@frankm said in Youtube blocking:

As for the youtube block, sorry I can't help you there.

I found out something lately.
As we are all using "pfBlockerNG", I had to "play" with this 'audio video' option :

e7f917aa-ceab-4652-9932-77038a509d28-image.png

See here to make that option work again :

https://forum.netgate.com/topic/176492/pfblockerng-devel-v3-1-0_9-v3-1-0_15/14?_=1672127400173

it resolved the issue for me™, and left the option activated (selected).

Later on, somewhat during Christmas or so, I discovered that the Youtube app was working just fine on my Phone, but the app wouldn't play any videos ... A non-wanted WTF moment kicked in.
Then I remembered I was asking pfblockerng to filter 'audio video' sites.
I de selected that option + force reload , and done, Youtube worked again.

@jdeloach Thanks a lot for the clarification regarding the removal of feed sources. I presume that specific source is offline for good as it is not shown anymore in the feed overview, i.e. not part of it anymore.

But I guess new sources would be added automatically by pfblocker when they are added to an already subscribed feed?

@nollipfsense said in Yandex mail ad blocking problem!:

sunucuyu bulmasını ve özel listenize eklemesini sağlayabilirsiniz

Yes, I'm talking about the web browser.
How can I find these ad servers?1.png

@nogbadthebad You're probably right.
I pulled my config and only see the one instance of that URL, but maybe it's included in one of the other consolidated lists, like @BBcan177 's own. Thanks for the reply. :)

@nollipfsense
So I got this somewhat working actually. There is a nginix proxy that I have pfblocker sending the failed domains to. The proxy then has a default site configured where any domains get redirected to a custom web page with a valid cert.
This is possible but would require a reverse proxy built in to pfblocker much like the light weight httpd server.

@killmasta93 Maybe intuitively pfSense is telling you it's time to upgrade...

@creationguy Glad you got it sorted. Duckduckgo is my default search engine but only on the browser.

@steveits
That'll be it. I was not using the devel version.

@diamondcreeper75 Your "ports" alias doesn't have any ports in it, per the screen cap...?

@Tzvia It started failing again this morning at 5AM. Followed the link 30 minutes ago at noon and got a 500 server error https://talosintelligence.com/documents/ip-blacklist

Just tried the link again and successfully see the list, so something going on with talos/AWS. Thanks for your help.

@jmv43-0 never mind it is working now.

Thanks

@beerman said in pfBlockerNG DNSBL service won´t start after update:

@beerman said in pfBlockerNG DNSBL service won´t start after update:

(22.05-RELEASE)

:)

I'm running 2.6 so I can't really help you. This sounds like the problem that this update was supposed to fix, I think.

@s-hasan said in How to customize the block page message of pfBlockerNG:

However, I gave up on the this setup because my boss didnt like the idea of installing CA on each device in the network so, we abandoned on doing it, but it was a great experience.

@gertjan He said above that was a show stop and since its a business, and the cost is less than $50 per year, which would be less than $5 per month, not $50,000. The paid SSL must be the way to go if the company truly wants to implement a policy allowing only certain domain on their equipment at the office. I am sure with this info his boss would approve.

@steveits said in pfBlockerNG-devel v3.1.0_7 update - Unbound Issue:

See post:
https://forum.netgate.com/topic/176350/pfblockerng-devel-v3-1-0_7-v3-1-0_14/42

Thanks, I followed the instructions to go back to the previous pfb_unbound.py version and it appears to have resolved my issues with unbound becoming unresponsive, so at least that confirms it is pfBlockerNG related.

@asadz If you click on the Info button, see arrow, it should show the IP you were trying to go to. You don't need to mask you LAN address as no one can get to it.

Screenshot 2022-12-14 at 1.19.40 PM.png

@gblenn I think it is perfectly valid to have both syslog daemons running and sounds like syslog-ng is there purely to handle shipping the larger suricata logs. With rsyslog coping fine with everything else. TCP isn't necessary either, but it is more reliable if log messages exceed a single UDP payload. So, at a guess, I'd say truncated logs aren't your problem.
However try turning on more suricata log options and see if you break things - see if suricata dashboard still presents recent data as expected in Kibana. Then you can be sure truncating is not an issue.
IIRC with suricata logs being JSON, truncated logs pretty much breaks the entire logstash parsing of suricata. I am not running it right now so cannot check.
EDIT: Also, again IIRC, there are remote syslog options within the suricata package itself. But I cannot remember how or if these should be enabled when you are also running syslog-ng to ship suricata logs. I used suricata for while, mainly as an exercise, but could not justify the increased resources needed with the move to v6.

@gertjan IPv6 is working fine 19/20 on https://ipv6-test.com

_8 today.