@SteveITS Thanks!
I have raised the value to 2M and it looks like it solve the issue.
Thank you!!

@johnpoz Thanks you very much!

It will be nice if this info will be written in the text next to the relevant fields and in a public post, to expose this data to users.

@SteveITS

Resolved

Extract from /usr/local/pkg/pfblockerng/pfblockerng.inc

// Determine max Domain count available for DNSBL TLD analysis (Avoid Unbound memory exhaustion) $pfs_memory = (round(get_single_sysctl('hw.physmem') / (1024*1024)) ?: 1000); if (!$pfb['dnsbl_py_blacklist']) { $pfb['pfs_mem'] = array( '0' => '100000', '1500' => '150000', '2000' => '200000', '2500' => '250000', '3000' => '400000', '4000' => '600000', '5000' => '1000000', '6000' => '1500000', '7000' => '2000000', '8000' => '2500000', '12000' => '3000000', '16000' => '4000000', '32000' => '8000000'); } else { $pfb['pfs_mem'] = array( '0' => '200000', '1500' => '300000', '2000' => '400000', '2500' => '500000', '3000' => '800000', '4000' => '1200000', '5000' => '2000000', '6000' => '3000000', '7000' => '4000000', '8000' => '5000000', '12000' => '6000000', '16000' => '8000000', '32000' => '16000000'); } foreach ($pfb['pfs_mem'] as $pfb_mem => $domain_max) { if ($pfs_memory >= $pfb_mem) { $pfb['domain_max_cnt'] = $domain_max; } }

change "'7000' => '2000000'" and "'7000' => '4000000'" to "'7000' => '6000000'" in both sets.

change "'8000' => '2500000'" and "'8000' => '5000000'" to "'8000' => '6000000'" in both sets.

Update Reload | DNSBL after making these changes.

2e83ff06-6f9d-4627-a64d-71193a0c3608-image.png

2fb0b039-02d3-4859-9bb2-042eb7bde376-image.png

@bobhamish182

What version of pfBlockerNG ?

is there anything in
Screen Shot 2023-11-10 at 7.13.02 AM.png
or
Screen Shot 2023-11-10 at 7.13.23 AM.png

That might provide more information specific to what it was doing?

@gwaitsi I have been getting this error since pfSsense+ 23.01. No resolution yet.

http://dsi.ut-capitole.fr/blacklists/download/blacklists_for_pfsense_reducted.tar.gz

Also a URL for a firewall with less memory. I use this one for my SG-2100.

@Unoptanio
Just looking at your screenshots I don't think upping your firewall Maximum Table Entries would help. But you need more physical memory -- 8 Gig is not near enough to turn on all the "toys". I recommend at least 32 Gig these days.

@jrey said in Cron Job Once/Day:

Installing the 23.09RC likely also contributed to that clean up..

Agree...

@reynold said in Block social but allow facebook:

Hi, I need to block majority of social network with pfblocker but I need to allow some of them such as facebook.
Is there a way to do that?
thank you

Go to Firewall > pfBlockerNG > DNSBL and scroll down until you see DNSBL Whitelist and click the plus sign to get drop down box like below and add facebook.com then save:
Screenshot 2023-11-02 at 9.39.02 PM.png
Then, go to DNSBL > DNSBL Group, click add...scroll down to custom like below then click the plus and add the ones you want to block, then save:
Screenshot 2023-11-02 at 9.37.53 PM.png

You will need to force update and reload. Please read these:
https://docs.netgate.com/pfsense/en/latest/packages/pfblocker.html
https://docs.netgate.com/pfsense/en/latest/recipes/block-websites.html?highlight=pfblockerng

@marcoaapereira said in Block Audio/Video but allow Youtube only.:

@NollipfSense Hi, thanks for the answer! :-)
I used:
Firewall -> pfblockerng -> DNSBL -> DNSBL Category
Then I selected UT1 (Un. Toulouse) and after clicked in Audio/Video option.
The problem is that I need to block Netflix, Amazon, etc, but not Youtube, because Professors use it.
Thank you!

Okay, I had only used the shellalist...
If I were you, I would disable the audio/video then add YouTube only to the DNSBL whitelist...just click on the plus sign and add youtube.com in the drop down box, then force update and reload.

Screenshot 2023-10-30 at 10.46.48 AM.png

@Ir0nsh007er

If your still using a very old version of pfBlocker from before October 2022, then no.
Because you didn't update/upgrade.

If you did upgrade : then yes, fixed :

@mrtumnus said in How to unblock duckduckgo and find why it's being blocked.:

I can confirm that duckduckgo does load properly now.

@tbr281

Are you running into this ?

https://forum.netgate.com/topic/182156/pfblockerng-asn-downloads-only-contain-a-header/46?_=1698167808688

@SteveITS

@coffeecup25 was actually applying the concept here for a DNS sinkhole

https://forum.netgate.com/topic/182752/can-pfblocker-sinkhole-an-address-domain-overrides/16

in addition to the mail sample provided, I do similar for other specific traffic as well (like DNS)

@Bob-Dig

Follows is my final solution. It appears to work well.

The problem to solve: pfBlockerNG blocked many addresses repetitively. It appears that 80% of the blocks came from 20% of the dns addresses. I considered that as pollution. Streaming TV is the worst offender.

The objective: Continue blocking these addresses, but take them out of pfBlockerNG so lists show everyone except the usual suspects.

The solution:

Identify the polluting dns addresses and put them in an alias Create a LAN rule that blocks the addresses in the alias from ever leaving the network Whitelist the offenders in ofBlockerNG so the LAN rule gets them instead.

Blocking still works very well and pfBlockerNG is bypassed entirely for those addresses.

You must reload DNSBL after these changes for pfBlockerNG to know about them.

Getting back to this, looks like I found a solution. In my dumb little Pi-hole VM I created a cname entry pointing www.bing.com to nochat.bing.com.
Looked at having resolver do it, but I don't see a way to add a cname, just overrides and aliases..