By shut down automaticaly I meant, that it looked like this:

Bildschirmfoto_2021-12-26_18-15-06.png

But as I noticed now, that was, because I forgot to do a Reload after changing to Python Mode.

I now was able to get pfBlockerNG-devel runing as it should in the virtualbox, so everything is good so far.

@nogbadthebad

I made this text file on my ftp server
f4df1815-5ae8-445c-bfec-8c87254e489d-image.png

Then i made a entry like this:
595dc8d3-df02-4e00-9299-40e7b31c3d60-image.png

Finalize with:
e7991d88-fd37-46a2-855a-96d0639add15-image.png

Seems to work:
7cf3a590-f16b-4cc9-b67e-e14864fe469b-image.png

dnsbl.png

category filtering not working when I enter custom domain it works, could you please help me do block things category wise

@fireodo Thanks!

You've made my day 👍 😀

41ce1e68-1e71-41ca-b54d-ecfc5b3740a6-grafik.png

Fine sunday!

@Gertjan @fireodo Great community support!

That error message indicates the GUI code attempted to iterate an empty array variable without verifying the variable is actually defined as an array. My first guess, since the error is from the alerts log, is that the alerts log file is empty and the code is not properly initializing the array when an empty alerts file is encountered.

This is a problem that needs to be addressed by the pfBlockerNG-devel package maintainer. It should also get a bug report created at the Redmine Site here: https://redmine.pfsense.org/projects/pfsense.

@p_bear I don’t know who to blame but if a 3rd party browser works but Safari does not it seems that Netgate is not to blame. It would be nice to know why it does not work so we have something useful to complain to Apple about.

It used to work, I forget if it first broke when Yosemite was released?

@jegr

Read pfBlockerNG IP Reputation
It has a good ending.

The 'Reputation' tab is not available by default.
"Things" need to happen so it can be presented.

Thanks all. I am going to try it with what I have and then see how it goes.

@ghostshell said in Blocked Page:

https://www.reddit.com/r/pfBlockerNG/comments/lnczld/is_dnsbl_webserver_for_ssl_https_connections/

I don't understand what has been said there.
pfBlockerNG-devel logging isn't the issue here. The internal unbound (python, or not) or Lighttpd logs are not available to our browsers.
Our browser see what the web server @10.10.10.10:443 is replying after a page request.
It doesn't understand the answer.

What I think ** what is happening :
Our browser caches web server certificates, as HSTS has become wide spread.
So, our browsers knows what type of cert it should get back from web server. Because it caches certificates, for days, weeks, or even months (so naughty you, you've visited this site already ones without pfBlockerNG ;) - the cert was loaded and cached ).
Many encryption types exist, and the self generated (self signed) cert from the web server of pfBlockerNG cert does not have the right 'format'. If it had the right format, the host name would have been verified (and the date and many more aspects) and then a more understandable error would have been shown.

This issue can not be resolved. Our browsers could show more comprehensible message, true, but it all boils down to :
You wanted to visit a.tld but b.tld replied.
That's a MITM situation and that's a no-go

** Firefox is open source. So the source code will show the exact conditions of the error.

@pulsartiger

pfBlockerNG -devel???? ,on the current version? 3.1.0 should be no problem if you upgrade

if Keep settings is checked, also takes settings, lists, etc. with it when upgrading

BTW:

be careful, since you are switching to new FreeBSD version and the pfBlockerNG - devel has got a lot of new features in the near past...

I have to say you waited a long time for the update, 2.6 is almost here 😉

I think I have found a very easy way to bypass unbound.

In general setup/DNS Resolution Behavior I changed it to use remote DNS servers and ignore local DNS. And in DNS Server Settings I added my local BIND DNS ip addresses.

In client ip address assignment, I still give pfSense IP address for dns, however pfSense just ignores unbound and uses my local dns for resolutions. It’s still utilizing the DNSBL and IP blocklists as they are defined in the firewall floating rules by pfblockerng.

Resolutions now are much faster. Hope this keeps working as I just could not stand unbound resolution performance issues.

@gertjan
Thks

@jdeloach

if this list is blocking something that you want access to, just don't use this list

You misunderstood the troubles we report here. Yes of course if it’s a list that is dedicated to block public dns and you want to reach them, we can advice you not to use this list 🙃
But here we re talking about a “not normal” blocking. Like when they block GitHub or, worse, their own website which is stopping us to follow your advice … to report to them. 😉

When it reaches a so low level of conscientiousness you can’t justify that saying it’s done by folks for free. It’s insulting for all the others who do the same, for free, but seriously.

But as @BBcan177 said, he has to include a list in his plugging but he can’t keep vetting every list every time. It would be a full time job. That’s why we report. Since you say you use others lists, if you know good lists don’t hesitate to suggest some. Maybe he can swap in the list included in the package. He cannot be aware of every existing lists.

@keyser
Ok thanks a lot . I simply disable « hide IP » and add are blocked by Pfblocker . Best regards .

@ttblum said in Microsoft hosted site being blocked by Oceania Alias:

updated with Microsoft's current IP space?

for what office365?

https://docs.microsoft.com/en-us/microsoft-365/enterprise/urls-and-ip-address-ranges?view=o365-worldwide

@gertjan

Thank you. Adjusted as recommended and no further problems. Reminds of the DOS days when you had to define the number of file handles.

Never crossed my mind that there was the same thing for tables.

@johnpoz said in Permit United States only for specific port on WAN interface:

@ciscox its set to alias - which is shown on that first summary sort of page

setalias.jpg

What the heck, I didn't know about this. This is going to make things much easier now :)

Thank you very much :)