@Summer quoted in pfBlockerNG-devel pfsense 23.05.1:

when you install and start pfSense the first time, and your ISP used IPv4 and DHCP

Not true in "every" case. your connection could have been a static IP and DHCP would not be in play in that case. (don't really recall you saying ISP or connection type until the question was asked)

The line of questioning was more to lead on the path of thinking about how things work in your specific case. (Learning)

Without getting into the details of how or why, my DNS for example, is all local (internal, behind the wall), fully isolated from the internet. Blazing fast DNS response times. I currently have 40-50 devices behind the 2100 - and it doesn't even have to work hard. It's all about how you approach things, with a specific goal in mind. Plan it out.

I'd would like, if you don't mind, to cycle back on what was perceived to be a long download time for you and the file. (because yes that ~30min time for you ahowed does seem excessive)

what kind of speed is your WAN?

I, for example, typically download this file in 1-2 seconds max - even on a "congested" day it might take 4 seconds (yes, the file only downloads when needed, but still )

(start) Thu 24 Aug 2023 11:26:38 EDT % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 6671k 100 6671k 0 0 17.0M 0 --:--:-- --:--:-- --:--:-- 17.3M (end) Thu 24 Aug 2023 11:26:38 EDT

Hi all, I really learned some nice things today so thanks to you all, I really appreciate it.

Because no one answered I guess now that it must be de-duplication. So I mark this solved.

@Stellir

You mean : you have a pfSense LAN using some IP range - most surely RFC1918, and this RFC1918 is in the list you have selected ?
Plan A : most straight forward solution : ditch this list - it was a wrong pick.
Plan B : whitelist the IP or even entire networks.

Still, the question is a bit strange :

to allow my IP into the router?

You control pfSense, right ? So you control who accesses your LAN (into pfSense), or whatever interface.

Please add more details to the question.

@jrey I applied the original patch and started getting ASN entries in thr report. So some advance.

Guess will have to wait for the dev to completely fix this.

@keyser ah got it I understand it now. Thank you!

Hi, your screen shot is for pfBlockerNG IP settings, you have to check in Firewall/pfBlockerNG/DNSBL if OpenVpn interface is included in Permit Firewall Rules. In auto create firewall rule for DNSBL see if all desire interfaces are present. Also in order pfBlockerNG to work for your OpenVPN clients you have to push all client's internet traffic /OpenVpn server settings Redirect IPv4 Gateway and DNS Server enable have to be enabled/.

@SteveITS said in pfBlocker updater blocked by itself:

There are no floating rules being generated?

I have some match rules in floating but to me it seems pfBlocker is checking on all blocked IPs and then is refusing updates from them, which is not good, especially for geoblocks.

@planedrop Where will that be to check DNS over HTTPS?

D'oh! I actually had created an alias in the past and haven't used it for a long time which does contain those FQDNs... 😌
Also "LAN" is misleading.

@SteveITS thank you for your help.

@sfigueroa My advice. That screenshot i would assume is for your WAN facing.
By default, pfsense blocks all inbound attempts. So you blocking the world may not make sense if you are not hosting services behind your firewall.
If you are hosting services behind your firewall, then you are better off only whitelisting / passing just the countries you need instead of blacklisting the ones you dont.

@Rogerthat said in Help understanding DNSBL alerts:

so I am just confused as to why my device would be sending these requests when I connect to the LAN interface, if I am not actually trying to reach those domains?

Not you as a person.
But, for example, if you are using a Windows PC or modern handheld device as a smartphone, hundreds of tasks running right now are communication with something somewhere on the Internet.
"Doing there things".
These processes uses host names that have to be resolved first.
That are the host names you saw in your Unified log.
If you want to know what is actually going on, that you should take a look at every process on your system, and checking with whatever means you have to see what it is doing.

@Rogerthat said in Help understanding DNSBL alerts:

Will unchecking the box you pictured above, stop it from doing that?

That option will keep already lookup up host name up to date in the unbound DNS resolver cache.
If a domain xxxx.tld is in the cache, that is because your LAN device has asked for it.

@periko oh wow i never knew this existed. Going to try this out now. Specifically the command for pfblocker dnsbl.

seems that most of the .sh scripts arent working in 23.05.1

The way im testing is grabbing the script and running it from the shell on pfsense. I get either Command not found or Illegal variable name.

Are you running the latest pfsense version?

edit 1: cancel everything i said. This is working great. Just went into the bash shell to test and my goodness this is great.

Old topic but I noticed some problems.

If I use rsync I get an error:

rsync-mirrors.uceprotect.net::RBLDNSD-ALL/dnsbl-1.uceprotect.net dnsbl1 [ dnsblOne_v4 ] Downloading update . RSYNC Failed... [ pfB_UCEPROTECTNetwork_v4 - dnsblOne_v4 ] Download FAIL [ 08/5/23 10:14:49 ] Cannot Resolve Host: DNSBL, Firewall, and IDS (Legacy mode only) are not blocking download. The Following List has been REMOVED [ dnsblOne_v4 ]

Something is not working as intended, at least I can resolve rsync-mirrors.uceprotect.net without a problem on pfSense.

If I am switching to the WGET-lists, on my two pfSense boxes I get different sized tables. One has 22,402 records, the other has 12,288 records.
If I download the list with the browser, I get roughly 80,000 records.

So my guess is, this format is still not compatible with pfBlocker?

But what is up with the first problem I mentioned with rsync?

@ctarbet pfsense is a stateful firewall. states are created by SYN packets.. If there is no state to allow traffic, then it would be blocked.

https://docs.netgate.com/pfsense/en/latest/troubleshooting/log-filter-blocked.html#troubleshooting-blocked-log-entries-for-legitimate-connection-packets

Solved with Restart and Reinstall package

Thankyou

I found a way to do this using a "pre" script which fetches the file itself, a "post" script example would still be welcome.

@viragomann thanks a bunch, will have a look when I get home.