@provels I'm used to Windows, when I see that I'm using up 50-60% of my RAM, it's time add more RAM... :) I just don't want to spend $700 on a 4100 MAX and wish I had spent the extra $200 down the road when or if I need more RAM. This machine is just a test desktop.

@bob-dig said in IP logs are not being created/populated: It is odd that this problem still exists for so long now. Sure, it is just an Package but it is the most important one in my book. Yeah, @BBcan177 is likely a busy gentleman, but I’m sure a new build will surface eventually. But pfBlockerNG is much more than “just a package”. I’ll bet you pfBlockerNG is BY FAR the most used package on pfSense. In fact I’d highly recommend Netgate to find the currency needed to purchase the talents of bbcan177 and the pfBlockerNG name, and start including it as a bulitin feature of pfsense. With the same development/maintenance and continuity as pfSense itself. Without pfBlockerNG, pfSense would be a much much less relevant product.

@jonh Thanks everybody. I did not think to use the browser search function against the pfSense Edit File panel. It worked perfectly. I guess I'll have to wait and see how it turns out, the Alerts-Deny table is updating and the IP Event timeline graph is starting to update but I find it odd that being set for 24 hours it is showing data that is several weeks old. [image: 1661625198544-ip-event-timeline.png]

@gertjan Ok thanks, I'll take a look. As I mentioned, everything seems to be working ok so not a big deal. Thanks for your reply.

@lohphat It's still happening even after the recommended 22.05 patch for unbound. It happens only if: maxmind key entered in MaxMind GeoIP configuration section AND RAMdisk is enabled for /tmp and /var As of 23aug2022: Boot console output: Starting CRON... done. Starting package ntopng...done. Starting package Avahi...done. Starting package OpenVPN Client Export Utility...done. Starting package System Patches...done. (representative samples from System Activity since Webconfigurator has already started) PID USERNAME PRI NICE SIZE RES STATE C TIME WCPU COMMAND 18489 root 101 0 54M 37M CPU1 1 0:26 99.76% /usr/local/bin/php /usr/local/www/pfblockerng/pfblockerng.php dc{php} 18489 root 96 0 54M 37M CPU1 1 0:49 81.69% /usr/local/bin/php /usr/local/www/pfblockerng/pfblockerng.php dc{php} 18489 root 102 0 54M 37M CPU1 1 1:09 100.00% /usr/local/bin/php /usr/local/www/pfblockerng/pfblockerng.php dc{php} 18489 root 102 0 54M 37M CPU1 1 1:17 100.00% /usr/local/bin/php /usr/local/www/pfblockerng/pfblockerng.php dc{php} 18489 root 103 0 54M 37M CPU1 1 1:22 100.00% /usr/local/bin/php /usr/local/www/pfblockerng/pfblockerng.php dc{php} 1:50 delay at this point, otherwise it would only normally pause 3-5 seconds between "System Patches...done." and "...pfBLockerNG-devel...done." Starting package pfBlockerNG-devel...done. Starting package suricata...done. Starting /usr/local/etc/rc.d/pfb_dnsbl.sh...done. Starting /usr/local/etc/rc.d/pfb_filter.sh...done. Netgate pfSense Plus 22.05-RELEASE arm Wed Jun 22 18:56:40 UTC 2022 Bootup complete FreeBSD/arm (pfSense.localdomain) (ttyu0)

@dhjdhj That rule hasn't been even evaluated see the 0/0 so its not blocking anything. pfblocker doesn't take over dns, it just loads stuff into unbound to block it. Sure it can create firewall rules if you enable that - like the rule your showing. You mentioned forwarder - were you using the forwarder before (dnsmasq) and not the resolver unbound. For pfblocker to function unbound is need to be used. Is unbound even running, maybe that is the problem. If you do a dns query directly to pfsense via your fav tool, nslookup, dig, host, etc. do you get an answer, does it timeout, do you get back servfail, or nx? etc..

@provels said in Do I need pfBlockerNG?: I love it if only for the ad blocking. Awful lot of white space on the pages! Me too.. Add to that some malicious feeds. Using it for geoip blocking also: Allowing only one country to connect to my portforward (plex). Blocking my internal users from connecting to a few places.

@bob-dig I tryed to disabled all lists but Wa still not working. And yes, no logging about the call blocks. So you're disconnect from wifi every time you make or receive a call? I hope in a solution.

@urbanovits Create an alias using the GeoIP then use that alias on an outbound rule on the lan interface and allow the required ports. I do this to only allow SSH / SFTP from the UK to the host in my DMZ and I switch the rules on when required:- [image: 1660822519713-screenshot-2022-08-18-at-12.32.05.png] [image: 1660822708440-screenshot-2022-08-18-at-12.36.09.png]

Update: (^|\.)domain\.com$ Blocks the domain and subdomain... I just didn't clear my DNS cache on device. So far, it is working.

Its been 2 days and no error messages..looks like we are in the clear. (fingers crossed). Thank you.

@bmeeks I installed the regular version. I'll uninstall and try out the development version, thank you.

@wc2l Status/System Logs/Settings

Never mind, though I haven't resolved this specific issue, I realized I don't really need to set the gateway for the problem I'm trying to solve. I tried to delete the post but It wasn't letting me.

@serouja sorry it's working fine now, I just have to reconnect to the AP.

@steveits thats what it is. It was the OISD feed. Once removed the error went away and I now see my custom list being used as well solving another issue i posted. This feels like a bug as the memory was never reaching close to 4GB (4100 Max). There should still be plenty of memory available for the OISD feed. @BBcan177 can chime in if he has free cycles. Thanks for pointing me in the right direction.