• PFBlockerNG changing the order of my own Floating Rules

    10
    0 Votes
    10 Posts
    3k Views
    BBcan177B

    Those are the default settings now... If none of those Auto rule settings work for your needs, you can always use "Alias Type" Action settings and manually create the firewall rules to suit. Click on the blue infoblock icon for the Action setting for more details.

  • Public DNS, DNSCrypt and VPNs feeds

    2
    0 Votes
    2 Posts
    377 Views
    JeGrJ

    Perhaps @BBcan177 can add them to the feed list in one of the next sub-versions?

  • Active Directory Server & pfblockerNG Suggestion Required

    3
    0 Votes
    3 Posts
    503 Views
    johnpozJ

    Yeah if your MS shop using AD, its prob best to let MS be your dhcp and dns... Then just have your AD dns use pfsense/pfblocker for your dns to external domains.

    You can put in a domain override in pfsense so it can resolve your PTRs for networks and the like.

  • Suggestion - Disable default DoH in Firefox

    2
    1 Votes
    2 Posts
    309 Views
    GertjanG

    Hi,

    He (@BBcan177 ) already spoke about it here (the DNS forum).

  • traffic getting through pfblocker

    Moved
    3
    0 Votes
    3 Posts
    297 Views
    M

    Thanks for the reply. I found a way to get it to work...

    At the bottom of the Custom Address List, there is a drop-down menu with the option "Update Custom List" -- selecting that item and then forcing an update fixed the issue and the address was correctly blocked.

    What's odd is that I've never had to select that before. I've always just added the address, forced an update and literally watched as no more targeted traffic made it through the firewall.

    I'm not sure what changed, but at least I was able to get it working.

    Thanks again!
    -Michael

  • PHP Error showing up on backup firewall (CARP)

    1
    1 Votes
    1 Posts
    113 Views
    No one has replied
  • What does "SFS_Toxic_BD" mean? – Is Zoho bad?

    12
    0 Votes
    12 Posts
    2k Views
    NogBadTheBadN

    @skilledinept said in What does "SFS_Toxic_BD" mean? – Is Zoho bad?:

    Just to be clear, I'm not blaming anyone or anything, it's only curiosity and, I did install the developer version. The whole UI change threw me for a loop so I followed the little walkthrough just enough to get filtered DNS and left the rest for later.

    Those in the know install the developer version ☺

  • pfBlockerNG Throwing Multiple Errors

    2
    0 Votes
    2 Posts
    365 Views
    BBcan177B

    https://www.reddit.com/r/pfBlockerNG/comments/chsajn/cant_get_geoip_to_block_foreign_countries/

  • Some popular lists not loading

    7
    0 Votes
    7 Posts
    1k Views
    BBcan177B

    @Koent
    When you run a "Reload" it uses the previously downloaded feed if it was previously downloaded.
    Goto the Log Tab, view the file in the "dnsbl" folder, and delete it, then run a Force Reload/Update

  • Bypassing pfblocker for a specfic static ip?

    3
    0 Votes
    3 Posts
    1k Views
    T

    If you are using static mappings in the DHCP, I believe that one alternative to modifying unbound's custom options would be to specify DNS servers in the DHCP static mapping(s) of the host(s) that you wish to exclude from DNSBL. Of course, this is only if you're willing to use other DNS servers. For example:
    e34b1368-01ba-42a4-9823-862e35fed9b7-image.png
    That way, the host(s) won't use the pfSense machine for DNS at all. Note that you would need to take additional steps for this to work if you have also configured a NAT port forward to redirect any DNS requests from hosts on your LAN to unbound.

    Also, keep in mind DNSBL IPs (if enabled), which are handled via firewall rules instead of unbound:
    8942b15e-05a0-427a-8c20-3fc57f2a1077-image.png

    If you want certain static IPs to also be excluded from this, you can set the list action to Alias Deny, as in my screen shot, and then create your own block rules that do not apply to the static IP(s) in question. Or you could leave the List Action set to one of the "Deny" options that automatically creates rules, but configure advanced rules that exclude your static IP(s):
    100b1944-6399-4c4a-950b-6012b05a0edd-image.png

    @BBcan177, if any of this is terrible or misguided advice, please feel free to set me straight 😉

  • invalid Feeds

    5
    0 Votes
    5 Posts
    623 Views
    BBcan177B

    The following PR has been created for Feed Maintenance and a change to the cURL user-agent string:
    https://github.com/pfsense/FreeBSD-ports/pull/674

    Please consider supporting the project:
    https://www.patreon.com/pfBlockerNG

  • LAN deny iplist inbound/outbound but pfsense itself allow outbound

    3
    0 Votes
    3 Posts
    419 Views
    S

    @RonpfS

    Ok, so I don't use pfblocker for this at all :)

    I created an alias with all the ip addresses I want to block

    Under Firewall/Rules/LAN1 I created a rule
    Reject
    LAN1
    IPv4
    Any

    Source Any
    Destination 'Single host or alias' 'my_alias'

    I placed the rule after the Pfblocker auto rules and it seems to be working but the question is if I did it correctly ?

    Many thanks for the simple solution 👍

  • Can't tell if pfBlocker is being updated

    7
    0 Votes
    7 Posts
    914 Views
    NogBadTheBadN

    @Stewart said in Can't tell if pfBlocker is being updated:

    @NogBadTheBad

    I'm having to do that since I can't just whitelist the USA. I'm having to block countries that I've seen attacks on the NATed ports and am now adding in IPs that aren't being blocked by the lists. Gotta stop them somehow. Does pfBlockerNG-devel use different lists?

    Create an Alias Permit rule using the US GeoIP and apply it to the NAT rules, everything else would be denied by default.

    You can also add IP addresses to the IPv4 Custom_List at the bottom.

    Here's how I allow SSH / SFTP to my Raspberry Pi that sits in the DMZ.

    Screenshot 2019-09-19 at 16.20.39.png

    Screenshot 2019-09-19 at 16.18.41.png

  • DNSBL FEED BLOCKING NOT WORKING

    15
    0 Votes
    15 Posts
    2k Views
    F

    @NogBadTheBad Okay Brother Thanks i am using Kiwi Syslog for tracking this.

  • There were error(s) Cannot allocate memory?

    Moved
    3
    0 Votes
    3 Posts
    636 Views
    A

    Got Ya!

    Yeah, I was in a rush last night and posted in the wrong place for a start also didn't have time to search bit I shall check out the links chears.

    This can be deleted by staff if need be ;)

  • error: syntax error read /var/unbound/unbound.conf

    3
    0 Votes
    3 Posts
    2k Views
    S

    I had already rebooted once, but I rebooted again, just as I was getting ready to do a full reinstall and was able to add back my custom options and dns is working. The 'dnsbl' line happens to fall on line 108, so I guess it was still cached?

    I think everything is normal now... having been struggling with this all afternoon...

  • pfblockerNG Whitelist Clarification

    5
    0 Votes
    5 Posts
    648 Views
    JeGrJ

    @Ojisang said in pfblockerNG Whitelist Clarification:

    I wanted to add an alias in the rules using the pfblockerNG whitelist but I couldn't.

    Add an Alias to the rules using the whitelist?

    OK now I'm completely confused. Could you please detail, what you're trying to achieve?`To me it sounds like you're trying it the wrong way?

  • DNSBL - Alerts not showing IF or SOURCE

    8
    0 Votes
    8 Posts
    2k Views
    BBcan177B

    @Gertjan said in DNSBL - Alerts not showing IF or SOURCE:

    As already said back in 2017 :

    @BBcan177 said in DNSBL - Alerts not showing IF or SOURCE:

    This is fixed and will be in the next release…

    Install pfBlockerNG-devel

  • DNSBL Shenanigans

    3
    0 Votes
    3 Posts
    487 Views
    T

    Thank you so much! I totally have forwarding on. Furthermore, I realized that specific lists were super trigger happy so I will be debugging sources one by one I guess

  • Different profiles for different zones?

    4
    0 Votes
    4 Posts
    662 Views
    BBcan177B

    @jakes
    Yes this will be possible with the upcoming Unbound python integration, but this "profile" feature is not currently completed. I agree that this will be a great feature to have including scheduling times for rules to apply to different profiles...

    There are some screenshots and info of the upcoming version on my Patreon page: https://www.patreon.com/pfBlockerNG

Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.