@nollipfsense said in Yandex mail ad blocking problem!:

sunucuyu bulmasını ve özel listenize eklemesini sağlayabilirsiniz

Yes, I'm talking about the web browser.
How can I find these ad servers?1.png

@nogbadthebad You're probably right.
I pulled my config and only see the one instance of that URL, but maybe it's included in one of the other consolidated lists, like @BBcan177 's own. Thanks for the reply. :)

@nollipfsense
So I got this somewhat working actually. There is a nginix proxy that I have pfblocker sending the failed domains to. The proxy then has a default site configured where any domains get redirected to a custom web page with a valid cert.
This is possible but would require a reverse proxy built in to pfblocker much like the light weight httpd server.

@killmasta93 Maybe intuitively pfSense is telling you it's time to upgrade...

@creationguy Glad you got it sorted. Duckduckgo is my default search engine but only on the browser.

@steveits
That'll be it. I was not using the devel version.

@diamondcreeper75 Your "ports" alias doesn't have any ports in it, per the screen cap...?

@Tzvia It started failing again this morning at 5AM. Followed the link 30 minutes ago at noon and got a 500 server error https://talosintelligence.com/documents/ip-blacklist

Just tried the link again and successfully see the list, so something going on with talos/AWS. Thanks for your help.

@jmv43-0 never mind it is working now.

Thanks

@beerman said in pfBlockerNG DNSBL service won´t start after update:

@beerman said in pfBlockerNG DNSBL service won´t start after update:

(22.05-RELEASE)

:)

I'm running 2.6 so I can't really help you. This sounds like the problem that this update was supposed to fix, I think.

@s-hasan said in How to customize the block page message of pfBlockerNG:

However, I gave up on the this setup because my boss didnt like the idea of installing CA on each device in the network so, we abandoned on doing it, but it was a great experience.

@gertjan He said above that was a show stop and since its a business, and the cost is less than $50 per year, which would be less than $5 per month, not $50,000. The paid SSL must be the way to go if the company truly wants to implement a policy allowing only certain domain on their equipment at the office. I am sure with this info his boss would approve.

@steveits said in pfBlockerNG-devel v3.1.0_7 update - Unbound Issue:

See post:
https://forum.netgate.com/topic/176350/pfblockerng-devel-v3-1-0_7-v3-1-0_14/42

Thanks, I followed the instructions to go back to the previous pfb_unbound.py version and it appears to have resolved my issues with unbound becoming unresponsive, so at least that confirms it is pfBlockerNG related.

@asadz If you click on the Info button, see arrow, it should show the IP you were trying to go to. You don't need to mask you LAN address as no one can get to it.

Screenshot 2022-12-14 at 1.19.40 PM.png

@gblenn I think it is perfectly valid to have both syslog daemons running and sounds like syslog-ng is there purely to handle shipping the larger suricata logs. With rsyslog coping fine with everything else. TCP isn't necessary either, but it is more reliable if log messages exceed a single UDP payload. So, at a guess, I'd say truncated logs aren't your problem.
However try turning on more suricata log options and see if you break things - see if suricata dashboard still presents recent data as expected in Kibana. Then you can be sure truncating is not an issue.
IIRC with suricata logs being JSON, truncated logs pretty much breaks the entire logstash parsing of suricata. I am not running it right now so cannot check.
EDIT: Also, again IIRC, there are remote syslog options within the suricata package itself. But I cannot remember how or if these should be enabled when you are also running syslog-ng to ship suricata logs. I used suricata for while, mainly as an exercise, but could not justify the increased resources needed with the move to v6.

@gertjan IPv6 is working fine 19/20 on https://ipv6-test.com

_8 today.

@jdeloach

Netgate has still screwed up their configuration because we still have different version numbers for packages for folks running CE 2.6 and the Plus versions.

That certainly does not strike me as the intention of Netgate nor @BBcan177. There was simply a mistake made in version numbers, which happens in other vendors software.

This is something that is not going to be easy to fix and is going to probably drive folks away due to incompatibility between versions of pfSense and the versions of installed packages. It appears that the right hand does not know what the left hand is doing.

That can be interpreted as a offhand dig at the package maintainer who's dedicated his time and effort on a package used by many and maintained by one.

With all that said, I'm sure I've seen a post in the past few days around issues with the package update database or the like. Maybe a better solution would be seeing if this is related.

@gertjan Hey, really thanks for your tip, helped a lot.
Its working fine now :)

[22.05-RELEASE][root@pfsense.home.arpa]/var/log/pfblockerng: ls -lah total 44 drwxr-xr-x 2 unbound unbound 512B Dec 13 06:33 . drwxr-xr-x 6 root wheel 1.0K Dec 13 06:29 .. -rw------- 1 unbound unbound 0B Dec 13 06:32 dns_reply.log -rw------- 1 unbound unbound 284B Dec 13 06:33 dnsbl.log -rw------- 1 root wheel 406B Dec 13 06:32 dnsbl_parsed_error.log -rw------- 1 root wheel 17K Dec 13 06:32 pfblockerng.log -rw-r--r-- 1 unbound unbound 0B Dec 13 06:32 py_error.log -rw------- 1 unbound unbound 284B Dec 13 06:33 unified.log

@gertjan
I have figured it out now.
I was running the reload command and not the cron command.
When i run the cron command it updates the list in the firewall.
And you are right I shouldn't spam other list. A workround for now is that i make my own custom list that contains the IP addresses from the other list and update the backend list once a day.
Thanks for the help