@TechNetwork1 you must have unbound set to listen on all addresses.. Guess that would mean vips as well.

You normally would have to do nothing.. There is no IP that needs to go into the general setup, unless you wanting unbound to forward to something..

And dhcp would default to handing out the IP of the interface its enabled on.. Out of the box there really is nothing to touch here.

So say you had lan 192.168.1.1/24 on pfsense, and opt1 network as say 192.168.2.1/24.. If you dhcp server on lan would hand out the 192.168.1.1 to devices on that network, and opt1 dhcpd would hand ot 192.168.2.1 to its dhcp clients.

If your filtering then everyone would be filtered.

@anishkgt

Metoo, I love nano, use it since day one.

But you could also use the Patches pfSense package (a must have !)
Just create a patch, as is proposed in the other thread. No need to edit a file.

The problem is solved. It was necessary to remove the mark MaxMind CSV Updates

@neba just change the pfBlocker VIP to any nonexistent IP address/subnet. It’s used for the DNSBL block page which needs an IP for its web server.

@johnpoz 1.jpg

This is my update URL list.

https://www.spamhaus.org/drop/drop.txt

I get a whole list of IP addresses.

@BBcan177 Thanks! That did the trick. I appreciate the quick response.

Ok, thanks for a well written explanation. I don't expect to get complaints about "your network is wonky" on this topic.

Just an update that I'm still getting errors multiple times per day on the latest pfSense 24.03_1.

I get this error:

[87931:3] error: pythonmod: Exception occurred in function operate, event: module_event_new

Followed by this error:

[87931:3] error: pythonmod: python error: UnicodeDecodeError: 'utf-8' codec can't decode byte 0xa6 in position 1: invalid start byte The above exception was the direct cause of the following exception: Traceback (most recent call last): File "pfb_unbound.py", line 1410, in operate tld = get_tld(qstate) ^^^^^^^^^^^^^^^ File "pfb_unbound.py", line 584, in get_tld if qstate and qstate.qinfo and len(qstate.qinfo.qname_list) > 1: ^^^^^^^^^^^^^^^^^^^^^^^ SystemError: <built-in function _get_qname_components> returned a result with an exception set

@SteveITS Yes that has been enabled since long.

pfSense-localdomain-Firewall-pfBlockerNG-DNSBL.jpg

So thanks for pointing that one out, overlooked it, darn ;). will have a look at this log of all dns replies, so the not blocked events, in /var/log/pfblockerng/dns_reply.log

I confirm. Thanks to the people who quickly changed the code. 👍

@Antibiotic

should be resolved with the new pfblocker devel update

@pst right on appreciate it.

@DefenderLLC I wrote my note poorly...I meant, it wasn't linked on this page. I was on my phone and didn't dig into it, thanks for linking the reports.

pfBlocker has a setting for this which changes the order things are put in the rules.

However, you could also set pfB to not be on the floating tab, and be per interface instead, then the floating rules you put in place will be processed first.

e4f84476-91bd-4b2d-9bcd-fe7378455503-image.png