pfBlockerNG

• A

  Firewall Maximum Table Entries
  • anttechs

  2
  0
  Votes
  2
  Posts
  215
  Views

  

  https://forum.netgate.com/post/780328
• C

  PHP Error after upgrade (SOLVED)
  • cmenghi

  4
  0
  Votes
  4
  Posts
  410
  Views

  C

  Fixit: # pkg-static search icu icu-60.2_1,1 International Components for Unicode (from IBM) # pkg-static install -yf icu-60.2_1,1 # ln -s /usr/local/lib/libicui18n.so.60 /usr/local/lib/php/20131226/libicui18n.so.60 Restart php-fpm
• T

  pfBlockerNG errors when GoeIP enabled
  • Techsanity

  3
  0
  Votes
  3
  Posts
  249
  Views

  T

  That setting was default to 400000. I'll change it and try again. Thanks Edit: Tried and works without errors now. Thanks
• A

  which list is blocking?
  • acs259

  2
  0
  Votes
  2
  Posts
  230
  Views

  

  Everything that is blocked is visible in the "Alerts Tab".
• A

  Blocking on non-selected interface?
  • AR15USR

  13
  0
  Votes
  13
  Posts
  443
  Views

  A

  @ronpfs OK back up now, thanks..
• A

  pfblocker_devel
  • anttechs

  5
  0
  Votes
  5
  Posts
  307
  Views

  A

  @grimson said in pfblocker_devel: You do know/understand that installed packages no longer show as an available package, as they are installed already? lol yes, I was just wondering if the new version had the same stuff as the devel version. It sort popped up out of the blue in the package list while I already had pfblocker installed so / I went and installed the pfblocker_devel version. Maybe I was the only one who saw it. The pfblocker_devel version I'm using now is excellent with all new feeds. Now when I look at the package list I see the new version of pfblocker. I'm thinking its time to fully uninstall the pfblocker_devel and go back to the pfblocker on the package list now lol Looks like I'm the only one with the pfblocker_devel lol Good to see Mr BBcan177 is back welcome home mate :) cheers guys
• B

  pfBlocker DNSBL blocking and config with two pfBlocker instances
  • bgood

  2
  0
  Votes
  2
  Posts
  205
  Views

  B

  With a little more troubleshooting I found the issue. I neglected adding in a firewall rule to allow the client access to the DNSBL VIP over ports 443 and 80.
• Q

  pfBlockerNG-devel: 2.2.5_9 install error
  • Qinn

  3
  0
  Votes
  3
  Posts
  317
  Views

  Q

  Thanks for pointing that one out to me. I missed it, because I read this one, https://www.reddit.com/r/PFSENSE/comments/8lnugz/pfblockerng_devel_version_released/ ,which suggests it was only downloadable from the unstable branch, as I did not expect a development release in the stable branch...
• F

  PfBlockerNG-devel 2.1.2
  • f34rinc

  46
  1
  Votes
  46
  Posts
  4464
  Views

  4

  @bbcan177 2.4.4-DEVELOPMENT (amd64) built on Fri Jul 27 07:50:35 EDT 2018 FreeBSD 11.2-RELEAS Intel(R) Celeron(R) CPU 3215U @ 1.70GHz 2 CPUs: 1 package(s) x 2 core(s) AES-NI CPU Crypto: No I started having the PHP error issue when up upgraded to DEV - some weeks back. At the same time I redid the way I had PFBLOCKERNG set up (also upgraded that to pfBlockerNG-devel). So far with the "delete" set I've been stable since July 26th...
• B

  Pfblocker blocking vudu video streaming service
  • bmcdonald1778

  2
  0
  Votes
  2
  Posts
  198
  Views

  

  @bmcdonald1778 Anything that is blocked will be visible in the Alerts Tab and can be whitelisted/suppressed.
• M

  Piracy/Streaming Blocklist
  blacklist piracy streaming • • martin_s

  1
  0
  Votes
  1
  Posts
  232
  Views

  No one has replied

• T

  How to only allow a few domains?
  • tpf

  1
  0
  Votes
  1
  Posts
  137
  Views

  No one has replied

• S

  Lists not updating
  • sbrock99

  3
  0
  Votes
  3
  Posts
  347
  Views

  S

  @ronpfs worked, thanks
• Q

  Update lists fail
  • Qinn

  34
  0
  Votes
  34
  Posts
  1902
  Views

  Q

  @bbcan177 said in Update lists fail: @qinn said in Update lists fail: btw From what I've read, when I want to move over to the latest dev of pfblockerNG I have to first deinstall pfblockerNG and then install the dev version and all settings will be restored, is this the right way to move over to the dev version? Yes I would just go to devel and see if that fixes your issue.... There are a ton of new features in devel.... https://www.reddit.com/r/PFSENSE/comments/8lnugz/pfblockerng_devel_version_released/ Also install the "Cron" package for pfSense and you can see the pfSense Cron tasks from there. Thanks for your advise hoping for a release soon, I don't care about an ETA, take your time and keep up the good work.
• 

  I should have grabbed a screenshot!
  • mtarbox

  1
  0
  Votes
  1
  Posts
  139
  Views

  No one has replied

• D

  pfBLockerNG 2.2 DEV and 2.4.4 dev hardlocking pfsense
  • Dazog

  3
  0
  Votes
  3
  Posts
  283
  Views

  D

  Did as instructed. Will report back results.
• S

  PfBlockerNG Not Blocking Porn
  • seanpruitt

  23
  0
  Votes
  23
  Posts
  11096
  Views

  C

  Hello. I found the problem. I see this here https://forum.netgate.com/topic/102967/pfblockerng-v2-1-w-tld TLD Domain Limit Restrictions: < 1.0GB RAM - Max 100k Domains < 1.5GB RAM - Max 150k Domains < 2.0GB RAM - Max 200k Domains < 2.5GB RAM - Max 250k Domains < 3.0GB RAM - Max 400k Domains < 4.0GB RAM - Max 600k Domains < 5.0GB RAM - Max 1.0M Domains < 6.0GB RAM - Max 1.5M Domains < 7.0GB RAM - Max 2.5M Domains > 7.0GB RAM - > 2.5M Domains Thanks
• S

  PHP Warning: Illegal string offset 'alias' in /usr/local/pkg/pfblockerng/pfblockerng.inc on line 6982
  • sbrock99

  11
  0
  Votes
  11
  Posts
  603
  Views

  S

  @Steve_B Sorry to keep bothering you but I'm learning as I go. For the PFSense box that I built, I used a Gigabyte B360N with a built in Intel CNVi 2x2 802.11 wifi. How ever I can not see it while in PFSense .... is there a driver I need to install? if so could you be so kind as to point me in that direction.
• G

  How to block incoming hosts from domain?
  • Gerard64

  1
  0
  Votes
  1
  Posts
  112
  Views

  No one has replied

• 3

  Country Blocking vs Unsolicitated Requests on WAN
  • 3Dogs

  6
  0
  Votes
  6
  Posts
  309
  Views

  

  You normally would not put any sort of rule on "outbound" wan.. Rules are evaluated as traffic enters an interface towards pfsense from the network that interface is connected too. If you want to block something on your lan or opt or any other "lan" side network then you would place the block on the that interface.
• D

  PFblockerng 2.2.1 with tdl, adding a schedule?
  • dabone

  2
  0
  Votes
  2
  Posts
  164
  Views

  

  @dabone said in PFblockerng 2.2.1 with tdl, adding a schedule?: is there an easy way to schedule the block? There is no provision for scheduling in pfblockerNG.
• D

  Confused, pfblockerng 2.2.1 Shallalists. blocks facebook.com but not www.facebook.com, etc.
  • dabone

  3
  0
  Votes
  3
  Posts
  303
  Views

  D

  Thanks!.
• M

  failed install pfBlockerNG-devel: 2.2.1 on pfSense-2.4.4.a.20180717.0730
  • matt1544

  4
  0
  Votes
  4
  Posts
  478
  Views

  

  @matt1544 said in failed install pfBlockerNG-devel: 2.2.1 on pfSense-2.4.4.a.20180717.0730: Do you know what version of pfsense would be compatible? 2.4.3 or less
• 

  pfBlocker source for mining IPv4 usng ASN does not contain all IPv4 entries when compared to https://ipinfo.io
  • Xentrk

  4
  0
  Votes
  4
  Posts
  402
  Views

  

  @bbcan177 Thank you for the reply. When I first got into Selective Routing last year on my Asus router, I also used the entware package whob to mine IPv4 addresses. I also discovered that it did not return the number of IPv4 addresses compared to ipinfo.io. Here is a snip of example code use to obtain IPv4 for a website. #Pull all IPs listed for whatismyipaddress.com on radb.net whob -h whois.radb.net -- '-i origin AS16625' | grep -Eo "([0-9.]+){4}/[0-9]+"' So, I went with ipinfo.io. I have since found two other similar sites. I too have been on the lookout for an alternative source. I will let you know if I find any.
• 

  pfBloquerNG and squid with squidGuard
  • _neok

  3
  0
  Votes
  3
  Posts
  235
  Views

  

  I haven't got them working together yet. First I want to know if they can have conflicts with each other. I am using pfSense 2.4.3 and the latest versions of each product currently. These days I'll make them work together and I'll tell you anything new in this thread. Greetings Gabriel
• D

  Incorrect GeoIP entry in pfB_Top_v4
  • djanakes

  3
  0
  Votes
  3
  Posts
  211
  Views

  D

  Thank you very much for the quick reply. I hadn't considered the consequences of blocking India vs India_Rep. It turns out that entire subnet is controlled by Cisco and several of our Texas state counties are assigned IPs in that range. Since this "problem" only began after July 2nd (the last time they were able to connect to our mail server using that same IP), we assumed it was entered by mistake. I've informed our customer and they will get with Cisco to determine a resolution, as it seems they're also now being blocked by other mail servers as well as their hosted helpdesk app is failing. All of these problems began sometime after July 2nd, which is when I assume the IP was entered into the India_Rep database. Thanks again for your assistance! David
• 

  pfBlockerNG 2.1.2_3 Recently Blocking Gmail Inbound
  • yuljk

  2
  0
  Votes
  2
  Posts
  194
  Views

  

  Nevermind - My bad, was a TLS configuration issue in Postfix!
• F

  PHP Warning: Illegal string offset 'vip' in /usr/local/pkg/pfblockerng/pfblockerng.inc on line 1128
  • fredlubrano

  3
  0
  Votes
  3
  Posts
  483
  Views

  

  @fredlubrano said in PHP Warning: Illegal string offset 'vip' in /usr/local/pkg/pfblockerng/pfblockerng.inc on line 1128: amd64 11.2-RELEASE FreeBSD 11.2-RELEASE #35 79c8a561b61(RELENG_2_4_4): Mon Jul 9 16:25:18 EDT 2018 root@buildbot3:/builder/ce-master/tmp/obj/builder/ce-master/tmp/FreeBSD-src/sys/pfSense In pfSense 2.4.4, it moves to PHP v7 which changed how arrays are defined. Unfortunately, you will need to drop down a lower pfSense version until the package is reworked to address the new changes in PHP7.
• M

  PFBlock Logging
  • mitra7

  4
  0
  Votes
  4
  Posts
  380
  Views

  

  You should start a new topic for you problem. In you case, inspect the Alerts Tab to figure out what is blocking traffic.
• F

  [SOLVED] pfBlockerNG - Reloading unbound fails
  • fpv

  11
  0
  Votes
  11
  Posts
  3044
  Views

  S

  I had the same issues and found another solution: Sometimes the certificates generated by ubound are not valid (by time/date/etc.). Solution: delete all certificates from ubound in the folder /var/ubound/ - than restart pfsense/ubound.
• C

  PFBLOCKER SYSLOGS
  • christenjm

  4
  0
  Votes
  4
  Posts
  267
  Views

  

  @christenjm said in PFBLOCKER SYSLOGS: Thank you BBcan177 does pgblockerNG send these logs to external syslog server They are not part of the pfSense syslog options at the moment, but possibly for next releases. You would have to manually send to a syslog as required.
• I

  pfBlockerNG v2.1.2_2, Using Shallalist categories?
  • inqq

  2
  0
  Votes
  2
  Posts
  252
  Views

  

  DNSBL will filter any LAN device that uses pfSense for DNS requests. To have some devices bypass DNSBL completely, you would need to define those LAN devices to use a different DNS server. Unbound has a "view" option where you can manually configure some workaround: https://forum.netgate.com/topic/129365/bypassing-dnsbl-for-specific-ips Hope to add some more configurability to next versions, but for now its a manual option.
• I

  Duplicating firewall lists on every interface
  • inqq

  5
  0
  Votes
  5
  Posts
  187
  Views

  I

  Ok - done. Good so far, but if I see it happening again, I'll report back
• D

  Blocking all but the whitelist.
  • dabone

  4
  0
  Votes
  4
  Posts
  365
  Views

  

  @mhab12 said in Blocking all but the whitelist.: https://forum.netgate.com/post/774687 Using a "dot" in Squid is the same for Unbound. Create a "local-zone" with ".", and then define all the "local-data" entries that you want to allow. Any local-data not defined will return nxdomain. From the Unbound docs link posted previously: local-zone: <zone> <type> **static** If there is a match from local data, the query is answered. Otherwise, the query is answered with nodata or nxdomain. For a negative answer a SOA is included in the answer if present as local-data for the zone apex domain.
• 

  string offset error
  • SLIMaxPower

  4
  0
  Votes
  4
  Posts
  294
  Views

  

  @slimaxpower said in string offset error: So after an update and reboot I am getting curl error 28 on quite a few dnsbl feeds when updating or cron. youtube was being blocked, but not google or gmail etc. Something is blocking the Feed download. Review the Alerts/Reports tab to see what it could be. You can check if DNSBL is blocking the domain with a ping command and if it replies with the DNSBL VIP. Or check the "Deny" Table to see if its being blocked by an IP Block.
• D

  Whitelisted items still apear in the alerts...
  • daremo

  1
  0
  Votes
  1
  Posts
  136
  Views

  No one has replied

• J

  pfBlockerNG-devel 2.2.1_2: IP Alerts list (Deny) not showing alerts
  • jacotec

  3
  0
  Votes
  3
  Posts
  317
  Views

  J

  @bbcan177 Yes, I did restart both services. But the issue solved itself: I've looked after a few hours again and now the log and stats are filled. Strange, I have no idea why it took a while ...
• 

  pfBlockerNG rule element modification and ordering
  whitelist pfblockerng dnsbl rule ordering suspension • • newyork10023

  2
  0
  Votes
  2
  Posts
  207
  Views

  

  @newyork10023 said in pfBlockerNG rule element modification and ordering: To begin, pfBlockerNG_devel 2.2.1_2 is awesome. Wow. Thanks. Thanks! Certain feeds are naughty. For example, adding RFC 1918 (Private Address Space), Multicast addresses, etc., etc., etc., is just BAD. Blocking possibly necessary system addresses, including multicast addresses, etc., is just NASTY. Adding a WhiteList is not going to fix this issue. These rule elements need to be culled from the list(s), and I mean permanently. By chance are you using Firehol Level1? That feed contains bogons and should not be used for Outbound blocking. You can also enable "Suppression" which will remove local/loopback addresss. A couple of feature suggestions for automatic rule insertion: use rule Separators to bind automatic rule insertion to specific places in the rules. (Indeed, one of my pet peeves is that automatic rules re-arrange Separator organization in seemingly random ways.). Another suggestion would be that automatic rule insertion should not re-arrange rule ordering AT ALL (after their initial placement). Subsequent rule updates should update rules IN PLACE. I like the possibility that Separators could be used to bind automatic rule insertion. But, disabling all automatic rule insertion needs to be an option for DNSBL. Firewall rule separators will be very difficult to implement with pfBlockerNG and auto rules...
• 

  pfBlockerNG and Suricata (IPS) interaction
  • newyork10023

  2
  0
  Votes
  2
  Posts
  409
  Views

  

  @newyork10023 said in pfBlockerNG and Suricata (IPS) interaction: Which takes action first? Snort and Suricata (non-inline mode) will block based on a copy of the packets. So pfBlockerNG and the IDS may show duplicate events if they are configured to block similar things. Suricata inline mode will block before the pfSense firewall rules take effect.
• 

  DNS RPZ (full URL)
  squidguard pfblockerng bind dnsrpz dns rpz • • newyork10023

  2
  0
  Votes
  2
  Posts
  278
  Views

  

  DNSBL will block domains, it cannot block based on a URL as it is a DNS based blocker.