@jrey For the next few weeks, I am just going to be using pfBlockerNG for IP blocks and not DNSBL. I am testing out the similar functionally with Cloudflare Zero Trust. It adds the ability to inspect SSL traffic on devices where I've added the certificate. Here's a very small example of blocks for the last hour with Cloudlfare Zero Trust: [image: 1716472716581-0367d76f-566f-4ca3-b669-411c033a22e7-image.png]

@VMlabman said in pfBlocker error in pfSense: There were error(s) loading the rules: /tmp/rules.debug:56:: Could it be that I have too many lists enabled yes, Could also be that the default "Firewall Maximum Table Entries" setting is too low. You will find this entry here: System -> Advanced -> Firewall & Nat A lot of people select far too many lists - generally not needed. the setting should generally be twice the value actually required. When the lists are processed to the firewall, the entire new set is created, then swapped into place. Look for this log entry in the pfbockerng.log. That will give you some guidance to the setting best suited for your case. In my case it is deliberately higher than the 2x referenced. pfSense Table Stats ------------------- table-entries hard limit 600000 Table Usage Count 135911 Just above that in the log you should see the summary, like this: Alias table IP Counts ----------------------------- 134581 total 107656 /var/db/aliastables/pfB_???_v4.txt 11244 /var/db/aliastables/pfB_???_v4.txt 6505 /var/db/aliastables/pfB_???_v4.txt 6208 /var/db/aliastables/pfB_???_v4.txt 2608 /var/db/aliastables/pfB_???_v4.txt 228 /var/db/aliastables/pfB_???_v4.txt 132 /var/db/aliastables/pfB_???_v4.txt the ??? will be the name of the list

I changed the feeds to be once daily, but just like clockwork, at 20 or so seconds after the hour, every hour - for 90 seconds the floating rules are ignored. Continuing to see what could cause this. Open to ideas.

@mcury Muito interessante isso! Vou considerar um teste sim. Obrigado meu amigo!

@areckethennu Yes what @SteveITS said _8 was 23.09.1 _9 was installed with the update 24.03 _10 was then released to correct the category edit issue that has been discussed

@Gertjan I did a liitle bit different))) New Text Document.txt

@pslinn Not a specific answer for you but I have seen it before. https://forum.netgate.com/topic/185383/suricata-php-fatal-error-str_ireplace-cannot-use-output-buffering-in-output-buffering-display-handlers-in-usr-local-www-csrf-csrf-magic-php-on-line-165 https://redmine.pfsense.org/issues/14778 https://redmine.pfsense.org/issues/14498

@Gertjan Thanks, I'll try

@kuschi I now received feedback from Spamhaus that the list is now realably available again.

@anishkgt said in Blocking YouTube Shorts with Regex: Since it was done in the link mentioned here ->(https://forum.netgate.com/topic/164732/python-regex-list) That link shows you you can block 'anything that contains "yahoo" in the host name". Fasten your seat belts now. Example : https://www.youtube.com/shorts/wEVVhumRrHI is an URL youtube.com is a host name www.youtube.com is a sub domain of that host name. pfBlockerng has access - can see in the clear - the domain name, "youtube.com" and the sub domain name, www.youtube.com. So it can 'filter' these. The the app or web browser on the device gets an A (IPv4) or AAAA (IPv4) as an asnwer, and it connects to this (the "youtube") server. TLS is established first. Only now the browser gets the actual 'page' : the video : with this command "GET /shorts/wEVVhumRrHI/". The thing is : you can't get 'into' this TLS stream. Its encrypted. You want it be encrypted. You don't want to have access to this data stream. Like never. There is one possibilities left : use a proxy, and do MITM. Be warned : this is pure rocket science. So, as @SteveITS said : you need a proxy. If the shorts where accessible by the usage of a sub domain name, then it would be easy : shorts.youtube.com can be filtered at a DNS request level, as the link shown above already shows. But Youtube (Google) etc are doing there best so nobody can filter there content. They are hiring the "best" for doing just that. So, part of the mission is : you have to be better as these couple of thousands of network engineers they employ. edit : It's youtube that has given us a partial solution. Youtube, without a premium access, is ... well ... IHMO, its just not possible. If I had to wade through the publicity to see these 'shorts' I presume I have a problem way bigger as 'watching shorts'. But hey, its a free world. Smoking is also bad. And I should drink (not water) less.

@milindhvijay Are you using it for firewall rules or DNS block list? https://docs.netgate.com/pfsense/en/latest/bridges/firewall.html For DNS, devices would need to use pfSense for DNS.

@TechNetwork1 you must have unbound set to listen on all addresses.. Guess that would mean vips as well. You normally would have to do nothing.. There is no IP that needs to go into the general setup, unless you wanting unbound to forward to something.. And dhcp would default to handing out the IP of the interface its enabled on.. Out of the box there really is nothing to touch here. So say you had lan 192.168.1.1/24 on pfsense, and opt1 network as say 192.168.2.1/24.. If you dhcp server on lan would hand out the 192.168.1.1 to devices on that network, and opt1 dhcpd would hand ot 192.168.2.1 to its dhcp clients. If your filtering then everyone would be filtered.

@anishkgt Metoo, I love nano, use it since day one. But you could also use the Patches pfSense package (a must have !) Just create a patch, as is proposed in the other thread. No need to edit a file.

The problem is solved. It was necessary to remove the mark MaxMind CSV Updates

@neba just change the pfBlocker VIP to any nonexistent IP address/subnet. It’s used for the DNSBL block page which needs an IP for its web server.

@johnpoz [image: 1714948215266-1.jpg] This is my update URL list. https://www.spamhaus.org/drop/drop.txt I get a whole list of IP addresses.