@wc2l Does Diagnostics/tables show it has content?

@freddy-0 said in pfBlockerNG-devel - 3.2.0_3: Still seems to be at line 729 but not too concerned as everything seems to be working. You are probably running pfblocker in pfsense+ 23.01 - I saw in my lab machine (with 23.01) that there the line in question is at 728 ;-)

@jrey well then, hello again :) Yeah to be clear it’s not always a problem. One also has to have the dedupe option checked. However it’s not intuitive and potentially dangerous, so I try to call it out.

@steveits Yup, that was it! Thanks!!

@steveits Awesome! That one passed me until now. Thx.

I am guessing the deduplication is just using the same mechanism as the normal deny rules. This makes using the alias function pointless. Each alias should be de-duplicted individually otherwise you cannot tell what aliases is blocking what therefore you cannot create individual blocking rules and even if all rules were enables as recommended by BBcan177 your logging would not be accurate.

@steveits Thanks for your suggestion. I got it to work after a fashion. The autoconfiguration of pfBlockerNG puts the blocking on only the LAN. When I added to the WAN, it began to operate as I desired. I wonder why the autoconfigure ever puts the rule on the LAN instead of the WAN when the purpose of pfBlocker is to keep bad crap out of your system. Thanks, Mike

@omethe well, if you add a feed that is hosted 'off-site', some where on the internet I guess you want to be able to resolve that host nam, and not getting a 0.0.0.0 as an answer ..... if not, whats the point of adding / using that host name in a feed URL

@gertjan Rarely am I so happy to be shown that I am wrong. Thank you for your detailed rundown (and to @BBcan177 for confirming that all custom lists are base64 encoded)!

@BBcan177 Just wanted to confirm that I inserted the (most recent) link to the JSON file and it is parsing just fine. Much easier than manual downloads, thanks!

@prx can you let me know if you're using a previous version of Magento 1? That can be a problem for you since users are updating their sites from an earlier version to the most recent version of Magento 2.4.6. You may look into Magento 2 Upgrade.

@jcook-atlas. this is the exact setup i was using before switching to pfblockerng. i switched because of needing to touch the alias file and change the date to older to make it actually update. I'll check my notes on it. Thanks for the suggestion. This may work in the interim but I would love to see the designed functionality of PFBlocker fixed.

@viragomann @juliokele Changing it to LAN did not help, either :( Attached a few images. I just can not seem to find the log files, please see attached images. Changed Web GUI https port of pfSense to 500 Set pfBlockerNG DNSBL to CARP with unique settings Made sure subnet is not in use Reloaded DNSBL still no success... [image: 1678746050065-bildschirmfoto-2023-03-13-um-23.19.08.png] [image: 1678746049981-bildschirmfoto-2023-03-13-um-23.06.12.png] [image: 1678746049909-bildschirmfoto-2023-03-13-um-23.05.24.png] [image: 1678746049844-bildschirmfoto-2023-03-13-um-23.02.44.png]

Give this a try - I had a similar issue to yours and I used Alias lists in native pfSense. See my post

@kkit I initially thought that but as you mentioned opening both ways and it asking about ports incoming, I re-thought it.. What PFSense is essentially doing, is providing an easy way to see a list of commonly used lists of advertising, trackers, coinblockers and malicious sites, and automate a way to download and update, with an easy to navigate interface. If you have an allow outgoing list setup, (example, I have the InterNIC root DNS servers in a allow out to make sure they aren't blocked), you can just jump into pfBlockerNG/IP/IPv4, select that IPV4 list, scroll down to IPv4 Custom_List and add them there, quick and dirty... You could also just create a firewall ALIAS and manually add what you want to that and use it in a allow outbound rule. I did this for my work's ASNs, 11 IPV4 ranges and 1 IPV6, so that I don't run into issues as I work from home 3 days a week. Another way is if the IP that is being blocked is normally reached by a domain name, like your typical website, you can add the domain to the DNSBL/DNSBL Whitelist as the domain name. Maybe 90% of the time I just add the domain that corresponds with the IP, to the DNSBL whitelist and that takes care of it.

Fixed the problem by creating a floating rule that allows outbound connection to 142.250.0.0/15, which is the block of IP addresses used by 1e100.net, the umbrella network for Google's servers. What appears to have happened is that Google changed the DNS entries in the Denver area to route traffic over their network. Several common pfBlockerNG blocklists contain 1e100.net, which I'm sure has plenty of servers that host malware. Although I allow the outbound connection, the inbound WAN rules are still in place, which should block the garbage. Fingers crossed. Thanks very much to the illustrious BBcan177 for his Saturday night patience and assistance!

The + button doesn't work at all for me. It asks me to choose a whitelist, but the only choice is to create a new one, and then I get an error message "Cannot create new IP Whitelist! Invalid data!"