• 0 Votes
    4 Posts
    981 Views
    BBcan177B

    Does this help:
    https://forum.netgate.com/topic/129365/bypassing-dnsbl-for-specific-ips

  • pfBlockerNG GeoIP "no valid package defined"

    4
    0 Votes
    4 Posts
    1k Views
    jimpJ

    It's running i386, and 2.3.x is the latest version available for that, because we do not support i386 on 2.4.x and later. 2.3.x has been EOL for over a year: https://www.netgate.com/blog/pfsense-release-2-3-x-eol-reminder.html

    If that hardware is capable of running a 64-bit OS, you can reinstall with the latest 2.4.4-p3 installer and get back up and running. If that hardware is 32-bit only, it will need to be replaced.

  • Noobie questions about pfblockerng

    2
    0 Votes
    2 Posts
    459 Views
    NollipfSenseN

    @Hurkamurka said in Noobie questions about pfblockerng:

    I installed pfblockerng (non devel)

    This reply doesn't answer your question but suggests installing devel version.

  • Need white list our https site

    7
    0 Votes
    7 Posts
    943 Views
    NollipfSenseN

    @AndrewD I would try clearing your browser cache and may be reboot your pfSense box too. When I did, it took a full day before I could visit the site because I didn't do a force update/reload nor set group to primary.

  • Could not resolve host when update DNSBL feeds

    3
    0 Votes
    3 Posts
    486 Views
    HurkamurkaH

    Hey! Thanks for come by. Yes, i run the latest pfSense.

    The extra info about the custom lines was hidden way too at the end of the blog, but i've found it after my post, and now i changed my settings according to that.

    Strange thing, but changing the DNS server to UncensoredDNS, seems now everything working fine. I think i will let Applied Privacy know about this behaviour.

    Maybe do you have a clue why could i resolve the hostname in the browser, but not in the DNSBL feeds update?

  • Feeds not added to 'DNSBL Feeds'

    7
    0 Votes
    7 Posts
    809 Views
    NollipfSenseN

    @jward101 said in Feeds not added to 'DNSBL Feeds':

    Correct. They are also displayed on the DNSBL > DNSBL Feeds interface BUT only after I added a feed manually through that interface. Before I added that manual feed they were not displayed in that location.

    I have a few like that...I was looking through to post for instance; however, they do show under the feed menu as duplicates though.

  • Help with GeoIP aliases needed

    3
    0 Votes
    3 Posts
    535 Views
    cfapressC

    AH ... yes, indeed my subnetting skills were lacking here.

    I resorted to lookups with this tool which helped me better understand what my brain couldn't sort out itself:
    http://jodies.de/ipcalc?host=216.220.128.0&mask1=17&mask2=

    Your link to the maxmind database is very helpful. So, thank you for that. Much appreciated. It will come in handy in the future.

    Thanks for the prompt response.

  • Looks lke its " working ...

    25
    0 Votes
    25 Posts
    2k Views
    V

    @Gertjan said in Looks lke its " working ...:

    The webserver being used by pfBlockerNG is listening to :

    If i leave it @ 127.0.0.1, my when i try to acces a blocked domain the browser keeps spining.
    ANd nothing getting logged in DNSBL

    sockstat -4l | grep 'lighttpd_p'
    root lighttpd_p 85774 4 tcp4 *:8081 :
    root lighttpd_p 85774 5 tcp4 *:8443 :
    root lighttpd_p 85774 6 tcp4 10.10.10.1:443 :

  • Cannot Lock/Unlock - IP or table missing

    1
    0 Votes
    1 Posts
    271 Views
    No one has replied
  • Squid /ClamAV problem

    2
    0 Votes
    2 Posts
    399 Views
    M

    Sorry, wrong subcategory - I'll post it again.

  • 0 Votes
    1 Posts
    206 Views
    No one has replied
  • pfBlockerNG and DNS

    3
    0 Votes
    3 Posts
    725 Views
    T

    Hello,

    ok, I disable the DNS forwarder and activate the DNS Resolver.
    For use the Unbound DNS Resolver I add a NAT redirect rule from here:
    Netgate Docs redirecting-all-dns-requests-to-pfsense

    My question, the NAT redirect rule create a LAN rule too, this rule is automatic below the pfblockerNG IP rules, must I move it above, after the Anti-Lockout Rule?

    Do I need the Blocking DNS Queries to External Resolvers rule too?

    regards
    ThomasD

  • pfBlockerNG-devel DNSBL Cert Error

    2
    0 Votes
    2 Posts
    3k Views
    BBcan177B

    See:
    https://www.reddit.com/r/pfBlockerNG/comments/ao98u1/dnsbl_certificate_error/

    and:
    https://www.reddit.com/r/pfBlockerNG/search/?q=certificate&restrict_sr=1

  • .mil, .gov and banks domains lists

    1
    0 Votes
    1 Posts
    190 Views
    No one has replied
  • STUN, public email providers and some feeds from SecOps

    1
    0 Votes
    1 Posts
    260 Views
    No one has replied
  • This topic is deleted!

    1
    0 Votes
    1 Posts
    11 Views
    No one has replied
  • Captive portal taking up to a minute to appear

    6
    0 Votes
    6 Posts
    722 Views
    GertjanG

    @bhjitsense said in Captive portal taking up to a minute to appear:

    Okay.... so what are you saying? I can't use forwarding?

    I'm not saying anything ^^

    b182a6e4-21ad-4174-a438-5705b20286e0-image.png

    I think that that text says : use Unbound in resolver mode .... but I might be wrong.
    DNSBL works fine for me.

    Btw : by default, unbound, the resolver uses the 'core' Internet DNS facilities and this should work as soon as you start pfSense for the first time and activate a WAN connection.
    If that doesn't work for you, your connection is not good.

    I'm not saying you can't use the Forward mode, but I suggest that you test with a (non modified) basic setup. When it works, you change things step by step. As soon as things stop to work, you will know what to undo .

  • 0 Votes
    3 Posts
    474 Views
    T

    Can't tell anymore. I completely removed pfBlockerNG. ☹
    I'll start from scratch when I find time. Thank you.

  • PfBloquer, help with entry locks

    Moved
    2
    0 Votes
    2 Posts
    213 Views
    johnpozJ

    Moved your question to the pfblocker section..

    Not sure why this should be a question though... You create an alias, then use it in your rules to either allow or block access to the ports you have open.. Its not something you need a guide for, its just a basic firewall rule.. Block or Allow.

    I have plex allowed in my rules. I have a list setup that contains US, and Honduras, it also contains known IPs used by plex to test if server is available remotely.. And also included is IPs that test from 3rd party if the port is open - so I can get notified if not available.

    These are the only IPs that are allowed to use the rule, they are the source.

    Above that rule I have a different list (bad actors) because they might be from the US, or Honduras.. So blocked them before they can get to the allow list.

    Remember rules are evaluated top down, first rule to trigger wins.. No other rules are evaluated.. So if create a rule that top that blocks who you want to block, then they would never get to your allowed rules..

    You limit your allow rules with a source limit to only allow say US, even though they are not on a specific bad list.. They are not US so they are not allowed. So they will drop through to the default deny.

  • pfblockerng not working for all ip's in the aliases

    3
    0 Votes
    3 Posts
    471 Views
    S

    @rtkluttz said in pfblockerng not working for all ip's in the aliases:

    45.82.152.0/23

    What about pfB_Europe_v4? Do you have anything in there in your WAN Rules?

Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.