pfBlockerNG-devel v3.1.0_9 / v3.1.0_15

smolka_J

This post is deleted!

smolka_J

@sensei-two
@xpxp2002
Something that may help you with the above to make sure everything is hitting the firewalls right:

for NAT port forwards

and

for Outbound NAT

smolka_J

Found my fix:
BBcan177BBcan177 MODERATOR 12 days ago
@bob-dig @cjbujold

See the patch here and report back pls.

From the Shell or pfSense GUI > Diagnostics > Command Prompt > Execute Shell Command, run this command to download the patch.

curl -o /usr/local/www/pfblockerng/pfblockerng_category_edit.php "https://gist.githubusercontent.com/BBcan177/1a33c42d0a61f3ddd9c2f1b1d514ed83/raw"
"Experience is something you don't get until just after you need it."

Website: http://pfBlockerNG.com
Twitter: @BBcan177 #pfBlockerNG
Reddit: https://www.reddit.com/r/pfBlockerNG/new/

matthijs

When enabling IPv6 DNSBL I get the error "There were error(s) loading the rules: no IP address found for <My_IPv6_Prefix>::1017171 - The line in question reads [n]

As you can see I run the DNSBL webserver on a non default IP (default IPv4 is 10.10.10.1, and default IPv6 is ::10.10.10.1)

So its looking for <My_IPv6_Prefix>::1017171 , but I think this should be <My_IPv6_Prefix>::10.17.17.1 instead

I have the floating auto firewall rules and the DNSBL aliases correct.

Is this a bug? I am running version 3.1.0_9

Kr, Matthijs

smolka_J

This post is deleted!

smolka_J

@matthijs I'm on the same version on 22.05. It did seem to update my alias entry as well as my IPv6 on the Firewall->Virtual IPs tab to ::10.17.17.1 when I changed my DNSBL webserver IP to 10.17.17.1 after first disabling pfBlockerNG and saving on the General tab first, adjust webserver IP setting, then re-enable on General tab and then Update tab->Force reload ALL. Any adjustments you make in pfBlocker aside from clicking to whitelist an IP or domain from the alerts tab which can effectively live load on a running config once a minutes or so, it is always best otherwise for all other settings adjustments to #1 disable pfBlocker first, #2 adjust, #3 re-enable, and then #4 force reload. Otherwise, erratic unexpected behavior will be expected, as applies with nearly any firewall/router. ANY one letter and/or number/setting variance applied to any order of rules/IP addresses/domains will shift an entire stack of one group of all of this info one row different than its original placement against the next stack/table of information the other stack is pointing to originally all in alignment now staggered. You may have to disable it, restore pfBlocker default settings to start at a fresh config sheet schematic and make this adjustment before enabling pfBlocker which in turn writes those states table/firewall entries at that point.

matthijs

@smoke_a_j

Thanks for the information, I will try this and give feedback here if this method will fix the issue

matthijs

@smoke_aJ

I did exactly as you descibed but the issue is still there.
I also updated to version to 3.1.0_11, but also with this version I got the same problem.

I got the weberver interface on a different physical interface then LAN. (I got it on interface DMZ1). Maybe this is the issue. ?

"Select the interface which DNSBL Web Server will Listen on.
Default: Localhost (ports 80/443) - Selected Interface should be a Local Interface only."

BBcan177

@matthijs try to use "localhost" as that is the default setting

matthijs

@bbcan177 I will try, but then why is the option to select an interface there? I will test, and report back the result

Kr,

Matthijs

mcury

Upgraded to this version: 3.1.0_11 and everything is working for me, thanks for your hard work BBcan177, awesome tool.

matthijs

@BBcan177
@smoke_aJ

I again applied the steps as smoke_aJ suggested after a reboot. I do not see the error message for 45 minutes. It lookes like its solved now. I will keep you informed if the error message is coming back.
Thanks for the help and information

Kr,

Matthijs

matthijs

Unfortunalty the error came back after a filter reload.

Filter Reload
There were error(s) loading the rules: no IP address found for <IPv6_Prefix>::1017171 - The line in question reads [3781]: @ 2023-01-21 20:30:30

I will try to change the webserver interface to localhost, to be continued...

matthijs

@BBcan177 , @smoke_aj, Good news, I assigned the DNSBL webserver to localhost instead of the DMZ1 interface. Now everything is working and I am not seeing the error message again. Also after a filter reload the error stays away. So I guess as soon as you chose a physical interface (in my case LAN or DMZ1 or DMZ2) instead of localhost for the webserver, and in my case also a non default port number (8080 8443) and enabling Ipv6 the bug manifests itself. Can you replicate this behaviour ?