@steveits thank you for quick response.

I just disabled deduplication and I see the lists got updated as expected.

So my understanding of deduplication in this case was wrong. I would think that only the same addresses that are used in different lists should not be updated multiple times. Interesting :)

Thank you!
Marek

@jdeloach Yes, only new keys. Anyway, patching validation method from the links above worked like a charm.

@vito-0 - Have u managed to solve this issue ? Did u whitelist the relevant FQDNs ?

so if i set the system tunables to there defalt pfBlockerNG-devel works but then i cant conect to the 2 file servers...

so right now i can have 1 or the other..

@steveits said in Disable pfBlocker through SSH?:

@furom Two I know of:

Control (easier to create exceptions/rules above the deny) Per other threads, if deduplication is on and deny rules are used, apparently dedupe happens across the deny lists. If they are being used for different ports, then only one port gets blocked for the duplicate IP.

Sounds like a good reason to. I'll keep that in mind, thank you!

I am the DevRel of IPinfo. We launched an open access (CC BY-SA 4.0) full accuracy database for country and ASN information, that has daily updates.

I talked a bit with PFblockerNG's core developer. The issue is that even though the database is free and provides daily updates, they are not a drop-in replacement. If anyone wants to crack at integrating our databases in pfB, let me know. We provide the database in an MMDB format, however the data schema is different.

Docs: https://ipinfo.io/developers/ip-to-country-asn-database

@peaare With the large amount of code changes for moving from PHP 7 to 8 it is likely a bug, as I've seen posts for similar Uncaught TypeError messages since the release of 23.01. Since you can duplicate it I would create an issue at redmine.pfsense.org.

I'm not sure how to tell you to do it via shell, but since it would be in the XML config file you could save/export that, edit it, and import it again (which reboots pfSense).

I tested this and didn't find any issues. Click on the blue infoblock icon there and make sure that you are creating the pfSense alias correctly. When you start to type the alias, it should show an autocomplete dropdown menu. Only those entries are allowed.

@gertjan
Thank you for your help. I think I found it - the TLD feature was disabled but there where all those entries.

@steveits thank you, I see it now.

@wolfsden3 said in cn(Removed due to SafeSearch conflict):

[ v3.1.0_11 ]

???

Not round 2 - you are many round late.

98fc1b3e-7e3a-4324-ba89-bcac894837e8-image.png

@wc2l Does Diagnostics/tables show it has content?

@freddy-0 said in pfBlockerNG-devel - 3.2.0_3:

Still seems to be at line 729 but not too concerned as everything seems to be working.

You are probably running pfblocker in pfsense+ 23.01 - I saw in my lab machine (with 23.01) that there the line in question is at 728 ;-)

@jrey well then, hello again :)

Yeah to be clear it’s not always a problem. One also has to have the dedupe option checked. However it’s not intuitive and potentially dangerous, so I try to call it out.

@steveits Yup, that was it! Thanks!!

@steveits Awesome! That one passed me until now. Thx.

I am guessing the deduplication is just using the same mechanism as the normal deny rules.

This makes using the alias function pointless. Each alias should be de-duplicted individually otherwise you cannot tell what aliases is blocking what therefore you cannot create individual blocking rules and even if all rules were enables as recommended by BBcan177 your logging would not be accurate.

@steveits Thanks for your suggestion. I got it to work after a fashion. The autoconfiguration of pfBlockerNG puts the blocking on only the LAN. When I added to the WAN, it began to operate as I desired.

I wonder why the autoconfigure ever puts the rule on the LAN instead of the WAN when the purpose of pfBlocker is to keep bad crap out of your system.

Thanks,
Mike

@omethe

well, if you add a feed that is hosted 'off-site', some where on the internet I guess you want to be able to resolve that host nam, and not getting a 0.0.0.0 as an answer ..... if not, whats the point of adding / using that host name in a feed URL 😊