@sozler

Wow! My post was 3 years ago!

I’ve stopped using pfsense and therefore pfblockerNG quite some time ago.

I’m using https://nextdns.io now. It’s pretty good and much easier to use and configure. (It’s far from perfect, but it’s way simpler)

@gertjan thanks for the heads up! I left everything running for a week with python mode enabled in Unbound, pfBlocker IP enabled and DNSBL disabled… ran like a charm.

Enabled DNSBL last night with one Feed with 10k ish domains, so a pretty small list. Here’s the memory usage, staying consistent until I flipped the switch, within an hour unbound crashed with no obvious log.

3022C956-ACAC-4CAF-8EF4-B30877CCB14B.png

@steveits Yup, sure does! I was actually on the right track but I gave the wrong setting. It's actually the fake website shield that needs to be disabled. I will update that in my last post. So what happens is that AVG detects that pfSense is trying to change the IP address to the website you're accessing and so it'll circumvent it as it thinks it is an attack.

I can't edit my original post, so here's what needs to happen. It's the Fake Website Shield that is responsible for this. So go to Menu > Settings > Full Protection > Fake website shield > Turn it off indefinitely. Not necessarily the course of action that is the most awesome but that is the trouble module causing pfSense to be ignored.

@chudak If you click the actual feed URL on the Feeds page under the Header/URL column does it download? They will occasionally move URLs...though seems unlikely multiple ones did.

That´s of course the first thing, I tested. :)
The pfSense box can resolve the internal addresses.

I have realized this by using "Domain Overrides" at the DNS resolver. In which for the domain "10.in-addr.arpa" points to an internal DBNS server.

On the console I can resolve the addresses and in "Diagnostics"->"DNS Lookup" also works.

Only in the Alerts tab it doesn't seem to work...

@andrew453 said in Suppressing IP block in CIDRs other than /24 and /32:

https://www.iblocklist.com/list?list=cwworuawihqvocglcoss

List of people who have been reported for bad deeds in p2p.

This list is for protecting BitTorrent clients. IMHO it could be used on the local machine BitTorrent hosts instead of the Firewall.

When Auto-Rules doesn't fit your setup, you can use Alias type with your own FW rules order.

Don't use floating I guess. It is not the default anyways.

@mcury Those numbers also look fine. There’s no massive writing anymore. So you are in the clear :-)

@peterlecki I am not sure I understand completely but when you create a geo list the default is Disabled, it says so next to the List Action dropdown.

The point of the comment is that instead of creating IP tables in memory to block 95% of the world, make a default block rule and only allow 5% of the world.

Often what I do is make the list Alias Native which only creates an alias. Then I can use that alias in whatever NAT rule or firewall rule I want.

@keyser So far so good :-)

After the 3.1.0 upgrade my problems have all been addressed:

1: My diskspace is no longer permanently dvindeling until I’m forced to stop/start pfBlockerNG or reboot my firewall. My diskspace seems stable. Every time the Cron job runs the “lost” space during the day is returned, and it seems fine.

2: My widget is once again reflecting hits on both DNSBL and IP lists - including HTTPS hits to the DNSBL VIP

So it seems this version is the golden standard going forward.

Hope it makes it to release/stable version soon.
Would be nice to run this version on production hardware and more speculative/beta like features once again can make it into the -devel version.

Fixed in pfBlockerNG-devel v3.1.0_0

CHANGELOG: ... Fix Unbound Mode logging of HTTPS domains (lighttpd regression)

@mikej47 said in Pfblocker not working after upgrading to Pfsense 21.05.1-RELEASE (arm):

Should I delete my old pfB_Africa_v4, pfB_xxx, aliases now

If you're not using them I would, otherwise (I assume) they would use memory.

@bbcan177 hmm... might work... Things are complicated by the fact that I have a mix of standalone boxes(satellite offices) and HA pairs(main office and multiple data centers). I might be able to figure a way to make it work, it would be helpful if the "Disable General/IP/DNSBL tab settings sync" button were available per target if using the "Sync to host(s) defined below" option.

What are your thoughts on:
I might be able to do a "full" sync from Main Office #1 to Main Office #2(HA paired with Main Office #1), then use "Disable General/IP/DNSBL tab settings sync" to sync from Main Office #2 to DC1 #1, DC2 #1, DC3 #1, and Satellite 1, 2, 3, 4, 5, 6, I could then do "full" sync from DC1 #1 to DC1 #2, DC2 #1 to DC2 #2, DC3 #1 to DC3 #2 and so forth. Does that sound right?

Also, can I get some clarification on the "Disable General/IP/DNSBL tab settings sync" button, am I correct in assuming that the following will/will not sync?

Will not sync:
/pfblockerng/pfblockerng_general.php
/pfblockerng/pfblockerng_ip.php
/pfblockerng/pfblockerng_dnsbl.php

Will sync:
/pfblockerng/pfblockerng_category.php?type=ipv4
/pfblockerng/pfblockerng_category.php?type=ipv6
/pfblockerng/pfblockerng_category.php?type=geoip
/pfblockerng/pfblockerng_reputation.php
/pfblockerng/pfblockerng_category.php?type=dnsbl
/pfblockerng/pfblockerng_blacklist.php
/pfblockerng/pfblockerng_safesearch.php

If the above assumptions are correct, I may be able to make my life even easier, with even less work than my feature request would make.