Hmm, still no other reports of that. The trace makes it look like there's a rogue character in an IP address there somewhere. Since it's only you seeing it do you have some custom lists maybe?

@mpfrench said in Redesign pfBlockerNG to Run DNSBLs Using Unbound in Both Resolver and Forwarder Modes: and the browser shows the "Try again Charlie" screen. They won't. They'll understand. They have Google. They will do what you would do. .... 5 minutes later .... They stop using 'your network', and take another one, like a SIM 4G/5G data card from their phone. Case 'solved'. I say this because " I've been there - seen it - thought I needed to do something with a tool ". All you can do is explaining, and showing the right example. It has been written somewhere : everybody has the right to dig its own hole, and then fall into it. I bought a rope, so I can help, if asked or needed ;)

I think i found the answer to my own question. It seems that i will not need PFBlockerNG to perform GEOIP blocking since it can be done via some rules set at cloudflare Require specific countries.

@provels said in pfblocker not blocking weather channel app on iOS: It's probably getting the ad from other than weather.com. Let's hope so ;) If it was getting the add from weather.com, there's no way to block the add, except blocking the "weather.com" all together. "weather.com" could even supply a "IP list" into it's weather info, bypassing any DNS needs. So now you have to look for these IP addresses. These will always be "some" from a bigger unknown add server pool. The cleanest and simplest solution would be : ditch the weather app. Next best : get the "$" version. If you have some time left : with some packet capturing, DNS hunting etc you will find the list of host names, and or "add" IP servers. This will be an ongoing job as publicity host names and or IP addresses constantly change, as the add companies know that people are looking them up to put them on 'lists'

@gertjan said in Problem installing SCANNER list: Using pfBlockerNG-devel 3.2.0_3 on pfSense 23.01-RELEASE (amd64) When you copy paste both URLs into a browser, you get a XML file ? Thank you for the reply. I am on the same version. Yes the xml file would be visible. I also tried adding /?xml at the end of the URL, this didnt work either. It turns out I was having other issues as well. pfSense was not returning available package lists. Snort would not update rules either. So I made a backup, factory reset and applied specific restorations. I decided to manually reinstall Snort and pfBlockNG. This fixed the issue I was having.

@mpfrench I think you'll need to edit the config.inc file after each pfSense upgrade. They are probably trying to be as safe as possible. It all depends on what is being read in to memory...I use pfBlocker but smaller lists so don't have a problem. I've been told not to run a RAM disk on 3100s either but as long as the logging volume is low the RAM usage is low so it's all relative.

@johnpoz said in How to block a Domain and it's subdomains being accessed via IP address (without DNS-Filter): They use the 1e100.net for their PTR for every one of their IPs.. This is a "reverse" lookup, again not something you should be concerned with.. You should be concerned with blocking the forward fqdn your device/user is trying to go too. Yes, thank you, I read the article from the link. I'm not really worried about it either. But I hate it when a system tries to escape my control by cooking its own soup. It's just a principle that triggers me and I enjoy trying to find a solution. Besides, you always learn quite a lot in the process. I looked at what Chrome does on startup using mitmproxy and if I saw it correctly, Chrome doesn't actually do DoH/DoT queries. Presumably some IPs are actually hardcoded. The easiest thing to do is probably to uninstall Chrome.

Update... Did a factory reset of the device and reloaded the package. Working OK now.

Try https://github.com/StevenBlack/hosts, I use the following:- https://raw.githubusercontent.com/StevenBlack/hosts/master/alternates/fakenews-porn/hosts

@steveits thank you for quick response. I just disabled deduplication and I see the lists got updated as expected. So my understanding of deduplication in this case was wrong. I would think that only the same addresses that are used in different lists should not be updated multiple times. Interesting :) Thank you! Marek

@jdeloach Yes, only new keys. Anyway, patching validation method from the links above worked like a charm.

@vito-0 - Have u managed to solve this issue ? Did u whitelist the relevant FQDNs ?

so if i set the system tunables to there defalt pfBlockerNG-devel works but then i cant conect to the 2 file servers... so right now i can have 1 or the other..

@steveits said in Disable pfBlocker through SSH?: @furom Two I know of: Control (easier to create exceptions/rules above the deny) Per other threads, if deduplication is on and deny rules are used, apparently dedupe happens across the deny lists. If they are being used for different ports, then only one port gets blocked for the duplicate IP. Sounds like a good reason to. I'll keep that in mind, thank you!

I am the DevRel of IPinfo. We launched an open access (CC BY-SA 4.0) full accuracy database for country and ASN information, that has daily updates. I talked a bit with PFblockerNG's core developer. The issue is that even though the database is free and provides daily updates, they are not a drop-in replacement. If anyone wants to crack at integrating our databases in pfB, let me know. We provide the database in an MMDB format, however the data schema is different. Docs: https://ipinfo.io/developers/ip-to-country-asn-database

@peaare With the large amount of code changes for moving from PHP 7 to 8 it is likely a bug, as I've seen posts for similar Uncaught TypeError messages since the release of 23.01. Since you can duplicate it I would create an issue at redmine.pfsense.org. I'm not sure how to tell you to do it via shell, but since it would be in the XML config file you could save/export that, edit it, and import it again (which reboots pfSense).

I tested this and didn't find any issues. Click on the blue infoblock icon there and make sure that you are creating the pfSense alias correctly. When you start to type the alias, it should show an autocomplete dropdown menu. Only those entries are allowed.

@gertjan Thank you for your help. I think I found it - the TLD feature was disabled but there where all those entries.