@rvjr said in IPv6 list generated IPv4 rule:

ok, that's weird. No I'm using the standard pfBlockerNG 2.1.4_26 on pfSense 21.05.2-RELEASE. I'll try switching the list action and see if that makes any difference.

Your problem is that you are using an old unsupported version of pfBlockerNG. The maintainer of pfBlockerNG, @BBcan177, does not recommend the use of that old version. The -devel version has been in use for 2 to 3 years now and is very stable and the only version currently being updated.

Make sure that the box is checked to save your current settings and then uninstall your current version of pfBlockerNG 2.1.4.26 and then install the -devel version 3.1.0_1. This should take care of the issues you are seeing, if not, post back to the forum and someone will help you.

@rvjr On pfSense unbound generally restarts. See
https://redmine.pfsense.org/issues/5413

Update:

After looking into this, it seems to be a "localnet" that I have in the: firewall > pfblockerng > IP > IPv4 > "localnet" (which is a custom list) > there's where the screwed up process seems to be. It points to "Custom DST Ports" and at one point in the FW's lifespan I couldn't add a custom IPv4 "allow list" without making this dumb alias with destination ports. It is so annoying because at one point, the white list was the white list. After some update you had to further carve out your destination ports. It used to be simple. Now, checking the other firewalls, they all have this setup but for some reason I get errors. On the working firewall I have an alias: pfB_localnet_v4. That looks "built in" to PFbNG. On the non-working one, that alias doesn't exist. I think somewhere in here is where the problem is but I'm not sure how to work it out yet. I had to create that "Web_Ports" alias at one point because the system would not simply allow me to make an IPv4 allow list that was simple, I had to specify the destination ports via a port alias (lame)

Error:

Empty destination port alias 'Web_Ports' for rule 'pfB_localnet_v4 auto rule' @ 2022-02-12 11:51:40
Empty destination port alias 'Web_Ports' for rule 'pfB_eits_whitelist_v4 auto rule' @ 2022-02-12 11:51:41
Empty destination port alias 'Web_Ports' for rule 'pfB_localnet_v4 auto rule' @ 2022-02-12 11:51:42
Empty destination port alias 'Web_Ports' for rule 'pfB_eits_whitelist_v4 auto rule' @ 2022-02-12 11:51:43
Empty destination port alias 'Web_Ports' for rule 'pfB_localnet_v4 auto rule' @ 2022-02-12 11:51:44
Empty destination port alias 'Web_Ports' for rule 'pfB_eits_whitelist_v4 auto rule' @ 2022-02-12 11:51:45

@vmac said in Why is my pfBlockerNG still showing up to date:

@bmeeks
Thanks for the response, I am on the latest version of pfSense.

Screenshot 2022-02-05 174431.png

How do I get onto the development version if that is the best and it is "stable" in that I won't be having to have my router reset while I'm traveling for work?

You will just install it from the Packages Repo (under SYSTEM > PACKAGE MANAGER in the menu).

I am not a pfBlockerNG user, so I can't say exactly what settings will migrate over from pfBlockerNG to pfBlockerNG-devel. You might want to read up on all the posts in this sub-forum about pfBlockerNG-devel before installing it.

I believe the best procedure would be to delete pfBlockerNG and then install pfBlockerNG-devel. You should not lose the pfBlockerNG settings that way. But there are so many changes in features in pfBlockerNG-devel that you might consider a fresh install from scratch the better approach.

@dma_pf @SteveITS @BBcan177 Thank you guys, so it all starts with the problem I have where the 'source' field doesn't behave as expected and is not linked to any list - I think in that respect I finally found the bug (and a workaround) - for me this applies to all formats (so far I tested 'Auto', GeoIP and ASN). So as described before, whenever I try to add a new custom list (Firewall-->pfBlockerNG-->IP-->IPv4), the 'source' field is broken and only act as plain text

Screenshot 2022-02-04 at 21.34.07.png

So I discovered that if I try and save it at this state before completing it (so in this example I left Name / Description / header empty), I will get the same page but with an error - in this new page the 'Source' field works just fine

Screenshot 2022-02-04 at 21.34.41.png

So I can now create my aliases in this way.

As for the second problem (Logs - logs file box always remains empty regardless file type / file selection), So far I can say this is browser related - I work on a Mac, using Safari, in Chrome this works fine (although from some reason it worked once today for me in Safari but I so far did not figured out why it is inconsistent and if it is because of some settings or the browser itself).

Thank you guys for all your help and support!

@laviniuc

My guess it's definitely because of the Captcha requirement.

On their website (http://list.iblocklist.com/humantest?list=usrcshglbiilevmyfhse&fileformat=p2p&archiveformat=gz it says:

"If you register an account, then you will not have to pass the security check when downloading list files."

Some other feeds that also require registration give you a token that you can then put into the URL of the feed to be able to download the lists. I don't know if iblocklist does that or not. But you might try registering and see if the provide that for you. My guess is thy might as their website explicitly says that their lists can be used with pfsense.

@darkcorner

But I also wanted to install pfBlockerNG to complete the protection, for example block all access from abroad.

Sorry, I don't use Squid so I can't speak to what you are seeing related to it's widget. But I did want to comment on your quote above. If you are thinking of using pfblocker to block things from coming into your WAN from abroad that is not the right approach. The WAN has a default rule that already blocks all unsolicited traffic on the WAN from entering.

I was just recently helping someone out with this same issue and you can get more details here: https://forum.netgate.com/post/1022334

@sbh said in pfBlockerNG block traffic:

Do you know if I can make it even more specific and allow only specific states in the US?

No I don't. But the OpenVPN protocol is pretty robust. By design it does not respond to port scans so people shouldn't even know that port is open. And if someone was to try to access the tunnel they woulds still have to authenticate with the correct credentials which would be extremely unlikely.

Stress and tiredness had gotten the best of me but this is resolved. Wildcarding .snapchat.com in DNSBL whitelist did in fact resolve the issue.

I have a raspberry pi running pi-hole and was able to see what queries were being made when the app loaded. From there I was able to confirm the requests being made and since pi-hole blocks out a few analytics, wildcarding in DNSBL did not seem like a horrible thing.

Hope the steps above and the initial post helps someone else and keeps their SO from complaining :)

@dma_pf
The document that I referenced in a prior post here was written by @BBcan177 , the maintainer of pfBlockerNG. The example he gave there was his attempt at explaining what IP Reputation does using one of the block lists that is included in pfBlocker.

@dma_pf thanks,
thats what I thought it will do, and how i used it , for some reason it disappear ,
and only reappear after an upgrade

@patch said in pfblocker Documentation:

Is the only documentation for pfblocker

Have a look at this guide:
https://nguvu.org/pfsense/pfSense-pfblockerng-configuration-guide/

Edit: Here is another guide for setting up pfSense, VPNs and some information concerning pfBlockerNG that looks to be a good reference.

https://nguvu.org/pfsense/pfsense-baseline-setup/

@dma_pf Yes, just realized this (commented at the same time as you). Real sad, hopefully they can start up again somewhere at some point.

Appreciate the info here.

Still having some issues with UT1 but since it's working on one firewall and not the other I'm guessing it's a config thing of some sort.

@fsantoro Interesting, 400000 on that line is a bit less than the 4000000 in the post title...

FYI I seem to recall PHP has a limit of 512 MB on pfSense.

So I have an update.

I was configuring wireguard between my sites and after the static routes it allowed sync to the other routers.

So I guess I just missed it before.