• 1 Votes
    5 Posts
    880 Views
    M

    Monitor Guy, thank you, exactly right. I deleted the old dnsbl line from Service Watchdog

    dnsbl pfBlockerNG DNSBL Web Server

    and added

    pfb_dnsbl pfBlockerNG DNSBL service

    and problem solved! No more messages every minute.

  • Block Youtube with and without domain

    2
    0 Votes
    2 Posts
    2k Views
    NollipfSenseN

    @danilo-arrifano said in Block Youtube with and without domain:

    Good afternoon, Netgate masters.

    I hope everyone is okay!
    I don't have in-depth knowledge of Firewalls, but the company I work for has PFSense 2.7.0
    I have to block the Youtube website on my network, but my network has hosts with Windows Pro and Windows Home. Knowing that devices with Windows Home do not adhere to firewall rules because they do not have support for domains, I send you my request for help.
    How to resolve this issue?
    Sorry for my English, but I don't speak the language.

    I would be very grateful for any ideas that can help me!
    Thank you very much in advance!

    Go to firewall menu and select pfBlockerNG > DNSBL, scroll down until you see TLD Blacklist/whitelist...click on the plus symbol...you should see below and add youtube.com. Save, update and reload. Remember to clear browser cache on all devices.

    Screenshot 2023-09-12 at 3.53.38 PM.png

  • Country aliases are not created

    13
    0 Votes
    13 Posts
    977 Views
    planedropP

    @j-koopmann Gotcha, hmmm that is odd. Mine has been creating them just fine, I'll check several other pfSense units I have running though and see if any others are having the same problem.

  • Allow facebook messenger application in phone and laptop.

    5
    0 Votes
    5 Posts
    1k Views
    M

    @Gertjan Without modifying the TTL like you did it makes python group whitelisting kinda pointless.....

  • Every morning I have a "crash report" why?

    14
    0 Votes
    14 Posts
    2k Views
    GertjanG

    @BlueCoffee said in Every morning I have a "crash report" why?:

    Should I post this error ina new thread do you think?

    We'll leave that to the forum admins ^^

    here :

    log_error(sprintf('hw.physmem = "%s" - hw.realmem = "%s"', $physmem, $realmem));

    Do you think you can manage to edit the file, make it look like this :

    94fe540a-dade-4d6a-ae39-38e1097877ae-image.png

    Now go to the pfSense GUI dashboard.
    And then to the location where the answers are : the logs :

    a63f8325-f7e6-4617-8d64-9d2e7040762b-image.png

    You saw I what I have. Both are probably strings that can easily be converted to integer numbers.
    Now : your turn.

    @BlueCoffee said in Every morning I have a "crash report" why?:

    I moved to this little box

    What little box ?

  • Mystic Pfblocker, blocks URL i didnt wanted

    6
    0 Votes
    6 Posts
    530 Views
    S

    @sub2010

    I´m happy i found the error ✌ .

    When i configure the DNSBL SafeSearch, YouTube Restrictions the Video doesnt show up.
    b8befdd6-b447-4a4d-b412-4ea17dae4e40-image.png
    a87b582a-c73f-4051-bd61-08ce68d7d97f-image.png

    And even i disable it, i cant bring back the video. Only one Reinstallation can help me.

    Do you have any Idea how i can use Restrictions with whitelistening?

  • PfblockerNG to block porn

    8
    0 Votes
    8 Posts
    7k Views
    FuzzzyWuzzzyF

    @Gertjan You are certainly correct that the Adult (XXX) category that's available on UT1 is huge. But at least the option is available for those that have the proper firewall hardware for it. While the Shallalist does not seem to be available currently. Archives are an option, but they are mostly outdated since they're no longer updated regularly.

  • 0 Votes
    9 Posts
    2k Views
    E

    Oh, all my formats are on AUTO, so I'll have to find out which list has GeoIP format.... :-(

    So I have to go through all the non-custom lists? This could take while, and I don't know what to look for. Maybe there is a keyword like GEO-something?

    EDIT: there might be an easier way, I just sift through the update.log of pfblocker and discard lists that show something like "Classifying repeat offenders by GeoIP".

    EDIT2: Oh, the reputation functions dmax and pmax use GeoIP! I turned these on a week ago or so.... Embarrassing, I should have made the connection!

    Thanks @Bob-Dig , I am confident that turning reputation off is the solution.

    Will report back if I am wrong.. ✌

  • This topic is deleted!

    1
    0 Votes
    1 Posts
    132 Views
    No one has replied
  • DNSBL not blocking URL

    6
    0 Votes
    6 Posts
    940 Views
    johnpozJ

    @oever pfblocker vs just blocking by resolving to say 0.0.0.0 likes to point to a block page - that says hey this site is blocked. But if your looking for something specific loaded off that IP, 10.10.10.10 I think is default vip that is used.. But I think at some point there was recommendation to use something different.. Anywho - yeah block page is just hosted on pfsense off whatever the IP you use (vip on pfsense) to serve up the page to tell you hey that site is blocked.

    But if you try and load some specific resource off that httpd, like favicon.ico then sure yeah that could be loaded.

    Glad I could help you get some sleep ;)

  • 23.05.01 easylist not in dashboard widget [edit: not loading at all]

    7
    0 Votes
    7 Posts
    1k Views
    GertjanG

    @Cabledude

    I was using M0n0wall in the past, as it offered a 'captive portal' and I was looking for some answers.
    I've used my IRL first name to create an account here, just to ask some question.
    I had my answers quickly, from what I recall, my questions were just "wrong", and I've installed pfSense.
    Still using it today.

    edit : forgot about the most important one : I'm still learning.

  • pfBlockerNG custom block list

    4
    0 Votes
    4 Posts
    3k Views
    B

    @deveals
    Danny
    I'm also a newbie, and we're using pfBlockerNG with a custom list.
    Our custom list is derived and compiled from a combination of sources, including AbuseIP.com, local fail2ban, and others.
    The custom list contains about 100k addresses.
    pfSense gets list updates a few times each day by a cron task.
    The activity against this list is easily visible.
    There's a pfBlockerNG widget for the pfSense GUI dashboard that gives summary data.
    If you need more granular data using the GUI, go to Firewall, Rules, WAN, select and edit the custom rule, scroll to bottom of page and note the Tracking ID number.
    Also make sure logging is enabled for this rule. Log = tick.
    Then use Status, System logs, Firewall, Advanced Log filter (enabled in System, General Setup, Log Filtering), and enter the Tracking ID in the filtering criteria. Apply Filter.
    Now you see all the traffic actioned by your custom rule.
    If there's a better way to do this, I hope somebuddy with more experience will chime in with correction/s and/or suggestion/s.
    HTH

  • pfBlocker custom block page to redirect browser

    7
    0 Votes
    7 Posts
    2k Views
    K

    @jrey I don't even have the file anymore, I'm using what you provided and substituted my URL and it's been working perfectly.

    Thanks again for your help, really appreciate it!

  • pfBlockerNG and floating rules: To float or not to float?

    3
    0 Votes
    3 Posts
    827 Views
    D

    I have some pfBlocker generated rules as floating/quick. Some of which protect a few forwarded ports on the WAN interface.
    I have logging turned on for these rules and, whilst it works as expected. one thing puzzles me: The logged DST IP is sometimes the WAN interface and sometimes the internal forwarded-to IP. I don't understand why this variation occurs. Is it a consequence of 'floating' rules? Whilst the rules concerned are 'floating', they're assigned only to the WAN interface. It seems as if the rule can be evaluated before or after NAT occurs?

  • DNSBL doesn't seem to be working

    Moved
    6
    0 Votes
    6 Posts
    521 Views
    M

    I ended up deleting pfblocker, restarting, and re-installing it. It seems to be working now.

  • cert error

    8
    0 Votes
    8 Posts
    527 Views
    johnpozJ

    @reynold well that could be problematic - since when you forward a returned IP being rfc1918 would be a rebind..

    So with your client be it nslookup or dig or host, whatever your fav dns client is from cmd line. Do a query to pfsense IP, do you get back local resources that your DNS is resolving?

    When you forward to some other NS, you prob want to allow for rebind from it, create a private-domain entry in your unbound config.

    See here

    https://docs.netgate.com/pfsense/en/latest/services/dns/rebinding.html

    But if was a rebind pfsense would not return an IP for some fqdn query, so how would you end up on pfsense IP? What is more likely is your browser is doing doh, and getting some public IP that is say pfsense wan, to how your getting the pfblocker dnsbl cert..

    But you should actually validate that is working.. But if your running your own DNS, all your clients should really point directly to that IP for dns..

  • pfblocker in AD domain with local dns server

    9
    0 Votes
    9 Posts
    1k Views
    R

    @Cylosoft said in pfblocker in AD domain with local dns server:

    Then in the PF DNS Resolver settings we add domain overrides for the local domain. So "whatever.local" uses lookup server IP Address of the AD domain controller IP.

    I did it and yellow warning disappeared

  • adult content

    24
    0 Votes
    24 Posts
    2k Views
    provelsP

    @reynold
    7be14a83-29e8-43da-b367-87b7a89be9d9-image.png

    NM, didn't see your last post.

  • secure VPN with GeoIP

    9
    0 Votes
    9 Posts
    936 Views
    R

    @NogBadTheBad
    thx I did it

  • Is it possible to load RPZ or RBL with FQDNs in pfBlockerNG?

    1
    0 Votes
    1 Posts
    216 Views
    No one has replied
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.