@steveits Yeah this is very screwed up, last time I had this issue a few days ago setting up another unit, it simply worked later out of nothing...

@beerguzzle

Because pfblocker itself does ... nothing.
It uses the syslog to build most of the pages with IP related stats.
I gets the info from the logs, as the firewall logs into the stats.
IP feeds are build into aliases, and these aliases have to 'firewall' log.
DNSBL uses the its own, internal logs.

@keyser Thanks for the advice. I got v2 outta there per your instructions, got v3 in place, and got things working again.

@matthiasvd said in pfBlockerNG blocking SMTP (country blacklist):

There is no option to have a single exception for SMTP

When I use pfB, I use Alias Native. That creates the alias and no rules. Then you can use the alias in a NAT or firewall rule as desired.

BTW, it's more efficient to allow Europe than block not-Europe. (less memory usage and time looking through the IPs)

@gertjan I totally overlooking that tiny link for profile builder... thank you- I did not look hard enough. It's working now.

@maxburn I didn't, but I just did. I was thinking it would do that itself based on the schedule. I see the new name in the update output and can't find the old one so hopefully that's the end of it.

@czar666 I have deleted your sig per your request, given you a couple of thumbs ups - if you get 5 you can then edit your own signature again.

edit: there you go, now your at 5 rep points, you should be able to no put in what you want for your signature.

@mcury said in Just updated to pfsense 22.05, is it fully compatible with 3.1.0_4?:

@paul2019 said in Just updated to pfsense 22.05, is it fully compatible with 3.1.0_4?:

@mcury The service "pfb_dnsbl" is not starting, is that normal? I never checked this before.

No, this is not normal

It is normal if DNSBL is not enabled. Many of our installs we use pfB for block lists and not DNSBL so it's off.

@paul2019 said in Just updated to pfsense 22.05, is it fully compatible with 3.1.0_4?:

Unresolvable source alias

If the alias doesn't exist pfSense will throw that error, if a firewall or NAT rule uses the alias. It can happen for instance when uninstalling pfBlocker in order to install an update to pfSense...years ago I locked myself out that way, installing an update to our office at night through a pfB NAT rule, but fortunately had other ways to get connected. I have also seen it on rare occasions after a reboot. Just run an update in pfB to recreate the alias.

@provels I'm used to Windows, when I see that I'm using up 50-60% of my RAM, it's time add more RAM... :)

I just don't want to spend $700 on a 4100 MAX and wish I had spent the extra $200 down the road when or if I need more RAM.

This machine is just a test desktop.

@bob-dig said in IP logs are not being created/populated:

It is odd that this problem still exists for so long now. Sure, it is just an Package but it is the most important one in my book.

Yeah, @BBcan177 is likely a busy gentleman, but I’m sure a new build will surface eventually.

But pfBlockerNG is much more than “just a package”. I’ll bet you pfBlockerNG is BY FAR the most used package on pfSense. In fact I’d highly recommend Netgate to find the currency needed to purchase the talents of bbcan177 and the pfBlockerNG name, and start including it as a bulitin feature of pfsense. With the same development/maintenance and continuity as pfSense itself.

Without pfBlockerNG, pfSense would be a much much less relevant product.

@jonh Thanks everybody. I did not think to use the browser search function against the pfSense Edit File panel. It worked perfectly. I guess I'll have to wait and see how it turns out, the Alerts-Deny table is updating and the IP Event timeline graph is starting to update but I find it odd that being set for 24 hours it is showing data that is several weeks old.

IP Event Timeline.png

@gertjan Ok thanks, I'll take a look. As I mentioned, everything seems to be working ok so not a big deal. Thanks for your reply.

@lohphat

It's still happening even after the recommended 22.05 patch for unbound.

It happens only if:

maxmind key entered in MaxMind GeoIP configuration section AND RAMdisk is enabled for /tmp and /var

As of 23aug2022:

Boot console output:

Starting CRON... done. Starting package ntopng...done. Starting package Avahi...done. Starting package OpenVPN Client Export Utility...done. Starting package System Patches...done. (representative samples from System Activity since Webconfigurator has already started) PID USERNAME PRI NICE SIZE RES STATE C TIME WCPU COMMAND 18489 root 101 0 54M 37M CPU1 1 0:26 99.76% /usr/local/bin/php /usr/local/www/pfblockerng/pfblockerng.php dc{php} 18489 root 96 0 54M 37M CPU1 1 0:49 81.69% /usr/local/bin/php /usr/local/www/pfblockerng/pfblockerng.php dc{php} 18489 root 102 0 54M 37M CPU1 1 1:09 100.00% /usr/local/bin/php /usr/local/www/pfblockerng/pfblockerng.php dc{php} 18489 root 102 0 54M 37M CPU1 1 1:17 100.00% /usr/local/bin/php /usr/local/www/pfblockerng/pfblockerng.php dc{php} 18489 root 103 0 54M 37M CPU1 1 1:22 100.00% /usr/local/bin/php /usr/local/www/pfblockerng/pfblockerng.php dc{php} 1:50 delay at this point, otherwise it would only normally pause 3-5 seconds between "System Patches...done." and "...pfBLockerNG-devel...done." Starting package pfBlockerNG-devel...done. Starting package suricata...done. Starting /usr/local/etc/rc.d/pfb_dnsbl.sh...done. Starting /usr/local/etc/rc.d/pfb_filter.sh...done. Netgate pfSense Plus 22.05-RELEASE arm Wed Jun 22 18:56:40 UTC 2022 Bootup complete FreeBSD/arm (pfSense.localdomain) (ttyu0)

@dhjdhj That rule hasn't been even evaluated see the 0/0 so its not blocking anything.

pfblocker doesn't take over dns, it just loads stuff into unbound to block it. Sure it can create firewall rules if you enable that - like the rule your showing.

You mentioned forwarder - were you using the forwarder before (dnsmasq) and not the resolver unbound. For pfblocker to function unbound is need to be used.

Is unbound even running, maybe that is the problem.

If you do a dns query directly to pfsense via your fav tool, nslookup, dig, host, etc. do you get an answer, does it timeout, do you get back servfail, or nx? etc..

@provels said in Do I need pfBlockerNG?:

I love it if only for the ad blocking. Awful lot of white space on the pages!

Me too.. Add to that some malicious feeds.

Using it for geoip blocking also:

Allowing only one country to connect to my portforward (plex). Blocking my internal users from connecting to a few places.

@bob-dig
I tryed to disabled all lists but Wa still not working.
And yes, no logging about the call blocks.
So you're disconnect from wifi every time you make or receive a call? I hope in a solution.