pfBlockerNG 2.1x - fix for Talos feed and Cloudflare 1.1.1.1 DNS

DaddyGo

@neoaeon said in pfBlockerNG 2.1x - fix for Talos feed and Cloudflare 1.1.1.1 DNS:

My suggestion is to use the RFC 5737 compliant 192.0.2.0 instead of 1.1.1.1. 1

Hi,

we start this at the beginning
one.one.one.one + DoT - same thing like that

BTW:

yes, the suggested version is according to the package maintainer @BBcan177
pfblockerNG - devel

https://www.patreon.com/pfBlockerNG

+++edit:
this is not your version

BBcan177

Upgrade to pfBlockerNG-devel where these are both addressed already.

neoaeon

@bbcan177 said in pfBlockerNG 2.1x - fix for Talos feed and Cloudflare 1.1.1.1 DNS:

Upgrade to pfBlockerNG-devel where these are both addressed already.

Understood.

However, please understand the 2.1x series is still alive and being maintained and due to it's lack of -devel tag is recognized as the stable production version.

Additionally, any site still on 2.4.5-p1 waiting for the release after major (e.g. 2.5.0-p1/2.5.1) isn't going to run -devel anything .

DaddyGo

@neoaeon said in pfBlockerNG 2.1x - fix for Talos feed and Cloudflare 1.1.1.1 DNS:

Understood.
However, please understand the 2.1x series is still alive and being maintained

Hey Bro,

this is not relevant
the non-DEVEL version is not actively maintained

please switch to DEVEL

Hey @BBcan177 , why don't you run out older versions?
I read some stupid explanation about this (old version pfBlocker) somewhere, but is it?

BBcan177

@daddygo said in pfBlockerNG 2.1x - fix for Talos feed and Cloudflare 1.1.1.1 DNS:

Hey Bro,
this is not relevant
the non-DEVEL version is not actively maintained
please switch to DEVEL
Hey @BBcan177 , why don't you run out older versions?
I read some stupid explanation about this (old version pfBlocker) somewhere, but is it?

There are so many moving parts that Its hard to find the right window to push devel -> stable.... Lets see how it goes over the next few months.

DaddyGo

@bbcan177 said in pfBlockerNG 2.1x - fix for Talos feed and Cloudflare 1.1.1.1 DNS:

There are so many moving parts that Its hard to find the right window to push devel -> stable.... Lets see how it goes over the next few months.

Hey....

.... so you're saying what you haven't so far?
I think and in my experience the DEVEL is fit, but is that not clear?

so what do you recommend write here, pls

BTW:

many get lost in the jungle

neoaeon

@daddygo said in pfBlockerNG 2.1x - fix for Talos feed and Cloudflare 1.1.1.1 DNS:

Hey Bro,
this is not relevant

Despite my desire to not feed trolls, I'll bite

I disagree.

the non-DEVEL version is not actively maintained

Wrong.

https://github.com/pfsense/FreeBSD-ports/commits/devel/net/pfSense-pkg-pfBlockerNG

please switch to DEVEL

Nah, I'll keep providing support to anyone who wants to use the current production version.

Hey @BBcan177 , why don't you run out older versions?
I read some stupid explanation about this (old version pfBlocker) somewhere, but is it?

In spite of your lack of tact, you may have a point there.

@BBcan177, we emailed offline almost 3 years ago, while you were private beta-ing the 3 series. Apologies I never got around to providing feedback.

I provided a similar patch back then that was rejected.

I still maintain IMHO the use of 1.1.1.1 is and was inappropriate, in defiance of established practice and RFC, and unjustifiable to continue. Most especially in the face of the current landscape where 1.1.1.1 went from obscurity and common example language to top destination in the time between then and now. https://en.wikipedia.org/wiki/1.1.1.1#Prior_usage_of_the_IP_address

It's been quite awhile since you've been pushing folks away from the 2 series, why isn't 2.1x -legacy or something so 3.0 can drop the -devel tag?

I see your post below; Even absent dropping the -devel tag, -legacy could help in your endeavors to distance from the 2 series. Or even switching the 3 series to -current or something.

FYI, in nearly any regulated environment the presence of development code / developer tools on a production box is a finding. That -devel tag is begging to get anyone in Industrial, Energy, Healthcare, Finance, Government, etc smacked on their next vulnerability assessment.

BBcan177

@neoaeon said in pfBlockerNG 2.1x - fix for Talos feed and Cloudflare 1.1.1.1 DNS:

I see your post below; Even absent dropping the -devel tag, -legacy could help in your endeavors to distance from the 2 series. Or even switching the 3 series to -current or something.
FYI, in nearly any regulated environment the presence of development code / developer tools on a production box is a finding. That -devel tag is begging to get anyone in Industrial, Energy, Healthcare, Finance, Government, etc smacked on their next vulnerability assessment.

I hear you, and this is just one of many items that have changed in devel which should be committed to Release.

But understand that I do this all on my free own time. Developing and supporting the package is like a full time job.

Devel will become the next Release. Its just a timing issue with all the other flux that has taken place in its development. I try my best to support and develop this package on my own. Its a lot of work and I have carved out more time for my family as time is not limitless.

Pull Requests are always welcome.

Lets see how it goes over the next few months.

neoaeon

@bbcan177 said in pfBlockerNG 2.1x - fix for Talos feed and Cloudflare 1.1.1.1 DNS:

Its a lot of work and I have carved out more time for my family as time is not limitless.

I feel ya man, that's one of the only silver linings to this pandemic, more telework leading to increasing work/life balance. I wish you the best of luck on that front!

Pull Requests are always welcome.

I'm firmly on the Ops side these days, been a minute since I did anything more than play with git. But I'll take a look.

DaddyGo

@bbcan177 said in pfBlockerNG 2.1x - fix for Talos feed and Cloudflare 1.1.1.1 DNS:
> I hear you

Man, I'm with you, you communicate poorly, these people believe in you, so in nothing else. OPEN SOURCE