The patch and a filter restart did the job - thank you!

@gertjan You are well come :) .

@felipepipers said in Block Apps over Wi-Fi (Facebook-Instagram..):

And for HTTPS, some idea?

There is no workaround for HTTPS. It works on HTTP because pfblocker serves up the page when it blocks a site. Since the page is unencrypted the browser just serves up the page it's given. Pfblocker acts as a Man-In-The-Middle between the browser and the intended server and injects a non-asked for page.

By its design, HTTPS works by the browser verifying that the security certificate of the server it is trying to connect to is from the same domain it is intending to reach. So in pfblocker's case if it tries to serve up the blocked page the browser will not display it because it did not come from the validated server it was trying to reach. The browser then displays a security warning and won't load the page that it was served.

As an aside I noticed that there is a Facebook DNSBL feed in pfblocker that I had not noticed before:

a2a347ee-92e5-4d48-a905-66fa4c788afe-image.png

@dma_pf Thank you! I see that I am not using DHCP Registration so I think I am good to go. Took the plunge. Noticed a few things.

The memory utilization is actually higher. Not sure if there is a lot of initial work going on due to the change, but it's almost doubled from 8% of 8GB to 16%.

Under reports, the DNSBL area isn't showing the blocks in red anymore even though the (DNSBL Block Event color). The background is simply white.
Working as intended. I wasn't seeing the DNS Reply Events previously in unbound mode.

@patch said in PfBlockerNG Alias:

Alias Native would have the same net effect, using it would involve more processing when updating the list but less processing while using the list

Technically it would be the other way around, Alias Native does not look for duplicates.

However you should all probably read this thread which seems to have found that Alias Deny will remove IPs found in other lists which may not be the result you want, if rules for both lists are not denying the same port.

@clokwork

I just did just this at the weekend after recently installing pfBlocker as I found it was preventing visitors reaching sites via Google search.

googleadservices.com # For Google search links www.googleadservices.com # For Google search links

James.

Do not use top Spammer list from geo blocking
Strange things are happening means that legit and clean ranges are blocked

BR np

@nogbadthebad Andy, thanks for that tip! My wife's out until this afternoon but I'll definitely look into what you suggest. I never knew you could do that on an iphone (not much of an apple guy). I'll let you guys know what I find out.

Thanks again!

Try the following fix

https://forum.netgate.com/topic/169610/ip-logs-are-not-being-created-populated/10

@j-lanham said in PFBlockerNG Webserver not running.:

What's the best way to uninstall the current version and install the correct version? I tried installing it on my home version and the DHCP server went nuts. Uninstall, reboot, then install the devel version?

It was a long time ago that I made the switch and my memory is a bit foggy. To the best of my memory I just installed the devel version. But doing a complete uninstall would not be a bad way to do it either. Just make sure that you do a full backup of your complete system first. And before uninstalling or doing an update of the current version make sure that you have the following enabled in the pfblocker settings:

ba1e36f0-3efd-45b7-8a63-664810658e74-image.png

There is an issue with DHCP in the devel version. Once you update you should switch this setting off in DNS Resolver settings:
8bf06834-06e2-469b-bfea-fbf086897bad-image.png

If you do have specific clients that you need to register in DNS assign them a static IP address and enable this setting in DNS Resolver:

ead8a93d-9c88-472c-9413-b91074f535c4-image.png

I was seeing this too but now it's downloading it again.

This is reported here: https://redmine.pfsense.org/issues/12827
Forum discussion: https://forum.netgate.com/topic/169955/latency-spikes-during-filter-reload-ce-2-6-0

I ran into this issue as well after upgrading to 2.6.0/22.01 and confirm that logging is working properly again after applying the patch. Below is a link to an updated post from @BBcan177 on Reddit:

https://www.reddit.com/r/pfBlockerNG/comments/t1awl6/updated_patch_for_pfsense_2621x_ip_logging_issues/

Link to the original post on this issue for reference:
https://forum.netgate.com/topic/169610/ip-logs-are-not-being-created-populated/

@gmenelau In addition to what @Gertjan mentioned above you can also click on the red lock icon to temporarily unblock the IP or domain. Sometimes it's not completely obvious what is actually keeping a webpage from working correctly and this allows you to try to figure out what you want to add more permanently to your whitelist.

@pierrelyon

I'm using this list instead:

https://dsi.ut-capitole.fr/blacklists/download/blacklists_for_pfsense.tar.gz

Info: https://dsi.ut-capitole.fr/blacklists/ (Google Translate)

To be honest, I think there is no other free list alive I'm aware of.

@bambos Hi, I would suggest you start with the set up wizard for pfBlocker-NG-devel.
The learning curve for pf bocker can be steep, so go slow and read everything......twice.
In addition, go to the help on your pfSense dashboard, then click pf Sense book and navagate to pf blocker package and read up. just type pf blocker in the search of the book.This will give you a good start and basic understanding.Screenshot from 2022-02-22 08-46-26.pngScreenshot from 2022-02-22 09-10-59.png

Solved - see https://forum.netgate.com/topic/170142/updated-to-22-01-sg1100-high-cpu-usage-sbin-pfctl-vvsr/16