@gertjan
Thks

@jdeloach

if this list is blocking something that you want access to, just don't use this list

You misunderstood the troubles we report here. Yes of course if it’s a list that is dedicated to block public dns and you want to reach them, we can advice you not to use this list 🙃
But here we re talking about a “not normal” blocking. Like when they block GitHub or, worse, their own website which is stopping us to follow your advice … to report to them. 😉

When it reaches a so low level of conscientiousness you can’t justify that saying it’s done by folks for free. It’s insulting for all the others who do the same, for free, but seriously.

But as @BBcan177 said, he has to include a list in his plugging but he can’t keep vetting every list every time. It would be a full time job. That’s why we report. Since you say you use others lists, if you know good lists don’t hesitate to suggest some. Maybe he can swap in the list included in the package. He cannot be aware of every existing lists.

@keyser
Ok thanks a lot . I simply disable « hide IP » and add are blocked by Pfblocker . Best regards .

@ttblum said in Microsoft hosted site being blocked by Oceania Alias:

updated with Microsoft's current IP space?

for what office365?

https://docs.microsoft.com/en-us/microsoft-365/enterprise/urls-and-ip-address-ranges?view=o365-worldwide

@gertjan

Thank you. Adjusted as recommended and no further problems. Reminds of the DOS days when you had to define the number of file handles.

Never crossed my mind that there was the same thing for tables.

@johnpoz said in Permit United States only for specific port on WAN interface:

@ciscox its set to alias - which is shown on that first summary sort of page

setalias.jpg

What the heck, I didn't know about this. This is going to make things much easier now :)

Thank you very much :)

@jdeloach Such great advise and so quick.
I followed you suggestions and have switched to pfBlockerNG-devel, 3.1.0
Everything is working perfectly now.

Thank you, so appreciate your fine assistance.

@jimfreeze said in pfBlockerNG 2.1.4_26 borked Netgate 6100:

I assumed the unstable one would be the devel version

Yes that is logical. A couple years ago, give or take, I saw the maintainer had posted to use -devel. Either in early 2019 or 2020 we had to switch because we couldn't get the MaxMind key to work on the non-devel one. So all our clients have it. Short version is, most people who don't frequent the forum probably use the non-devel, and most people here probably use -devel.

Now, I have not run into DHCP not working or routing breaking, but there is a known issue with the -devel install stopping the DNS Resolver. As I understand it, it has to do with how the package installation happens so Netgate has to fix it.

@heliop100 said in pfBlockerNG not showing alerts after pfSense 2.5.2 update.:

I change the rules to block all south america and north america countries but are not blocking anything.

What rules ? Placed on what interfaces ?

@mariog I run Monterey, 7 y.o. iPad w/ 15.1, iPhone X w/ 15.1
My devices are set to hide IP from trackers. I am not using ipV6, not sure if that matters.
My devices use Quad 9 for dns (via pfSense). I do not use dnssec. pfBlocker is at 3.1.0 and DNSBL runs in unbound python mode.

I get a few ads, but rarely. I mostly get popup's complaining that I'm blocking ad's. If I do see ad's I figure it is because I do not have a lot of feeds defined in DNSBL. Not always, but on occasion I do notice a bit of latency in Safari on iPad or Mac (rarely use iPhone at home, screen is too small to be useful). If 10 sec or so goes by w/o a page load I do a refresh and that usually brings a page up. I have not noticed if ad's are on the page when this happens but now I will pay attention.

I just clicked around a site I never go to and did not see any ads and all the pages loaded very quickly. That site was cnn so I imagine it's loaded with ads.

I don't know if this is helpful or not, I'm not that knowledgable about this topic.

v1.1 - writes date/time at the top of the outfile.

fetch -o /tmp/PIA.json "https://serverlist.piaservers.net/vpninfo/servers/v6";jq -r '.regions[].servers.ovpntcp[].ip,.regions[].servers.ovpnudp[].ip' /tmp/PIA.json | sort -n | uniq | iprange > /var/db/pfblockerng/PIA_v4.txt;setenv PIAdate `date "+%Y-%m-%dT%H:%M:%S"`;sed -i '' -e "1s/^/#$PIAdate\n/g" /var/db/pfblockerng/PIA_v4.txt

@manishdixitajm said in Attackers_delivering_fake_DomainBlock (1635762191):

I am sure pfng blocker is blocking

So why asking :

The error is "Attackers_delivering_fake_DomainBlock (1635762191)". Even when i am passing this traffic its still not work.

If you block something, it's blocked = no access.

Btw : it's not an error. Just a log line telling you a firewall rule was 'hit' by a packet and it matched : the rule was applied = blocking.
By default, pfSense blocks nothing. You as a admin with your rules - with pfBlockerNG, are able to block.

@manishdixitajm said in Attackers_delivering_fake_DomainBlock (1635762191):

telnet on 443

Really ? telnet ? On a TLS port ?
Let me guess : only rubbish came back ;)

Trying to ping "zerion.io" and telnet on 443 , its giving blocking error in "System logs" tab.

So, you can't connect ?

i am able to login that website and also ping is working.

So you can connect ?

What is it ?

^ exactly - this is what I would do.. And what I do do for my use of geoip based rules.. But I don't block with them - I allow with them. Only allow the countries my users are in for plex, etc..

Hi @BBcan177, hope you are doing well. I know you have a lot going on, but my employer is willing to pay for this feature. How much do you think a fair price for this would be?!

PS: Can you please delete this thread. It seems a bug with the pfblockerNG 2.1.4_26. The new v3 seems all good

@gertjan Thanks - I appreciate your help.

2021-10-26_11-13-50.png

https://phishing.army/download/phishing_army_blocklist_extended.txt -- that's the Phishing_Army list that's showing up in the DNSBL log.

In the phishing_army26OCT2021101209UTC.txt version of the list, it has ..

edgekey.net on line 8,328 www-key-com.test.edgekey.net on line 38,876

--note that anything to do with apple.com.edgekey.net is not present in the list.

After a reload with ".edgekey.net" in the DNSBL whitelist, all references to edgekey.net are gone from the list -- phishing_army-postprocess.txt . The DNSBL log displays no more entries for the domains shown in the OP. The DNSBL whitelist entry was effective at removing the both root domain and the subdomain.

It feels correct to say that a DNSBL whitelist entry with subdomains does not whitelist every parent domain in the string. IE, ".apple.com.edgekey.net" does not remove "edgekey.net" and "com.edgekey.net" and "apple.com.edgekey.net" ad naseum. I suppose that if ".apple.com.edgekey.net" is not defined in the source list it can't be removed, and besides, the whitelisting of every parent domain in a string would lead to ..... well, it's leading me to another question. 👍

>>> If I have a list that includes only "edgekey.net" ... and I must whitelist ".apple.com.edgekey.net" ... and I have to whitelist ".edgekey.net" to make it work --- how do I avoid the collateral whitelisting of every other subdomain under "edgekey.net"?

Thank you again --

@androgen

If there is a demand for it, well, yeah, I guess so.