@ghost666 How is your RAM...have enough?

@leakin said in pfBlockerNG - macOS wifi blocks, iPadOS passes?: using the same wifi connection on an iPad, ads are not blocked... any ideas? Yes, most likely you didn't restrict and force all clients to use pfSense as DNS. Confirm that your iPad is configured to use pfSense for DNS. If you were using say YouTube app on your iPad, it's almost impossible to block ads as the ads server(s) are built-in. take a look at these: https://docs.netgate.com/pfsense/en/latest/recipes/dns-redirect.html https://docs.netgate.com/pfsense/en/latest/services/dns/index.html

Believe it or not, I simply rebooted the first pfSense machine (the one that manifested the "not active" pfBlocker CARP VIP after every hourly or manual forced pfB update) and lo and behold, now it actually works. The all time classic IT Crowd quote from Gary "Have you tried turning it off and on again" worked once again! I am baffled.

@Gertjan This was almost 15 hours after the install. It's not done it again, pfBlocker is on a once daily update, so hopefully it doesn't do it again.

@SteveITS The "new-rules-not-applied" article you linked led me to Status > Filter Reload where I saw a loading error of pfB and adjusted a setting in the Advanced>NAT tab which fixed the problem. Thank you for this quick response.

@michmoor oh damn, im so sorry. forget what i say... im going back to school! shame on me

@areckethennu It's probably a bad thing to reply to myself, but I reported this to the Phishing Army list OP and he said he'd fix it shortly. So, hopefully, things will resolve themselves soon.

@SteveITS said in DNSBL just Work when DNS Resolver Enable: “UnKnown” is not a functional problem, you can ignore it. While technically true - If I get an unknown for the dns I am using - it points to badly managed dns... Why would there not be a PTR for everything on your network ;) If your going to setup forward zones, you might as well setup the reverse zones for the IP ranges you use on your network. pfsense makes it easy because you put in the host override, the ptr is auto there for that host, etc.

@SteveITS Got it! Thank you!! [image: 1687468681618-geo41.png] [image: 1687468690464-geoip4.png] [image: 1687468701040-geo5-fwrule.png] [image: 1687468743149-geoip6-status.png]

@Yet_learningPFSense said in I want to block the IP addresses assigned by ISPs to general households.: I have noticed some IP addresses belonging to providers in Korea and Africa (confirmed using whois, such as *.telecom) which appear somewhat suspicious to me. Where did you notice them? The net is a noisy place - you will see noise from all over the planet hitting your wan IP.. So? They are dropped by default. If you have some port forwards open, just allow the IPs you want to allow. For example, my plex server the only thing that can talk to it are IPs from the US, and currently Morocco (since have family currently living there).. And the list of known IPs that plex uses to validate your server is available to the public.. And the known IPs that monitor if my plex is working, and notifies me if its down. Simple enough to do in pfblocker - because you can create lists based upon country (geoip data) or other Ips you want to allow - uptime robot and statuscake for example doing the monitoring provide lists of IPs they use. Or did you notice your devices connecting outbound to these weird IPs? in other countries?

@SteveITS Hmmm I see what you mean, I'll have to see if I can duplicate this. My setup right now though is to use block lists and then I use alias lists for any allowances I am making, so I think that avoids dedup issues.

@Bartballon hello let me try to help, how is the PfSense configuration set to resolve is it going to WAN 8.8.8.8 or 1.1.1.1 or the domain controller? Do you have a host override for a proxy also? Also I found "If unbound does not start correctly after entering custom options, add server: on a line at the top of the custom options text area." Ref: https://docs.netgate.com/pfsense/en/latest/services/dns/resolver-config.html I found another post on this with a working version of what you want to do, user was asking how to make it resolve faster. Maybe this will help? https://forum.netgate.com/topic/144091/ad-domain-controller-as-local-dns-forwarding-to-pfsense/10 https://forum.netgate.com/topic/140346/forward-dns-queries-to-active-directory-dns-server/9

@SteveITS I've tried with two different ISP, nothing happened bro. [image: 1687319228367-a90b0839-aefc-4aa9-9dc2-16ce235bb115-image.png]

@Gertjan Thanks for your help :-)

For repair -> pfSense-upgrade -d -c

As soon as I post that it goes back down..