in other forums, they manage it the way, that maintainer/admin/mod is only allowed to post in that single thread. each version gives a new thread with the version specific changes. That will keep a history of the versions.
users can continue asking questions or whatever in different threads
@tzvia I had it set to 2.5. I had no idea that this setting impacts packages, especially since there's clear mention about this being related to firmware update...weird design.
Anyway, after changing it to 2.4.5, the _15 is gone from the list. Which I guess is ok.
Figured out the issue. Google Wifi was causing this behavior. The only way I found out was hard wiring in. So Google wifi is doing something with the DNS requests as they come in.... why they do that...who knows.
I was planning on removing Google Wifi soon. This is yet another reason to get rid of it.
Right, I was just pointing that out as an apparent workaround until the PHP issues are fixed, for someone who can't downgrade and doesn't want to run with out Snort or pfBlocker. Haven't tried it myself.
re: 3100 date:
blog post: Introducing the SG-3100 Firewall Appliance
by Doug McIntire on 05 Sep 2017
===[ DNSBL Process ]================================================
Clearing all DNSBL Feeds
TLD Analysis not required.
Stopping Unbound Resolver.
Unbound stopped in 2 sec.
Additional mounts (DNSBL python):
No changes required.
Starting Unbound Resolver... completed [ 03/5/21 03:00:03 ]
Restarting DNSBL Service (DNSBL python)cat: /var/db/pfblockerng/dnsbl/*.txt: No such file or directory
cat: /var/unbound/pfb_py_data.txt: No such file or directory
cat: /var/unbound/pfb_py_zone.txt: No such file or directory
The text that you highlighted is referencing IP "Match" types. Its not needed if you want to Block those IPs. pfSense allows creating Match IP Rules, to allow for the "Logging" of the event any nothing further.
So I assume that MaxMind was rate-limiting based on the cURL user-agent string. When the ID was missing, it was a generic string "pfSense/pfBlockerNG cURL download agent-". Then when the ID was found, the UA string was not rate-limited because it included the ID.
It is not only the Foss version but official Android Telegram app does the same. I have 11888 hits on the IP 22.214.171.124 in last 24 hours. Anyway the Telegram itself works OK. It is "just" annoying...
the following error: [ DNSBL FAIL ] [ Skipping : pornblock3 ]
 unbound-checkconf[22123:0] error: local-data in redirect zone must reside at top of zone, not at m.www.localhost 60 IN A X.X.10.X
 unbound-checkconf[22123:0] fatal error: failed local-zone, local-data configuration
Is it possibly because of this entry:
Yes you can't add localhost TLD in a blocklist as you have that TLD already defined in Unboubd abd hence the error:
"local-data in redirect zone must reside at top of zone"
Seems like they removed that domain from that Feed.
Is it possible to redirect blacklisted domains to a chose website ? (So, other than the internal 10.10.10.1 from pfblockerNG/pfsense appliance)
Before, I used adguardHome which redirected every BL to a pixelserv-tls website. And it worked well, I'd like to reproduce this setup.
@token Those URLs were removed from the Feeds tab because they are offline, discontinued, etc.
Click on the Alias/Group name and it will open the appropriate Alias/Group tab. Delete the URL, Save Settings, when done, run a Force Update, that should remove the feed from the db/pfblockerng folder. Inspect the logs, to find more problems.
What didn't work (well) using unbound, is that it reads all these files (the ones you listed) : 362 + 111 + 52.207.941 ( !!) + 2421 + 300 + 2272 == thousands of lines to be re parsed at process (re) start.
There are systems that will takes tens of seconds (minutes) to so, and during this time the system goes to 100 %and DNS isn't working.
That's why python mode was used : the python module handles the files, unbound just invokes the python "external' script to do the DNSBL business.
IMHO : the so called "python mode" will be the only one being used in the future. The mode where files are included from the main unbound.conf will be abandoned.
Give it a try ;)
@sweety i am here because I have similar problems. Mine is:
ug(Removed due to SafeSearch conflict)
uk(Removed due to SafeSearch conflict)unicom|university|uno|uol|ups|
uy(Removed due to SafeSearch conflict)
uz(Removed due to SafeSearch conflict)va|vacations|vana|vanguard|
vc(Removed due to SafeSearch conflict)
...so dumb. There's NO CONFLICT! What's that have to do with FireFox's dumb DNS lookup in the browser if it's to be blocked? FFS these browsers are getting aggressive. So my white lists aren't working either as a result of this feature.
TLD Whitelist - Missing data | mailchi.mp | No IP found! |
For you to use your Windows DNS servers you simply need to setup your network like this:
PC's = your windows DNS servers as their DNS servers
Servers = your PFSense as their DNS servers
PFSense = your outside DNS provider like OpenDNS, Google, Quad 9, etc, etc.
We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.
Subscribe to our Newsletter
Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.