@ntorp41 Did you use the wizard when you reinstall? How is your drive space? Please check the logs, both the pfBlockerNG and the error logs as here: [image: 1653865617576-screen-shot-2022-05-29-at-6.06.02-pm.png]

@shoulders Cool, thanks.

@shoulders I found and read the parser code. He is a quick over view. IP Block Lists There is are no defined supported formats. All files are treated as text files and then an IPv4 and IPv6 regex is applied and all of the IPs are extracted allowing all formats and more (json, csv, xml, text) DNSBL CSV can only be used if they match one of the internally coded formats which are feed specific. each line is processed as a single record if a valid (non 0.0.0.0 / 127.0.0.1) address is found on the same as a domain, then the domain is ignored. domains are extracted (via various clean ups) from the record and then processed as you expect. Hope this helps

@johnpoz Thank You! I just updating ports and FQDN that Apple devices using... TCP and UDP ports used by Apple software products Use Apple products on enterprise networks

Good luck, I hope it works out for you this round. You may want to check under services – DNS resolver – General settings. That python mode is enabled. I don’t know I can’t remember if PFblocker-NG turns it on automatically when you install it or if you have to do it manually. Or even if it is necessary

It is solved now, I have removed error.log and pfblockerng.log . Remove check from keep setting in general tab then saved and re-check on keep setting and then save. Force update and every thing worked like a charm . Hope this will be help some one else as well.

@dimnovotny A cron job of every minute or even every 15mins is grossly unnecessary and is bound to consume cpu cycle...my corporation runs its feed once per day.

@obxjeepguy Okay, cool.

@mcury Thanks for chiming in. That settles that. :-)

@nollipfsense A force reload may have fixed this, going to see if it progressively gets worse or not. Why would that effect it so heavily though?

@johnpoz said in Disconnected after installing pfBlockerNG-devel??: Ya lost me there You are correct of course, I should've tried that route first

@patch This is great, thank you!

@nollipfsense You completely skipped the essence of the question. This is probably one for the developer.

@aspiringnetworkadmin Do some reading to help yourself then, if you have problems, post issues: https://docs.netgate.com/pfsense/en/latest/services/dns/index.html https://docs.netgate.com/pfsense/en/latest/packages/pfblocker.html https://www.sunnyvalley.io/docs/network-security-tutorials/pfblockerng

Well, as you can probably guess, there is no easy answer here. We all have varying needs, some only want to block ads, others try to keep their kids safe and this is one tool in the toolshed. Others are looking to GEOBLOCK... Me, not so much geoblock, as ad blocking and 'not-nice' sites, along with blocking public DNS, together with nat rules to redirect IOT back to PFSense for DNS. It took months of trial and error to come up with a workable mix, the lists are not maintained by BBcan (with the exception of his) but by 3rd parties. List owners can change as the lists are bought by new owners sometimes. Sometimes a list works well, then not so. Sometimes they are abandoned and don't get updated or disappear. So this is not a 'set and forget'. I pop into PFSense about once a month just to check that the lists are updating, or if there are newer lists that may do better that I could test out. It's the nature of internet security; it really IS shooting ducks in a barrel... If you've had issues in the past with it, perhaps the way to go is to wade in a little at a time. Start with IP blocking only. Select the lists that appear to do what you are looking for, example, Emerging Threats, Talos, and I use cins army. You can round it out with a coinblocker and maybe a few others in other categories. Work with those for long enough to confirm they aren't blocking things that are causing issues. You could also go to their websites and read about their lists to determine what you think is important. Once that is stable, you can do something similar with the DNSBL lists. Nothing is turnkey here. Things take time.

@patch said in Beginner minimal pfBlockerNG setup: They are not on reputable internet bock lists In the current climate blocking VPN end points is currenlty very useful. It appears at the moment about 50% of the scanners are from VPN sites. So from pfBlockerNG-devel using this feed in a block list is useful https://raw.githubusercontent.com/ejrv/VPNs/master/vpn-ipv4.txt

@nollipfsense Thank you, that worked!

This 'telemetry' crap is common as dirt. Telemetry my arce. They are collecting data about usage- like where you go on the internet. See it with Firefox (incoming.telemetry.mozilla.org), my phones once I switched them to my internet carrier (v-collector.dp.aws.charter.com), MS does it (v10.vortex-win.data.microsoft.com)... you name it, they are trying to make a buck off your usage. Malwarebytes also has that 'browser guard'. I keep saying NO and sure enough it pops up again 'please turn me on'. Where else to better see where you are going, than with a plugin in the browser? These days, many AV products are moving away from local 'definition' files/local scanning, to cloud based scanning. I get it, real time scanning, zero day bla bla. But I wonder what they are storing up there 'in the cloud'- their servers, and how it affects computer performance. Malwarebytes is on the mild side here- we use Fireeye at work and their xagt process can chew up 80% of the processor- you really feel it. Horrible. Maybe Malwarebytes has a central control console (not familiar with what they offer for business use) where you can turn telemetry off without having to manually do it on 200 machines...