@gertjan Rarely am I so happy to be shown that I am wrong. Thank you for your detailed rundown (and to @BBcan177 for confirming that all custom lists are base64 encoded)!

@BBcan177 Just wanted to confirm that I inserted the (most recent) link to the JSON file and it is parsing just fine. Much easier than manual downloads, thanks!

@prx can you let me know if you're using a previous version of Magento 1? That can be a problem for you since users are updating their sites from an earlier version to the most recent version of Magento 2.4.6. You may look into Magento 2 Upgrade.

@jcook-atlas. this is the exact setup i was using before switching to pfblockerng. i switched because of needing to touch the alias file and change the date to older to make it actually update. I'll check my notes on it.

Thanks for the suggestion. This may work in the interim but I would love to see the designed functionality of PFBlocker fixed.

@viragomann @juliokele

Changing it to LAN did not help, either :(

Attached a few images. I just can not seem to find the log files, please see attached images.

Changed Web GUI https port of pfSense to 500
Set pfBlockerNG DNSBL to CARP with unique settings
Made sure subnet is not in use
Reloaded DNSBL

still no success...

Bildschirmfoto 2023-03-13 um 23.19.08.png Bildschirmfoto 2023-03-13 um 23.06.12.png Bildschirmfoto 2023-03-13 um 23.05.24.png Bildschirmfoto 2023-03-13 um 23.02.44.png

Give this a try - I had a similar issue to yours and I used Alias lists in native pfSense.

See my post

@kkit I initially thought that but as you mentioned opening both ways and it asking about ports incoming, I re-thought it..

What PFSense is essentially doing, is providing an easy way to see a list of commonly used lists of advertising, trackers, coinblockers and malicious sites, and automate a way to download and update, with an easy to navigate interface. If you have an allow outgoing list setup, (example, I have the InterNIC root DNS servers in a allow out to make sure they aren't blocked), you can just jump into pfBlockerNG/IP/IPv4, select that IPV4 list, scroll down to IPv4 Custom_List and add them there, quick and dirty... You could also just create a firewall ALIAS and manually add what you want to that and use it in a allow outbound rule. I did this for my work's ASNs, 11 IPV4 ranges and 1 IPV6, so that I don't run into issues as I work from home 3 days a week. Another way is if the IP that is being blocked is normally reached by a domain name, like your typical website, you can add the domain to the DNSBL/DNSBL Whitelist as the domain name. Maybe 90% of the time I just add the domain that corresponds with the IP, to the DNSBL whitelist and that takes care of it.

Fixed the problem by creating a floating rule that allows outbound connection to 142.250.0.0/15, which is the block of IP addresses used by 1e100.net, the umbrella network for Google's servers. What appears to have happened is that Google changed the DNS entries in the Denver area to route traffic over their network. Several common pfBlockerNG blocklists contain 1e100.net, which I'm sure has plenty of servers that host malware. Although I allow the outbound connection, the inbound WAN rules are still in place, which should block the garbage. Fingers crossed. Thanks very much to the illustrious BBcan177 for his Saturday night patience and assistance!

The + button doesn't work at all for me. It asks me to choose a whitelist, but the only choice is to create a new one, and then I get an error message "Cannot create new IP Whitelist! Invalid data!"

@superbree https://www.reddit.com/r/pfBlockerNG/comments/11ax5qj/disabling_suppression_does_not_seem_to_work_in/

@jack37 pfBlocker uses the MaxMind database. There's probably a way to look it up via command line but I generally use a site like iplocation.net which returns values from several places...usually the same but occasionally wildly different. IP blocks do get bought and sold a lot now.

I suppose you could try contacting MaxMind. Or just have pfBlocker process the lists as Alias Native, which only creates aliases. Then create your own rules to allow your range then block the desired countries.

@ciroque said in Blocking WeChat and TikTok:

I have attempted to get this working, but going to tiktok.com still loads.

Don't suppose your ISP gives you a dual stack IPv4 and IPv6 address range? The shots you show block IPv4, but wouldn't block any IPv6 TikTok addresses.

So in the end, I was able to get the device online, uninstall pfBlockerNG, the reinstall it and everything seems to be working just fine. It's now running as my production device.

I will keep the other one (the one that had been my production unit before) on the shelf for two weeks just to be sure no hidden issues appear with the new one, then will reinstall and upgrade it too.

Thanks for all the help on these forums, and to Netgate for a solid product 👍.

@ncm-com said in pfBlockerNG / pfBlockerNG-devel v3.2.0_3 - pfSense 2.6 Only:

@steveits so if I deny all locations on GeoIP and allow one country on IPv4 it will overrule? let's say I need to add only a few countries to the allowed list.

On the Geo page use Alias Native and it will create an alias. You can then create your own rules in the order you wish.

I also alsp having the same issue as in post https://forum.netgate.com/topic/165131/service-watchdog-detected-service-dnsbl-stopped-restarting-dnsbl-pfblockerng-dnsbl-web-server after upgrading to pfBlockerNG version 3.2.0_3 just a few days ago. Email notification every minute, had to tell Service Watchdog to stop monitoring dnsbl.

Went to the configuration page for dnsbl. Noticed that the box
"Wildcard Blocking (TLD)" was unchecked. If I check the box and saved, but it will not save, instead I get this message at the top:

The following input errors were detected:
• Customlist suppression: Invalid Domain name entry: [ *.googleapis.com ]
• Customlist suppression: Invalid Domain name entry: [ *.googleusercontent.com ]
• Customlist suppression: Invalid Domain name entry: [ *.xn--9trs65b.com ]
• Customlist suppression: Invalid Domain name entry: [ *.1e100.net ]
• Customlist suppression: Invalid Domain name entry: [ *.facebook.com ]
Seems dnsbl is telling me that the wildcard TLDs that seemingly blocked OK last week are now malformed? If I remembered where the file is located, I would ssh into the box and manually delete those TLDs and try again. I will hunt for it later, else does some one remember the file path?

Thanks all.