@jlw52761 Unfortunately i didnt find a solution with pfblocker(ng). My current solution is to have switches back to my pihole setup and dont use pfblocker. Its still frustrating because of my dns force i dont have dns in lan when my server is off due to running pihole in a docker on the server.

@fireodo Somehow this one escaped me. Didn't notice it until I updated to CE 2.8. Anyway, much appreciated.

@lohphat https://forum.netgate.com/topic/190285/changes-to-snort-org-talos-intel-ip-block-list-affecting-pfblockerng

I think this thread's bug is the reason our backup router had so many extra config files...seems like at some point pfB was updated, removing the manual code change, so the cron jobs on the primary and backup were removing and adding a (defunct) list as they ran.

@The-Party-of-Hell-No said in Add Domain [......] to DNSBL: Where is this list?: look for the group you created Afternoon, when I clicked on the + it did not ask to create anything it just (I'm guessing) did something without tell me what it did it anything at all. I checked all the existing groups and nothing was added to their DNSBL Custom_List. So assuming nothing happen, I hope, because I don't remember what domain it was.

@The-Party-of-Hell-No Listo amigo ya quedo, lo que pasa es que tenia dns asignados a la vlan dejando el nativo se soluciono

@Unoptanio said in I don't receive emails ONLY on Apple devices: Mail cannot function in IOS 18.2 if iCloud Private Relay is blocked at a network level https://discussions.apple.com/thread/255916395?sortBy=rank This reference is/was out of date. The linked discussion referrers to a specific bug introduced iOS 18.2 (December 11, 2024), which was corrected in iOS 18.3 (January 27, 2025). Apple stopped signing of 18.2.X a week later, almost 2 months before this thread began.

UPDATE: I found the problem, I created the file on my local system instead of pfSense. Thanks for your feedback!....

@purleigh Your post is 'lost' It's a question about the pfSense GUI package pfBlockerng : [image: 1747034973323-21726789-53e4-4943-9485-c5df3e3207d4-image.png] Better : The answer can be found somewhere in that forum And yes, it's probably a little short-coming, aka bug. I posted about this a while ago, and proposed a work around. So, I've a patch : Open /usr/local/pkg/pfblockerng/pfblockerng.inc and find // Collect static DHCPv6 hostnames/IPs Convert it into comments : // // Collect static DHCPv6 hostnames/IPs // foreach (config_get_path('dhcpdv6', []) as $dhcpv6) { // if (is_array($dhcpv6['staticmap'])) { // foreach ($dhcpv6['staticmap'] as $smap) { // $local_hosts[$smap['ipaddrv6']] = strtolower("{$smap['hostname']}"); // } // } // } and then paste just behind it : // Collect static DHCPv6 hostnames/IPs ## 2024-11-25 Gertjan foreach (config_get_path('dhcpdv6', []) as $ipv6_interface =>$dhcpv6) { if (is_array($dhcpv6['staticmap'])) { $pdsubnet = ''; foreach ($dhcpv6['staticmap'] as $smap) { if (strpos($smap['ipaddrv6'],'::',0) !== false) { if (get_interface_track6ip($ipv6_interface)) { $track6ip = get_interface_track6ip($ipv6_interface); $pdsubnet = gen_subnetv6($track6ip[0], $track6ip[1]); // remove '::' from prefix $pdsubnet $pdsubnet = substr($pdsubnet,0,strpos($pdsubnet,'::')); } } $local_hosts[$pdsubnet.$smap['ipaddrv6']] = strtolower("{$smap['hostname']}"); } } } This issue is : you use probably 'IPv6 Prefix tracking", like me. In that case, static FHCPv6 lease are configured like : [image: 1747035383882-5375144e-1ce3-454b-bf69-db16fe98cd82-image.png] and that shorted IPv6 notation isn't the real IPv6. Or, pfBlockerng uses the IPv6 SRC IP to reverse find host names. And that will fail. The path shown above test for the shortened ::xx IPv6, and if it finds wone, it prepends the prefix of that LAN interface. Afaik, the issue isn't listed here.

@SJKS said in Custom DNSBL group list errors: custom group: vpn_ip Group ? I see 3 files that look like valid lists. The first one, adguard.txt with a line format like ||cdnexpress.art^ ||openips.cc^ ||pointed.cc^ ||rounds.cc^ ||should-licence.cc^ ... doesn't seem right. I said seem, as I, as a human, don't parse files ^^ So yes, your right, it should be pre parsed. Only that "adguard.txt" has an issue ? All 3 of them ? ip.txt is an IP list, not a DNSBL list. edit : What is the URL you use to download the hostname.txt file ? This one - the raw one - works for me : https://raw.githubusercontent.com/az0/vpn_ip/refs/heads/main/data/output/hostname.txt any other URL probably downlaod the web page and yeah, taht will fail. Check here : /var/db/pfblockerng/dnsblorig/* where you can see what pfBlockerng actually downloaded. [image: 1746795177790-4d90ca54-d6e8-46b6-939a-8e770ed0db09-image.png] The green marked lines are the IP and DNSBL list. The loaded just fine.

@m2av This would massively improve pfB's DNSBL functionality—the ability to utilize a feed as a whitelist.

@btspce I'd add another bullet point to it, as it seems very much pfBlocker related: it seems that the multiple changes pfBlocker triggers in the audit log (see #1) is also the culprit in breaking the audit mechanism of managing the max amount of config.xml copies to archive. We have both nodes of our DC cluster set to 100 steps back to still have a change to get a real user config.xml besides the pfBlocker non-changes. We now had multiple occasions of admins checking the audit logs (Config History) and having to wait for 10+min for the site to load. As we were investigating it was shown, that the /backup dir had around 14000 versions of config.xml instead of the configured 100. After finally loading the page and checking again via # ls -1 /conf/backup | wc -l it was down to 102 again. Currently I have a lab machine that wasn't touched at all for months! that reports: [24.03-RELEASE][admin@pfs-plus-2403.lab.test]/root: ls -1 /conf/backup/ | wc -l 5637 The only thing that one has running continously is pfBlockerNG updating the blocklists. So no logins or config changes whatsoever but still accumulated configs without pfSense itself managing the backup count and rotating/deleting the old ones. That seems to very much point at pfBlockerNG as it's the only package currently, that creates that much audit logs on the side. Not wanting to post any blame here! Don't get me wrong. Just wanted to get as much details and infos out so we can squash those bugs :) Cheers :)

@cryptonym said in Not seeing IP blocks in Alerts area of reports tab. DNSBL shows up properly.: DNSBL was working, resolving them to 10.10.10.1 but no logs. What was missing was I left "BNSBL Mode" on Unbound (default) rather than setting it to "Unbound Python mode". That one checkbox and a reload and logging is working perfectly. God news - and bad news : I switched from Python to unbound mode : [image: 1745402557929-dd4b7379-bd2d-4636-80a6-ed2ae7b9fc05-image.png] I tested with a listed DNDBL host entry (StevenBlack's list) 010sec.com Sure enough : using http, not https .... [image: 1745402491596-9ea39967-c05e-4e26-922c-cdeea4422c9a-image.png] and sure enough : [image: 1745402511111-a33a4113-d3bc-423f-b8fe-ef28f369605b-image.png] So Python mode isn't mandatory to make this work. Btw : I really though everybody had abandoned "unbound mode" by now .... as Python mode is way better/faster/much cooler ^^ That said : imho, you can safely forget about that pFb black web server page that shows up when a visitor visits a site that is blocked.It's something that worked well in the past, when all sites were http based. Because : it needs http sites to actually work - not https. You know this already : https can't be intercept / redirected - not by me, not by the CIA, not by the NSA, so probably you can't neither ^^ No body is visiting http sites anymore .... Google doesn't index them anymore for years now. So : the perfect DNSBL setting these days is : [image: 1745403031426-9a91c0b8-e856-4c34-af1a-273f49e945a8-image.png] If you find people on your network still using "http" sites, go have a talk with them, before you throw them off your network. I get it, this is a bit harsh, but these days thsi should be common knowledge of any Internet user. Like : when you drive your car on the road you stay on the 'right' side of the road.

@netblues And you didn't even need to waste your time with this thread. Good job.

Thanks everyone for this. I was having this problem too. It was getting quite frustrating and a search came up with this thread right away. My appreciation for those who take time to publicly ask questions and share answers.

@posix @Gertjan Replying to this old thread to say thank you. I encountered this same "pfB_PRI1_v4 Cannot allocate memory" errors on my 2100 and it was solved by increasing System/Advanced/Firewall & NAT/Firewall Maximum Table Entries from 400000 to 600000. The 2100 had been running without issue for many months and the last reboot was for the 24.11 upgrade. What caused me to check the 2100 was I had become unable to screen share when connecting via IPsec VPN from the outside. The IPsec connection was successful but vnc attempts to connect to a machine on the network timed out. After changing the Table Entries setting it immediately started working again.

@manval said in pfBlockerNG blocks Greek IPs from StarLink as IP located in North America: I disabled cron in pfBlogerNG and it is still running ! The cron task handles also the max log file sizes : [image: 1744094963940-8a399f8d-98e1-4e53-9c3b-1249432f5ceb-image.png] so, imho, if set to disabled, it will still keep care of these files by rotating them. Not doing so will fill up the disk.

@Yamka said in Static and Dynamic IPs Pass rules: My main struggle is allowing WhatsApp (for example) traffic through my firewall Why is it blocked in the first place?

@Gertjan Oh yeah that's true, my bad, I changed it and the bank app and logging continue to work fine, thank you again. [image: 1742905660932-ce2b5791-5f31-42ce-8817-17cf642daedc-image.png] [image: 1742905652317-c33ea8e5-60e0-4ed8-985b-7b898abaf545-image.png]

@Gertjan No worries. Thanks again