I personally switched from Snort to Suricata for reasons mentioned here.
https://forum.netgate.com/topic/141946/to-snort-or-not-pfblocker/4

I didn't notice much difference in the GUI, configuration, or functionality aspect between the two. In terms of tuning rules, they seemed pretty much the same to me as well. In my opinion, once I figured out Snort the learning curve was not high for Suricata.

@Web2Print said in WAN says connected but no Internet on Lan - pfBlockerNG seems to be the issue.:

Cannot allocate memory

https://forum.netgate.com/topic/129748/cannot-define-table-bogonsv6-cannot-allocate-memory

Good Idea I should have thought of that. ill try get some soon.

Installed just now. No problems so far. Thanks for all the awesome work you do BBcan177!

I'm happy to assist, mushtash, though you're right, I'm currently running the prod version: 2.1.4_16

Anyone else here using the dev version who might know the answer to this question?

Might be worth reviewing the responses to my earlier post here in which the circumstances were possibly similar ...

Just a quick follow up to my post to advise that my "problem" has not reoccurred since taking RonpfS advice to reduce the number of entries in my pfblockerNG block files.

Once again my thanks to all who took the trouble to respond.

Cheers

@bbcan177 said in No Internet connection on LAN interfaces after reboot:

pfSense Resolver Log Level

Wheres that under mate ?

Definitely inspect the content--you will probably find a URL which is not blocked being used there.

Sometimes you may be getting ads from a subdomain, so you may need to check the "Enable TLD" to attempt to deal with these subdomains.
Also, so sites host ads locally, but that is less common. A content inspection should tell you.

We experienced the same behaviour with the blocklist from AlientVault and EmergingThreats:
https://reputation.alienvault.com/reputation.generic
https://rules.emergingthreats.net/fwrules/emerging-Block-IPs.txt

e.g. the AlientVault List contains the IP 97.83.55.0 and the IP 97.83.55.76 is blocked.
Reputation is disabled. De-Duplication and CIDR Aggregation is enabled.

Thanks!

Looks like the devel build does solve this issue.

Thanks, with disable the IPv4 table and remove the associated Auto FW rule understandably.

For will prevent Selected IPs from being blocked associated Auto FW just enough these IPs add in pfBlockerNGSuppress alias at Suppression = Enabled and all?

In PfblockerNG --> General there is the Option Rule order.
I think you should define a custom ip list (under ipv4 section) with action "pass" and than define the rule order so pass come before block/reject.

@totalchaos1010 said in Blocked Site Report:

@ronpfs Thanks for the response. Have the alerts tab, yes, however I am looking for "total count" reports, not log format.

What total count ? Total number of entries per URL ? You should be able to find that in pfblockerng.log.

You could also use pfblockerng-devel that has a Reports tab with more statistics about the package.

I downloaded the 1x1 Gif, uploaded the file in the Encode files into Base64 format section, select UTF8, hit >Encode<, I got the same result as the one in the index file.

@fernis

IP Tab
Edit the Alias name
Modify the "Action" setting.
Click on the blue infoblock icons for additional details.

@moon_d
What do you mean by "directory"?