@bbcan177 oops.. I cleared it and it’s all good. Thanks. 👍👍

Thank you both for the sugestion. Already implemented it and it's working great!

@bbcan177 That's what I was afraid of. Guess I'm asking Santa for a computer so I can get the most out of this.

@rloeb said in pfBlocklerNG v3.0.0_6-devel blocking all outbound traffic?:

Thank you.

Do not mention it 😉

@thewismit said in Whitelisting guidance:

I need to curate the feeds?

definitely 😉

the pfBlockerNG installation (app) includes predefined lists, but this is everyone's individual taste and goal oriented...

Like:

ee9d8d53-fdc6-45b8-849c-154b6e9b6257-image.png

+++edit:

of course you can use multiple lists, but like I said, define your goal (in addition to what is specified in the DEV or not pre-installed)

always be careful with these, as it can be annoying to install a senseless lists

+++edit2:

one more thought, if you have to do too many things on a whitelist, think about whether you choose a good BLK list(s)? 😉

PfBlockerNG is not the tool to use for content filtering. PfBlockerNG is used to sinkhole content like adverts or malicious IPs/domains.

You want to use Squid or Squidguard and setup categories to block for specific groups of users, subnets or VLANs.

There are already guides out there on how to do this.

Just wanted to provide an update to this thread as someone helped me find the issue that was causing this.

NtopNG has threat feeds in it now and when it can't get to one of the feeds it just keeps trying and trying.

To disable you have to go into the admin interface go to settings and category lists and then disable the offending list giving you an issue. I went ahead and disabled all of them since this was such a problem to find as well as these lists seem to go up and down and I don't want it to just keep trying (outside of its setting to only pull them down daily).

hehe ok, ty sir.
I think I will not poke the bear and trust it is working!

@herman

You should be able to edit the thread title and tag - if not I can do it for you.

Thread marked.

@vesalius said in pfblockerNG TLD help:

dnsbl python mode

I wasn't 100% sure what the difference between unbound and python mode was, so I decided not to change it just yet until I had a better understanding. However, since you asked, I thought I would try it and see if it worked that way. I checked your other suggestions, and yes they were set as you mentioned.

After changing to python mode, TLD is now working - thank you! Also, pretty cool that my RAM usage is down to 15% now.. guess I didn't need the upgrade, oh well.

I did read the following post from BBcan177, along with the "more info" under "dnsbl mode", but was wondering if you had more info I can check out to better understand. Also, because of this, I didn't enable anything else under DNSBL other than TLD

More info
This mode will allow logging of DNS Replies, and more advanced DNSBL Blocking features.
BBcan177 post
https://forum.netgate.com/topic/158592/pfblockerng-devel-v3-0-0-no-longer-bound-by-unbound/2

@bbcan177 I have not set this Clear Widget Option afaik, still every night I am running into this error. Could it get triggered by something else?

@huskerdu
I noticed that some things being blocked via [ TLD ] are still showing as
Unknown Unknown
EX:
Unknown Unknown www.googletagmanager.com [ TLD ]
DNSBL-python | HSTS_A

Do you happen to know a fix?

@bbcan177 said in pfBlockerNG-devel v3.0.0_5:

@lcbbcl said in pfBlockerNG-devel v3.0.0_5:

I have a weird problem with the new version, if i enable HSTS mode for DNSBL, on reports i have unknown unknown for Lan but for Wifi is working fine.
Before the v3.0.0 i had web server interface set as LAN and now i set localhost.
Btw can someone guide me how to use regex?

pfSense 2.4.5 uses Unbound v1.10.1 which has a regression that fails to pass some information to the python modules. It has been fixed, but there is no way to upgrade Unbound to v.1.12.0 in pfSense 2.4.5.

In pfSense 2.5, it has Unbound v1.12.0, soon to be v1.13.0.

For the DNSBL Blocking part, you can enable the checkbox in the DNSBL Tab > DNSBL Event Logging , and that will stop the python integration from logging, and use the DNSBL Webserver to log the events. Unfortunately, that is only limited to HTTP events.

And for DNS Reply logging, there is no other workaround.

Not much I can do unfortunately.

Its recommended to use localhost instead.

For Regex, here is a list of Regexs that can be used:
https://www.reddit.com/r/pfBlockerNG/comments/k08n33/pfblockerngdevel_v300_no_longer_bound_by_unbound/gdkaod4/?utm_source=reddit&utm_medium=web2x&context=3

Regex seems to be like a add-on to PfB.
Thank you.

@bbcan177 said in Adding IPv6 Feeds from the Feeds Tab in pfBlockerNG v3.0.0_5:

@jdeloach

Edit /conf/config.xml

And find the "pfblockernglistsv6" tag, and remove the "<config></config>" line below it.

<pfblockernglistsv6>
<config></config>

That fixed it. Thanks for your prompt support of this great package.

@costanzo

See here:
https://forum.netgate.com/post/950929

Agreed that's a lot of lists 😮
Tone them down. The potential protection they are providing you are not worth the issues you are having and will have. I know it's tempting to add everything, hit save and walk away, but that's asking for trouble. Every now and then even well established lists that have been working fine for a long time can start to block legit stuff. It's the nature of the beast. Having many lists just makes it more difficult to track down which one is causing headaches. It is sometimes hard to track down which specific list it is so I think @Gertjan approach is best.

@azdeltawye said in Windows 10 machines constantly pinging Isreal IPs:

185.77.248.89

AS details for AS58018 :-

aut-num: AS58018
as-name: NETSTYLE2
org: ORG-NAL9-RIPE
import: from AS43945 accept ANY
export: to AS43945 announce AS-NETSTYLE
admin-c: DUMY-RIPE
tech-c: DUMY-RIPE
member-of: AS-NETSTYLE
status: ASSIGNED
mnt-by: RIPE-NCC-END-MNT
mnt-by: EC42500-MNT
created: 2017-01-02T14:57:40Z
last-modified: 2018-09-04T11:56:16Z
source: RIPE
remarks: ****************************
remarks: * THIS OBJECT IS MODIFIED
remarks: * Please note that all data that is generally regarded as personal
remarks: * data has been removed from this object.
remarks: * To view the original object, please query the RIPE Database at:
remarks: * http://www.ripe.net/whois
remarks: ****************************

IPv4 subnets for AS58018 :-

185.77.248.0/24

IPv6 subnets for AS58018 :-

2a00:55a0:3::/48

Wednesday, 9 December 2020 at 21:39:06 Greenwich Mean Time

I'm having the same issue with pfBlocker and NAT rules. I have no issues adding white-list rules for my devices that are on a directly routed subnet. But trying to figure out how to handle an allow rule for an existing NAT rule is causing issues.

Have you found any solution yourself as of yet?

@rtkluttz said in pfBlockerNG IPV4 problem:

Upgrade to pfBlockerNG-devel.

I am running Version 2.4.5-RELEASE-p1 and pfBlocker DEVEL 3.0.0_3