This makes more sense than pfblocker being the issue. Another option would be to assign your phone(s) a static lease through DHCP and then create a rule which allows any traffic from that IP out from any port. I don't have Vonage, but in the office we have a different VOIP service and that's what I ended up doing. I followed all the documentation and opened all the ports they said were required and still had issues on some phones, so I got tired of that game. I added all phones to an alias and with one rule solved all those issues.

Thanks for fixing the cert. All good now. 👍

@pooperman Click on the : the '/' isn't allowed.

@netblues said in bbc_c2 fails to download:

mething was forgotten on the bbc site and now things are "fixed" .

https://www.reddit.com/r/pfBlockerNG/comments/i139ob/fyi_bambenek_feeds_gone_commercial/

@johnpoz
Green Lock was a figure of text so to speak, I have a grey lock to be accurate and thank you for your help.

@dsimmons1977 Well, that's unfortunate.

I'm running the pfBlockerNG-devel 2.2.5_33 if that helps.

My pleasure. 🙂

@CodingGenie NVM ALL GOOD FIXED IT! It won't let me delete the post.

Has it been released ? Last time I used pfblocker for a few month ago I didn't see any Regex blocking option.

Best Regards

@bmeeks Thank you bmeeks I am somewhat tech savvy but other times I am paint by number type guy I watched abut 6 different videos on how to setup pfblocker and not one of them had anything for putting in the settings for a preferred DNS when doing a static IP address on a computer and out of habit I put in opendns server IP

@bhjitsense said in Is my install of pfBlocker hosed?:

I found what was causing the issue.

The forum is good, because it makes you think... 😉

I found this answer elsewhere that will allow maintaining a proper whitelist instead of disabling the entire Top Spammers feed . "You can add Canonical, Inc's ASN to the IPv4 source list and permit outbound. It's AS41231.

In the IPv4 category, click the green Add button at the bottom. Click the Format pulldown and select ASN. Click the State pulldown and select ON. In Source, type in AS41231.

Under Settings, click the Action pulldown and select Permit Outbound. Under Update Frequency, select Weekly.

After you save it, force an Update or wait for it to run at the next scheduled time.

Many enterprises have at least one ASN, so I think it's a pretty good tool to use to automatically maintain an IP whitelist for each organization.

You can use https://bgp.he.net/ to search for ASNs.", /user/ontheroadtonull

@dgall P.S when I changed my computer ipaddress I cleaned the Cache cookies history and rebooted before retesting

@RonpfS
Got it, thanks

@securli said in Bug report: PfblockerNG add 1.1.1.1 when threat source input is empty:

@JeGr Thank you very much, this bug is so stupid, it should check the downloaded file is zero or not instead of random block an IP address.

That's what it does. But pf can't handle empty files/lists so it has to be at least one entry in it, that's why in the old version there was a default value - 1.1.1.1 - long before that IP was made a DNS service by Cloudflare and APNIC. That's why it was changed to 127.1.1.7 per (new) default.

@CyberMinion said in DNSBL: Whitelisted URL still being blocked:

I do have TLD enabled at present.

Hello!

Make sure to follow the "Click infoblock before enabling this feature!" text under the TLD option. There is a section on TLD Exclusions and whitelisting.

John

@bhjitsense said in Testing DNSBL with DNS Lookup:

firewall itself is somehow exempt or is bypassing DNSBL.

The firewall is using "127.0.0.1 - port 53" - on on that port unbound, the resolver is listening.
That is, if you did not add other servers, which isn't needed.
(people tend to throw in 1.1.1.1 - 8.8.8.8 - etc and then strange things happens ;) )

One option i have considered is manually altering the /var/db/pfblockerng/dnsbl/Shallalist_porn.txt to just include the www versions of those site in addition to those without www.

Would that be a mad idea?