@provels said in MS activated DoH at the operating system level, in this "great" 20H2 release...?!:

What would happen to those of us using the resolver and talking to the roots?

Hello everyone...

Okay (hmmm, how should I start, OK I already know), I’ll post a new and great evidence on this theme (Win10 _20H2 vs. DoH) in 2021, so I am not doing it now, ...because I want to (sorry,....I would like to)..... and I would like to wish a beautiful Christmas and a pleasant New Year holiday to everyone, but then comes the dread in 2021....HOHOHO..HAHAHA, like bird flu H1N1 - Winflu 20H2 - HIHIHI

-it wasn't a good joke, though it looks a bit similar.....✋ (so, "give me five")
(I am using roaring emoticons 😉 , not like others :)

of course only for those who like to control their own DNS stuff -

I look forward to seeing everyone, if you are interested in the future... and theDNS theme

BTW (preliminary):
the encouraging test environments: (4 colleagues, 4 separate locations (in EU), 4 external pfSense installations - same Win image - 20H2)

2020-12-22_17h03_37.jpg

+++edit:
MY new year "vow" WILL BE that I wont be createing less colorful posts and 😂

+++edit2:
anyway, I use windows everyday (to my stuff)
well, that's a joke (so I got upset)

@sebm said in pfBlockerNG-devel v3.0.0_7:

While in Firefox, the first file I select never gets loaded,

Using Firefox 84.0 - no adds, when I visit :

1d1ebd34-dbd6-4ec3-af08-bb59b1496741-image.png

Now, I'm invited to make my selection, using the second "Log/file selection" pull-down list
When done, the file is shown right away.
Looks fine to me now.

@bbcan177

Yeah I saw that, but nothing clear about the free version. Maybe we just have to wait.
Anyway thank you @BBcan177

@bbcan177 said in Some download FAIL alerts:

Yes that is what I said in that reddit post.

Yup, I understood. I said that too above. (free for private use)
Yes, it works with a minor bug, the download sometimes doesn't start, but if I know well they are working on it.

@bbcan177 oops.. I cleared it and it’s all good. Thanks. 👍👍

Thank you both for the sugestion. Already implemented it and it's working great!

@bbcan177 That's what I was afraid of. Guess I'm asking Santa for a computer so I can get the most out of this.

@rloeb said in pfBlocklerNG v3.0.0_6-devel blocking all outbound traffic?:

Thank you.

Do not mention it 😉

@thewismit said in Whitelisting guidance:

I need to curate the feeds?

definitely 😉

the pfBlockerNG installation (app) includes predefined lists, but this is everyone's individual taste and goal oriented...

Like:

ee9d8d53-fdc6-45b8-849c-154b6e9b6257-image.png

+++edit:

of course you can use multiple lists, but like I said, define your goal (in addition to what is specified in the DEV or not pre-installed)

always be careful with these, as it can be annoying to install a senseless lists

+++edit2:

one more thought, if you have to do too many things on a whitelist, think about whether you choose a good BLK list(s)? 😉

PfBlockerNG is not the tool to use for content filtering. PfBlockerNG is used to sinkhole content like adverts or malicious IPs/domains.

You want to use Squid or Squidguard and setup categories to block for specific groups of users, subnets or VLANs.

There are already guides out there on how to do this.

Just wanted to provide an update to this thread as someone helped me find the issue that was causing this.

NtopNG has threat feeds in it now and when it can't get to one of the feeds it just keeps trying and trying.

To disable you have to go into the admin interface go to settings and category lists and then disable the offending list giving you an issue. I went ahead and disabled all of them since this was such a problem to find as well as these lists seem to go up and down and I don't want it to just keep trying (outside of its setting to only pull them down daily).

hehe ok, ty sir.
I think I will not poke the bear and trust it is working!

@herman

You should be able to edit the thread title and tag - if not I can do it for you.

Thread marked.

@vesalius said in pfblockerNG TLD help:

dnsbl python mode

I wasn't 100% sure what the difference between unbound and python mode was, so I decided not to change it just yet until I had a better understanding. However, since you asked, I thought I would try it and see if it worked that way. I checked your other suggestions, and yes they were set as you mentioned.

After changing to python mode, TLD is now working - thank you! Also, pretty cool that my RAM usage is down to 15% now.. guess I didn't need the upgrade, oh well.

I did read the following post from BBcan177, along with the "more info" under "dnsbl mode", but was wondering if you had more info I can check out to better understand. Also, because of this, I didn't enable anything else under DNSBL other than TLD

More info
This mode will allow logging of DNS Replies, and more advanced DNSBL Blocking features.
BBcan177 post
https://forum.netgate.com/topic/158592/pfblockerng-devel-v3-0-0-no-longer-bound-by-unbound/2

@bbcan177 I have not set this Clear Widget Option afaik, still every night I am running into this error. Could it get triggered by something else?

@huskerdu
I noticed that some things being blocked via [ TLD ] are still showing as
Unknown Unknown
EX:
Unknown Unknown www.googletagmanager.com [ TLD ]
DNSBL-python | HSTS_A

Do you happen to know a fix?

@bbcan177 said in pfBlockerNG-devel v3.0.0_5:

@lcbbcl said in pfBlockerNG-devel v3.0.0_5:

I have a weird problem with the new version, if i enable HSTS mode for DNSBL, on reports i have unknown unknown for Lan but for Wifi is working fine.
Before the v3.0.0 i had web server interface set as LAN and now i set localhost.
Btw can someone guide me how to use regex?

pfSense 2.4.5 uses Unbound v1.10.1 which has a regression that fails to pass some information to the python modules. It has been fixed, but there is no way to upgrade Unbound to v.1.12.0 in pfSense 2.4.5.

In pfSense 2.5, it has Unbound v1.12.0, soon to be v1.13.0.

For the DNSBL Blocking part, you can enable the checkbox in the DNSBL Tab > DNSBL Event Logging , and that will stop the python integration from logging, and use the DNSBL Webserver to log the events. Unfortunately, that is only limited to HTTP events.

And for DNS Reply logging, there is no other workaround.

Not much I can do unfortunately.

Its recommended to use localhost instead.

For Regex, here is a list of Regexs that can be used:
https://www.reddit.com/r/pfBlockerNG/comments/k08n33/pfblockerngdevel_v300_no_longer_bound_by_unbound/gdkaod4/?utm_source=reddit&utm_medium=web2x&context=3

Regex seems to be like a add-on to PfB.
Thank you.

@bbcan177 said in Adding IPv6 Feeds from the Feeds Tab in pfBlockerNG v3.0.0_5:

@jdeloach

Edit /conf/config.xml

And find the "pfblockernglistsv6" tag, and remove the "<config></config>" line below it.

<pfblockernglistsv6>
<config></config>

That fixed it. Thanks for your prompt support of this great package.

@costanzo

See here:
https://forum.netgate.com/post/950929

Agreed that's a lot of lists 😮
Tone them down. The potential protection they are providing you are not worth the issues you are having and will have. I know it's tempting to add everything, hit save and walk away, but that's asking for trouble. Every now and then even well established lists that have been working fine for a long time can start to block legit stuff. It's the nature of the beast. Having many lists just makes it more difficult to track down which one is causing headaches. It is sometimes hard to track down which specific list it is so I think @Gertjan approach is best.