Today I checked the log again and it shows 570893

pfSense Table Stats ------------------- table-entries hard limit 2000000 Table Usage Count 570893 UPDATE PROCESS ENDED [ 07/18/20 14:49:15 ]

Looks more realistic. I changed nothing.

@mcury
Wow! Okay. Now I think I had read that somewhere. Thanks for the help.

@trumee said in Error:

cannot load "/var/db/aliastables/pfB_Top_v6.txt": Invalid argument

Hi,

please read this:
https://forum.netgate.com/topic/143884/pfblocker-there-were-error-s-loading-the-rules

Install Privacy Badger and uBlock Origin on your Chrome browsers. Should help.

@psp said in (SOLVED) How to change pfBlockerNG rules order:

Just one note: don't use the prefix pfB_ as first string on "Description" for your own rules with pfBlockerNG aliases. This will ensure that your rules will not be handled by pfBlockerNG during updates.

Thanks you for let me know.

When @JeGr mentioned the 'alias Denys' option, I notice that there was a description on GeoIP explaining all available options, and notice that part.

From the DNS Resolver page in the pfSense manual:

DNS Query Forwarding:
Disabled by default. When enabled, unbound will use the system DNS servers from System > General Setup or those received from a dynamic WAN, rather than using the root servers directly.

Just the confirmation I was looking for :)

@vishal3213208 said in "Authentication failed due to problem verifying server certificate." error while trying to connect to Anyconnect SSL VPN.:

and thus blocked

Blocked IP's are shown on the report page / alert and or DNSBL
Up to you to check who / which device was using that Ip - was it pfSense itself ?
The IP must be in one of your feeds used.

I found an unbound error unrelated to these issues and fixed it. error: duplicate forward zone . ignored. Other than that, everything else was functioning properly. Must be some internal code, because all of my logs and settings are clean as a whistle. Thank you all for your kind help. I'll just chalk this up to experience and call it a day. Take care.

Post continued here due to a problem I had replying (it was marked as spam).

Feel free to delete this thread, sorry for the mess!

Oh, also, I think the command is

pfctl -t pfB_YOUR_ALIASTABLE -T replace -f /var/db/pfblockerng/YOUR_FEED_NAME.txt

the "-f" necessary to specify the target file.

I think we have addressed the issue, it was a rookie mistake. I should have place the IP address of the router interface on each VLAN as the DNS server instead of VIP address.

@Alex99 Yeah change that to deny and you will probably see your counter go up, I'm going to try that with North America (allow inbound) as well just to test.

This is probably a better approach than blocking all the countries: Pfblocker … is this normal after 3 hours of uptime

I have updated the PfSense to 2.4.5 but issue still persists.

Hi @BBcan177 any updates on this?
I could add also a small bounty on it if needed..

Thanks!

It would be cool to have a temporary list for sites that may be on a DNSBL for some reason, and one would like a one-time quarantine exception for 15mins period instead of whitelist permanently. Hoping that @BBcan177 will see this if there isn't a way to do it or share how to do it.

The solution I took was to go to a coffee shop instead of adding to whitelist ... a little inconvenient.