Thanks 👍

Thanks, works perfectly now.

No, you do not.

I was able to get DNS resolver errors above corrected with this post
https://forum.netgate.com/topic/106011/solved-pfblockerng-reloading-unbound-fails/11

After the above, resting Resolver settings (just clearing all setting then adding back the same settings) and a reboot it appears to be working again.

Thanks for the help!

@cgeo said in GeoIP and NAT:

But my point remains. Shouldn't this be visible in the firewall logs ?

You have the source IP alias already in the NAT rule, so it will not process the port redirect from IPs not covered in that alias. As such the firewall simply sees a connection from your LAN to your WAN address, this is allowed by the default LAN-to-any rule (if it still exists in your config), and so it wont be logged. With this config you simply try to connect to pfSense on a port that is likely not in use.

@bbcan177 Thanks BBcan177. This fixed it for me 👍

Great, thanks!

Completely overlooked it. I'll have a look at threat look up thing.

I won't hesitate in the future to open a GitHub issue with the maintainers if after some investigation it turns out to be a false positive.

With all the changes in PHP7, a commit was added to the installer code that created some empty XML tags.

<config></config>

This will be fixed in the next version which should be out soon. However, you can follow these steps below to fix this issue now:

First make a backup of the config.xml from the:

pfSense Diagnostics > Backup & Restore Tab:

Then paste the following PHP code which will cleanup the empty XML tags into:

pfSense > Diagnostics > Command Prompt > Execute PHP Commands:

$upgrade_type = array('pfblockernglistsv4', 'pfblockernglistsv6', 'pfblockerngdnsblsettings', 'pfblockerngafrica', 'pfblockerngantarctica', 'pfblockerngasia', 'pfblockerngeurope', 'pfblockerngnorthamerica', 'pfblockerngoceania', 'pfblockerngsouthamerica', 'pfblockerngtopspammers', 'pfblockerngproxyandsatellite'); foreach ($upgrade_type as $type) { if (is_array($config['installedpackages'][$type]['config'])) { if (empty($config['installedpackages'][$type]['config'][0])) { unset($config['installedpackages'][$type]['config'][0]); print "\n| Removed | {$type} | Empty XML Tag"; } } } write_config('pfBlockerNG - Fix empty XML tags');

Then hit the Execute button for the code to run.

@BBcan177 so I have "Mem: 5293M Active, 734M Inact, 3236K Laundry, 1055M Wired, 742M Buf, 764M Free
Swap: 3881M Total, 94M Used, 3787M Free, 2% Inuse"

This is a Qotom mini pc with one sodium memory slot. 8 gig was the max I could get. It seems to idle around 81% not sure if that will go up as more users are on my network.

I am just wondering if it's hits 100% for some periods of time if this will cause issues.

I remove squid as well and it went down to about 71% but I like squid for the built in virus scanner. I don't really need the proxy as I have a fast fiber internet connection but it's part of the package...

If it stays at near 100% I will need try what you suggested with TLDs cn or ru... etc

Thanks for the tips

@harison said in pfBlockerNG firewall filter service stopped:

What do think? thank

I think you need glasses: https://forum.netgate.com/topic/136069/pfblockerng-2-2-5_16-pfb_filter

Thanks for the follow up!

@reg1982 I posted to you in another thread... pls try those steps...

Until BBcan177 can reply I will tell you my lists as a starting point. I would recommend the top two if your system can handle it. What is your hardware setup?

Malicious (disable "Malekal_Hosts" as it's a paid service) hpHosts Cryptojackers

@paint said in Issue with PFBlocker v2.1.4_11:

PM'ed you my list

Thanks!

PR here:
https://github.com/pfsense/FreeBSD-ports/pull/572
https://github.com/pfsense/FreeBSD-ports/pull/573

Solved after a fresh 2.4.4 install.
Anyway 2.4.4 has open other issues (ex. c-icap and freeradius configurations had to be manually fixed, some issue on traffic shaper solved after rules recreations)
To my personal opinion, could be a good idea lock packages upgrade to its pfsense version, and not to permit a package upgrade, from previous pfsense version, when a new one is available.

@nagaraja said in pfblockerng renice or setpriority:

Since I have pfsense boxes in a production environment I do not think it is a good idea to use a -devel package but if you confirm it stable enough I could give it a shot

Thanks!

There is a whole thread devoted to that... decision is always yours to make :)
https://forum.netgate.com/topic/135708/is-pfblockerng-devel-stable

@jimp said in pfSense upgrade 2.4.3 -> 2.4.4:

The best practice is to always remove every package before an upgrade. Failing that, leave them alone and let the upgrade process handle any changes.

Reporting back , Yup everything went smooth, looking at the console, the last step was upgrading the packages, in this case, Avahi 1.12 to 1.13 and pfBlockerNG 2.2.5_11 to 2.2.5_13.

Cheers Qinn

@krbvroc1 said in How to determine DNSBL block list:

Finally tracked it down - I had followed some documentation here - https://docs.microsoft.com/en-us/windows/privacy/manage-windows-endpoints
It listed 'star-mini.c10r.facebook.com' as an ms endpoint for facebook - I assumed for their store app. It has been blocked for months. For some reason today www.facebook.com started resolving to that cname and that is why it is blocked. It is a custom block list I entered months ago, not sure why pfblockerng doesn't show the feed name rather than 'no match' on the alerts - would have saved me hours.

There are many changes to the code with pfBlockerNG-devel, including the Alerts Tab. I would suggest moving to devel and see if you can reproduce the same issue.

In the Firewall / pfBlockerNG / IP there is the Firewall 'Auto' Rule Order settings you can configure.

If the settings doesn't fit you needs, then you need to create your own rules.