• Edit blocking pages in pfBlockerNG

    5
    0 Votes
    5 Posts
    1k Views
    GertjanG

    Install the latest version pfBlockerNG-devel 2.2.5_32

    This will show you what you need to know explicitly :

    b0183606-b46e-4d3a-a8cd-401a9fc11ac9-image.png

    Implicit :
    You need to know how to access the pfSense file system.
    You need to know what a file is. What a PHP file is.
    Then use "dnsbl_default.php" as a starting point to write you own php file.

  • Not convinced DNSBL is working

    4
    0 Votes
    4 Posts
    467 Views
    TheCableGuy96T

    @NollipfSense I think I sussed it...

    I had the Alexa Top1M set to 500K thinking this was a verified list.

    I've changed it 10K and it seems to be blocking everything in the list now.

    Anything wrong with using this list or setting it to 10K if using it?

  • pfB_PRI2_v4: Cannot allocate memory

    3
    0 Votes
    3 Posts
    448 Views
    J

    Thanks @jazzl0ver, I found that article a couple days ago. So far error hasn't returned however previously it would come up at random times, not consistent hence fingers crossed.

  • Bypassing DNSBL by IP and URL

    1
    0 Votes
    1 Posts
    95 Views
    No one has replied
  • 0 Votes
    2 Posts
    234 Views
    jimpJ

    On 2.4.5 that is not indicative of the size of your tables. If it was, it would have a different error that says there are too many entries. This error on 2.4.5 means that it didn't have enough memory at that moment to load the table. Generally it's non-fatal, however, as a later filter reload will likely succeed.

    Check the table in question and see if it contains the values you expect. If it does, there isn't likely much to worry about.

    This can happen on systems with low RAM or many packages running which consume memory (especially kernel memory).

    It should be better on 2.4.5-p1, though that particular scenario is more difficult to isolate and test.

  • pfblockerng-devel causing browsers security alert

    Moved
    3
    0 Votes
    3 Posts
    344 Views
    NollipfSenseN

    @gnichols said in pfblockerng-devel causing browsers security alert:

    I've installed pfblockerng-devel but having a problem with browsers throwing an privacy/security alert on google ads and other links tied to google services. It appears that it's breaking HTTP Strict Transport Security. I want to continue using pfblockerng but is there a way to fix this? Any help is appreciated!

    That's because you enabled rules that blocks those domains with ad content ... you can go to Firewall > pfBlockerNG > Alerts then scroll down to DNSBL then look for the domain you wanted to visit and click the plus symbol (+) to add to whitelist.

  • Trying to bypass DNSBL

    3
    0 Votes
    3 Posts
    433 Views
    B

    @RonpfS
    I tried that, but I'm only able to get an entire interface to bypass DNSBL. The top post shows where they are able to get a single host to bypass DNSBL, while everything else in that /24 is sent DNSBL That part doesn't seem to work for me.

  • How to use multiple geoIP aliases?

    2
    0 Votes
    2 Posts
    149 Views
    BBcan177B

    In the IPv4/6 tabs (devel version) you can change the "State" setting to "GeoIP" and use that to create your own combination of ISOCodes as required. The Source field is an autocomplete field, so after a few typed characters, it will show all available matches. Then use the TAB key to auto-populate the Label field.

  • 0 Votes
    11 Posts
    1k Views
    NollipfSenseN

    @n257jy I would add to custom list than ditch the feed ... congrats on the self-learning that brought you more confidence as network administrator.

  • WAN Rules

    1
    0 Votes
    1 Posts
    218 Views
    No one has replied
  • 0 Votes
    2 Posts
    223 Views
    GertjanG

    Hi,

    Look at the pfBlockerNG-devel Reports page. Look at the Alerts and DNSBL lists. Look for the IP your device us using, and then a destination that should have a relation with this "sagepay " (whatever that is).

    Note : Feeds used by pfBlockerNG are created by humans like you and me - most often 'just for fun and to help the community'. They could be useful for some one, contain IP's that shouldn't be blocked for others. It's NOT an exact science.

  • DNSBL Auto whitelisting happing ?

    11
    0 Votes
    11 Posts
    2k Views
    L

    @jot thanks for the info. You are right. Though I do not understand why to force whitelist google and yandex subdomains which are used for ads - ads.google.com|adservices.google.com. I just can not block ads if I enable safesearch option

  • pfblockerng ASN aliase rule doesn't seem to work

    21
    0 Votes
    21 Posts
    4k Views
    A

    Resolved.
    Just an update on the issue if someone ever face the same problem.
    I reinstalled PFSense, then PFBlockerNG-DEV.
    I didn't create any auto-rules and only uses native aliases. Maybe it's something obvious, but in my case they didn't play well together. I installed ntopng to find out all the required ASN, there are a few more than just netflix/youtube for the APPs. However, I got a second problem from time to time I wouldn't get an IP from the WAN and many dpinger send-to error 65. The problem was my onboard NIC is a RealTek and not Intel. Moving the WAN to an Intel port seem to fix the issue for me. I understand the recommendation is to use Intel.

    Thank you John for your time and help!

  • Peculiar pfblockerng / tld blocklist & whitelist behavior

    3
    0 Votes
    3 Posts
    410 Views
    I

    In the end I disabled tld blocking since it led to many issues allowing certain sites with their own subdomains. I am maintaining a blocklist of individual sites. This is more effort but more reliable for use.

  • Filtering outgoing traffic

    11
    0 Votes
    11 Posts
    1k Views
    M

    @johnpoz Well, honestly ... I would love to use the pfBlocker, as this seems to me 'easier' solution as it is already implemented and working. The shallalist is available there as well ... the only thing I am not sure is how I split the filtering for:
    parents -> DNSBL, Ads, IP
    kids -> all the above + categories
    But let's see, maybe someone else comes with some other views.
    Thank you.

  • Re: [Blocking Youtube Ads]

    1
    0 Votes
    1 Posts
    230 Views
    No one has replied
  • ip2location as alternative for MaxMind databases

    35
    1 Votes
    35 Posts
    9k Views
    A

    @johnpoz
    Actually when some other agency or corporation gets MinMind customer database plus the ISP databases that nowadays you can bet are automatically available... yes then someone could have a complete picture... it amazes me how people don't care about privacy and don't seem to understand that no privacy means no democracy... Do we still value democracy over money or convenience?
    You don't know what actually MinMind is... so I suggest updating pfblockerng to use another geolocation database and prepare it to accept more easily other options. There's always the possibility of a fork.

  • dnsbl PHP reset every minute

    6
    0 Votes
    6 Posts
    980 Views
    SnowaksS

    I am having this same Errors. Did you ever get yours fixed? @Ronpfs Just Because you do not use some thing, Does not means he should not ? THATS pretty backwards thinking!

  • Fast way to whitelist domains?

    1
    0 Votes
    1 Posts
    125 Views
    No one has replied
  • New pfBlockerNG feature - SafeSearch

    3
    6 Votes
    3 Posts
    2k Views
    P

    DoH feature disable is absolutely great

Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.