• Auto Order not Working?

    2
    0 Votes
    2 Posts
    226 Views
    J

    @TravisH

    From the info block -- I don't think anything has changed here --- your best to use Alias types and make the rules yourself, then when you place them in a specific order you want, they will stay in that order. Any of the "auto generated rules" will always sort based on the Firewall 'Auto' Rule Order.

    "Refer to the blue infoblock 'List Action' icon in the IPv4 tab for details on how to use 'Alias type' (ie: 'Alias Deny') instead of 'Auto generated rules', if required for your network design. Select the 'Order' of the Rules  Selecting 'original format', sets pfBlockerNG rules at the top of the Firewall TAB.  Selecting any other 'Order' will re-order all the rules to the format indicated! "
  • pfBlockerNG-devel from 3.2.0_19 to 3.2.0_20

    1
    2 Votes
    1 Posts
    251 Views
    No one has replied
  • Crash report when selecting GeoIP Top Spammer country from list

    5
    0 Votes
    5 Posts
    469 Views
    D

    @BBcan177

    Excellent, with fix 3.2.0_20 crash has been solved ! Thanks so much for all your support !

  • pfBlockerNG_devel commit reverse

    38
    12 Votes
    38 Posts
    6k Views
    TommyMooT

    Updated pfBlocker devel from 3.2.0_19 to 3.2.0_20 ..all good (on x86 qemu), GEOIP / ASN entrys etc. all working well, Thank you for the Update! 😊

  • What triggers ASN downloads if the ASN reporting is disabled?

    3
    0 Votes
    3 Posts
    466 Views
    W

    @jrey Thanks for reply.

    I have not registered for, and am not inclined to register for an IPInfo token as I am not intentionally trying to do anything with ASN features.

    Isn't enabling ASN Reporting going to create more notifications, not remove the one I'm trying to get rid of?

    Thanks

  • [SOLVED] IDN converted: [ can’t ] [ xn--cant-x96a ].

    2
    0 Votes
    2 Posts
    295 Views
    HorstZimmermannH

    lists are working fine now....

    i just updated from pfBlocker devel v.3.2.0_17 to pfBlocker devel v.3.2.0_19

  • pfSense-pkg-pfBlockerNG-devel: 3.2.0_18 -> 3.2.0_19

    1
    3 Votes
    1 Posts
    243 Views
    No one has replied
  • TLD allow - how to DNSBL whitelist local domain without a tld?

    6
    0 Votes
    6 Posts
    690 Views
    johnpozJ

    @rle well not understanding what problem your wanting to solve then.. Via dns your not going to be able to resolve trivy-server, the only way to resolve that is via it device talking to itself, ie its own name - or via a broadcast, or something like mdns which would be trivy-server.local and the device itself answering.

    In what scenario would asking for trivy-server of dns work, since it is not a valid dns query - so how would you allow it or not allow it in pfblocker in the first place.

  • Keep settings

    2
    0 Votes
    2 Posts
    211 Views
    GertjanG

    @Antibiotic

    6d334907-5940-4713-8648-83a23ed2c3d7-image.png

    was made for you ...

  • Custom Client Lists in pfBlockerNG

    6
    0 Votes
    6 Posts
    755 Views
    N

    @smolka_J said in Custom Client Lists in pfBlockerNG:

    I'm waiting for pfSense's move to the Linux kernel that's coming down the road ...

    Im sorry, what ?

  • Custom block list for specific subnet ?

    2
    0 Votes
    2 Posts
    323 Views
    GertjanG

    @mzeid said in Custom block list for specific subnet ?:

    pfblockerng block different lists for specific subnet

    While adding a new DNSBL feed here Firewal > lpfBlockerNG > DNSBL > DNSBL you can not select "use feeds only on interface LAN & LAN2" or "use feed only on interface LAN2 only", DNSBL feeds (filtering) apply to all interfaces.
    That is, this is valid when the "Python mode" is used.
    A feature request ?

    Btw : the above is 'very AFAIK, of course.
    For a school I would probably consider using a Pi-hole also

    As the DNSB Python filtering script is (I guess) aware of the requester IP, thus the network, thus the interface, it could be capable of 'per interface' filtering.

    In the past, before we were using pfBlockerng, and used handcrafted 'unbound' config rules, here :

    d451e5e1-6886-42ee-b577-9ea9f9d427c8-image.png

    we were able to set up DNSBL files 'per interface' (per network).
    This meant that this one was our guide line.

    @mzeid said in Custom block list for specific subnet ?:

    bypassing one of the IP addresses

    That's the policy group setting :

    e41d7108-7cd8-424e-acd9-d3b82e996bd6-image.png

    and from now on, this devices will bypass DNSBL filtering

    Btw :

    @mzeid said in Custom block list for specific subnet ?:

    teacher's computer

    I'm pretty sure the teacher doesn't mind he can't visit these sites neither ^^

  • DNSBL Category not working

    1
    0 Votes
    1 Posts
    272 Views
    No one has replied
  • optimize config with GeoIP Alias

    11
    0 Votes
    11 Posts
    1k Views
    S

    @johnpoz I get back here tmrw ... it's late already in my timezone.
    Thanks so far!

    edit: currently sick since monday ... I'll get back here asap

  • No more connection to the Internet

    2
    1 Votes
    2 Posts
    375 Views
    R

    Hi
    I have a similar problem. I have had PfSense for many years with no issues with PfblockerNG, recently I upgraded to latest version of PfBlockerNG 3.2.10. I lost full internet access for my single LAN. Turn off the pfblocker and reboot the firewall through GUI or console, Internet connectivity is back on. After trying to troubleshoot for a while, finally gave up and did a fresh install, problem is still the same.
    Another odd thing noticed in 3.2.10 version of pfblockerng is that the geoip to block and edit which countries to block, edit button was missing. Not sure if others have this issue or is this a bug in this release.

    Any ideas on what is causing the pfblockerng to break internet connectivity. I have a simple design:

    WAN interface, DHCP LAN interface, DHCP Class C addresses Pfsense current stable version 24.03 rel1 PfblockerNG 3.2.10 (currently not installed on a fresh install). Want to install and back with blocking ranges of IPs based on location/country

    I have another test PC that I can install the pfblockerng and test out the internet connectivity, hoping you can provide a tip to solve this issue.

  • "Deny Inbound" and "Alias Match" kill ALL outbound states during reload

    3
    0 Votes
    3 Posts
    409 Views
    T

    @tman222 Yes, disabling the "States Removal" for the particular list(s) is what I did as a workaround. I looked for the code responsible when I made the post and recall pfblockerng is behaving as described in my first post. That is, if an IP address in a list is found in states, and "States Removal" is enabled, regardless of the "List Action", the state is removed. I retired my investigation since.

  • Groups.IO access/no access

    4
    0 Votes
    4 Posts
    453 Views
    W

    @SteveITS A little snooping (thanks for tip), I may have found the culprit. Now to see if I can fix it. The logs told me what was happening.
    CINS_army_v4,lb02.groups.io,Unknown,null,+
    CINS_army_v4,lb02.groups.io,Unknown,null,-

    I unchecked/shut off the CINS_army feed and did a reload. That appears to have solved the issue. I'm just concerned why it was blocked recently. I don't stay up on some of this stuff, but even my work environment didn't block groups.io (and they block a lot).

  • pfBlocker remove Shalla and UT1

    12
    0 Votes
    12 Posts
    1k Views
    M

    @smolka_J No tweaking , i don't like that.

  • Firewall rules question

    5
    0 Votes
    5 Posts
    584 Views
    telservT

    @johnpoz Thank you for the detailed and quick reply! I'm still looking at it to ensure I understand.
    @ahking19 I did understand your message, and I created the firewall rules myself, as opposed to auto. Thank you.

  • Download failed for certain Lists "PFB_FILTER - 17"

    12
    0 Votes
    12 Posts
    1k Views
    S

    @Beerman Some form of fix will be but may be in a different area or dependency package that pfBlockerNG uses. That line wasn't present in 3.2.0_8 and earlier versions of the pfblockerng.inc so I'm assuming something had changed in the magic database file(s) that's used to determine mime types. I have a similar error on feed PRI4_v4 - CCT_IP_v4 https://cybercrime-tracker.net/fuckerz.php that is coming up invalid Mime Type application/javascript, while the same feed is working fine on my CE VMs on pfBlockerNG 3.2.0_8. Tried adding a line with 'application/javascript' but that didn't do anything for it specifically

  • changes to snort.org/talos intel ip block list affecting pfBlockerNG

    2
    2 Votes
    2 Posts
    2k Views
    S

    They had an earlier post about the upcoming changes as well which kinda explains it better:
    https://blog.snort.org/2024/08/upcoming-changes-to-snortorg-sample-ip.html

Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.