@darkcorner But I also wanted to install pfBlockerNG to complete the protection, for example block all access from abroad. Sorry, I don't use Squid so I can't speak to what you are seeing related to it's widget. But I did want to comment on your quote above. If you are thinking of using pfblocker to block things from coming into your WAN from abroad that is not the right approach. The WAN has a default rule that already blocks all unsolicited traffic on the WAN from entering. I was just recently helping someone out with this same issue and you can get more details here: https://forum.netgate.com/post/1022334

@sbh said in pfBlockerNG block traffic: Do you know if I can make it even more specific and allow only specific states in the US? No I don't. But the OpenVPN protocol is pretty robust. By design it does not respond to port scans so people shouldn't even know that port is open. And if someone was to try to access the tunnel they woulds still have to authenticate with the correct credentials which would be extremely unlikely.

Stress and tiredness had gotten the best of me but this is resolved. Wildcarding .snapchat.com in DNSBL whitelist did in fact resolve the issue. I have a raspberry pi running pi-hole and was able to see what queries were being made when the app loaded. From there I was able to confirm the requests being made and since pi-hole blocks out a few analytics, wildcarding in DNSBL did not seem like a horrible thing. Hope the steps above and the initial post helps someone else and keeps their SO from complaining :)

@dma_pf The document that I referenced in a prior post here was written by @BBcan177 , the maintainer of pfBlockerNG. The example he gave there was his attempt at explaining what IP Reputation does using one of the block lists that is included in pfBlocker.

@dma_pf thanks, thats what I thought it will do, and how i used it , for some reason it disappear , and only reappear after an upgrade

@patch said in pfblocker Documentation: Is the only documentation for pfblocker Have a look at this guide: https://nguvu.org/pfsense/pfSense-pfblockerng-configuration-guide/ Edit: Here is another guide for setting up pfSense, VPNs and some information concerning pfBlockerNG that looks to be a good reference. https://nguvu.org/pfsense/pfsense-baseline-setup/

@dma_pf Yes, just realized this (commented at the same time as you). Real sad, hopefully they can start up again somewhere at some point. Appreciate the info here. Still having some issues with UT1 but since it's working on one firewall and not the other I'm guessing it's a config thing of some sort.

@fsantoro Interesting, 400000 on that line is a bit less than the 4000000 in the post title... FYI I seem to recall PHP has a limit of 512 MB on pfSense.

So I have an update. I was configuring wireguard between my sites and after the static routes it allowed sync to the other routers. So I guess I just missed it before.

@bbcan177 said in PHP memory problems with current version: Is related to DHCP Leases. So probably delete that file, or clear it out? In future, this section of code can iterate each line instead of loading the whole file into memory, Thanks for the pointer, will look into that! So probably delete that file, or clear it out? Don't know if that will help so much, as the customers running that are medium sized corps with A LOT of clients so even when I delete that now, they will get bigger and accumulate over time again. But I'll check if that will us buy some time for when you probably have an update ready that will parse that file a bit smoother ;) Is the DHCP lease file related to you parsing of the filter log to display what IP/host triggered a warning/block/rule/DNS call etc? Cheers mate, \jens

@gertjan said in Updating to pfBlockerNG-devel 3.1.0_1 from 3.1.0 blocks DNS requests: I've already seen posts about feeds that have their own IP in the list Yep, I had this happen all off a sudden I got notifications that lists couldn't be updated, it's because the lists were blocked by other lists lol. And now pfBlockerNG doesn't even log IP addresses that it blocks for me. I think the developer has pretty much given up on the project.

@viktor_g : Ok, nice. A bit of a hammer approach, though. I still wonder why unbound refuses a simple TERM signal, send initially, just a couple of lines above.