pfBlockerNG

• T

  Post-upgrade to 2.4.5 pfBlockerNG-devel causing memory and/or CPU spikes
  • t41k2m3  

  1
  0
  Votes
  1
  Posts
  114
  Views

  No one has replied

• A

  PFblockNG Devel not logging or blocking domains
  • antoni777  

  14
  0
  Votes
  14
  Posts
  231
  Views

  A

  I still get nothing, In the post above i always get the same error , "Missing DNSBL stats and/or Unbound DNSBL conf file - Rebuilding" V/r Tony
• M

  Advanced Inbound Firewall Rule Settings
  • maxyca  

  2
  0
  Votes
  2
  Posts
  73
  Views

  M

  Really nobody did it?
• J

  Feed not updating with cron but does by force
  • Jobee  

  7
  0
  Votes
  7
  Posts
  113
  Views

  S

  Hello! Are you using ram disks in System/Advanced/Miscellaneous? This sounds oddly similar to these : https://forum.netgate.com/topic/151591/sort-4-not-downloading-vrt-rules/ https://forum.netgate.com/topic/151634/php-errors/ John
• 1

  DNS custom IPv4 blocklist stored as base64?
  • 1OF1000Quadrillion  

  2
  0
  Votes
  2
  Posts
  43
  Views

  

  Uh...Base64 is not a number base. It is a method for encoding binary values as text strings. See Wikipedia here: https://en.wikipedia.org/wiki/Base64.
• L

  Migrating from Pi-hole to PFblockerNG
  • lordofpc734  

  2
  0
  Votes
  2
  Posts
  264
  Views

  

  you can add list from DNSBL / DNSBL groups and press ADD, insert that link save and enable it for the regex stuff i found this on redmine https://www.reddit.com/r/pfBlockerNG/comments/d01qod/can_pfblocker_block_urls_by_regex/ez56ta3/ This will be available in the next major release as it will utilize the Unbound python integration. it's 6 months old idk how are things going on about it update here https://www.reddit.com/r/PFSENSE/comments/fj1ks8/migrating_from_pihole_to_pfblockerng/ Will be in the next pfBlockerNG-devel release when pfSense 2.4.5 is released.
• T

  PfBlockerNG whitelisting blocked GeoIP
  • techman2005  

  8
  0
  Votes
  8
  Posts
  168
  Views

  

  @techman2005 I just looked up scan.nextcloud.com and it resolved to 95.217.53.149, so you may need to actually edit the file /var/log/pfblockerng/ip_blocklog and remove the IP. I don't understand why it didn't adjust the data when you added the domain, saved, and reload. You could scroll to the right of that log file to see the list it belong to and try adding the IP to the custom list I think...maybe @BBcan177 can step in.
• N

  Find IP Address being blocked in feeds
  • nuffsai21  

  2
  0
  Votes
  2
  Posts
  167
  Views

  N

  Spent more time reviewing the changes I made. If I am not mistaken the pfB_Top_v4 alias is made by enabling GeoIP blocking (any of the lists there). In my case I enabled Top Spammers list and with action 'deny outbound'. After disabling 'GeoIP Top Spammers' the ubuntu updates began working.
• W

  Advice - Allowing client to bypass pfblocker-ng
  • wesfox  

  12
  0
  Votes
  12
  Posts
  2594
  Views

  T

  Hello All. I would like to ask about the following. I have some IPs bundled in an ALIAS and these IPs should bypass pfBlockerNG. When I unselect these IPs by their dedicated VPN-Interface in "Select Outbound Firewall Interface", these IPs are still get filtered by pfBlocker. Is this the reason for for this because of checking the option for floating rules (Open VPN) in DNSBL firewall rules? Nevertheless, I found wesfox's link for bypassing single IPs. Would this be the right way to bypass pfBlockerNG for some LAN IPs? Thx for your support in advance.
• W

  TLD white list not working
  • wolfsden3  

  21
  0
  Votes
  21
  Posts
  205
  Views

  

  @A-Former-User said in TLD white list not working: @wolfsden3 said in TLD white list not working: Well thanks for the discussion, I learned a few things that I'll implement at other locations. Looks like they have 760k DNS queries per day on that FW. I'm not sure if that's a lot or not. Minimizing DNS queries is my next project although the FW is doing it's job and fairly well I think. I'll fart around with this. I'm not sure if other sites are experiencing this too. They might very well be. Thanks again. last thing i promise. below i have screenshot and posted my firewall rules: Floating: WAN: LAN: GUESTVLAN: blacked out information is just rules for my openvpn I just got to say I like your firewall arrangement...bravo!
• E

  High number of unbound resolver queries since last clearing
  • eindhovenfinest  

  1
  0
  Votes
  1
  Posts
  65
  Views

  No one has replied

• 

  pfBlockerNG-devel 2.2.5_29 - Cron job drops internet every 30 minutes.
  • Herman  

  10
  0
  Votes
  10
  Posts
  215
  Views

  

  Managed to choke pfSense with 4GB ram and pfBlockerNG to not answer to icmp echo anymore. So my theory stands: Add more memory.
• T

  pfBlocker causing dropped states on synced routers
  • timboau 0  

  1
  0
  Votes
  1
  Posts
  46
  Views

  No one has replied

• R

  DNS Resolver crashing on start
  • robnyr2317  

  3
  0
  Votes
  3
  Posts
  79
  Views

  R

  I’ll try less feeds. It’s a sg-1100 appliance so I can’t add memory
• 

  pfBlockerNG and Suricata (IPS) interaction
  • newyork10023  

  8
  0
  Votes
  8
  Posts
  804
  Views

  

  @timboau-0 said in pfBlockerNG and Suricata (IPS) interaction: OK, I'm thinking that makes sense - so unless there was an attack against the actual firewall - any traffic that did make it through malicious or not would be 'seen' traversing through to the LAN. Yes, this is correct. The LAN is the best place to put an IDS/IPS 99% of the time. A major reason is so, when using NAT, the IP addresses you see in alerts will be the actual LAN host addresses instead of the NAT IP. When you put the IDS/IPS on the WAN, all internal host traffic shows up under the WAN public IP due to NAT. So finding what internal host generated an alert is very difficult.
• 

  Comprehensive YouTube/Google Ad Block List
  • kklouzal  

  10
  1
  Votes
  10
  Posts
  13787
  Views

  D

  I stopped using chrome and switched to the Brave browser (Download from the official site- https://brave.com). I forgot about advertising on YouTube. Brave was created by Brendan Eich, one of the founders of the JavaScript programming language, using the Blink engine (developed by Google). All popular browsers are created on this engine - Opera, FireFox and Chrome itself.
• S

  Unable to edit GeoIP Links
  • Stewart  

  23
  0
  Votes
  23
  Posts
  220
  Views

  J

  @Stewart said in Unable to edit GeoIP Links: Maybe not. I was just checking the lists to edit but if I run an update I get: MaxMind Database downloading and processing ( approx 4MB ) ... Please wait ... Download Process Starting [ 02/25/20 14:34:14 ] /usr/local/share/GeoIP/GeoLite2-Country.tar.gz 401 Unauthorized Failed to Download GeoLite2-Country.mmdb /usr/local/share/GeoIP/GeoLite2-Country-CSV.zip 200 OK Download Process Ended [ 02/25/20 14:34:16 ] Is that right? It lets me edit the lists now but I'm only authorized for 1 of the 2? When you view the pfBlockerNG box in the pfsense Dashboard, does it show that MaxMind has updated? If not, you may not have any list downloaded. If it doesn't show that MaxMind has updated, issue the following command from Diagnostics, Command Prompt without the quotes: "php /usr/local/www/pfblockerng/pfblockerng.php DC". This should force an update MaxMind since it is only set to update once a month by the default cron.
• S

  2 Questions: Whitelist and UT1
  • Stewart  

  9
  0
  Votes
  9
  Posts
  159
  Views

  

  @RonpfS said in 2 Questions: Whitelist and UT1: @NollipfSense Your Whitlelist should have only domain names, no URLs or http:// That's what I have...see second post...WAIT, I see the mistake...thanks!
• D

  can pfblocker-ng alerts page be adjustable
  • detox  

  9
  0
  Votes
  9
  Posts
  131
  Views

  

  @BBcan177 Ah...that makes sense...I'll patiently wait for the updated d3pie.
• J

  Leverage NextDNS BlockList Metadata
  • jeffvogelsang  

  2
  0
  Votes
  2
  Posts
  223
  Views

  

  @jeffvogelsang The pfBlockerNG-devel package has an existing Feeds tab. It would probably be more efficient to request changes to the feeds or submit a PR against the database here: https://github.com/pfsense/FreeBSD-ports/blob/devel/net/pfSense-pkg-pfBlockerNG-devel/files/usr/local/www/pfblockerng/pfblockerng_feeds.json Keep in mind that I typically do not add feeds that are compilations of other Original Feeds. Best to go directly to the source. There are changes to be made to the json already as some feeds are now discontinued. That will happen in the next release.
• O

  This topic is deleted!
  • Oudel  

  1
  0
  Votes
  1
  Posts
  7
  Views

  No one has replied

• G

  geoip floating rules not being generated?
  • gregfitz  

  2
  0
  Votes
  2
  Posts
  60
  Views

  

  From your FW rule, it looks like there is no Firewall 'Auto' Rule Suffix' in the description. Your Firewall 'Auto' Rule Suffix is set to "AR" and that doesn't show in the Description of the FW Rule. I guess you changed that setting it at some point. Did you disable pfblockerNG when you changed the settings ? Select 'Auto Rule' description suffix for auto defined rules. pfBlockerNG must be disabled to modify suffix.
• N

  TLD shutting down on pfBlockerNG-dev?
  • nopro  

  3
  0
  Votes
  3
  Posts
  105
  Views

  N

  @NollipfSense Thanks for the suggestion of increasing states/table entries. I will give it a try. Although, as described in my initial post, my system seems to use a disproportionately low amount of memory about two hours after reload, it seems to apply TLD filtering adequately, as far as I can discern from looking at my Reports/Alerts/DNSBL log... Still puzzled... EDIT: Of course, I might not know about packets escaping filtering and thus logging, yet the log appears to be populated in a plausible manner.
• S

  Can't get DNSBL to work
  pfblockerng dnsbl unbound • • SteelCityColt  

  6
  0
  Votes
  6
  Posts
  735
  Views

  S

  Solved it guys, did some googling on that SSL error and found another post here: In /var/unbound Delete dnsbl_cert.pem unbound_control.key unbound_control.pem unbound_server.key unbound_server.pem Reboot and run force update/reload. DNSBL now up and running. Thanks for the help in diagnosing guys.
• J

  Problem with ADs feed
  • JonH  

  3
  0
  Votes
  3
  Posts
  253
  Views

  

  @jdeloach Funny that I turned off mine yet it still had the notification of failure! Just did a reload and that seems to resolve.
• N

  Strange resolver behavior
  • nasos.liagos  

  1
  0
  Votes
  1
  Posts
  66
  Views

  No one has replied

• C

  Shallalist and UT1 do not work pfBlckerNG-devel 2.2.5-28 on pfSense 2.4.5-RC
  • cmeziere  

  8
  0
  Votes
  8
  Posts
  325
  Views

  

  @cmeziere You're welcome and glad you fixed it.
• L

  pfblocker-devel does not block ip
  • lbm_  

  3
  0
  Votes
  3
  Posts
  111
  Views

  

  @lbm_ said in pfblocker-devel does not block ip: I've created an alias under firewall rules There, you go...that's exactly what I would say.
• E

  Error when saving IP settings (IPv4 Suppression: Invalid mask [ x.x.x.x/29 ]. Mask must be defined as /32 or /24 only.)
  • ElPistolero  

  7
  0
  Votes
  7
  Posts
  169
  Views

  E

  @NollipfSense ... This very blind moron thanks you, sir! I don't know how I could have missed that expandable bar... Offending entry removed, license key entered, problem solved. Thank you again!
• D

  PfBlockerNG does not seem to be blocking these session replay sites
  • dhjdhj  

  9
  0
  Votes
  9
  Posts
  159
  Views

  D

  Yes, I understand completely (now that you explained) --- I did not realize that pfBlocker was working at DNS level - I assumed that it was putting IP blocks in firewall rules. Thanks again the help
• C

  DNSBL - DNS bug?
  • croadfeldt  

  2
  0
  Votes
  2
  Posts
  92
  Views

  C

  Opened https://redmine.pfsense.org/issues/10252
• P

  krebsonsecurity.com blocked
  • py  

  5
  1
  Votes
  5
  Posts
  213
  Views

  

  @py said in krebsonsecurity.com blocked: aheadoftheherd.com See it this way : you tend visit sites that happen to have a (shared ?) IP that happens to be on a list some where. Whitelist them .... Or remove the feeds that lists them. pfBlockerNG does nothing by default. Check for yourself : remove all the feeds and it becomes transparent.
• W

  pfblocker disk usage full error
  • war  

  2
  0
  Votes
  2
  Posts
  81
  Views

  T

  Are you sure the disk space is being used by pfBlocker or is that just reporting the write error? Do you have Suricata installed by chance? https://forum.netgate.com/topic/140951/suricata-log-files-are-filling-the-disk https://forum.netgate.com/topic/130980/suricata-not-limiting-log-sizes-by-default
• R

  Installed pfBlockerNG but service does not start
  • roney.s.mathews  

  2
  0
  Votes
  2
  Posts
  51
  Views

  

  The logs ? @roney-s-mathews said in Installed pfBlockerNG but service does not start: I used multiple Ip's outside my network but the pi-hole page is not displayed pfSense / pfBlockerNG-dev is not pi-hole .... or please explain. Btw : The DNSBL part of pfBlockerNG-dev needs the resolver, not the forwarder. So it's nomal the DNSBL part doesn't start.
• M

  excessive RAM usage
  • meem  

  2
  0
  Votes
  2
  Posts
  83
  Views

  

  Hi, You you have the "TLD" option checked ? If so, click on the blue "I" - right after the red text. So : uncheck TLD, or go out and buy really huge RAM sticks. Or remove some feeds.
• N

  pfBlockerNG / SquidGuard conflict?
  • nopro  

  5
  0
  Votes
  5
  Posts
  85
  Views

  

  @nopro You'll need to search as I remembered reading last year...maybe they use the same system resources since the function/feature they provide is similar so when one is using the resource the other is stranded.
• Z

  Latest update 8/02/2020
  • zimnysbrain  

  5
  0
  Votes
  5
  Posts
  218
  Views

  

  @ZIMNYSBRAIN @NollipfSense No reason not to have Automatic Configuration Backup enabled. But still curious why pfB updated on its own...?
• K

  PfBlockerNG broken after reinstall and restore
  • Koent  

  7
  0
  Votes
  7
  Posts
  2280
  Views

  A

  @BBcan177 Hello Sir, I'm having the same issue. I went i did what was said here twice and still have the problem. I also unchecked the boxes and rebooted the system, still nothing. could you help please? V/r
• M

  DNSBL Report Stopped Logging
  • mifronte  

  6
  0
  Votes
  6
  Posts
  148
  Views

  A

  @mifronte Good afternoon, Thanks for trying to help me with this issue. I checked all download feeds and everything seems to be working. I had a registered maxmind feed and turned it off too. Pretty much I had turned everything off and deleted the files per another forum. I even bought a new device, installed everything and I got the same problem. Which makes me think is something in the feeds. One strange thing I found is that the firewall rules are gone too. This is really strange to me. I rechecked every setting 5 times already and forced reload, started and stopped the resolver. I recognize that I’m fairly new to this firewall software, but I really don’t find what can be causing the issue, as I have even restored the system using my previous config files. Sorry I’m a little frustrated. why is it doing the same with the other system and is a brand new installation. I also have a Free malware patrol subscription and turned it off. I’m I hacked?
• W

  TLD issues/questions....
  • whizatit  

  20
  0
  Votes
  20
  Posts
  202
  Views

  

  Also : @whizatit said in TLD issues/questions....: Can't retrieve/post logs if system freezes :-( That why logs shouldn't stay on the router. You have to 'backup' your logs. Because: if you have them, you wont need them - and the other way around. I've TLD selected since the beginning on a very old plain vanilla "Intel(R) Pentium(R) 4 CPU 3.20GHz 2 CPUs: 1 package(s) x 2 hardware threads " with 2 GB. Four or five classic feeds ( DNSBL ). Here you can see memory and system resources (yep, another way to 'log' outside the box). pfSense freezes ? I don't recall freezing mine on me ...