I read your post, checkpointed my VM and upgraded pfB. Saw the same thing. Rolled back, Maxmind back. Rolled forward, Maxmind still there... Huh. Rolled back, upgraded pfB again, Maxmind there. Maybe try dumping browser cache or rebooting pfSense. All I got.

If you set pfBlocker to "native alias" instead of block, that will just create an alias and you can create your own block/allow rules however you want them.

@provels I'm using the free version so I don't really have any active scanning going on. I think I'll stick with just not having it running at the moment, but that's not a bad idea.

@fireodo said in pfblockerNG: delete list:

Hi, here you maybe find your answer (see the post of "BBCan177")

https://www.reddit.com/r/pfBlockerNG/comments/dmm8za/cant_find_feed_causing_ip_to_be_blocked/

Regards,
fireodo

Thanks, this worked for me.

@johnpoz said in pfBlockerNG MaxMind Registration required to continue to use the GeoIP functionality!:

Just pick IT, and security for its use.. That is not lying at all..

Your "home" company, IT and security is how its used..

Ended up picking Security and ''Utilities''. Thanks for all your help guys.
I'm setting pfblocker up eight now and it's already started doing a great job.

@blackops786187

I didn't see anything in the logs that you posted that stands out as an issue but, a quick Google search for "pfblockerng dnsbl service not starting" brought up some other ideas. You might give that a try if you haven't already Googled this issue.

One thing that caught my eye was, Do you have DNS resolver enabled in your pfsense settings? DNSBL requires the DNS Resolver to be enabled.

Maybe some other folks will chime in including @BBcan177, the developer of pfBlockerNG, if he has time.

@Making_sense_of_pfSense said in 404 on EasyList_Adware:

I'm wondering what pfBlockerNG users are supposed to do when block lists go offline.

This, Firewall > pfBlockerNG > Feeds is what should be seen as a list with possible feed suggestions.
Most feeds are created and/or maintained and/or hosted by non-profit organisations - some of them are just guys like you and me, who pay for their server, and offer their free time.

Before the pi-hole / pfBlockerNG / other DNSBL mania, only a small number of people actually used these lists (feeds) as they knew what DNS is all about, and how to implement the lists into the local DNS cache/resolver.

Now we have a lot of pi-hole / pfBlockerNG / other DNSBL, and these feed-servers get hit real hard, especially by those who force update their lists every hours (even when they know it's actually updated on the server every week or less frequent) : the server gets overloaded, the hoster sends bigger bills to the server owner .... and he looses interest as he starts to lose $.
Or the feed owner just stops hosting it - as it is a lot of work - live goes on, etc.
The feeds stops ...
That will happen all the time.

When you use pi-hole / pfBlockerNG / other DNSBL, you gave yourself a weekly (monthly at a max) task : check if the lists you use are still maintained, and shift to others if needed. This will be the 'price' you pay - as nothing is for free - never.

@Making_sense_of_pfSense said in 404 on EasyList_Adware:

Will future updates of the package fix the issue by replacing the offline list?

I guess that : when a new version of pfBlockerNG comes out (that is : pfBlockerNG-devel, as pfBlockerNG isn't developed any more) and the pfBlockerNG author knows that the feed is gone, he could update the "Feeds" page.

I did it...

Made sure the settings are saved on package delete and then deleted the package.

Rebooted the FW and installed the devel branch. No problems at all.

there is nothing to worry about, just make a backup of you configuration from diagnostic / Backup and Restore just in case.
uninstall pfblockerng and install pfblockerng-devel
You probably only need to reconfigure it
there are no particular precautions or particular problems to take into account
the code is just more updated and stable, pfblockerng is old and will be removed in the future

@AKEGEC

i feel ya !

the next step is to block the google crawler ip ranges ;)
if you have an open webserver behind your pfS box ;)

@viktor_g said in Finally found the bug!:

https://docs.netgate.com/pfsense/en/latest/development/bug-reports.html

I can sure do that...

Bug ID #10983

@cayossarian
Thanks! I was having the same issue. Things just werent being resolved to the VIP. Ended up following your above post. Thanks!

@blackops786187 said in Pfblocker Permit Inbound Confusion:

've got the UK geoip whitelist working by using the alias native settings and choosing only the UK countries. I added that alias to the source of the OpenVPN rule and ive confirmed its working as intended

That is how I would do it.. I use geoIP lists in pfblocker to limit could can talk my plex server for example.. And have the port different as well. To cut down on noise..

Thanks for feedback.

I used site.com as an example. did not realize SF had purchased that domain :P

I'm hesitant to start whitelisting sources of ads as that defeats the purpose of having an adblock list. What I ended up doing was blacklisting the source of the JS file that does the validation and puts up a modal disabling the user from using the website. Solves my problem, which was being able to use this website, with ad block, by a user who is on a phone and not technical.

thank you for help!

Yes - changing default values certainly can be a pitfall, but as they are default values at the same time they can/should be changed as default port values are ultimately a standard point of entry and is actually good practice in hardening security - nes pas? Granted that not all scenarious require this, it is still a suggested practice (and has demonstrated it's validity in time). My bad here was not realizing there were 2 services using the same port as no major red flags were raised: what was surprising to me was the non-report of any errors when scrutinizing the default logs. Upon digging further I see I was not the only one in a similar situation as can be read in this post:
https://forum.netgate.com/topic/133712/pfblockerng-devel-2-2-1-upgrade-fails-to-start-pfb_dnsbl-service

While the issue here was an unexpected overlapping of IP ranges, the same anomaly was seen (unable to bind).

The fact that there is nothing immediately reported in the logs is puzzling and only a manual restart from the shell can reveal this as shown; maybe this should be appearing in the standard log for quicker corrective actions (just my humble suggestion) keeping in mind that errare humanum est (sed perseverare diabolicum!).

@mass said in pfblockerNG Error:

Increased Firewall Maximum States size to 500000

I would leave Firewall Maximum States set to default, whatever was there before you changed it

The entry that you need to change is: Firewall Maximum Table Entries to 2000000.

Right now I have the few pri1 I have enabled as permit/logged, I will be checking logs to see if any legit traffic from matched ip's.