Doesn't have to be on floating, but that would be one way to put it before a rule on interface. It needs to be above the rule your using for pfblocker.

@naveen7355 said in pfBlockerNG-devel net:

https://gist.githubusercontent.com/BBcan177/4a8bf37c131be4803cb2/raw

Why would you show that one ?
Of course it works.

You should test the urls in YOUR setup - not mine.

@naveen7355 said in pfBlockerNG-devel net:

its updated now but still website is not blocking

?+?+?

And again, You do not mention details about your setup.
Neither that you tried to visit hosts that are blocked (== list in the DNSBL feeds).

What about this test :

dc519cea-556e-453c-85e3-43e29270a59e-image.png

From any of these 3 lists, take some domain names listed in these feeds (again : do not use my example feeds I use, use YOUR DNSBL lists) and test them in your browser.
The counters should start to increment.
The Firewallpf > BlockerNG > Alerts should show that that domain name was blocked and reference the feed you got it from.

@yorke

PfBlockerNG hooks into unbound, being a resolver.
All it sees are DNS requests, going and coming from some DNS servers.

@fireodo said in Talos BL Download Fail:

@kiekar

That means the trouble is not on your site - you probably collide with some site maintenance ...

OK Thanks!

I think I finally figured out why this kept happening.... and god dang I am a dork for not having figured this out sooner.... In my efforts to block domains that kept seeming to sneak through/past all of my blocks between pfsense and my piholes, I had set up domain overrides in dns-resolver....and I no more than took those out, and it seems that has been the bane of my issues this entire time, so far, only thing to pop up in the dnsbl blocks now, is a domain that I just validated is NOT actually yet being blocked, and that was after I cleared out the logs of old data, and started new with empty logs to make sure it was not old info I was reading into without realizing such.

I had over-riden them to directly point to the pfblocker VIP addres of 10.10.10.1, and it seems that was the issue I was having and just never realized it.

Well, I dont advise (at least in a SG-3100 with pfsense 2.4.5-p1) to change that value!

After changing Firewall Maximum Table Entries from default value of 2000000 to 2500000, it showed one popup to reboot to apply changes, and I choose to reboot.

Doing this, all services running in this unit, didnt start (not even one), so I checked that Firewall Maximum Table Entries again, and notice that the default value detected was 0, but there was 2500000 in the field above:

b3984ce4-f571-4e79-8d3a-149b484e9d88-image.png

So I tried to change that value to lower values like 2300000, 2100000 and then 2000000 (doing all asked reboots between changes), but still nothing, so I notice that this unit was not rebooting at all.

To recover, I went in "Backup and restore" and restored last stable config, and tried to halt system, but nothing again. So I power it off, and power on again, and it came back again with that last stable config.

Not sure how it was before with other firmware versions, but with 2.4.5-p1 ... dont recommend at all to mess around with it.

Also this is all I have running in this unit:

d109a327-3456-478f-9021-6a6b47d70af8-image.png

Browser is probably using DNS over Https, DNS over TLS and QUIC protocol.

@mikej-0 said in Pfblocker not working (not blocking ads or sites):

DNSBL_ADs_Basic 916,133 0 Jul 28 17:37:53

If that was true, a list with "916,133" (which means 916133 host names !!)
and
your using unbound "file mode" :

93d2b694-bc3d-4efb-b30f-cb3265caf352-image.png

which means that the files will get 'included" by unbounded == read into memory when unbound start, you could create a situation where
unbound needs a very long time to start.
unbounds uses loads of memory, if not all
unbound comes very slow, as for nearly every DNS request, it needs to parse all the DNSBL lists.

I just checked this "DNSBL_ADs_Basic" and it's has only 93000 lines = a bit less then 93000 hosts.
Here it is : https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts

I advice you to use the Python mode, not unbound mode.
The unbound mode will phase out in the future.

Also : This is what I consider the most optimal settings :

Update Frequency : Weekly : don't stress the download server ( !! )- and big list are not updated every hour or day anyway.
Logging / Blocking Mode : Null Blocking (logging) as http sites don't exist any more - the build in "DNSBL WebServer" will be discreded any way in the future.
TOP1M Whitelist : Optimal , but I enable this option.

Has pfBlocker been running continually since then?

@msf2000

I just found this:
https://rodneylab.com/firewall-block-lists-compared/

So, I guess I'll have to look into each list and decide what's important for my network.

@steveits said in Any pfBlocker issues with Upgrade from 2.4.5 to 2.5.x?:

Netgate recommends removing packages

I like to add :
When all packages are removed, reassure that basic firewall operations are good. Add a 24 hours cool down and one or two reboots are also advisable. Issues that are present before an upgrade will pop up, and have to be dealt with before the upgrade.

@johnpoz said in Deny all except a country:

will then see it normal pfse

Thanks you very much, it is very clear and there are not post that explain it as well

I will keep an eye out for it - maybe you have some app trying to use it?

Just took a look at my log for dot.. Only my shield TV is hitting it now and then.. Seems to try once an hour ;)

dot.png

And good thing is - its trying it to the dns I have set it to use.