@ik2189 said in https:

So if i understand it's not possible to display a web page displaying that the site is not allowed ?

Thats correct. Gertjan has explained you the reason why thats so.

@viktor_g Seems to have worked! No core dumps on "Configuring firewall..." boot status messages.

@gertjan said in Custom IP4 List:

@jmanatee said in Custom IP4 List:

@jegr

There are like 4460 IPs on that list and some of the IPs (5-8) still get past pfsense to the server and continue attempts to login to the mail server

Humm. That's scarry.

What if you take the IP you use when VPN-in - as I see you have the OpenVPN server.
If you add your Client OpenVPN IP to the pfB_ASSPBlock, you couldn't enter anymore, right ?! The firewall wall log would show the hit.

On the Firewall > pfBlockerNG > IP page, do you have this one activated :

ea6e796f-87a0-42d3-89af-618890c31270-image.png

?

Can't find another reasons ... and refuse to believe that pf, that is FreeBSD itself, is broken .... :(

Yes it will definitely block me on vpn I have done that accidentally a couple times.

Kill states was not enabled, I enabled it I will continue to watch it.

This was probably the problem.

Thanks

@gertjan
I have two public IP. One connects to my Wi-Fi Router, another connects to my pfSense Router.

I can open the two files when I use Wired Ethernet (pfSense Router).
I can also open the two files when I use Wi-Fi (Wi-Fi Router).

To test the dual WAN settings, I connect the Wi-Fi LAN to pfSense WAN2, I also set a new gateway (WAN2 Interface) for using the Wi-Fi Router Public IP.

0720.png

[ pfB_PRI1_v4 - Spamhaus_Drop_v4 ] Download FAIL [ 05/31/21 13:15:18 ]  [ pfB_PRI1_v4 - Spamhaus_Drop_v4 ] Download FAIL [ 05/31/21 12:15:17 ] [ pfB_PRI1_v4 - Spamhaus_Drop_v4 ] Download FAIL [ 05/31/21 11:15:18 ] [ pfB_PRI1_v4 - Spamhaus_Drop_v4 ] Download FAIL [ 05/31/21 10:15:17 ] [ pfB_PRI1_v4 - Spamhaus_Drop_v4 ] Download FAIL [ 05/31/21 08:15:17 ] [ pfB_PRI1_v4 - Spamhaus_Drop_v4 ] Download FAIL [ 05/31/21 02:15:17 ] [ pfB_PRI1_v4 - Spamhaus_Drop_v4 ] Download FAIL [ 05/31/21 01:15:19 ]

Today, I find that the document might be downloaded in 05/31/21 03:15
Now I set the Update Frequency to Every 4 Hours

Our data center is still on 2.4.5 so thanks for the heads up on this issue.

I changed the update frequency on one of the feeds (2 hours to 4 hours), ran an Update, and that one change didn't get synced to the backup node.

For posterity, here is Viktor's redmine entry for your bug from the HA forum.

@revengineer said in Upgrade pfBlockerNG to pfBlockerNG-devel:

I had to modify the aliases for the deny lists

Ah, sorry, I had forgotten that. Yes we had to do that also.

Ok, I finally made the move to the devel version and this fixed the problem. It may be time to retire the other version.

Click edit on an item and the bottom of the page is there
Clipboard01.jpg

@gertjan said in Unbound custom options:

@lcbbcl said in Unbound custom options:

Is this the way?

Not the right question.
The question is : how do you run (the DNSBL) part of pfBlockerNG ?
The answer will explain what you see.

The mode called 'python' mode doesn't use the unbound's custom box "include: /var/unbound/pf_dnsbl.*conf " option any more.
Now where back with the nice and clean :

780a3ec4-ac20-4a01-8d74-36302266de8b-image.png

which has a big advantage : no more messing up of the options.

Yes you are right i am using with python mode, thank you now is clear to me.
Pf dnsbl was working just fine.

@gwaitsi said in Help with understanding Threat Analysis:

grep: dev/snd/pcmC1D3p: Invalid argument

Yeah, sorry.
It read folders isn't shouldn't.

cd to /usr, that the most important one.

cd /usr

@nollipfsense

I'm not running DNSBL yet (still trying to figure out pfBlocker). I'm using IP list to block DOH, specifically Alias Deny with the list TheGreatWall_DoH_IP.

The list of of likely clients to unplug is a lot shorter than the list of ALL clients to unplug so I'll start with those first. The fact that there is no outbound log entries in pfBlocker seems to suggest it could be something like this post from another forum:

https://community.spiceworks.com/topic/527938-strange-inbound-udp-packets

I really appreciate you taking time out of your day to respond but since this is more of a curiosity than an operational issue I'll mark this thread as closed. Near as I can tell everything is working correctly on my network. Blocked things are getting blocked and allowed traffic is getting passed. If I find anything interesting or noteworthy I'll post it here but for now I think I'm done.

Thank you.

Cheers!

@p_bear said in Error alert I can't troubleshoot:

I don't use this ....

👍
You'll be fine.

@cobra_phil

I just realized that some of the answers to my questions were available in some of the screenshots your posted a month ago in your original post. Here is my thinking from the 35,000 foot view........

Configure pfSense to receive an address from ISP on WAN via their DHCP server Create a "management" interface on LAN with a private address range and its own DHCP server. This allows you to plug in a laptop or other host and talk to pfSense, manage firewall rules, DNS, pfBlocker etc. as well as any switches or wireless access points you might have Create a bridge interface with WAN & OPT1 where all your clients will connect. This will be a DMZ of sorts where your clients get addresses directly from ISP and can pass credentials, etc. See Internal / External Bridges on this page:

https://docs.netgate.com/pfsense/en/latest/bridges/index.html

Create a series of firewall rules to intercept and redirect DNS traffic to pfSense. Configure Unbound to listen for DNS requests on OPT1. Unbound can then either act as a resolver and serve up the appropriate web addresses or forward those requests to your DNS provider of choice. pfBlocker can also be used on pfSense defined interfaces (WAN, LAN, OPT1....) to filter content, IP ranges, etc.

Hope this helps. I'm far (far, far) from an expert but let me know how you want to proceed.

Cheers.

@smoothrunnings said in Is there anyway to whitelist?:

@nogbadthebad I think maybe you are missing the point there. Terra-master.com which is a Chinese company who makes the TerraMaster NAS box mail servers are all behind the great firewall of China. For me to get onto their forum requires me to open a connection to China with them.

The NAS box, just like my Seagate 4bay NAS boxes let folks know when there is a FW update, it does this by talking to home base everyone once in while. Its also what pfSense does, to let you when when there is an update to your firewall OS.

I'd be very wary opening an inbound connection that would possibly allow them access to the NAS that then has full access to the LAN.

FYI I get informed of updates from Synology without having to open an inbound connection, the device polls their server.

@nprog Use Smart YouTube TV