@jdeloach The origin of the request was from your "LAN" interface. But it was unbound itself that generated the request. I can only offer an example why you see the 127.0.0.1 (localhost) : A dns request came in on the LAN interface, port 53. It was a A request. The A was resolved, and points to a CNAME. Ok, unbound re-curses, throws out a DNS request to itself (= 127.0.0.1) to get the CNAME. That CNAME was found in a block list, thus blocked. I agree that a line like this : [image: 1666339101034-cf083a46-6f52-459d-8241-7b85e40ab3ba-image.png] is more logic. You can see that my TV was asking for an A record, and it was blocked.

@digitalrcs You saw a new version came out : 3.1.0_7. It might include a solution for you. @digitalrcs said in pfb_filter Keeps stopping: PFB_Filter That's a PHP script continually running as a task. [image: 1666247829212-e5f7784a-3adf-463c-9ab0-9e359c7b3005-image.png] It's job is to read all new firewall log entries, and reformats them for pfBlocker statistics. If its not running, no graphs ans stats (reports) but the IP part that blocks IP addresses using aliases and pfBlockerng firewall rules probably still works. @digitalrcs said in pfb_filter Keeps stopping: just to much trouble. As told : you are using the newer FreeBSD 14 kernel (no an issue I guess) and the new PHP version 8.x, and that's a big issue, as minor PHP syntax changes need cod rewrite. Guess what : pgBlockerng is probably the biggest PHP write up that exists, for pfSense. More often then not, every PHP error can be 'googled' and corrected to a working 8.1 equivalent, as I presume you can read and write PHP. Still, the dev version is known as 'bleading edge' where edge means your still ok, but just. The bleading part is .... well, you get it. edit : you saw : https://forum.netgate.com/topic/175254/pfblockerng-producing-php-errors-on-cron/6

@jdeloach said in 3.1.0_6 UPDATE and SHALLALIST: @nimrod I mainly use pfBlockerNG to filter the advertisments in web pages. I'm not that concerned about viriuses, malware, etc. If you keep your PCs on your network up to date, OSes and antivirus software, that is more than enough. Well, i use FreeBSD as my main OS so i dont have to worry about viruses and malware. I have a Linux machine as well. No Windows or MacOS spyware here.

@johnpoz The either/or of IPv4 vs Ipv6 is a false dichotomy you're imposing on yourself where it doesn't exist from external pressure. Not even the IETF is proposing a sundown for IPv4 but they ARE pushing for dual stack interoperability ASAP. The better throughput due to improved congestion handling is a big one. Most of my Google/YouTube traffic (the bulk of my traffic is streaming media) and now, some of my gaming traffic is IPv6. Most of my mobile traffic is IPv6. The "we don't have to because IPv4 is not going away" mantra is only a form of procrastination and ignoring the market trend. We're already past 50% adoption in the developed world. Get your IPv6 skills and infrastructure in the game as soon as you can so that you're comfortable with it and prepared so that it's not a mystery. As an infrastructure player, pfSense needs to stay in the game. Fine, make your personal choices for your use case, but from this point forward, if an infrastructure vendor isn't IPv6 compliant, it's off my vendor list. I'm not going to make capital investments in hobbled gear who can't support a 20 year ratified protocol with over 50% adoption.

@keyser WOW, thanks for that reply so fast. It just worked. Also, i am really dumb, i experienced this in the past but dont know why it happens now again and i never could imagine it would be this. Thanks for all!!

@gertjan If you open the Unified Log, do you see many "ServFail" entries? I see hundreds since I reenabled Python a little while ago, but when I see blocks it indeed shows what blocklist was used. Maybe it's user error, don't know. Never mind, ServFail doesn't mean what I thought it did. Thanks again for your replies.

@keyser said in pfblockerNG-devel 3.1.0_5: strange there are no proper release notes to be found - AND niether version fixes the only big and very obvious known bug I wrote above that the repo history I linked (https://github.com/pfsense/FreeBSD-ports/commits/devel/net/pfSense-pkg-pfBlockerNG-devel) appeared to fix it because it's listed under "Commits on Aug 31, 2022." Sorry if I led anyone astray. Seems odd that wouldn't be included in a _5 and _6 version. I don't know that Netgate has ever had specific release notes for packages? Sometimes posts in the forum, but I don't think I've seen that for a while now. Per that page BBcan177 made a commit in March 2022. The thing about open source is, it's great and free if someone else does the work. Anyone can step in and make changes. It's a bit unfair to expect one person to work for free forever. What if the main person gets sick, or retires? I'm just talking in general here, not picking on anyone in this thread, and if you look back through the history others have made changes. BBcan177 does have a Patreon page and that does occasionally have posts (the latest being March).

@gertjan Thanks for the reply! Yeah that makes sense, I'm not sure how I overlooked that. The original reason for the host override was because scribe.logs.roku.com and cloudservices.roku.com were returning ServFail on AAAA for some reason. Some further digging around I enabled "no AAAA" put thoses domains there instead. Which is still odd that this is even a thing since I have no IPv6 on my network but that's another rant for another post. In terms of what I have found, I did enable level 5 logs but the most I was able to dig up in the resolver.log was this "python module exit state is module_error" after the AAAA record was requested. I can put it back into the broken state to debug it further but I'm not really sure where to look from here myself

@eou mine as well version 22.01

@spyderturbo007 said in pfBlockerNG Not Working?: It is 22.05-RELEASE. So maybe it's working but just not logging? Sounds like that bug yes. The change/fix in that redmine should fix it. There’s a _5 version of pfBlocker for 2.6 so one might assume that’s coming shortly for 22.05…

@steveits said in Bypass pfBlocker for Clients: @bob-dig Did you run an update after adding the IP? IPv6 isn’t being used? Flush any DNS cache on the client? Yes to all of that.

@keyser and why not for 2.5.2 since its the last usable edition...

@txdk said in Very high Ram usage: my cpu does have 4 cores and 4 hypertread cores making it 8 in total I guess I learned something. A process per core : why not. Although I see on my '4100', a 2 core atom, mostly one bound thread, not two. I'm actually not sure that all your unbound instances are separate memory spaces, as they all have the same PID : 45676. So : to be sure : shut down pfBlocker, the DNSBL part : if memory goes down a lot, and stays down, over a day or so, you know it is pfBlocker. And in that case : RAM usage is related to 'how many DNSBL you have'.

@gregeeh said in HELP - pfBlockerNG stopped working since upgrade: @jdeloach said in HELP - pfBlockerNG stopped working since upgrade: Did you go to PfblockerNG/Update and do a Force, Reload, All, Run? Yes I did do that. EDIT: Just did it again and now working. Thanks. Good, glad that it worked for you.

@dma_pf Bro thank u so much

@uzumaki I'm sure it will, as time permits. I think @BBcan177 is very busy currently.

@gregeeh Ah, right : you are not using the "Python mode" but the Unbound mode.

@gertjan Thanks for the response. I waited for 3 or 4 days and it did update on its own. Now it’s time for me to start adding some new lists. Thanks again for the explanation.

@gertjan said in pfblocker filter alerts: https://redmine.pfsense.org/issues/13156#note-18 The link in #18 doesn't work to me but the first patch in #19 does, so thank you, finally alerts for IP are working again.