@jmv43-0 never mind it is working now. Thanks

@beerman said in pfBlockerNG DNSBL service won´t start after update: @beerman said in pfBlockerNG DNSBL service won´t start after update: (22.05-RELEASE) :) I'm running 2.6 so I can't really help you. This sounds like the problem that this update was supposed to fix, I think.

@s-hasan said in How to customize the block page message of pfBlockerNG: However, I gave up on the this setup because my boss didnt like the idea of installing CA on each device in the network so, we abandoned on doing it, but it was a great experience. @gertjan He said above that was a show stop and since its a business, and the cost is less than $50 per year, which would be less than $5 per month, not $50,000. The paid SSL must be the way to go if the company truly wants to implement a policy allowing only certain domain on their equipment at the office. I am sure with this info his boss would approve.

@steveits said in pfBlockerNG-devel v3.1.0_7 update - Unbound Issue: See post: https://forum.netgate.com/topic/176350/pfblockerng-devel-v3-1-0_7-v3-1-0_14/42 Thanks, I followed the instructions to go back to the previous pfb_unbound.py version and it appears to have resolved my issues with unbound becoming unresponsive, so at least that confirms it is pfBlockerNG related.

@asadz If you click on the Info button, see arrow, it should show the IP you were trying to go to. You don't need to mask you LAN address as no one can get to it. [image: 1671045913274-screenshot-2022-12-14-at-1.19.40-pm-resized.png]

@gblenn I think it is perfectly valid to have both syslog daemons running and sounds like syslog-ng is there purely to handle shipping the larger suricata logs. With rsyslog coping fine with everything else. TCP isn't necessary either, but it is more reliable if log messages exceed a single UDP payload. So, at a guess, I'd say truncated logs aren't your problem. However try turning on more suricata log options and see if you break things - see if suricata dashboard still presents recent data as expected in Kibana. Then you can be sure truncating is not an issue. IIRC with suricata logs being JSON, truncated logs pretty much breaks the entire logstash parsing of suricata. I am not running it right now so cannot check. EDIT: Also, again IIRC, there are remote syslog options within the suricata package itself. But I cannot remember how or if these should be enabled when you are also running syslog-ng to ship suricata logs. I used suricata for while, mainly as an exercise, but could not justify the increased resources needed with the move to v6.

@gertjan IPv6 is working fine 19/20 on https://ipv6-test.com _8 today.

@jdeloach Netgate has still screwed up their configuration because we still have different version numbers for packages for folks running CE 2.6 and the Plus versions. That certainly does not strike me as the intention of Netgate nor @BBcan177. There was simply a mistake made in version numbers, which happens in other vendors software. This is something that is not going to be easy to fix and is going to probably drive folks away due to incompatibility between versions of pfSense and the versions of installed packages. It appears that the right hand does not know what the left hand is doing. That can be interpreted as a offhand dig at the package maintainer who's dedicated his time and effort on a package used by many and maintained by one. With all that said, I'm sure I've seen a post in the past few days around issues with the package update database or the like. Maybe a better solution would be seeing if this is related.

@gertjan Hey, really thanks for your tip, helped a lot. Its working fine now :) [22.05-RELEASE][root@pfsense.home.arpa]/var/log/pfblockerng: ls -lah total 44 drwxr-xr-x 2 unbound unbound 512B Dec 13 06:33 . drwxr-xr-x 6 root wheel 1.0K Dec 13 06:29 .. -rw------- 1 unbound unbound 0B Dec 13 06:32 dns_reply.log -rw------- 1 unbound unbound 284B Dec 13 06:33 dnsbl.log -rw------- 1 root wheel 406B Dec 13 06:32 dnsbl_parsed_error.log -rw------- 1 root wheel 17K Dec 13 06:32 pfblockerng.log -rw-r--r-- 1 unbound unbound 0B Dec 13 06:32 py_error.log -rw------- 1 unbound unbound 284B Dec 13 06:33 unified.log

@gertjan I have figured it out now. I was running the reload command and not the cron command. When i run the cron command it updates the list in the firewall. And you are right I shouldn't spam other list. A workround for now is that i make my own custom list that contains the IP addresses from the other list and update the backend list once a day. Thanks for the help

@gertjan & @SteveITS Thank you both for your assistance. It doesn't go unnoticed.

@gertjan okey, that log was just over 20k lines after I increased it to 100k according to keysers suggestion. So it sounds like this is going to help. The log I increased to 100k was the dns_reply.log it seems that it is containing only the dns replys, whereas the unified.log contains a lot of other information as well. Interesting comment on that they will degrade the SSDs. Might be a good idea for me to go for enterprise grade SSD:s when they start to degrade too much then. They should have significantly better lifespan for the amount of writes they can take.

@cburbs said in DNSBL Source list ?: How do I know if this list is getting updated/etc? Here is the answer : Easylist - https://easylist-downloads.adblockplus.org/easylist_noelemhide.txt Whats not clear for you : [Adblock Plus 2.0] ! Checksum: L6s8GbrfOL9KuXYzlRkeXw ! Version: 202212021441 ! Title: EasyList without element hiding rules ! Last modified: 02 Dec 2022 14:41 UTC ! Expires: 4 days (update frequency) ! Homepage: https://easylist.to/ ! Licence: https://easylist.to/pages/licence.html ! ! Please report any unblocked adverts or problems ! in the forums (https://forums.lanik.us/) ! or via e-mail (easylist@protonmail.com). ! !-----------------------General advert blocking filters----------------------- @cburbs said in DNSBL Source list ?: I noticed if I try and open it it's getting blocked from GeoIP You geoip blocked a German IP network. Well, ok, why not. That's a typical shoot in your own foot situation. My advise : don't (use geoip). But don't feel bad about it. It has been seen before : people used that new great perfect DNSBL list and it contained the DNSBL (host names) of all the other DNSBL feeds ... guess what happened ? ;) And what's next : you block (yourself !) the access to the Netgate upgrade servers ? Microsoft upgrade servers ? IMHO geoip isn't really useful these days. Most IPs are ok, but there to many false positives. It's something from the past, when everybody knew who was who etc. And the upcoming IPv6 will blast geoip to oblivion. @cburbs said in DNSBL Source list ?: does this mean it won't download correctly either? Ask your pfSense : On the console : curl https://easylist-downloads.adblockplus.org/easylist_noelemhide.txt For me, in comes in just fine. Or do a pfblockerng-devel force update and look at the resulting log on the screen.

@gertjan Rereading, I confused this thread with the other thread we're both in for the same topic. Sorry. :)

@rcoleman-netgate Thank you. It was a typo. We're using pfSense 2.6.

UPDATE: The displaying date issue seems to at least somewhat resolved itself. However, today it began using these placeholders instead of showing the hours. See screenshot. [image: 1669760346390-fw-pfblockerng-report.png] Has anyone had a similar issue or know what might be the cause of this?

@pfsjap No I haven't and I don't recall seeing that. I must be blind in one eye and can't see out of the other. Will look for it and try it. Thank you for the tip. Take Care and Enjoy! Edit: I found it, I set it, now to play around and see what it does.

Or click here : [image: 1669105054956-02cf2e15-1341-4e8f-bd79-dd3b33b75727-image.png]