@bbcan177 said in PHP memory problems with current version:

Is related to DHCP Leases. So probably delete that file, or clear it out? In future, this section of code can iterate each line instead of loading the whole file into memory,

Thanks for the pointer, will look into that!

So probably delete that file, or clear it out?

Don't know if that will help so much, as the customers running that are medium sized corps with A LOT of clients so even when I delete that now, they will get bigger and accumulate over time again. But I'll check if that will us buy some time for when you probably have an update ready that will parse that file a bit smoother ;)

Is the DHCP lease file related to you parsing of the filter log to display what IP/host triggered a warning/block/rule/DNS call etc?

Cheers mate,
\jens

@gertjan said in Updating to pfBlockerNG-devel 3.1.0_1 from 3.1.0 blocks DNS requests:

I've already seen posts about feeds that have their own IP in the list

Yep, I had this happen all off a sudden I got notifications that lists couldn't be updated, it's because the lists were blocked by other lists lol.

And now pfBlockerNG doesn't even log IP addresses that it blocks for me. I think the developer has pretty much given up on the project.

@viktor_g :

Ok, nice.
A bit of a hammer approach, though.

I still wonder why unbound refuses a simple TERM signal, send initially, just a couple of lines above.

@szympro My use of pfBlocker has been for it to download feeds, and I use Alias Native for it to load the feed into a firewall table/alias for use in rules. Typically, for geo IP lists.

I see the "Whois" option does say "Convert a Domain name into its respective IP addresses" but I don't know how "whois" would do that...whois normally looks up the registrant or perhaps DNS servers for a domain. Perhaps @BBcan177 can explain further.

I guess if you can duplicate it you can report it as a bug. It just seems an odd feature to have if it already exists in pfSense, and oddly named...sounds more like "DNS lookup" than "whois."

@mohdikramsaif

45538466-c3ab-4f90-b758-a2f14f6e70ad-image.png

What is your pfBlockerng version ??

This is the latest version :

5b0c6455-e2b8-4604-a52f-4098f262ace5-image.png

Your questions :

The DNSBL feeds activated will "block" the access to the listed sites. (not only websites). Add "web.whatsapp.com" and all other whatsapp.com related domains to a list and you're ok. There was a whatsapp forum post no so long in the past. Keep in mind that whatsapp == facebook so you might have to block entire "AS". pfBlockerng had possibilities to include exclude certain LAN devces. See the very old forum posts about how to do so.
The newer (from yesterday) pfBlockerng-devel uses a simpler approach :

a85a8af5-b7ac-46c1-95d6-5aa9eefe388a-image.png

@mohdikramsaif said in pfblockerng:

Kindly share your suggestion

Have a look (abuse the search button) most of not all questions are already answered on the pfblockerng support forum.

@dma_pf

thanks for the suggestion. With openDNS I cannot make filters for specific internal network segments. The OpenDNS category restrictions will block some categories the grown ups need to access.

@dma_pf i'm running the latest version of both.

@user12345 said in pfBlockerNG won't complete cron update/reload of DNSBL feeds:

If you do an uninstall of non-devel version with keep settings checked and install the devel will it pull the settings and feeds over or trash those?

It's been a long time since I upgraded to the devel version so my memory is a bit foggy. But in general, if you're going to uninstall pfblocker and want to save the settings in the current configuration you need to check this setting in Pfblocker/General:

645d71a7-ecd6-44b6-9a8e-407637743220-image.png

Now, whether or not those saved settings load right back into the devel version I just can't remember for sure. But if you decide to try it, make sure that you do a complete backup of your whole system - Diagnostics/Backup & Restore. That way you could always roll back to where you where if the setting don't apply correctly.

@scop said in pfBlockerng-devel Certificate Error:

I would like to know if it is possible to redirect to another website like google (if the link is in HTTPS) or just show a message that he can't access to this web site instead of certificate error like in HTTP ?

There is not a way to do this. When a browser goes to an encrypted HTTPS site the first thing the browser is doing is verifying that the response is coming back from the server it intended to communicate with. It does this by verifying the security certificate of the server it communicates with. If the certificate matches the server it loads the page, if not, it will not load the page and will display the HTTPS (ERR_SSL_PROTOCOL_ERROR).

Because of that, if pfblocker attempts to serve up a an error page (classic MITM) the browser will not be able to verify the the page from pfblocker matches the security certificate of the intended server and the browser will block it.

@quasaur Cut it off

@gertjan Thanks for the feedback, good information and insights. I will see how I get on :)