@AWilson60 Great, glad it's working. Sorry I could not follow up any sooner but great advice from @johnpoz . Lots of help on this forum.

@iTestAndroid said in pfBlocker hidden whitelists:

"/var/db/pfblockerng/pfbdnsblsuppression.txt"

is created with what you've entered here :
Firewall > pfBlockerNG > DNSBL
at the bottom, you have a "DNSBL Whitelist", deploy it and the info shown there creates "/var/db/pfblockerng/pfbdnsblsuppression.txt".

When I empty :

e3bd17b2-6a1f-446a-bcbc-dab9f69f50c1-image.png

the file will be nearly empty (just one line).

Where does "yandex" etc comes from ?
Well ... ask 😊
SSH into your box (or console), option 8.
Goto /usr/local/pkg/pfblockerng:

or

These files come with pfblockerng when you install it.
You'll find pfb_py_hsts.txt.

What I know : this file contains sites that are known to use "hsts" (wikipedia hsts please).

Anyway .....
I've emptied my 'master' DNSBL whitelist and now :

0a78e557-30ef-4e9d-aeab-6dcfbc346030-image.png

as you can see, "Whitelist" only contains "localhost.localdomain"

@luisenrique I can agree to one degree of extent but otherwise dis-agree. The internal download link pointing to the .tar.gz list file itself that leaves download failure errors as well as any IP addresses that remain in these files if used (squidguard uses them but not sure pfBlocker does though) these all should be removed to eliminate errors and false-positives if they were rendered.
As to remove ShallaList's contributions altogether would basically be literally the same thing as to say "when Bill Gates dies, lets just simply delete Microsoft Windows entirely worldwide and FORGET the project ever existed." The download link yes is dead, and ANY ip address list will become deprecated in time if not updated as individual IP addresses become to be re-purposed. The domain lists on the other-hand of millions of categorized bad domains is still 99% valid world-wide, regardless if in ShallaList or other DNS blacklists, whether its a "static" list or update-able as an "online" feed, and IF and when any of these are found to be outdated domain names or ones that are found to be needed/non-malicious by Network Admin managing their OWN networks, any and each can easily be whitelisted at the Admin level to allow access for their own network users.
If we dis-own any/all open-source community contributors contributions in the endlessly growing IT world at that point of a contributor simply "moving on with their life" or when one passes away, we as a whole worldwide would be in fact still be sitting in the IT industry and Internet itself of 1980 with literally one ISP, your government, and with literally one PC manufacturer also, your government.

@jlauzer said in Installation of pfBlockerNG breaks NAT Port Forwading Rules:

Thank you!!

You're welcome!

@revilzs It has to at least be big enough to hold the data. Extra space won't hurt.

enabled De-Duplication

One note on this...if you use pfBlocker to create overlapping deny rules the deduplication works across rules, so may remove an entry from additional rules. If that's the case for you, disable it, or use Alias Native and create your own rules.

@bgroper you should be fine. @SteveITS and @johnpoz are correct.

Just for context, I've had 2FA (yubikey) enabled since March and have had no problem. The API used in pfBlocker is authorized via a license key you create on the website.

@droidus you can kill off specific states in the state table

@ghost666 How is your RAM...have enough?

@leakin said in pfBlockerNG - macOS wifi blocks, iPadOS passes?:

using the same wifi connection on an iPad, ads are not blocked...

any ideas?

Yes, most likely you didn't restrict and force all clients to use pfSense as DNS. Confirm that your iPad is configured to use pfSense for DNS. If you were using say YouTube app on your iPad, it's almost impossible to block ads as the ads server(s) are built-in.
take a look at these:
https://docs.netgate.com/pfsense/en/latest/recipes/dns-redirect.html
https://docs.netgate.com/pfsense/en/latest/services/dns/index.html

Believe it or not, I simply rebooted the first pfSense machine (the one that manifested the "not active" pfBlocker CARP VIP after every hourly or manual forced pfB update) and lo and behold, now it actually works. The all time classic IT Crowd quote from Gary "Have you tried turning it off and on again" worked once again! I am baffled.

@Gertjan
This was almost 15 hours after the install. It's not done it again, pfBlocker is on a once daily update, so hopefully it doesn't do it again.

@SteveITS
The "new-rules-not-applied" article you linked led me to Status > Filter Reload where I saw a loading error of pfB and adjusted a setting in the Advanced>NAT tab which fixed the problem.
Thank you for this quick response.

@michmoor oh damn, im so sorry. forget what i say... im going back to school! shame on me

@areckethennu It's probably a bad thing to reply to myself, but I reported this to the Phishing Army list OP and he said he'd fix it shortly. So, hopefully, things will resolve themselves soon.

@SteveITS said in DNSBL just Work when DNS Resolver Enable:

“UnKnown” is not a functional problem, you can ignore it.

While technically true - If I get an unknown for the dns I am using - it points to badly managed dns... Why would there not be a PTR for everything on your network ;)

If your going to setup forward zones, you might as well setup the reverse zones for the IP ranges you use on your network. pfsense makes it easy because you put in the host override, the ptr is auto there for that host, etc.

@SteveITS Got it! Thank you!!

Geo41.png
GeoIP4.png
Geo5-fwrule.png
GeoIP6-status.png