• Bypass pfBlocker for Clients

    6
    0 Votes
    6 Posts
    935 Views
    Bob.DigB

    @steveits said in Bypass pfBlocker for Clients:

    @bob-dig Did you run an update after adding the IP? IPv6 isn’t being used? Flush any DNS cache on the client?

    Yes to all of that.

  • 3.1.0_5 is available

    6
    0 Votes
    6 Posts
    831 Views
    Cool_CoronaC

    @keyser and why not for 2.5.2 since its the last usable edition...

  • [solved] ASN creating not working with 3.1.0_4

    1
    0 Votes
    1 Posts
    250 Views
    No one has replied
  • Very high Ram usage

    7
    0 Votes
    7 Posts
    1k Views
    GertjanG

    @txdk said in Very high Ram usage:

    my cpu does have 4 cores and 4 hypertread cores making it 8 in total

    👍 I guess I learned something.
    A process per core : why not. Although I see on my '4100', a 2 core atom, mostly one bound thread, not two.
    I'm actually not sure that all your unbound instances are separate memory spaces, as they all have the same PID : 45676.

    So : to be sure : shut down pfBlocker, the DNSBL part : if memory goes down a lot, and stays down, over a day or so, you know it is pfBlocker. And in that case : RAM usage is related to 'how many DNSBL you have'.

  • HELP - pfBlockerNG stopped working since upgrade

    8
    0 Votes
    8 Posts
    1k Views
    J

    @gregeeh said in HELP - pfBlockerNG stopped working since upgrade:

    @jdeloach said in HELP - pfBlockerNG stopped working since upgrade:

    Did you go to PfblockerNG/Update and do a Force, Reload, All, Run?

    Yes I did do that.

    EDIT: Just did it again and now working. Thanks.

    Good, glad that it worked for you.

  • How pfBlockerNG DNSBL Web Server Block Video / Audio Steaming?

    5
    0 Votes
    5 Posts
    2k Views
    B

    @dma_pf Bro thank u so much

  • Pfblockerng causes Netgate sg3100 cpu to 99%

    4
    0 Votes
    4 Posts
    583 Views
    dennypageD

    @uzumaki I'm sure it will, as time permits. I think @BBcan177 is very busy currently.

  • pfBlockerNG not logging everything

    10
    0 Votes
    10 Posts
    1k Views
    GertjanG

    @gregeeh

    Ah, right : you are not using the "Python mode" but the Unbound mode.

  • DNSBL Not Updating via cron

    3
    0 Votes
    3 Posts
    401 Views
    DefenderLLCD

    @gertjan Thanks for the response. I waited for 3 or 4 days and it did update on its own. Now it’s time for me to start adding some new lists. Thanks again for the explanation.

  • pfblocker filter alerts

    7
    0 Votes
    7 Posts
    1k Views
    Bob.DigB

    @gertjan said in pfblocker filter alerts:

    https://redmine.pfsense.org/issues/13156#note-18

    The link in #18 doesn't work to me but the first patch in #19 does, so thank you, finally alerts for IP are working again.

  • Pfblockerng-devel 3.1 stops unbound

    14
    0 Votes
    14 Posts
    2k Views
    NogBadTheBadN

    @jperezme

    You could try replacing Unified hosts = (adware + malware) with Unified hosts + porn

    https://github.com/StevenBlack/hosts

  • pfblocker is not working. it does not block anything.

    10
    0 Votes
    10 Posts
    1k Views
    GertjanG

    @noonstarx said in pfblocker is not working. it does not block anything.:

    There are a couple of NAT rules:

    Those are not WAN based, they redirect 10.10.10.1, the IP of the build in web browser, to 127.0.0.1 so it can show you the "You've accessed a blocked site" page.

    Which, IMHO, is a useless functionality, as most sites are accessed by https these days, and https can't redirected like that. Only ancient http request could be redirected.

    I'm not using the this pfblockerng web server, but do 0.0.0.0+logging.

    Your outbound nat rules are by default, that's fine.

    This is pure BS :

    @noonstarx said in pfblocker is not working. it does not block anything.:

    C:\Users\user>nslookup facebook.com
    Server: dns.google
    Address: 8.8.8.8

    why would you want your device (PC) to ask 8.8.8.8 to resolve for you ? ? ?

    You are completely bypassing the resolver running on pfSense.
    Conclusion : you are bypassing the pfSense resolver == bypassing pfblockerng. Remember : pfblockerng integrates itself into unbound, the resolver.

    Read again :

    3d213e58-f9be-4689-9793-242929fbeb5f-image.png

    I guess its 'case closed' now 😊

  • pfBlockerNG-devel 3.1.0_4 Not Blocking Email Content

    11
    0 Votes
    11 Posts
    1k Views
    N

    @Gertjan The Unbound python mode seems to be working. It's definitely stripping content from advertising emails but not all. I'll take what I can get.

  • Pfblockerng never download my custom list new entries?

    10
    0 Votes
    10 Posts
    1k Views
    GertjanG

    @periko

    No, of course not ™

    I'm using pfSense at work, a hotel, and I'm also using the captive portal so my clients can have a Wifi Internet connection (they always have use up their monthly xxx GB) so they use the hotel-Wifi.

    I'm not trying to block a maximum of DNSBL, as I'm not the one that should decide what people are seeing on their screen : They want it ? They have it !

    Dono what they are doing with that connection.
    Must be work related, right 😊

  • pfBlockerNG-devel 3.1.0_4 Report tab not working correctly

    4
    0 Votes
    4 Posts
    937 Views
    C

    I have tried the update in those posts. I have updated /usr/local/pkg/pfblockerng/pfblockerng.inc Finding $r = explode(')', $result, 2); and replacing it with $r = explode(' ', $result, 2); as instructed. In all those posts they are saying the issue happens in version 22.05, however looking at the release information the base version of pfSense CE software release 2.6.0 is version 22.01. So I do not think this applies in this situation. Am I incorrect in this information?

  • issue with a non USA IP getting added to North America IPV4 List

    18
    0 Votes
    18 Posts
    938 Views
    johnpozJ

    @igoldstein said in issue with a non USA IP getting added to North America IPV4 List:

    IPs that are used in USA, not just Registered in USA

    Good luck finding that list... Not sure how many times this needs to be said, there is no such list. There will always be mistakes, IPs move all the time. I could route a network out of Dallas today, and Paris tomorrow..

    Your best solution is IPs you find that are not coming from the US put in your own block list, and put this top your rules order. Before you allow of the US IP list.

    Still curious how you found this IP was not coming from the US. Did you go through the complete list of networks in the US list?

    edit: https://support.maxmind.com/hc/en-us/articles/4407630607131-Geolocation-Accuracy
    "It is not possible for us to guarantee 100% geolocation accuracy. Accuracy exhibits high variability according to country, distance, type of IP (cellular vs. broadband, IPv4 vs. IPv6), and practices of ISPs."

  • TLD processing with pfBlockerNG-devel v3.1.0_4

    4
    0 Votes
    4 Posts
    805 Views
    GertjanG

    @leonardo-2 said in TLD processing with pfBlockerNG-devel v3.1.0_4:

    In the UT1 adult's list there is

    This list :

    04208776-cd2c-4281-ac47-c775491ab58f-image.png

    ?

    Read :

    This is an Advanced process to determine if all Sub-Domains should be wildcard blocked for each listed Domain.
    Click infoblock before enabling this feature! 
    Definition: TLD -  represents the last segment of a domain name. IE: example.com (TLD = com), example.uk.com (TLD = uk.com)

    When enabled and after all downloads for DNSBL Feeds have completed; TLD will process the Domains.
    TLD uses a predetermined list of TLDs, to determine if the listed Domains should be wildcard blocked (Block all sub-Domains).
    The predetermined TLD list can be found in  /usr/local/pkg/pfblockerng/dnsbl_tld

    To exclude a TLD/Domain from the TLD process, add the TLD/Domain to the TLD Exclusion custom list:
    • This only excludes the domain from the TLD process, it doesn't whitelist the domain.
    • Only the specific Sub-Domains/Domains listed in the DNSBL Feeds will be blocked.
    • A Force Reload - DNSBL, is required after manually adding to the TLD Exclusion

    Note:  Whitelisting a "sub-Domain" for a TLD Blocked "Domain" in the Custom Domain Whitelist will not whitelist a TLD Wildcard Blocked domain!
        Either add the domain to the TLD Exclusion, or wildcard Whitelist the whole domain.

    TLD Blacklist, can be used to block whole TLDs.  IE: xyz
    When Enabling/Disabling this option, a Force Reload - DNSBL is required.

    And when you and observe a force reload of pfblockerng-devel, do you see this :

    ee037757-0500-4944-9ce1-34e45bcae8ff-image.png

    Note the x's

    My advise : when the x's show up, stop uisng "Wildcard Blocking (TLD)" or use smaller feed/lists.

    @leonardo-2 said in TLD processing with pfBlockerNG-devel v3.1.0_4:

    is inserted in pfb_py_zone.txt, others in pfb_py_zone.txt

    That's just pfb_py_zone.txt ;)

  • Alias not being created automatically when using "Alias Permit".

    7
    0 Votes
    7 Posts
    853 Views
    P

    @steveits Yeah this is very screwed up, last time I had this issue a few days ago setting up another unit, it simply worked later out of nothing...

  • decrease in internet speed

    1
    0 Votes
    1 Posts
    337 Views
    No one has replied
  • pfBlockerNG always turns on syslogging, why?

    2
    0 Votes
    2 Posts
    348 Views
    GertjanG

    @beerguzzle

    Because pfblocker itself does ... nothing.
    It uses the syslog to build most of the pages with IP related stats.
    I gets the info from the logs, as the firewall logs into the stats.
    IP feeds are build into aliases, and these aliases have to 'firewall' log.
    DNSBL uses the its own, internal logs.

Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.