@bob-dig
It is not so crappy. ;)
Sorry to bother you - I will post everything you needed know to prevent you from signing up.

Thanks for your support !

@wizardofwhere I would get pfSense running good first before adding packages while you read up on what you want to accomplish as it sounds like you're somehow locking yourself out every 3hrs.

@bbcan177 that typing error was occured during making this post I tried to edit it but it does not let me to do so. its 192.168.100.0/24 .

Regards

@ex1580 I appreciate the post. I have the same TLD CN block and couldn't get past the OUT OF SYNC error until encountering your post. This does seem to be a defect on the surface but I'm interested to see how it ultimately resolves.

@harison Just off the top of my head I'd say to make sure that this setting is unchecked in Services/DNS Resolver/General Settings:

d2f51175-a5a1-4dcd-b29f-4fa90bf826ad-image.png

The above causes unbound to stop and reload itself every time a client requests a DHCP lease. During that time DNS resolution does not happen and therefore nothing trying to be reached by a domain name (www.google.com) can be reached on the net (unless it is already cached in the DNS).

Other than that, I think we're going to need a lot more info to help you. As a start, I'd suggest screenshots of your DNS and pfblocker settings as well as Status/System Logs/System/DNS Resolver and Status/System Logs/Gateways when the issue is happening.

When the web "crashes" can you ping 8.8.8.8 from the WAN as the source address in Diagnostics/Ping? What about www.google.com?

@bbcan177 said in "DNSBL Listening interface" best choice with VLANs?:

just keep it as "lan" and use the Permit firewall rule option to create a floating permit rule that will allow the other lan segments to access the DNSBL listening interface

Hello all,

I also work with the pfblocker and the DNSBL feeds.

What do I have to set so that the lists only work on the interface LAN?

Currently, I have the lists working on all interfaces.

I don't want that

@bbcan177 Thanks. I was hoping for a less involved solution. Though, I'll take what I can get.

@teamits
in other forums, they manage it the way, that maintainer/admin/mod is only allowed to post in that single thread. each version gives a new thread with the version specific changes. That will keep a history of the versions.

users can continue asking questions or whatever in different threads

@tzvia I had it set to 2.5. I had no idea that this setting impacts packages, especially since there's clear mention about this being related to firmware update...weird design.
Anyway, after changing it to 2.4.5, the _15 is gone from the list. Which I guess is ok.
Thanks.

@illern p1 fixed the kernel lock issue but this is another :(

@guilty

Figured out the issue. Google Wifi was causing this behavior. The only way I found out was hard wiring in. So Google wifi is doing something with the DNS requests as they come in.... why they do that...who knows.

I was planning on removing Google Wifi soon. This is yet another reason to get rid of it.

@bbcan177 said in pfBlockerNG 2.1x - fix for Talos feed and Cloudflare 1.1.1.1 DNS:
> I hear you

Man, I'm with you, you communicate poorly, these people believe in you, so in nothing else. OPEN SOURCE

Zombie thread resurrection as this issue is back due to a regression.

Link to new thread: https://forum.netgate.com/topic/161817/pfblockerng-2-1x-fix-for-talos-feed-and-cloudflare-1-1-1-1-dns

@rjk13230 ??? pfB has only ever had a entry under the Firewall menu that I'm aware of.

@mcury said in pfblockerng 3.0.0_15 not available in 2.4.5p1:

I really don't want to run with only one cpu

Right, I was just pointing that out as an apparent workaround until the PHP issues are fixed, for someone who can't downgrade and doesn't want to run with out Snort or pfBlocker. Haven't tried it myself.

re: 3100 date:
blog post: Introducing the SG-3100 Firewall Appliance
by Doug McIntire on 05 Sep 2017

is this normal behavior?...pfblockerng.log...

===[ DNSBL Process ]================================================

Clearing all DNSBL Feeds

TLD Analysis not required.
Stopping Unbound Resolver.
Unbound stopped in 2 sec.
Additional mounts (DNSBL python):
No changes required.
Starting Unbound Resolver... completed [ 03/5/21 03:00:03 ]
Restarting DNSBL Service (DNSBL python)cat: /var/db/pfblockerng/dnsbl/*.txt: No such file or directory
cat: /var/unbound/pfb_py_data.txt: No such file or directory
cat: /var/unbound/pfb_py_zone.txt: No such file or directory

@rtw915

The text that you highlighted is referencing IP "Match" types. Its not needed if you want to Block those IPs. pfSense allows creating Match IP Rules, to allow for the "Logging" of the event any nothing further.

@dalillama
So I assume that MaxMind was rate-limiting based on the cURL user-agent string. When the ID was missing, it was a generic string "pfSense/pfBlockerNG cURL download agent-". Then when the ID was found, the UA string was not rate-limited because it included the ID.

Sorry for the resurrection,

I seem to be experiencing the same issue, and my cron update won't go past 1 AM, and I'm on pfsense 2.5