pfblockerng/pfblockerng.php dcc >> /var/log/pfblockerng/extras.log 2>&1" and it didn't log the alert into extras.log like the others. If I don't post back in a month it worked. :) Also there will be an update coming at some point, though we'd have to get current to update.

I can also (kind of) confirm this.

But just to be clear - a speed test will result in full speed.
But some web pages will open very slow, at first i thought my dns is very slow.
As when the page load it does at a normal speed, just very delayed.

As nearly every website is using sources(scripts, ad, tracker,...) from all over the place, its hard to pinpoint.
I think it might be slow if some parts of the page are blocked.

But I don't know if the browser is waiting for a timeout or a js script has trouble.

@bbcan177

Thank you for being so fast in fixing this and the great work you are doing with pfBlockerNG!

With the modifications all is working well :).

@rtw915 said in More frequent CRON interval options:

I am still stuck on this. Under the CRON jobs I tried to edit this from this:

0 * * * * root /usr/local/bin/php /usr/local/www/pfblockerng/pfblockerng.php cron >> /var/log/pfblockerng/pfblockerng.log 2>&1

to this:

*/15 * * * * root /usr/local/bin/php /usr/local/www/pfblockerng/pfblockerng.php cron >> /var/log/pfblockerng/pfblockerng.log 2>&1

However, the Updates tab in pfBlockerNG says that the CRON job is missing, and then deletes the job and creates a new one with the hourly update interval.

So this does not work

You should not change these cron entries.
They are set and maintained by the pfblockerng package.

@ertnec said in pfBlockerNG-devel v3.0.0_15 not clearing down tmp files, slowly fills /tmp up.:

@bbcan177 said in pfBlockerNG-devel v3.0.0_15 not clearing down tmp files, slowly fills /tmp up.:

@ertnec
Download an updated script for ASN processing and see how that goes.

curl -o /usr/local/pkg/pfblockerng/pfblockerng.sh "https://gist.githubusercontent.com/BBcan177/3aabea5edf7b40554d93085bff380b6f/raw"

Hi, I've replaced the file you suggested, however, it still seems to be leaving these files alone & /tmp is still filling up.

I can confirm this.
Update: Still present in v3.0.0_16
(I added a cron-job: rm /tmp/pfbt* )

Regards,
fireodo

@rk0
I'd just reinstall if you think you have the 'Save Settings' checkbox marked. You could always just build fresh and restore the config, too.

@tzvia Thank you! I should have thought about adding in-addr.arpa to domain overrides. I added one for each 24-bit subnet, and that did the job.

@gertjan Downloads are instant.
Filtering through 1m takes most of the time.
And no, the pipes are not saturated @100Mbits

And dns doesn't suffer overall.
If I get the dreaded error in resolver logs, no resolution is possible.
Ping with ip works great.

I need to experiment a bit more, but since this is service affecting during normal hours

@derelict said in Disable NAT rule creation:

@thisisme It can also render the page much less pleasant, with broken image placeholders (browser-dependent), ALT text, etc.

Adaway for Android does the same. Im fine with that. Why am I not allowed to decide this myself?

@mind12 Hello,

I have reviewed each of the recommended steps:
1- DNS resolver is listening for all interfaces, if I configure that it only listens for the Bridge interfaces, it presents us with the same result.

2- Modify the validation code for the virtual IP, add an IP of the example segment 192.168.1.203 and the same result still does not block domains, for verification use nslookup and it continues to show the original IP of the domain which was used as test, in few words is not blocking.

3- Well my opinion about this is that apparently there is a link between the DHCP service and the DNSBL to work with it, but as I said this is only my opinion.

Previously I was looking for more information and I was with that unknown that if I wanted to make a bridge interface with DNS blocking, I would have to configure one of the interfaces that comprise the Bridge for this case the LAN will activate the DHCP service.

@digdug3 thank you

@xentrk If you have huge log files, the Report Alert Filter may timeout. Grep the log files from a Shell instead.

@bbcan177 said in ship pfblockerbg-devl logs?:

@rtw915
As an example:
https://www.reddit.com/r/pfBlockerNG/comments/bu0ms0/pfblockerngtelegrafinfluxdb_ip_block_list/

That is cool! I did not know that was possible. I saw in your Reddit post that you stated "pfSense doesn't have a lot of graphing/logging functionality." I 100% agree with you that it should not be part of the firewall, but it would be awesome to have a Netgate preferred solution like Graylog with a step by step guide to integrate the logging from the firewall and its common packages into a centralized visualization platform.

Looks like this is related to the GeoIP2 Lite lists for representative countries. Details in this forum post and the Max Mind release notes.

@bob-dig
I temporarily disabled my feed and added reddit.com and www.reddit.com to the DNSBL Custom_List and the website (and others) is still not blocked. (Yes, I did a force update all)

I have tried on different computers on the network and they can still access it.

I have also tried on three different browsers.

I am really confused why some sites are blocked while others are not.

I'm not an expert but I used 3cx with pfsense for 3 years at my previous job.

I had the same issue with no audio on one side on two different occasions with 3cx. 1. was when I did not have the full cone NAT configured properly. I don't have access to 3cx anymore but I remember there was a network troubleshooting utility. Until I fixed the NAT problem it would not return successful. This might help https://www.3cx.com/docs/pfsense-firewall/

The other time I had a similar issue was because the user vpn was not routing and using NAT instead. After I changed the OpenVPN config to routing and added the VPN static routes in pfsense pointing to the VPN server it worked.

I also remember there were instances where we would receive calls from external entities that used VOIP and those connections did not need to go through our SIP provider. I realized this because I had originally opened the SIP ports with the src address of the SIP provider, and most calls would work except from some specific vendors. After opening up the the SIP ports from "any" those vendors started working as well.

As far as iTalkBB, I have never used it, but pfBlockerNG just uses regular firewall rules. You can turn on logging and see if something is a miss. Or even faster test just temporarily disable the firewall rules and see if stuff starts working.

I have noticed the Geo IP is not 100%, so maybe you are running into an issue there. It was recommended somewhere that you don't block the world. I prefer to do the reverse which is just to allow specific countries.

Hope this helps!

@bbcan177 Thanks. I fixed it the usual way: delete and add it back in :-)

@gertjan You misunderstand me...

Firewall has a LAN IP.

I installed it from a workstation with a fixed ip.... not given by DHCP

@gertjan Can you share me Skype id or phone number for help. if you no issue.

I turned off inbound filtering completely instead and left the logging on for the outbound traffic.
It would be great if we could configure inbound and outbound logging separately in pfBlocker.

@wc2l Visit the Feeds tab, after every pfBlockerNG-devel update, there are some changes.

https://kriskintel.com/feeds/ktip_covid_domains.txt works fine here.

@jpvonhemel said in shopify sites:

When I disable pfblockerng, or add the domain to the whitelist, the sites load. I am not at home now, I’ll get back on the other questions, I know I the ip they resolve to is the same, and that is from Shopify.

Yeah, I ran across a similar event when I was trying to get to Maglite.com. I didn't disable pfBlockerNG, I just caught the Shopify by time stamp in the alert tab and did a temporary unlock on it. Maglite.com then worked.

@gertjan I ended up figuring out the problem, not that I remember what it ended up being to be totally honest though. thank you!

BBcan177 got ahold of me and suggested I move to the 3.0 devel version. That, and a force update of rules, fixed the issues. Plus, the new version has amazing features!

@bob-dig
It is not so crappy. ;)
Sorry to bother you - I will post everything you needed know to prevent you from signing up.

Thanks for your support !

@wizardofwhere I would get pfSense running good first before adding packages while you read up on what you want to accomplish as it sounds like you're somehow locking yourself out every 3hrs.

@bbcan177 that typing error was occured during making this post I tried to edit it but it does not let me to do so. its 192.168.100.0/24 .

Regards

@ex1580 I appreciate the post. I have the same TLD CN block and couldn't get past the OUT OF SYNC error until encountering your post. This does seem to be a defect on the surface but I'm interested to see how it ultimately resolves.

@harison Just off the top of my head I'd say to make sure that this setting is unchecked in Services/DNS Resolver/General Settings:

d2f51175-a5a1-4dcd-b29f-4fa90bf826ad-image.png

The above causes unbound to stop and reload itself every time a client requests a DHCP lease. During that time DNS resolution does not happen and therefore nothing trying to be reached by a domain name (www.google.com) can be reached on the net (unless it is already cached in the DNS).

Other than that, I think we're going to need a lot more info to help you. As a start, I'd suggest screenshots of your DNS and pfblocker settings as well as Status/System Logs/System/DNS Resolver and Status/System Logs/Gateways when the issue is happening.

When the web "crashes" can you ping 8.8.8.8 from the WAN as the source address in Diagnostics/Ping? What about www.google.com?

@bbcan177 said in "DNSBL Listening interface" best choice with VLANs?:

just keep it as "lan" and use the Permit firewall rule option to create a floating permit rule that will allow the other lan segments to access the DNSBL listening interface

Hello all,

I also work with the pfblocker and the DNSBL feeds.

What do I have to set so that the lists only work on the interface LAN?

Currently, I have the lists working on all interfaces.

I don't want that