201k is ok !

Looking at your dhcp leases should help... Most devices register a name - that should help you identify them.. If its something odd.. Looking up the mac address should tell you who made it, or atleast the nic/wifi card its using.

If wired another way to figure out what a device is, if you have smart switch that will show you the mac address table is look up the mac to what port its on, and then just trace the wire.

Many devices also list their mac on them, or can be found in info screen, etc. If trying to figure out which mac belongs to what - normally a reboot of said device will have it check its lease - so looking in your dhcp log for timestamp of what just asked as you rebooted it.

another option - if all your devices answer ping, some iot devices don't.. Is do a ping sweep for what answers, then turn off some device you don't show in your list, and do your ping sweep again - what was the IP that answered before, and now doesn't ;) What device did you turn off ;)

Thank you! I cannot believe I did not look at that setting. I've ensured safe search redirection, youtube restrictions and firefox DoH blocking are all disabled, which i think is the default.

Problem solved. thank you very much.

I did the upgrade from .35 to .36 today and did not get this problem this time, so it could be that it something unique to my configuration at the time.

My tech guys
Use the notepad++ & m$ excel combo
Means creating 100 and more lines
If /24 doesn't do the trick

Another way round is set an alias in FW rules
For /24 and before that rule allow your Adress range

All is good now. Thank you for your time. Somehow "cat" command got the service started. I don't understand it, but will take it.

Thanks guys this appears to be working.

@llebgrate said in GEO-IP not logging:

Fixed. Thanks.

You Welcome 😉

Hello jdeloack
Thanks for the feedback.
the ambassador update is scheduled for next week.
I tried to replace the current package with the devel but for that I will need to update the version.

Immensely grateful for the help.

Soooooo...........

Somehow I deleted the WAN rule the is auto added at the time you do the NAT rule. This I do not remember doing at all but I am so dumb.

I really should have checked,. It came to mind when I was telling someone that "I can't figure out why the default rule is blocking it the only way that would happen is if I moved a rule to block or if I deleted it"

It clicked how stupid I am as I was saying it to the person.

PEBKAC

So I've tried to add custom lists to IPv4 but those only seem to resolve the top level.

I'm having a difficult time understanding how the technology can white list .avid.com which includes all the sub domains of avid.com, but it's impossible to block everything except what is white listed....

I mean this is a pretty typical need I imagine. A lot of people use whitelisting only for outbound traffic.

On sonicwall it's based in the Alias rules themselves. But on pfsense it seems like the developers of pfblockerNG have giving the ability to whitelist .avid.com but not the ability to block all other traffic...

I guess thats why i'm so confused. Because I can clearly see that i can use .avid.com on DNSBL to white list avid and all it's sub domains, but I cannot figure out how to deny all outboud traffic, except .avid.com

@nasheayahu said in Local port upon which DNSBL Webserver will listen for connections. The default port is 8443.:

My Unify uses port 8443, so my question is, if I keep this default

f6e7d7b3-d370-40a2-9a15-c48e98c2a6f9-image.png

You should read

This Port must not be in use by any other process on pfSense.

@nasheayahu said in Local port upon which DNSBL Webserver will listen for connections. The default port is 8443.:

2nd Part Question, even though its using 10.10.10.1 IP at 8443, this will not effect my Unity using 192.168.1.100 8443

Not at all.

@serbus
I removed RAM disk and it works correctly.
I also opened a bug report for this in the bug tracker.

Thank you very much for your time and your help, greatly appreciated.

Laurent.

Use "view":
https://forum.netgate.com/topic/129365/bypassing-dnsbl-for-specific-ips

2.1.4_22 ?

I would say everybody was using the latest version - pfBlockerNG-devel 2.2.5_34 - not the ancient one.
2.2.5_34 is rock solid according the author. There is no active development for 2.1.4_22 any more.

So .... upgrade ?

edit : oops - didn't saw the two messages after the initial one.
2.2.5_34 works for you ?