@slimypizza

Click on the ! icons in the Alerts Tab. It will show several different Threat Lookup tools.

Take a look at :
https://forum.netgate.com/topic/129365/bypassing-dnsbl-for-specific-ips

Resolved by enabling System > Advanced > Firewall/NAT tab > Disable all auto-added VPN rules.

@xraisen said in pfBlockerNG Wizard tool:

I have installed it and located the dnsbl_default.php to edit and put a police logo. Because here in the Philippines, it's a nationwide banning of Porn. At least my clients will be educated under R.A of the Philippines

You shouldn't edit the "default" web page. Best to copy this file to a new file and then select this new file in the DNSBL tab.

On a package installation, the default file will be replaced.

Check/Lower the size of Log Settings (max lines) in the General Tab

@bbcan177 Something else I actually came across as well, is it looks like pfBlockerNG is filtering the port based on a different rule? (A different name shows up): here

@jacotec said in Keeping google ad injections blocked but allow google shopping search results?:

Is there ANY way to allow clicking on these search results but leaving the google advertise injections blocked? Something like "whitelist googleadservices if the host website is google.com"?

No its one way or the other unfortunately... Just need to tell people to not click on the Google search results that have "AD" in the Title.

@retestreak said in pfBlockerNG cURL 28 Error when updating DNSBL:

[ raw.githubusercontent.com ] Domain listed in DNSBL

Whitelist that domain from the Alerts tab.

Thank you.

please check this answer https://forum.netgate.com/topic/96636/netflix-vpn-block-how-to-fix/19

Yup, "test.com" was in one of my lists. That explains it! pfblocker was doing its job. Thanks!

Sure it's not the stuff listed about the console here?

https://www.netgate.com/docs/pfsense/install/upgrade-guide.html?highlight=upgrading#upgrading-from-versions-older-than-pfsense-2-4-4

Hi @BBcan177,

Yes, i did. I also tried deselecting either one and disabling and re-enabling it.

@reilos said in Checked "DNSBL Firewall Rules" however no floating rule added?:

I have pfBlocker running on 2 interfaces, which i have selected in the list behind the checkbox.

Hi everybody,

I found indeed a solution to my problem and would like to share it here. It is not perfect, but what in this word is? ☺

My solution does not directly use pfSense. pfSense is only used to ...
a) configure a special DNS server address for selected DHCP clients (smart TVs and the like)
b) block access to the (uncensored) DNS resolver running on pfSense form said clients using the firewall

The special standalone DNS server (a Raspberry Pi in my case) runs the dnsmasq service. dnsmasq has two very handy configuration options. The magic incantations are the "server" directive and the "address" directive. (Note: One could also run dnsmasq on pfSense - but in my setup I already use unbound on pfSense and didn't want to risk messing with everybody elses DNS resolution just for this.)

With the server directive one can specify an address which we want to be resolved by a certain DNS server. The trick here: '#' as the target resolver means "use your configured standard server to forward the request to". Meaning: resolve normally. Im my case for Netflix I have:

server=/netflix.com/#
server=/netflix.ch/#
server=/nflxext.com/#
server=/nflximg.com/#
server=/nflximg.net/#
server=/nflxvideo.net/#
server=/nflxso.net/#
server=/netflix/#
server=/cloudfront.net/#
server=/d179kwmlpc4o47.cloudfront.net/#
server=/d2s336w63pl2vv.cloudfront.net/#

(the details seem to depend on geographic location - note I have a blanket "allow" for all of cloudfront.net here - the cloudfront host names are not necessarily stable)

The "address" option can then be used to implement the "DNS black hole" functionality:

address=/#/192.168.x.y

The first version makes dnsmasq return a fixed (fake) IP address for any DNS request not whitelisted using a server directive. The second returns NXDOMAIN instead of a wrong IP. I use the first. Look at the manpages of dnsmasq and dnsmasq.conf for details!

For some of my "smart" devices to function, I need to allow additional domains. One Samsung TV for example needs access to the domain time.samsungcloudsolution.com (among others). Otherwise it will not believe that it has internet access and will simply refuse to start the Netflix app - stupid "smart" thing!!

My solution kind of works, but adding a new "smart" device is always a hassle. And if you want to use another video streaming service, you have to find out the necessary domains to whitelist first.

This is the solution I am using. I hope this will help someone.
Andy

@bbcan177 The list with which I am familar is pulled by uBlock Origin, but I cannot determine which exact list it is. I did find the following lists, and I expect one is the list pulled by uBO:

https://www.zoso.ro/pages/rolist.txt
https://www.zoso.ro/pages/rolist2.txt

@akong77 said in Upgrade to newer pfblockerng have get error.:

Hello,
I upgrade lastest pfblockerng have got error.I use some command fix php error.
,,,

ssh to pfsense cd /usr/local/lib/php/ ln -s 20170718/ 20131226

That is not a fix, it just messes up things more.

https://forum.netgate.com/topic/135895/package-update-triggers-only-half-2-4-4-update

@aritus On my box I have selected WAN for Inbound, and LAN for Outbound. 😉

Ok, to anyone else running into this issue you need to ensure the "Keep Settings" is unchecked in the General Tab and then uninstall the package. Once that is done reinstall the package and it should work.

Oh, I see what you mean now! Thanks again.