Bonjour à tous. Quelqu'un pourrait-il m'aider à résoudre ce problème? Merci d'avance.

@SteveITS You are correct I did not see that. but either way it would not have worked as I was having a driver issue with RealTek NIC's switched to Intel's and most if not all errors in the log(s) are gone. Beside because of the NIC error GEOIP never got install correctly. it never downloaded the file(s) or database so either way I would have gotten a 401 or 404 One other rabbit I had to chase was Firewall Maximum Table Entries issue had to increase it from 40000 to 4000000 to stop the allocation error messages, got that resolve. from the log I was at 798000 with all the GEOIP and other stuff selected. Once I learn what I need and what is just my insanity I change it. I believe I am up and running have no ideal of how protected I am. Still learning how to interpret the logs. I see allot of blocks, and allot of pass but the pass are from loopback and DNS (53) and a few others but the passes are only out going. from what I can tell all inbound are blocked and blocked even on the open ports I specified to be open ( special rule ) to allow only a specific range of IP's to pass to those ports, same as the Zywall USG20-VPN but as the Zywall GUI was easier, but limited. pFsense is more granular, but seem more effect. Kinda of like the Cisco PIX, it just understanding the syntax (pFsense) and the flow. I think I am getting there. This forum is great, getting support for the Zywall (well I'll be nice) is like pulling your teeth out with pliers. The cost kept going up but the option kept going down. I have been paying for 1 GB for almost 2 years but because of the Zywall I was like getting 300 MBPS. Bought the USG60 to only find out it was not any better in throughput and the only way for ! GB was the buy business class, and the the VPN clients and the the Content Filter and then the Anti-Spam, but those are yearly cost and not one time license. Most of the License(s) on my Zywall were expired, just to expensive to maintain. I got the Zywall because of work, needed to be secure, Well anyway sorry for rambling on, but this forum rocks. Easy to get answers and very informative. I thank you Dark Knight out.

Wait...I think I may have figured this out...looks like my /var and /tmp values as RAM disks are set too low... Increasing RAM disk size, and seeing if that fixes it...

Any update on this? With the recent announcement of killing Squid support, I'm again looking at pfBlockerNG for my filtering needs. However, this issue complicates things.

@Gertjan said in pfblocker not blocking/working: So DNS works ** and there is nothing to do 100% - but there are also so many things that can be done to change and control the behaviour of DNS traffic. The first (next) step for @zachelle as you correctly point out, is to change the "client" as by default that doesn't use the local router dns The OP says: I am using DHCP. This is where the DNS address that is being handed to the client can be assigned. That doesn't mean however, that all clients will even "listen" or "use" the address being assigned. DoH etc. IoT devices that are simply hard coded to point to the companies own DNS etc. It does take some understanding of the individual devices traffic and planning, but all of these things can be shaped/controlled if required. The OP is looking as step one to have the DNS go through the local DNS where DNSBL can do what it needs to do. Then there will be new observations, "it's still doing this" BTW that Talos feed download issue. (when it fails randomly) is a volume of traffic issue at the server. Consider this: I setup another test box pfSense CE and did a standard pfBlockerNG install. Meaning that the cron settings for pfBlockerNG are set to run at the 00 mark of the hour. I picked a couple of lists that people complain fail often (Talos being one of them) Shortly thereafter I noticed that the Talos feed started to randomly fail on the test box, but my main firewall wasn't having this problem. Has been downloading that feed for months without issue. Then it occurred to me that every system "out of the box" is configured the same way, (by default) and there is a high probability that most people won't change this. Several months ago I had changed the cron timing of pfB for completely other reasons. The unknown(unrecognized) side effects at the time and since that change, is that Talos feed hasn't failed. Then the tiny light went on, in my head, I moved the test box cron job off the top of the hour, and the Talos feed on the test bed generally hasn't failed since. Defaults are good, Defaults are bad.

@Gertjan said in pfblockerNG 3.2.0_6 unable to open reports: The question is now : why are these files not truncated ? the tail command that does the truncate, is likely consuming too many resources (or taking too long) and failing. @scorpoin With a file that big it might be faster at this point to just delete it and let it start fresh, then monitor the size for a while. if you need a copy (home use? why?) you could download it first, and then hit the trash can, both options on this screen. [image: 1699958000777-screen-shot-2023-11-14-at-5.32.59-am.png]

Thanks for your reply! Seems it's done in /usr/local/pkg/pfblockerng/pfblockerng.inc : pfb_log_mgmt. Fixed my use case there by zeroing out ip_block.log file and not retaining the max log lines. Just another 'remark' when upgrading pfSense!

@Gertjan I will listen to your advice. I will try to do it as much as I know. thank you

@JeGr said in pfBlockerNG DNSBL Web Server service won't start "SOLVED": It's easy. If you use pfBNG - either configure your WebUI on a port != 8080/8443 or reconfigure the ports in pfBNG. Ea Versions: Netgate pfSense version: 23.05.1 pfBlockerNG: 3.2.0_6 I just reinstalled pfBNG, but the DNSBL server doesn't start. However in the sys logs there's no error, and I see "stopped / started". Any suggestions how to solve? Where can I find the pfBNG port settings? Thanks!

@SteveITS Thanks! I have raised the value to 2M and it looks like it solve the issue. Thank you!!

@johnpoz Thanks you very much! It will be nice if this info will be written in the text next to the relevant fields and in a public post, to expose this data to users.

@SteveITS Resolved Extract from /usr/local/pkg/pfblockerng/pfblockerng.inc // Determine max Domain count available for DNSBL TLD analysis (Avoid Unbound memory exhaustion) $pfs_memory = (round(get_single_sysctl('hw.physmem') / (1024*1024)) ?: 1000); if (!$pfb['dnsbl_py_blacklist']) { $pfb['pfs_mem'] = array( '0' => '100000', '1500' => '150000', '2000' => '200000', '2500' => '250000', '3000' => '400000', '4000' => '600000', '5000' => '1000000', '6000' => '1500000', '7000' => '2000000', '8000' => '2500000', '12000' => '3000000', '16000' => '4000000', '32000' => '8000000'); } else { $pfb['pfs_mem'] = array( '0' => '200000', '1500' => '300000', '2000' => '400000', '2500' => '500000', '3000' => '800000', '4000' => '1200000', '5000' => '2000000', '6000' => '3000000', '7000' => '4000000', '8000' => '5000000', '12000' => '6000000', '16000' => '8000000', '32000' => '16000000'); } foreach ($pfb['pfs_mem'] as $pfb_mem => $domain_max) { if ($pfs_memory >= $pfb_mem) { $pfb['domain_max_cnt'] = $domain_max; } } change "'7000' => '2000000'" and "'7000' => '4000000'" to "'7000' => '6000000'" in both sets. change "'8000' => '2500000'" and "'8000' => '5000000'" to "'8000' => '6000000'" in both sets. Update Reload | DNSBL after making these changes. [image: 1699653135895-2e83ff06-6f9d-4627-a64d-71193a0c3608-image.png] [image: 1699653604904-2fb0b039-02d3-4859-9bb2-042eb7bde376-image.png]

@bobhamish182 What version of pfBlockerNG ? is there anything in [image: 1699618417698-screen-shot-2023-11-10-at-7.13.02-am.png] or [image: 1699618429364-screen-shot-2023-11-10-at-7.13.23-am.png] That might provide more information specific to what it was doing?

@gwaitsi I have been getting this error since pfSsense+ 23.01. No resolution yet.

http://dsi.ut-capitole.fr/blacklists/download/blacklists_for_pfsense_reducted.tar.gz Also a URL for a firewall with less memory. I use this one for my SG-2100.