Does this help:
https://forum.netgate.com/topic/129365/bypassing-dnsbl-for-specific-ips

It's running i386, and 2.3.x is the latest version available for that, because we do not support i386 on 2.4.x and later. 2.3.x has been EOL for over a year: https://www.netgate.com/blog/pfsense-release-2-3-x-eol-reminder.html

If that hardware is capable of running a 64-bit OS, you can reinstall with the latest 2.4.4-p3 installer and get back up and running. If that hardware is 32-bit only, it will need to be replaced.

@Hurkamurka said in Noobie questions about pfblockerng:

I installed pfblockerng (non devel)

This reply doesn't answer your question but suggests installing devel version.

@AndrewD I would try clearing your browser cache and may be reboot your pfSense box too. When I did, it took a full day before I could visit the site because I didn't do a force update/reload nor set group to primary.

Hey! Thanks for come by. Yes, i run the latest pfSense.

The extra info about the custom lines was hidden way too at the end of the blog, but i've found it after my post, and now i changed my settings according to that.

Strange thing, but changing the DNS server to UncensoredDNS, seems now everything working fine. I think i will let Applied Privacy know about this behaviour.

Maybe do you have a clue why could i resolve the hostname in the browser, but not in the DNSBL feeds update?

@jward101 said in Feeds not added to 'DNSBL Feeds':

Correct. They are also displayed on the DNSBL > DNSBL Feeds interface BUT only after I added a feed manually through that interface. Before I added that manual feed they were not displayed in that location.

I have a few like that...I was looking through to post for instance; however, they do show under the feed menu as duplicates though.

AH ... yes, indeed my subnetting skills were lacking here.

I resorted to lookups with this tool which helped me better understand what my brain couldn't sort out itself:
http://jodies.de/ipcalc?host=216.220.128.0&mask1=17&mask2=

Your link to the maxmind database is very helpful. So, thank you for that. Much appreciated. It will come in handy in the future.

Thanks for the prompt response.

@Gertjan said in Looks lke its " working ...:

The webserver being used by pfBlockerNG is listening to :

If i leave it @ 127.0.0.1, my when i try to acces a blocked domain the browser keeps spining.
ANd nothing getting logged in DNSBL

sockstat -4l | grep 'lighttpd_p'
root lighttpd_p 85774 4 tcp4 *:8081 :
root lighttpd_p 85774 5 tcp4 *:8443 :
root lighttpd_p 85774 6 tcp4 10.10.10.1:443 :

Sorry, wrong subcategory - I'll post it again.

Hello,

ok, I disable the DNS forwarder and activate the DNS Resolver.
For use the Unbound DNS Resolver I add a NAT redirect rule from here:
Netgate Docs redirecting-all-dns-requests-to-pfsense

My question, the NAT redirect rule create a LAN rule too, this rule is automatic below the pfblockerNG IP rules, must I move it above, after the Anti-Lockout Rule?

Do I need the Blocking DNS Queries to External Resolvers rule too?

regards
ThomasD

See:
https://www.reddit.com/r/pfBlockerNG/comments/ao98u1/dnsbl_certificate_error/

and:
https://www.reddit.com/r/pfBlockerNG/search/?q=certificate&restrict_sr=1

@bhjitsense said in Captive portal taking up to a minute to appear:

Okay.... so what are you saying? I can't use forwarding?

I'm not saying anything ^^

b182a6e4-21ad-4174-a438-5705b20286e0-image.png

I think that that text says : use Unbound in resolver mode .... but I might be wrong.
DNSBL works fine for me.

Btw : by default, unbound, the resolver uses the 'core' Internet DNS facilities and this should work as soon as you start pfSense for the first time and activate a WAN connection.
If that doesn't work for you, your connection is not good.

I'm not saying you can't use the Forward mode, but I suggest that you test with a (non modified) basic setup. When it works, you change things step by step. As soon as things stop to work, you will know what to undo .

Can't tell anymore. I completely removed pfBlockerNG. ☹
I'll start from scratch when I find time. Thank you.

Moved your question to the pfblocker section..

Not sure why this should be a question though... You create an alias, then use it in your rules to either allow or block access to the ports you have open.. Its not something you need a guide for, its just a basic firewall rule.. Block or Allow.

I have plex allowed in my rules. I have a list setup that contains US, and Honduras, it also contains known IPs used by plex to test if server is available remotely.. And also included is IPs that test from 3rd party if the port is open - so I can get notified if not available.

These are the only IPs that are allowed to use the rule, they are the source.

Above that rule I have a different list (bad actors) because they might be from the US, or Honduras.. So blocked them before they can get to the allow list.

Remember rules are evaluated top down, first rule to trigger wins.. No other rules are evaluated.. So if create a rule that top that blocks who you want to block, then they would never get to your allowed rules..

You limit your allow rules with a source limit to only allow say US, even though they are not on a specific bad list.. They are not US so they are not allowed. So they will drop through to the default deny.

@rtkluttz said in pfblockerng not working for all ip's in the aliases:

45.82.152.0/23

What about pfB_Europe_v4? Do you have anything in there in your WAN Rules?