@mark-mora See this thread:
https://www.reddit.com/r/pfBlockerNG/comments/azwpu2/dnsbl_webserver_https/

I did some troubleshooting and I honestly don't know exactly what the issue was but here is a list of steps I took to get it working again:

General Setup Set loopback address on top followed by DNS IP(s) or leave everything blank if only using Unbound DNS Server Override unchecked Disable DNS Forwarder unchecked DNS Resolver Network Interfaces > only select local ints including LAN. DNS Query Forwarding unchecked DHCP Registration checked Static DHCP checked DHCP Server set your DNS Server to the LAN's IP int On each of your DHCP Clients Renew lease or perform a network reset On each of your Static Clients Use the IP int as DNS address

@provels said in Devel Version GeoIP Tutorial:

If I deny a country but the traffic is blocked by default anyway, either way the FW has to make a call. Same/same?

That was what I was writing. It makes no sense to "double block". On the other hand I see no sense - for example - in allowing only certain countries access to an OpenVPN port. If that is configured properly there shouldn't be that much more hits or traffic or connection attempts than normal port probing anyway.

@provels said in Devel Version GeoIP Tutorial:

I find the ad blocking extraordinary as well as the default outbound blocks to suspect hosts/IPs

I agree, that's two use cases I see pfBNG perform very well. Also logging those requests against suspect IPs is a good start in finding out if a box is just noisy or perhaps compromised. A client of ours was "protected" (aka lucky) to have it as one user got himself a crypto-trojan and it couldn't contact the control server so stayed dormant. Not a huge protection bonus but more like a "small additional line of defense". :)

@RonpfS I asked BBcan177 on reddit if he recommends this instead, as the next fix I believe will not be out for a while. Maybe BBcan177 could chime in on this thread?

Regardless, thanks for fix!

EDIT: per BBcan177: I have a PR to fix this and its waiting on the pfSense devs to approve and merge. So either way will work until the next version is available.

I had reset the configuration and I think it was the one to remove the modification made, however now it works as before, I thank everyone.

NAT happens before firewall rules are applied so if you are port forwarding, say, WAN address:80 to 192.168.1.100:80 you need to pass traffic to 192.168.1.00:80 on WAN.

The automatically-generated rules on a port forward will always do the right thing.

If your resolving and having problems - you need to figure out where your having problem following down from roots..

Do a dig +trace to find out where your problem is.. That returns a cname, which then would have to be resolved as well

$ dig feeds.megaphone.fm ; <<>> DiG 9.14.1 <<>> feeds.megaphone.fm ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8931 ;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;feeds.megaphone.fm. IN A ;; ANSWER SECTION: feeds.megaphone.fm. 3599 IN CNAME cds.f3d9q2w8.hwcdn.net. cds.f3d9q2w8.hwcdn.net. 3600 IN A 69.16.175.42 cds.f3d9q2w8.hwcdn.net. 3600 IN A 69.16.175.10 ;; Query time: 513 msec ;; SERVER: 192.168.3.10#53(192.168.3.10) ;; WHEN: Sun May 19 20:50:02 Central Daylight Time 2019 ;; MSG SIZE rcvd: 115

@HansSolo Configuration is listed under Firewall\pfBlockerNG. Status is listed under Status\Services. I'm using the Devel version which is much more plug/play than the Release version.

@NogBadTheBad

Yeah I can promise you for sure that people that run tor exit sites might also be members of the ntp pool.. NTP doesn't limit who can join - your IP just needs to provide stable time.. Which is checked and if your score drops below 10 then your IP is removed from the pool until its score goes above 10, etc..

You could deselect the "Save settings" check box on the first page and then uninstall/reinstall or
rm -rf /var/db/pfblockerng/ then force an update.

All comes down to what key words used ;)

While the search feature here is for sure not going to be giving google a run for its money - hehehe

You can find stuff.. But prob best to do is just manually look for threads in the section that makes sense, especially if you think something has recently broken or happened to cause a problem.

keywords.png

I'm new to using pfblocker and just had the same issue. I noticed you are using squid as i am also. pfblocker will not filter ip addresses while squid is enabled. I tested enabling and disabling it. I'm not sure what the better option is because i cant get pfblocker to filter https. so currently i'm just using pfblocker to filter dnsbl

Yup got it. I didn't know it could create aliases I could use in my own rules ! Much better.

yep that is the option I was looking for, many thanks!!!!

Without knowing more about what you're trying to do the following configuration should create a rule similar to the screenshot you posted.

Replace "Alias for your 10.40.2.56 IP" with an alias you created that contains that IP and select the appropriate gateway at the bottom. Protocol can't be "any" for advanced rules but "TCP/UDP" is the best you can do.

This rule will allow all TCP/UDP traffic from 10.40.2.56 to get to the gateway but it cannot force all traffic from 10.40.2.56 to go through the gateway. That would require a routing rule, not a firewall rule (outside the scope of pfBlockerNG).

IPv4Rule.jpg