@scorpoin said in issue pfblocker-NG-Devel 3.1:

how do I resolve this.

By finding the pace where this errors happens.
Could be "TLD Whitelist" related ;=)

Go to Firewall > pfBlocker > NGDNSBL
Scroll down to "DNSBL Whitelist".

Copy / cut everything in there and put it in a safe place elsewhere.
Now, that block is empty.
save.
Update Force Reload All.
Error message gone ?

@gertjan Makes perfect sense, thank you for the clarification.
I haven't had to use any patches as of yet, I usually just work around the problem or the problem doesn't effect me so I let it be, but this was an annoying problem that required me to disable mail notifications, which means potential issues may get ignored until they are noticed.
That in itself can be a problem.

Thank you everyone for your help, greatly appreciated!

@viktor_g Thanks!
I guess I thought I had it enabled but I had to un-check "Check to disable MaxMind CSV updates"
After that did updates, ran cron and reloaded just to be sure it was all loaded and it's good to go!

@netfly If the DNS block list is not enabled I don't think pfBlocker really does anything except update its feeds based on the update timer.

@furom said in pfBlockerNG-devel 3.1.0_1 issue running wizard:

only one window will keep the selection

Found it. The dark theme I was using made the "selected but not active" selections not visible...

@steveits Hey Steve -- Yeap, the Floating Rule at the top has Quick enabled.

@rvjr said in IPv6 list generated IPv4 rule:

ok, that's weird. No I'm using the standard pfBlockerNG 2.1.4_26 on pfSense 21.05.2-RELEASE. I'll try switching the list action and see if that makes any difference.

Your problem is that you are using an old unsupported version of pfBlockerNG. The maintainer of pfBlockerNG, @BBcan177, does not recommend the use of that old version. The -devel version has been in use for 2 to 3 years now and is very stable and the only version currently being updated.

Make sure that the box is checked to save your current settings and then uninstall your current version of pfBlockerNG 2.1.4.26 and then install the -devel version 3.1.0_1. This should take care of the issues you are seeing, if not, post back to the forum and someone will help you.

@rvjr On pfSense unbound generally restarts. See
https://redmine.pfsense.org/issues/5413

Update:

After looking into this, it seems to be a "localnet" that I have in the: firewall > pfblockerng > IP > IPv4 > "localnet" (which is a custom list) > there's where the screwed up process seems to be. It points to "Custom DST Ports" and at one point in the FW's lifespan I couldn't add a custom IPv4 "allow list" without making this dumb alias with destination ports. It is so annoying because at one point, the white list was the white list. After some update you had to further carve out your destination ports. It used to be simple. Now, checking the other firewalls, they all have this setup but for some reason I get errors. On the working firewall I have an alias: pfB_localnet_v4. That looks "built in" to PFbNG. On the non-working one, that alias doesn't exist. I think somewhere in here is where the problem is but I'm not sure how to work it out yet. I had to create that "Web_Ports" alias at one point because the system would not simply allow me to make an IPv4 allow list that was simple, I had to specify the destination ports via a port alias (lame)

Error:

Empty destination port alias 'Web_Ports' for rule 'pfB_localnet_v4 auto rule' @ 2022-02-12 11:51:40
Empty destination port alias 'Web_Ports' for rule 'pfB_eits_whitelist_v4 auto rule' @ 2022-02-12 11:51:41
Empty destination port alias 'Web_Ports' for rule 'pfB_localnet_v4 auto rule' @ 2022-02-12 11:51:42
Empty destination port alias 'Web_Ports' for rule 'pfB_eits_whitelist_v4 auto rule' @ 2022-02-12 11:51:43
Empty destination port alias 'Web_Ports' for rule 'pfB_localnet_v4 auto rule' @ 2022-02-12 11:51:44
Empty destination port alias 'Web_Ports' for rule 'pfB_eits_whitelist_v4 auto rule' @ 2022-02-12 11:51:45

@vmac said in Why is my pfBlockerNG still showing up to date:

@bmeeks
Thanks for the response, I am on the latest version of pfSense.

Screenshot 2022-02-05 174431.png

How do I get onto the development version if that is the best and it is "stable" in that I won't be having to have my router reset while I'm traveling for work?

You will just install it from the Packages Repo (under SYSTEM > PACKAGE MANAGER in the menu).

I am not a pfBlockerNG user, so I can't say exactly what settings will migrate over from pfBlockerNG to pfBlockerNG-devel. You might want to read up on all the posts in this sub-forum about pfBlockerNG-devel before installing it.

I believe the best procedure would be to delete pfBlockerNG and then install pfBlockerNG-devel. You should not lose the pfBlockerNG settings that way. But there are so many changes in features in pfBlockerNG-devel that you might consider a fresh install from scratch the better approach.

@dma_pf @SteveITS @BBcan177 Thank you guys, so it all starts with the problem I have where the 'source' field doesn't behave as expected and is not linked to any list - I think in that respect I finally found the bug (and a workaround) - for me this applies to all formats (so far I tested 'Auto', GeoIP and ASN). So as described before, whenever I try to add a new custom list (Firewall-->pfBlockerNG-->IP-->IPv4), the 'source' field is broken and only act as plain text

Screenshot 2022-02-04 at 21.34.07.png

So I discovered that if I try and save it at this state before completing it (so in this example I left Name / Description / header empty), I will get the same page but with an error - in this new page the 'Source' field works just fine

Screenshot 2022-02-04 at 21.34.41.png

So I can now create my aliases in this way.

As for the second problem (Logs - logs file box always remains empty regardless file type / file selection), So far I can say this is browser related - I work on a Mac, using Safari, in Chrome this works fine (although from some reason it worked once today for me in Safari but I so far did not figured out why it is inconsistent and if it is because of some settings or the browser itself).

Thank you guys for all your help and support!

@laviniuc

My guess it's definitely because of the Captcha requirement.

On their website (http://list.iblocklist.com/humantest?list=usrcshglbiilevmyfhse&fileformat=p2p&archiveformat=gz it says:

"If you register an account, then you will not have to pass the security check when downloading list files."

Some other feeds that also require registration give you a token that you can then put into the URL of the feed to be able to download the lists. I don't know if iblocklist does that or not. But you might try registering and see if the provide that for you. My guess is thy might as their website explicitly says that their lists can be used with pfsense.

@darkcorner

But I also wanted to install pfBlockerNG to complete the protection, for example block all access from abroad.

Sorry, I don't use Squid so I can't speak to what you are seeing related to it's widget. But I did want to comment on your quote above. If you are thinking of using pfblocker to block things from coming into your WAN from abroad that is not the right approach. The WAN has a default rule that already blocks all unsolicited traffic on the WAN from entering.

I was just recently helping someone out with this same issue and you can get more details here: https://forum.netgate.com/post/1022334

@sbh said in pfBlockerNG block traffic:

Do you know if I can make it even more specific and allow only specific states in the US?

No I don't. But the OpenVPN protocol is pretty robust. By design it does not respond to port scans so people shouldn't even know that port is open. And if someone was to try to access the tunnel they woulds still have to authenticate with the correct credentials which would be extremely unlikely.

Stress and tiredness had gotten the best of me but this is resolved. Wildcarding .snapchat.com in DNSBL whitelist did in fact resolve the issue.

I have a raspberry pi running pi-hole and was able to see what queries were being made when the app loaded. From there I was able to confirm the requests being made and since pi-hole blocks out a few analytics, wildcarding in DNSBL did not seem like a horrible thing.

Hope the steps above and the initial post helps someone else and keeps their SO from complaining :)

@dma_pf
The document that I referenced in a prior post here was written by @BBcan177 , the maintainer of pfBlockerNG. The example he gave there was his attempt at explaining what IP Reputation does using one of the block lists that is included in pfBlocker.