@gertjan said in First run pfBlockerNG - false positive?: But you, as the admin, have added dnsbl feeds (or IP feeds) to pfBlockerng. Hostnames (or IP's) in these feeds will get blocked. Did you have a look at these lists ? ;) Thank you for a nice and informative answer! I will try with the address you suggest, and no... I have not looked at the lists in detail, but looks like a good idea to get a better understandning of this... :)

Thank you for the answer. I should have thought to check there instead of just looking at the normal backup / restore. Appreciate your help.

@jrey I think that’s the “uniq[ue] check.” Note if using Alias Deny pfB will dedupe across the deny lists, even if used for different rules. Might be what you’re seeing given the label. Alias Native does not.

@steveits said in Cannot access dns resolver settings: Looks to me like it was restarted on request...settings change? DHCP lease registration? I have all of my clients are using pfSense for DNS although there are a few on my network where google is programed into the firmware. There was no manual restart (I did do a manual restart of unbound today but not at that time) nor were any changes to client dhcp being done at that time. That said, I'll use my 7th decade age as an excuse and therefor I'll pay more attention in the future. You are correct, I'm not using forwarding resolver and I am aware of the DNSSEC requirement to not be used. These frequent periods of no response (hanging?) were not experienced in 22.04 and pfBlockerNG-devel.

I checked and mine is not using a forwarder but is set to use DNSSEC. Right now I have a cron job set to simply restart unbound at 02:00 every day. If not seen a recurrence of this issue since doing that.

The overlay for selecting a Alias out of the already created ones does not appear and leave empty. Just entering a "known" alias and try to save lead in a empty field of the "Custom Destination"

@bmeeks Got it. Thanks a lot

@efriedman Snort would see things before pfBlockerNG, I believe...

Update, I just moved from 3.2.0.1 to pfBlockerNG 3.2.0_3, no issues so far. Network throughput, memory and CPU usage all within normal parameters. Thank you @BBcan177 for all your work on this excellent package!

@fluvannait You changed to type to CARP without editing it? A CARP VIP for DNSBL is an imbecility. This IP is only needed at the master. So it can be a simple IP alias. If you want to have it on both, you can hook it up on a CARP.

@creationguy I second that. "Its not uncommon for this feed." I don't worry about it, just clear the message on the widget whenever you see it. the most I've ever seen it miss is 3 in a row stacked up. it is usually just 1 miss and it gets it next cycle. less than stable feed i suspect. All the others I use are fine.

@bbcan177 Thx, fpr your support! :) I have since uninstalled and reinstalled the pfBlockerNG-devel package. I also deleted the directories (/usr/local/share/GeoIP and /var/db/pfblockerng). Since then, I have not noticed any more such entries. If an entry appears again, I will test the commands and report in this thread.

@bbcan177 Thanks for the response, I have found the thread and the redmine: https://redmine.pfsense.org/issues/13953 https://forum.netgate.com/topic/177884/pfblockerng-devel-v3-2-0-crashing-repeatedly-on-pfsense-23-01/7?_=1676563838954 Its not a pfblocker issue its related to openvpn clean up.

Yes, working now. THX

@bbcan177 the new version fixed my issue thanks a lot. Great and super duper fast job

@shaw222 see https://docs.netgate.com/pfsense/en/latest/troubleshooting/firewall.html#new-rules-are-not-applied

@seanr22a Just found this and started using them. THX!

@marco-42 Welcome

@SteveITS : Thank you for the link.