• issue with python mode for pfblockerng

    5
    0 Votes
    5 Posts
    1k Views
    S

    @gertjan You are well come :) .

  • Block Apps over Wi-Fi (Facebook-Instagram..)

    22
    0 Votes
    22 Posts
    6k Views
    D

    @felipepipers said in Block Apps over Wi-Fi (Facebook-Instagram..):

    And for HTTPS, some idea?

    There is no workaround for HTTPS. It works on HTTP because pfblocker serves up the page when it blocks a site. Since the page is unencrypted the browser just serves up the page it's given. Pfblocker acts as a Man-In-The-Middle between the browser and the intended server and injects a non-asked for page.

    By its design, HTTPS works by the browser verifying that the security certificate of the server it is trying to connect to is from the same domain it is intending to reach. So in pfblocker's case if it tries to serve up the blocked page the browser will not display it because it did not come from the validated server it was trying to reach. The browser then displays a security warning and won't load the page that it was served.

    As an aside I noticed that there is a Facebook DNSBL feed in pfblocker that I had not noticed before:

    a2a347ee-92e5-4d48-a905-66fa4c788afe-image.png

  • Any reason not to use unbound python mode?

    3
    0 Votes
    3 Posts
    756 Views
    C

    @dma_pf Thank you! I see that I am not using DHCP Registration so I think I am good to go. Took the plunge. Noticed a few things.

    The memory utilization is actually higher. Not sure if there is a lot of initial work going on due to the change, but it's almost doubled from 8% of 8GB to 16%.

    Under reports, the DNSBL area isn't showing the blocks in red anymore even though the (DNSBL Block Event color). The background is simply white.
    Working as intended. I wasn't seeing the DNS Reply Events previously in unbound mode.

  • PfBlockerNG Alias

    17
    0 Votes
    17 Posts
    8k Views
    S

    @patch said in PfBlockerNG Alias:

    Alias Native would have the same net effect, using it would involve more processing when updating the list but less processing while using the list

    Technically it would be the other way around, Alias Native does not look for duplicates.

    However you should all probably read this thread which seems to have found that Alias Deny will remove IPs found in other lists which may not be the result you want, if rules for both lists are not denying the same port.

  • apt update issue after installing pfBlockerNG

    1
    0 Votes
    1 Posts
    271 Views
    No one has replied
  • Whitelist www.googleadservices.com

    5
    0 Votes
    5 Posts
    4k Views
    O

    @clokwork

    I just did just this at the weekend after recently installing pfBlocker as I found it was preventing visitors reaching sites via Google search.

    googleadservices.com # For Google search links www.googleadservices.com # For Google search links

    James.

  • GeoIP blocking - how to "not block the world"?

    6
    0 Votes
    6 Posts
    1k Views
    noplanN

    Do not use top Spammer list from geo blocking
    Strange things are happening means that legit and clean ranges are blocked

    BR np

  • DNS Timeline Graph Issues

    1
    1 Votes
    1 Posts
    321 Views
    No one has replied
  • 10,000+ Blocks To stats.gc.apple.com In 1 Minute

    6
    0 Votes
    6 Posts
    1k Views
    D

    @nogbadthebad Andy, thanks for that tip! My wife's out until this afternoon but I'll definitely look into what you suggest. I never knew you could do that on an iphone (not much of an apple guy). I'll let you guys know what I find out.

    Thanks again!

  • DNSBL logging/reports - inconsistent logging?

    1
    0 Votes
    1 Posts
    256 Views
    No one has replied
  • IP List disappeared

    3
    0 Votes
    3 Posts
    704 Views
    _

    Try the following fix

    https://forum.netgate.com/topic/169610/ip-logs-are-not-being-created-populated/10

  • PFBlockerNG Webserver not running.

    10
    0 Votes
    10 Posts
    1k Views
    D

    @j-lanham said in PFBlockerNG Webserver not running.:

    What's the best way to uninstall the current version and install the correct version? I tried installing it on my home version and the DHCP server went nuts. Uninstall, reboot, then install the devel version?

    It was a long time ago that I made the switch and my memory is a bit foggy. To the best of my memory I just installed the devel version. But doing a complete uninstall would not be a bad way to do it either. Just make sure that you do a full backup of your complete system first. And before uninstalling or doing an update of the current version make sure that you have the following enabled in the pfblocker settings:

    ba1e36f0-3efd-45b7-8a63-664810658e74-image.png

    There is an issue with DHCP in the devel version. Once you update you should switch this setting off in DNS Resolver settings:
    8bf06834-06e2-469b-bfea-fbf086897bad-image.png

    If you do have specific clients that you need to register in DNS assign them a static IP address and enable this setting in DNS Resolver:

    ead8a93d-9c88-472c-9413-b91074f535c4-image.png

  • pfBlockerNG-devel v3.1.0_1 - Not able to download Talos Feeds

    5
    0 Votes
    5 Posts
    776 Views
    lohphatL

    I was seeing this too but now it's downloading it again.

  • root's crontab rc.filter_configure_sync added after force pfblockerNG

    5
  • pfblocked NG 3.1.0_1 stopped showing IP alerts after update to pfs 2.6

    4
    0 Votes
    4 Posts
    1k Views
    T

    I ran into this issue as well after upgrading to 2.6.0/22.01 and confirm that logging is working properly again after applying the patch. Below is a link to an updated post from @BBcan177 on Reddit:

    https://www.reddit.com/r/pfBlockerNG/comments/t1awl6/updated_patch_for_pfsense_2621x_ip_logging_issues/

    Link to the original post on this issue for reference:
    https://forum.netgate.com/topic/169610/ip-logs-are-not-being-created-populated/

  • how to setup pfblocker without blocking everything

    7
    0 Votes
    7 Posts
    2k Views
    D

    @gmenelau In addition to what @Gertjan mentioned above you can also click on the red lock icon to temporarily unblock the IP or domain. Sometimes it's not completely obvious what is actually keeping a webpage from working correctly and this allows you to try to figure out what you want to add more permanently to your whitelist.

  • Shallalist failed to download

    6
    0 Votes
    6 Posts
    6k Views
    BismarckB

    @pierrelyon

    I'm using this list instead:

    https://dsi.ut-capitole.fr/blacklists/download/blacklists_for_pfsense.tar.gz

    Info: https://dsi.ut-capitole.fr/blacklists/ (Google Translate)

    To be honest, I think there is no other free list alive I'm aware of.

  • Pfblockerng using feeds

    16
    0 Votes
    16 Posts
    3k Views
    U

    @bambos Hi, I would suggest you start with the set up wizard for pfBlocker-NG-devel.
    The learning curve for pf bocker can be steep, so go slow and read everything......twice.
    In addition, go to the help on your pfSense dashboard, then click pf Sense book and navagate to pf blocker package and read up. just type pf blocker in the search of the book.This will give you a good start and basic understanding.Screenshot from 2022-02-22 08-46-26.pngScreenshot from 2022-02-22 09-10-59.png

  • 0 Votes
    2 Posts
    456 Views
    P

    Solved - see https://forum.netgate.com/topic/170142/updated-to-22-01-sg1100-high-cpu-usage-sbin-pfctl-vvsr/16

  • 0 Votes
    4 Posts
    2k Views
    BBcan177B

    @pftdm007

    See here for a patch:

    https://www.reddit.com/r/pfBlockerNG/comments/sk9txi/ip_block_logging_not_working_pfsense_260rc/hvv99s1/?utm_source=reddit&utm_medium=web2x&context=3

Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.