@stephenw10 said in pfBlockerNG - unbound-control process spikes CPU to 100% every few seconds [SOLVED]: So just the list containing a bunch of obsolete domains? Not sure how many domains in that list are obsolete, and if that was the issue, however, what led me to actually remove the list is the fact that there are tons of legit domains in that list that pfBlocker was blocking. If you check the list, you will see asus.com and sony.com in there. And there is absolutely no reason to blacklist those sites. They are legit. Then I thought this was actually a whitelist that i was using as blacklist, but then you find all those porn sites in there and tons of other entries that are present in legit block lists. Its a mess. I just removed it and it all works.

@deanfourie How do you know pfblockerng is blocking your VPN? Screenshot your log showing the block.

@deanfourie said in Microsoft hostname resolving to pfBlocker virtual IP?: Any idea how this could be? You have it blocked in pfblocker.. its not blocked here ;; QUESTION SECTION: ;v10.events.data.microsoft.com. IN A ;; ANSWER SECTION: v10.events.data.microsoft.com. 3600 IN CNAME global.asimov.events.data.trafficmanager.net. global.asimov.events.data.trafficmanager.net. 3600 IN CNAME onedscolprdwus11.westus.cloudapp.azure.com. onedscolprdwus11.westus.cloudapp.azure.com. 3600 IN A 20.189.173.12

@anna-count It's probably expected. I guess the question would be "Why would you want to block a point to point?" but that's just a guess. I use /31's for my VPN connections so pfSense does work with them but pfBlocker probably does not. Just a guess though.

@justme2 Here is the answer as Gertjan said: "A ping to 127.0.0.1 should always work. Consider a non working 127.0.0.1 as a massive failure."

@gertjan Thanks again. Since I dont have 2.6 running but am interested once the problems I have are resolved allow me to ask whether with 2.6 it will find the ASN number (as 2.5.2 did) as I type in the domain name. Or do I have to go and find the ASN number first. Parry

@patrick999 said in GeoIP not working? Where is rule?: I set it to deny inbound for every region except North America It should take less resources to do it the other way, allow North America. I usually use Alias Native and then can use it in my own rules, such as the Source on a NAT rule.

@provels It depends on whether one leaves the tab open as I do and how often one post to the site. If one goes to more when logged into account Settings and privacy > Ads preference > Interest, you could see thousands of interest Twitter Algorithm selected base on one's interaction with each tweet. I even selected that I don't want to see ads. So, there is a browser container add on from Github to prevent cookie snooping.

@viragomann said in Email reports?: @pyrodex said in Email reports?: I've looked at the the wonderful pfB reports for dnsbl but not sure how we can obtain the same data to be emailed out on a daily basis. pfBlocker might write this into log files. You can use the mailreport package to send the log to you. mailreport also lets you apply a filter to the file, so you can limit the lines to the actual date or to specific errors or whatever you want. I tried this with the dnsbl.log and switched off VIP mode to NULL (0.0.0.0) which logs it into the file. However, I am seeing LARGE discrepancies between what the report shows for a 24 hour period vs what the log shows when I parse it. I even wrote a simple script to give me some data from the log and in fact do use the email reporting tool for that output but once again huge differences.

Just deleted the py.error.log and it went away. On 2.5.2 still and havent upgraded yet. PFB 3.1.0_1

Redmine ticket logged through support channel: https://redmine.pfsense.org/issues/13209?next_issue_id=13207&prev_issue_id=13210

@nasheayahu If it helps (you or others) I have a note from several years ago to, when installing pfBlocker, double the default Firewall Maximum Table Entries (with a minimum of 2 million). Note however there is (or was, don't have 22.05 yet) a bug where the sentence "On this system the default size is" shows the current setting, whatever it's set to.

@steveits said in Using Large List on netgate 1100: The CPU on the 1100 is not exactly fast The CPU is half the battle here. That large list will quickly chew up the remains of the 1GB RAM.