@cyberconsultants

Thanks heaps for the assistance, I'll try to implement that soon and let you know how it went :)

If you would like you can have your Roku bypass filtering. In PF blocker go to the DNSBL category, toward the bottom you will find python group policy. Checkmark it and right below a python group policy bar will appear. Click the positive sign to open it up and add the IP of your Roku. Go to the bottom hit save and then update PF Blocker.

Thanks @jrey, i'd read that originally as it being any local file location. THat was the prompt I needed. Put the file in /var/db/pfblockerng and it works.

Additional inforrmation I forgot:

Traceroute says to me, that the 10.10.10.1 is routed to WAN, which is 10.1.1.1/24.

Also - an logically after the previous said, 10.10.10.1 doesn't show in route table.
And that I don't understand.

@Gertjan said in Allow only some websites through pfBlockerng:

2.7.1 (or 23.09).

Those who use 2.7.0 or earlier and install pfBlockerng 'now' brake the rules : Never install packages before pfSense is on the latest version.

Hi! I did a fresh installation yestarday, pfSense 2.7.1 and last pfBlockerng but still doesn't work

@abanet said in pfb_dnsbl wont start in clean installation:

Thanks a lot!

No problem. Have a great day!

Bonjour à tous.

Quelqu'un pourrait-il m'aider à résoudre ce problème?

Merci d'avance.

@SteveITS You are correct I did not see that. but either way it would not have worked as I was having a driver issue with RealTek NIC's switched to Intel's and most if not all errors in the log(s) are gone. Beside because of the NIC error GEOIP never got install correctly. it never downloaded the file(s) or database so either way I would have gotten a 401 or 404

One other rabbit I had to chase was Firewall Maximum Table Entries issue had to increase it from 40000 to 4000000 to stop the allocation error messages, got that resolve. from the log I was at 798000 with all the GEOIP and other stuff selected. Once I learn what I need and what is just my insanity I change it.

I believe I am up and running have no ideal of how protected I am. Still learning how to interpret the logs. I see allot of blocks, and allot of pass but the pass are from loopback and DNS (53) and a few others but the passes are only out going. from what I can tell all inbound are blocked and blocked even on the open ports I specified to be open ( special rule ) to allow only a specific range of IP's to pass to those ports, same as the Zywall USG20-VPN but as the Zywall GUI was easier, but limited. pFsense is more granular, but seem more effect. Kinda of like the Cisco PIX, it just understanding the syntax (pFsense) and the flow. I think I am getting there.

This forum is great, getting support for the Zywall (well I'll be nice) is like pulling your teeth out with pliers. The cost kept going up but the option kept going down. I have been paying for 1 GB for almost 2 years but because of the Zywall I was like getting 300 MBPS. Bought the USG60 to only find out it was not any better in throughput and the only way for ! GB was the buy business class, and the the VPN clients and the the Content Filter and then the Anti-Spam, but those are yearly cost and not one time license. Most of the License(s) on my Zywall were expired, just to expensive to maintain. I got the Zywall because of work, needed to be secure,

Well anyway sorry for rambling on, but this forum rocks. Easy to get answers and very informative.

I thank you
Dark Knight out.

Wait...I think I may have figured this out...looks like my /var and /tmp values as RAM disks are set too low...

Increasing RAM disk size, and seeing if that fixes it...

Any update on this? With the recent announcement of killing Squid support, I'm again looking at pfBlockerNG for my filtering needs. However, this issue complicates things.

@Gertjan said in pfblocker not blocking/working:

So DNS works ** and there is nothing to do

100% - but there are also so many things that can be done to change and control the behaviour of DNS traffic.

The first (next) step for @zachelle as you correctly point out, is to change the "client" as by default

that doesn't use the local router dns

The OP says:

I am using DHCP.

This is where the DNS address that is being handed to the client can be assigned.

That doesn't mean however, that all clients will even "listen" or "use" the address being assigned. DoH etc. IoT devices that are simply hard coded to point to the companies own DNS etc.

It does take some understanding of the individual devices traffic and planning, but all of these things can be shaped/controlled if required.

The OP is looking as step one to have the DNS go through the local DNS where DNSBL can do what it needs to do. Then there will be new observations, "it's still doing this"

BTW that Talos feed download issue. (when it fails randomly) is a volume of traffic issue at the server.
Consider this:
I setup another test box pfSense CE and did a standard pfBlockerNG install. Meaning that the cron settings for pfBlockerNG are set to run at the 00 mark of the hour. I picked a couple of lists that people complain fail often (Talos being one of them)

Shortly thereafter I noticed that the Talos feed started to randomly fail on the test box, but my main firewall wasn't having this problem. Has been downloading that feed for months without issue. Then it occurred to me that every system "out of the box" is configured the same way, (by default) and there is a high probability that most people won't change this.

Several months ago I had changed the cron timing of pfB for completely other reasons. The unknown(unrecognized) side effects at the time and since that change, is that Talos feed hasn't failed.

Then the tiny light went on, in my head, I moved the test box cron job off the top of the hour, and the Talos feed on the test bed generally hasn't failed since.

Defaults are good, Defaults are bad.

@Gertjan said in pfblockerNG 3.2.0_6 unable to open reports:

The question is now : why are these files not truncated ?

the tail command that does the truncate, is likely consuming too many resources (or taking too long) and failing.

@scorpoin

With a file that big it might be faster at this point to just delete it and let it start fresh, then monitor the size for a while.

if you need a copy (home use? why?) you could download it first, and then hit the trash can, both options on this screen.

Screen Shot 2023-11-14 at 5.32.59 AM.png

Thanks for your reply!

Seems it's done in /usr/local/pkg/pfblockerng/pfblockerng.inc : pfb_log_mgmt.
Fixed my use case there by zeroing out ip_block.log file and not retaining the max log lines.
Just another 'remark' when upgrading pfSense!

@Gertjan
I will listen to your advice. I will try to do it as much as I know.
thank you