pfBlockerNG

• R

  pfBlockerNG update error
  • reza.mnp  

  2
  0
  Votes
  2
  Posts
  410
  Views

  

  CoinBlocker feed is on gitlab.io, so maybe that is being blocked? Can you get to that domain? The Dyre feed is down. Not sure when it will return. The other Abuse feeds came back online tho: https://www.reddit.com/r/pfBlockerNG/comments/a6zs1u/abuse_sslbl_is_back_online/
• Y

  Custom blacklist for a hostname?
  • yyz  

  6
  0
  Votes
  6
  Posts
  453
  Views

  

  @bbcan177 Thank you. I did that and it works!
• N

  Why is DNSBL Category Blacklist Category UT1 unblocking working blocks [SOLVED]
  • noplan  

  4
  0
  Votes
  4
  Posts
  253
  Views

  N

  WORKED LIKE A CHARM ! thx !
• V

  Getting a list of .bid IP's
  • veldthui  

  20
  0
  Votes
  20
  Posts
  535
  Views

  

  @veldthui said in Getting a list of .bid IP's: and have not had any spam for the last two days. Music to my ears :)
• J

  PfBlockerNG Error
  • jlee18  

  15
  0
  Votes
  15
  Posts
  608
  Views

  

  @tippet5x said in PfBlockerNG Error: pfSense-pkg-pfBlockerNG: 2.1.4_14 [pfSense] Update to pfBlockerNG v2.1.4_16 which has this issue fixed... You can also move to pfBlockerNG-devel which is much improved.
• S

  pfBlockerNG-devel | Resolver settings | pfSense crashing / Not resolvable
  • StyleNZ  

  12
  0
  Votes
  12
  Posts
  452
  Views

  S

  Sorry, after further testing, unbound is needing to be manually stopped if pfblocker is enabled in order to make setting changes to DNS resolver. Not the pfblocker services. Do DNS resolver config changes work fine for you both without needing to manually interfere with stopping unbound? I just find it odd cause ive done 3-4 reinstalls lately and it’s presented this problem to me in all instances. The only thing that I guess has changed as of recently is using the devel release. I don’t recall having to manually stop unbound previously. Anyway, this can be marked as resolved as I don’t know if this is how it’s intended to be but I’ve managed a workaround. Cheers for the awesome package BBcan! It’s some great stuff. I’ll flick you a donation to show my appreciation.
• G

  Alerts not showing properly
  • guardian  

  11
  0
  Votes
  11
  Posts
  362
  Views

  S

  Hi, I believe I had run into this exact issue myself and this happened upon across multiple installs of it too. I narrowed it down to the fact that some of the log files were not being created for any odd reason. For each of the log files, make sure they exist, and if they don't, manually create them using touch.
• B

  pfBlockerNG Permit Inbound Wildcard Domain
  • Brailyn  

  3
  0
  Votes
  3
  Posts
  473
  Views

  

  More info here.... I'd like to add a page for this in the GUI, but too much to do with so little time.... https://www.reddit.com/r/pfBlockerNG/comments/9vwkmm/ip_ranges_for_amazon_aws/ ps - Come and subscribe to the reddit page :)
• C

  Support IP2Location LITE?
  • christopa1999  

  1
  0
  Votes
  1
  Posts
  109
  Views

  No one has replied

• K

  DNSBL Listner IP casing serious Firewall issues
  • keyser  

  7
  0
  Votes
  7
  Posts
  349
  Views

  K

  Hmm, I see. edit: Or at least I think I see. In the above example it’s only timing out when actually trying to talk (ping) to the resolved address. The lookup works fine. I don’t really see why that is a big issue since talking to a blocked domainname from PFsense itself should not be necessary anyhow. I mean, that doesn’t work now with the VIP adress either. You are only talking with an “empty” replacement Weebservice that has no data. Is there any situation where you are depending on the firewall itself needs to be able to ping the address? Anyhow Two things: 1: Could this issue be solved by making a VIEW in UNBOUND so the PFsense box itself is in another VIEW Zone with no PFblock.conf attached? 2: Alternatively, could “disabling VIP Alias” also entail that the PFsense box itself then is setup to NOT use the build in UNBOUND resolver?
• S

  Geolite database discontinued - any plans on updating pfBlockerNG.
  • StaticDragon  

  8
  0
  Votes
  8
  Posts
  1106
  Views

  

  Posted two PR to fix this issue. See my recent posts in this forum.
• G

  When is pfblockerNG-devel going to be pfblockerNG?
  • guardian  

  2
  0
  Votes
  2
  Posts
  296
  Views

  

  @guardian said in When is pfblockerNG-devel going to be pfblockerNG?: Any idea when pfblockerNG-devel going to be the production version? Likely Feb 2019
• 

  pfBlockerNG v2.1.4_15 PR #609
  • BBcan177  

  1
  1
  Votes
  1
  Posts
  397
  Views

  No one has replied

• 

  "DNSBL out of sync" warning fixing
  • chudak  

  4
  0
  Votes
  4
  Posts
  302
  Views

  

  @ronpfs That was it!.. thx
• M

  Unbound crashing
  • mloiterman  

  12
  0
  Votes
  12
  Posts
  1280
  Views

  

  @bbcan177 said in Unbound crashing: @bouke said in Unbound crashing: pfBlockerNG-devel 2.2.5_19 You can try the new "Live Sync" feature, which will update the changes on the fly without an Unbound Reload. But that is only when the package updates DNSBL/Unbound and not any DHCP updates to Unbound from the pfSense side. Happy new year and thanks. Just enabled this feature on 01-01-2019 08:05 am (local time) ;-)
• F

  [SOLVED] pfBlockerNG - Reloading unbound fails
  • fpv  

  12
  0
  Votes
  12
  Posts
  3924
  Views

  N

  same here, after deleting unbound_control.key unbound_control.pem unbound_server.key unbound_server.pem reboot everything worked no error in unbound-control -c /var/unbound/unbound.conf status
• S

  A couple of thoughts on the CARP VIP setting in pfBlockerNG-devel 2.2.5_19.
  • silentnomad  

  3
  0
  Votes
  3
  Posts
  196
  Views

  S

  @bbcan177 Thank you, sir! pfBlockerNG-devel is a great upgrade. I really like the IP and domain block feeds list :)
• P

  pfblocker-dev, DNSBL not working at all.
  • pfblocking  

  2
  0
  Votes
  2
  Posts
  158
  Views

  P

  I have already determined the cause of my problem. The lab workstation i was using to test this out with still had static DNS server entries configured on one of the network adapters I was using. Once I pointed them all to my pfsense box, everything was working fine. I feel stupid for having overlooked something so simple.
• V

  Getting Hammered
  • veldthui  

  6
  0
  Votes
  6
  Posts
  340
  Views

  V

  @gertjan said in Getting Hammered: I you liked the port-knocking on "22", have a look at what happens on your port "25" and "443", you'll be amazed. Seeing a few on 443 and a couple on 25. Normally, your mail server already has something like fail2ban and a rather huge setup to filter out fake connection, like temptation to relay, temptations to load your inbox with spams, etc. A (internal, on a LAN) web server (port 443) : same thing : a real hail storm. Not filtering these servers can put a real load on your servers. It is a Exchange server and not set up for routing mails and any attempt to route through it just gets rejected. I also have a large set of rules to reject spam but wanted to use pfBlockerNG to block out spamming IP's. YEs exchange can do it but requires the Edge Server to do it. Dont want another VM running to to do IP filtering. I realise they are scripts trying as well on the ports rather than real humans.
• 

  pfBlockerNG enabling sync option
  • safarad  

  1
  0
  Votes
  1
  Posts
  330
  Views

  No one has replied

• P

  PiHole URl
  • patrick0525  

  6
  0
  Votes
  6
  Posts
  337
  Views

  P

  Thanks
• 

  pfBlocker without dnsbl configuration
  • safarad  

  2
  0
  Votes
  2
  Posts
  154
  Views

  

  Yes, you don't have to enable DNSBL.
• T

  CARP / Virtual IP / Backup Skew
  • talaverde  

  3
  1
  Votes
  3
  Posts
  205
  Views

  T

  Yea, it's been auto-changing back to often. I've finally given up on the 'CARP' feature and just switched it back to the old 'IP alias'. Not sure what features I'll lose but it can't be worse than a misconfigured virtual IP.
• P

  PfBlockerNG w/ DNSBL > Squid(+Guard) for Content Filtering?
  • pfBasic  

  16
  0
  Votes
  16
  Posts
  7942
  Views

  M

  @mrglasspoole hi; I had to turn off ipv6 which i don't use(ignored in linux) and this is on a dual core AMD APU with 4 gigs. I also have issues with abuse list at first before killing ipv6 in pf latest and running out of ram issue. but at least it tells you and shuts down. but would like the caching squid had and av.
• B

  could not update pfBlockerTopSpammers
  • bplein  

  4
  0
  Votes
  4
  Posts
  156
  Views

  

  @bplein said in could not update pfBlockerTopSpammers: @ronpfs Thanks. It was in the Aliases/URLs section! Wow that was the old pfblocker version from over 4 years ago :)
• M

  Understand alert
  • MOdesty  

  3
  0
  Votes
  3
  Posts
  152
  Views

  M

  @teamits said in Understand alert: yes Thanks for your thorough answer It clarified my question perfect!
• T

  Pass Alias for GeoIP not working
  • TRohm  

  10
  0
  Votes
  10
  Posts
  242
  Views

  

  @trohm said in Pass Alias for GeoIP not working: pfB automatically creates the rules and by default puts them in as Floating rules. Therefore I cannot put a rule ahead of the GeoIP rules as I understand Floating rules are always processed before any of the "static" rules applied to a given interface. You can select from one of the predefined Auto rule orders in the General tab (or in the IP Tab for pfBlockerNG-devel which is much improved). If one of those auto-rule options do not work for your network needs, you can use "Alias type" action settings, and manually create the firewall rules and associate the pfB aliastables. Click on the blue infoblock icons in the IP tab for more details.
• T

  1 table created.pfctl: Cannot allocate memory! Help?!
  • Tyson.crouch  

  3
  0
  Votes
  3
  Posts
  167
  Views

  T

  Thanks @BBcan177, very much appreciated!
• G

  What is (response.c.308) run condition & How to Troubleshoot
  • guardian  

  1
  0
  Votes
  1
  Posts
  81
  Views

  No one has replied

• D

  Lost Alias In Update from 2.2.5_17 to 2.2.5_19
  • dma_pf  

  9
  0
  Votes
  9
  Posts
  235
  Views

  

  @dma_pf said in Lost Alias In Update from 2.2.5_17 to 2.2.5_19: I have a custom feed for a Spamhaus list which is located at https://www.spamhaus.org/drop/asndrop.txt. This ASN feed is not supported by pfBlockerNG. I have intentions to add a parser for it, but it has never had that parser before. Maybe there was an IP in that txt file at one point, that the parser found, and you assumed that it was working?
• 

  Download Fail
  • Qinn  

  4
  0
  Votes
  4
  Posts
  422
  Views

  

  @bbcan177 said in Download Fail: https://www.reddit.com/r/pfBlockerNG/comments/a6zs1u/abuse_sslbl_is_back_online/ The Following List has been REMOVED [ Abuse_DYRE_v4 ] The Following List has been REMOVED [ CoinBlocker_v4 ] You were right Strangely https://tracker.h3x.eu/api/sites_1month.php I can download manually? So maybe it's the download time, updates are set round midnight??? Forced an update and...??? [ H3X_1M ] Downloading update .. 200 OK. Cheers Qinn
• 

  Group alert entries
  • TMiland  

  2
  0
  Votes
  2
  Posts
  164
  Views

  

  @tmiland said in Group alert entries: I was wondering if it would be possible to group alert entries? Or add it as a feature request? I'm blocking Windows 10 telemetry, and it is constant traffic (A WHOLE LOT) which pushes other entries out of sight. Running latest pfBlockerNG-devel, which is absolutely FANTASTIC! Regards from an early beta tester (pfBNG Dev v.72) You can mute the logging of Domains in DNSBL by creating a new DNSBL Group and select the "Disable logging" option, and the Group Order to Primary. Then either use Feeds, or add the domains to the custom list at the bottom. Follow that with a Force Reload - DNSBL for it to take effect. This will utilize "0.0.0.0" instead of the DNSBL VIP address. Thanks for the feedback!
• Y

  DNSBL Whitelist vs TLD Exclusion list?
  • yyz  

  2
  0
  Votes
  2
  Posts
  209
  Views

  

  @yyz said in DNSBL Whitelist vs TLD Exclusion list?: DNSBL Whitelist vs TLD Exclusion list? How are these different? The Whitelist is used to remove Domains from the DNSBL Blocking. When you use the "TLD" option, it will automagically Wildcard block any domain that is a Root domain. So it would wildcard block "example.com" but not "ads.example.com". When a domain is wildcard blocked via TLD, you can use the "TLD Exclusion" list to remove that domain from the TLD functionality. This way, it will only block the single domains that are listed in the DNSBL Feeds and not wildcard block it. A Force Reload- DNSBL will be required after adding to the TLD Exclusion list.
• D

  Alexa
  • dasanco  

  2
  0
  Votes
  2
  Posts
  166
  Views

  

  @dasanco said in Alexa: I'm having a real problem understand the purpose of the Alexa list, when and where it should be used, to do what. is there a primer or white paper on how/when/where to use the Alexa option? The TOP1M whitelist (in devel it also has the Cisco Whitelist), can be used to whitelist the most popular domains in DNSBL. I would only suggest using it for the Phishing Feeds, as those can cause FPs since those feeds post full URLs. Also limit the number of TOP1M Domains to whitelist. Some reading here: https://www.netresec.com/?page=Blog&month=2017-04&post=Domain-Whitelist-Benchmark%3A-Alexa-vs-Umbrella
• 

  User definable refresh time for IP lists
  • JeGr  

  6
  0
  Votes
  6
  Posts
  246
  Views

  

  I will work on adding this to my todo list :)
• G

  Whitelisting DNSBL in pfBlocker
  • guardian  

  6
  0
  Votes
  6
  Posts
  197
  Views

  G

  @grimson said in Whitelisting DNSBL in pfBlocker: @guardian said in Whitelisting DNSBL in pfBlocker: With all due respect, did your read that post? It doesn't answer the question that I am asking. Did you search and read other posts about this topic? I doubt that. I know about + on the log, but that means that I have to find the item on the log - often that isn't easy, and I can't deal with the problem proactively. I am looking for some way to explicitly and proactively exclude a domain from the DNSBL. So you didn't even really look at the DNSBL settings or read the included help: Is it really that hard to even look at the settings before asking questions and wasting the time of others? It was a case of looking but not seeing. I had a vague recollection of there being a section, but when I first looked I missed it, assumed that it wasn't there and spent a lot of time looking in other places. It is below the fold and buried in other tabs so I missed it. When I saw your post I knew that I had clearly overlooked something and was finally able to find the section. In fact, when I opened the section, I found that I had put entries in there about 18 months ago. I couldn't find any posts because it was so damn simple. This is the digital example of hunting high and low for your car keys (or something else) when it is lying in plan sight. Sorry for the inconvenience, thanks for helping me find the answer to the question. For the benefit of anyone looking for the answer to the question: pfBlocker Domain Whitelisting Navigate to Firewall / pfBlockerNG / DNSBL and open the area Custom Domain Whitelist near the bottom of the page.
• 

  What is the proper way to allow Geo access to specific country?
  • chudak  

  16
  0
  Votes
  16
  Posts
  511
  Views

  

  @jegr That's what I do :) The goal for initial questions was to learn how-tos , but general discussion about how users use home network is very useful ! Thank you all!
• M

  Whitelist www.googleadservices.com
  • mikeelawson  

  3
  0
  Votes
  3
  Posts
  310
  Views

  M

  That’s great thanks very much. Merry Christmas
• J

  Suppress IP still being blocked
  • jeffhammett  

  4
  0
  Votes
  4
  Posts
  1197
  Views

  B

  Yeah, due to my blocked Server (as Portforwarding inbound within the 10.0.0.0 /8) Range I just switched to Alias Deny to getting able to Suppress this /32 and it worked. On first Testings the Server responds and a page is being delivered. If you read this in the future: Native Alias works good. As I have seen Deny Alias works better. I just didn't had to set my Suppress up (List is empty, just checked it!) I only can suggest that with the Deny Alias maybe pfBlockerNG recognizes / admits the Portforwarding as a higher Priority and lets the Traffic to that IP pass. I will just have to figure out if this happens only eg from my own Adresses or whether even Contacts from IPs within the defined Block Lists will also get passed / "ignored"... If anybody is aware of that case or knows an Answer I'd highly appreciate your effort here, as it saves many time seizing the Logs for denied Inbounds by each List. Edit: As I just saw that I did not mention that clearly... I was before using the Native Alias and just shortly switched to use the lists as a Deny Alias. The portforwarding did not work before as the lists were set to Native Alias.
• B

  [SOLVED] SEC-WAY | Rules for equal "Native Aliases"
  • BSA66  

  1
  0
  Votes
  1
  Posts
  122
  Views

  No one has replied