@SteveITS Already did that by throwing My wheight Behind an existing ticket https://redmine.pfsense.org/issues/14878

@NogBadTheBad fair enough

@Orwi said in DNSBL not starting - lighttpd error: These here? Nope, the sections we're look for are at Firewall > pfBlockerNG > DNSBL

Does someone kmow if a list is available? I would like to import into pfblocker. At my school students are using proxies and vpn to bypass firewall and i need to save my bandwith Something like that? https://github.com/TheSpeedX/PROXY-List/blob/master/http.txt

@jdeloach said in Shallalist: Failed to open stream: No such file or directory: Since it's not updated anymore but still catches a lot bad actors, just turn off updates for that list and it will work just fine. I turned off updates for Shallalist a couple years ago but still use it and it causes no issues with the Cron app or anything else. It's really as you said. As long as you control your account, your information will be well protected. Maybe this update will stay the same this time. Usually updates happen when they want to upgrade a feature.

It's running out of memory doing something in pfBlockerNG: [03-Dec-2023 15:00:16 America/Barbados] PHP Fatal error: Allowed memory size of 134217728 bytes exhausted (tried to allocate 122666480 bytes) in /usr/local/pkg/pfblockerng/pfblockerng.inc on line 3962 It may be some option in pfBlockerNG you need to adjust, but it might be something you can work around as well: You can increase the PHP memory limit on current releases using the option under System > Advanced, Miscellaneous tab. It's hitting an upper limit of around 128MB in your error.

@Jesper-1 said in Caching of NXDOMAIN: When I compare that to the GUI-Top Reply DST IP it says 71% is NXDOMAIN A break down of what answers were found for what is asked has little to do with that answer was actually resolved or from cache. You could have 0 or 100% cache hits. That really wouldn't have anything to do with they all had answers or all were NX. The info there like you provided direct from unbound, is the info you would want to look at to know how much was answered from cache by unbound, and how much was not. How to interpret what pfblocker might be saying I am not sure - I don't use pfblocker to block any dns, I use it to create aliases that I use in my rules. Sorry. Unbound is the resolver - to know your cache hit or miss rate, you should look to the stats directly from unbound. Keep mind any sort of stats on NX can be skewed, depending even in your settings to response. For example I block some stuff directly in unbound to respond with NX. Even if said thing might resolve to something, unbound returns NX.

I really appreciate all the help. Next week when I am at home I will dive into this again. In the meantime Pihole just the job.

@jrey said in pfblockerNG 3.2.0_7 new process?: yup similar to what I was showing above but at the time, I had two of each. So, since I don't mind break/fixing this non-production test machine, I manually broke the link, and rebooted. Thanks anyway that you are spending your time ... think if should be version > "2.5" and NOT file exists) that being if the system is new and not running clog then link the file Yes that is the logic behind. pfsense above 2.5 is not using clog anymore so tail is what has to be used ... EDIT: On a Lab machine, output of "ps ax | grep tail_pfb" (same pfsense version 2.7.1) with pfblockerNG 3.2.0_6 (before update): 11696 - S 0:00,00 sh -c ps ax | grep tail_pfb 2>&1 12025 - S 0:00,00 grep tail_pfb 27636 - S 0:00,01 /usr/bin/tail_pfb -n0 -F /var/log/filter.log and after update to 3.2.0_7: 45276 - SC 0:00,01 /usr/bin/tail_pfb -n0 -F /var/log/filter.log 45907 - S 0:00,00 tail_pfb: system.fileargs (tail_pfb) 80307 - S 0:00,00 sh -c ps ax | grep tail_pfb 2>&1 80650 - S 0:00,00 grep tail_pfb

@cyberconsultants Thanks heaps for the assistance, I'll try to implement that soon and let you know how it went :)

If you would like you can have your Roku bypass filtering. In PF blocker go to the DNSBL category, toward the bottom you will find python group policy. Checkmark it and right below a python group policy bar will appear. Click the positive sign to open it up and add the IP of your Roku. Go to the bottom hit save and then update PF Blocker.

Thanks @jrey, i'd read that originally as it being any local file location. THat was the prompt I needed. Put the file in /var/db/pfblockerng and it works.

Additional inforrmation I forgot: Traceroute says to me, that the 10.10.10.1 is routed to WAN, which is 10.1.1.1/24. Also - an logically after the previous said, 10.10.10.1 doesn't show in route table. And that I don't understand.

@Gertjan said in Allow only some websites through pfBlockerng: 2.7.1 (or 23.09). Those who use 2.7.0 or earlier and install pfBlockerng 'now' brake the rules : Never install packages before pfSense is on the latest version. Hi! I did a fresh installation yestarday, pfSense 2.7.1 and last pfBlockerng but still doesn't work

@abanet said in pfb_dnsbl wont start in clean installation: Thanks a lot! No problem. Have a great day!