• Feed/Group is [Unknown]

    1
    0 Votes
    1 Posts
    185 Views
    No one has replied
  • pfBlockerNG ASN downloads only contain a header

    Moved
    70
    1 Votes
    70 Posts
    14k Views
    Bob.DigB

    @jrey said in pfBlockerNG ASN downloads only contain a header:

    I can't speak to the -dev version - however,

    No need to, that was what I was running so it is not fixed for both. Good to know.

    I have read your news on the beta.

  • Unexpected resolver behavior

    1
    0 Votes
    1 Posts
    236 Views
    No one has replied
  • PCI Network Filtering

    2
    0 Votes
    2 Posts
    436 Views
    S

    @basherstech It might be easier to use firewall rules to allow the PCI network access out. That is a separate network or VLAN? Though, you'd have to maintain a list of the Windows Update IPs which could be a challenge. One could find and allow all Microsoft IPs by ASN number in pfBlocker.

    Many, many years ago we did something similar but it was not for PCI so wasn't on a separate network, and was on a Windows Server network. The client just wanted to prevent certain PCs from web surfing. I tried to look it up but don't have that info anymore. I think it had to do with Conditional Forwarding which is a feature on Windows DNS. But, if you set up your own DNS server on the PCI network you might be able to forward only certain domains and not resolve the rest of the world?

    One other thought, there is a "Python Group Policy" feature which is named poorly but it will "bypass DNSBL for the defined LAN IPs." Possibly, use a service like CloudFlare family DNS to block adult content via forwarding, block all domains in DNSBL, and set everything on LAN to bypass DNSBL? So the PCs on LAN would get forwarded to CloudFlare. In other words, block *.com but add microsoft.com to the DNSBL Whitelist section.

    Sorry for the vague answer, maybe it helps.

  • 2100 cannot load the UT1 adult table.

    11
    0 Votes
    11 Posts
    2k Views
    S

    @orangehand If you want to outsource it you can set DNS Resolver to forward to CloudFlare or others that block adult sites (1.1.1.3).
    https://blog.cloudflare.com/introducing-1-1-1-1-for-families/

  • PFBlockerNG Python-Mode - Source-IP in Reports

    10
    0 Votes
    10 Posts
    989 Views
    GertjanG

    @mOrbo said in PFBlockerNG Python-Mode - Source-IP in Reports:

    you ignore the warning you will see the block page.

    Very correct.
    The thing is, you know that, and you probably know that black part of the URL is showing what is your pfSense device.
    Like this URL :

    956b07f4-b11b-4085-9e59-8d9d040d06fe-image.png

    The netgate.com part is in black. Because that the one that is important. That's the one matching the certificate from Netgate. So, ok, you know what you do. Internet isn't a dangerous place for you.

    Now for the other 99,x % of us : if they all start to click through this "wrong cert" warning, pishing sites and other fake ones will have a bright future front of them.
    So I tell them always : don't think - close it right away. Do not click any where.

    IMHO : we as pfSense admins shouldn't contribute to the fact that our network users see this kind of info. It will introduce bad habits. And these 'stupid' users will pay the price later on.

    Their IP will get logged of course, thus feeding the pfBlockerng stats.

  • Your connection is not private

    22
    0 Votes
    22 Posts
    2k Views
    N

    @totowentsouth OK thx

  • dnsbl exemption of a website but not from others

    1
    0 Votes
    1 Posts
    253 Views
    No one has replied
  • Errors when updating

    12
    0 Votes
    12 Posts
    2k Views
    M

    @Aseknet Thank you

  • Request to parse HaGeZi's adblock plus style block lists

    2
    0 Votes
    2 Posts
    845 Views
    T

    I submitted a merge request to FreeBSD-ports https://github.com/pfsense/FreeBSD-ports/pull/1309

    EDIT: I see the above will be obsolete if/when https://github.com/pfsense/FreeBSD-ports/pull/1303 is merged.

  • [solved] XMLRPC Sync with pfBlocker?

    4
    0 Votes
    4 Posts
    905 Views
    Bob.DigB

    @SteveITS said in XMLRPC Sync with pfBlocker?:

    There was a bug in a recent version and I want to say it was fixed in the Plus package code but not CE?

    Turned out it is fixed in the non devil version of the same number... So I am on it now too. Thanks @SteveITS !

  • allow list

    9
    0 Votes
    9 Posts
    885 Views
    H

    I configured the "Advanced Inbound Firewall Rule Settings" and now its working.
    Thanks.

  • Log suppression

    4
    0 Votes
    4 Posts
    587 Views
    P

    Disabling logging on the FW rule continues not to update the pfBlocker stats/reports pages. I understood this to be independent so is there something else at play here and must i have the FW log rammed with pfB alerts being triggered on the WAN?

  • IPv4 Source Definitions, Line 1: Invalid URL or Hostname not resolvable!

    4
    0 Votes
    4 Posts
    845 Views
    T

    @table1 Can anyone confirm if this is a known issue?

    Does it have a fix or is it a configuration issue?
    Would a complete reload provide any solutions to the issue?

    I am new to pfsense, and learning as I go!

    Thanks in advance.

  • Suggestions on home pfsense appliance that will handle porn blocking

    9
    0 Votes
    9 Posts
    1k Views
    GertjanG

    @danno91

    83eaa859-3cfd-4628-a823-bc128ec6006c-image.png

    For a list to show blocked packets, your devices have to visit host names present in the list.
    And your devices used on the pfSense LAN have to use pfSense as their your DNS.

  • FYI: Crash report during upgrade from 2.6.0 to 2.7.0

    2
    0 Votes
    2 Posts
    444 Views
    NollipfSenseN

    @HomeLabGuy Have you tried re-installing phBlockerNG?

  • 0 Votes
    8 Posts
    1k Views
    GertjanG

    @Unoptanio said in Pfsense 2.7.0 pfblockerng ERROR: could not update pfB_PRI1_v4 content from ...:

    Could the alias have been included in version 2.6.0 by default?

    2.6.0, or the current 2.7.0 : make use of the fact that it is open source so look for yourself in this folder, the GUI web root folder : https://github.com/pfsense/pfsense/tree/master/src/usr/local/www : there is no /pfblockerng/ folder - neither the PHP file in that folder : pfblockerng.php (ok, this is quiet obvious).

    Also, when pfblockerng is installed, there are no DNSBL feed or IP feeds activated, they have to be selected and downloaded first.
    When you install pfblockerng, it does nothing, it has to be set up first.

    Still, I'm curious. To be sure, I would have to get a copy from a non infected source : https://www.pfsense.org/download/ and see what I find in the aliases when done. That's .... hum..... to much work 😊

  • PHP Fatal error: Uncaught ValueError: escapeshellarg():

    2
    1 Votes
    2 Posts
    594 Views
    P

    @gwaitsi I have the same exact error. Did you find a solution?

    I have the "pfBlockerNG-devel" package installed. The DNSBL part is turned off. This is the error I get:

    [19-Sep-2023 12:18:28 Etc/UTC] PHP Fatal error: Uncaught ValueError: escapeshellarg(): Argument #1 ($arg) must not contain any null bytes in /usr/local/pkg/pfblockerng/pfblockerng.inc:3816
    Stack trace:
    #0 /usr/local/pkg/pfblockerng/pfblockerng.inc(3816): escapeshellarg('^192\.168\.1\.1...')
    #1 /usr/local/pkg/pfblockerng/pfblockerng.inc(5647): find_reported_header('192.168.1.15\x00\x00\x00...', '/var/db/pfblock...', false)
    #2 /usr/local/pkg/pfblockerng/pfblockerng.inc(1031): pfb_daemon_filterlog()
    #3 {main}
    thrown in /usr/local/pkg/pfblockerng/pfblockerng.inc on line 3816

  • UT1 Blacklist uncompressing issue - No such file or directory

    1
    0 Votes
    1 Posts
    248 Views
    No one has replied
  • pfBlockerNG Cron Resetting DNS Resolver Cache (Intermittent Bug)

    7
    0 Votes
    7 Posts
    1k Views
    RobbieTTR

    Subsequent to the first post the DNS Resolver cache ran ok until 16 Sep @0615hrs - ie for 54 hours since pfBlockerNG last reset the DNS cache to zero.

    At the time off this post the DNS has been running again for 8hrs 13 mins and completed the single Cron job at 1215hrs with no reset.

    Not ideal.

    ☕️

Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.