Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    1. Home
    2. Tags
    3. pfblockerng
    Log in to post
    • All categories
    • N

      Bug Pfblocker new NG 4100
      Official Netgate® Hardware • pfblockerng netgate bug • • neoos

      13
      0
      Votes
      13
      Posts
      482
      Views

      S

      Ah, sorry if I misunderstood.

      re: network alias, that can be one IP by using a /32 mask.

    • A

      pfBlockerNG blocking SMTP
      pfBlockerNG • configuration multiwan mail smtp pfblockerng • • Alek

      13
      0
      Votes
      13
      Posts
      413
      Views

      Gertjan

      @alek said in pfBlockerNG blocking SMTP:

      No ?

      That's the easy / easier way.

      Have a look at this list : Youtube Netgate everything you always wanted to know, and more.
      There is a Muti WAN video. There is a video about VIP, Carps, etc.

      The videos are old, but still very valid and very informative. It's a guy from Netgate talking about Netgate/pfSense.

    • M

      pfBlockerNG DNSBL: NTP Service uses Virtual IP Address
      pfBlockerNG • pfblockerng dnsbl ntp virtual ip • • Marco 42

      1
      0
      Votes
      1
      Posts
      289
      Views

      No one has replied

    • N

      PfBlockerNG not working in OPT1 Interface with public IP
      pfBlockerNG • pfblockerng opt 1 public ip not working • • nanaseri

      1
      0
      Votes
      1
      Posts
      131
      Views

      No one has replied

    • R

      IPv6 list generated IPv4 rule
      pfBlockerNG • pfblockerng ipv6 • • rvjr

      5
      0
      Votes
      5
      Posts
      177
      Views

      J

      @rvjr said in IPv6 list generated IPv4 rule:

      ok, that's weird. No I'm using the standard pfBlockerNG 2.1.4_26 on pfSense 21.05.2-RELEASE. I'll try switching the list action and see if that makes any difference.

      Your problem is that you are using an old unsupported version of pfBlockerNG. The maintainer of pfBlockerNG, @BBcan177, does not recommend the use of that old version. The -devel version has been in use for 2 to 3 years now and is very stable and the only version currently being updated.

      Make sure that the box is checked to save your current settings and then uninstall your current version of pfBlockerNG 2.1.4.26 and then install the -devel version 3.1.0_1. This should take care of the issues you are seeing, if not, post back to the forum and someone will help you.

    • R

      DNS queries failing during DNSBL reload
      pfBlockerNG • unbound dnsbl pfblockerng dns • • rvjr

      2
      0
      Votes
      2
      Posts
      172
      Views

      S

      @rvjr On pfSense unbound generally restarts. See
      https://redmine.pfsense.org/issues/5413

    • R

      Unbound reload fails with large DNSBL feed
      pfBlockerNG • unbound dnsbl pfblockerng • • rvjr

      1
      0
      Votes
      1
      Posts
      123
      Views

      No one has replied

    • L

      IP logs are not being created/populated
      pfBlockerNG • pfblockerng logs configuration • • lgwapnitsky

      14
      0
      Votes
      14
      Posts
      716
      Views

      _

      I've tried running the command and rebooting the pfsense and it still doesn't log anything for the IP's

      22.05-DEVELOPMENT (amd64)
      built on Thu Mar 03 06:18:46 UTC 2022
      FreeBSD 12.3-STABLE
      pfblockerng-Devel 3.1.0_1

    • S

      Excessively High Firewall Maximum Table Entries
      Firewalling • firewall rules pfblockerng pfblocker memory high • • scolby33

      1
      0
      Votes
      1
      Posts
      185
      Views

      No one has replied

    • mudmanc4

      SG3100 + pfBlockerNG-devel ?
      Official Netgate® Hardware • sg3100 pfblockerng • • mudmanc4

      9
      0
      Votes
      9
      Posts
      265
      Views

      M

      @steveits said in SG3100 + pfBlockerNG-devel ?:

      @mudmanc4 Here is the redmine bug report so you can follow it.

      re: what triggers it, from the report certain orders of preg_match() calls can. It seems apparent that the pfSense GUI does not as everything I've seen is in regards to packages. Perhaps the feeds used (variable size) make a difference?

      So far so good.

      SG-3100 - 21.02p2 - Clean install

      Actions taken in pfblockerNG

      1 - Wizard
      2 - Maxmind key set
      3 - MaxMind Localized Language changed to Brazilian portuguese
      Not using geoIP yet, planning to.

      4 - Feeds

      Noticed that only one DNSBL was in use, ADs_Basic, so I added the following:
      . EasyList
      . EasyList_Portuguese
      . EasyPrivacy

      5 - Changed DNSBL Mode to Unbound python mode
      6 - Unchecked DNS Reply Logging because I don't need it

      03b069f3-5e54-4692-9490-7065bac7d249-image.png

    • F

      DNSBL not creating firewall rules
      pfBlockerNG • pfblockerng dnsbl firewall rules • • FredMcfly

      24
      0
      Votes
      24
      Posts
      963
      Views

      F

      @bob-dig
      I temporarily disabled my feed and added reddit.com and www.reddit.com to the DNSBL Custom_List and the website (and others) is still not blocked. (Yes, I did a force update all)

      I have tried on different computers on the network and they can still access it.

      I have also tried on three different browsers.

      I am really confused why some sites are blocked while others are not.

    • B

      URL nicht erreichbar (scheint allerdings nicht geblockt), via mobilen Daten verfügbar
      Deutsch • dns pfblockerng • • benjsing

      7
      0
      Votes
      7
      Posts
      269
      Views

      JeGr

      @viragomann Wenn die erste Antwort bzw. der erste Hop von Traceroute schon * * * zurückgegeben hatte, dann stimmte zu dem Zeitpunkt was mit dem Routing nicht wirklich. Wäre dann eher interessant gewesen, was beim traceroute blubb dann tatsächlich der volle Output war. Wäre es pfBNG gewesen, dann hätte die Auflösung von awsh.de schon 0.0.0.0 oder 127.1.1.7 ergeben und wäre ins "nichts" gelaufen. Wenn die aber sauber zur IP aufgelöst wurde und der Trace dann nicht ging, dann war das kein pfSense, sondern eine Routing/Proxmox Problem.

    • D

      Show dnsbl_default.php for https sites
      General pfSense Questions • pfblockerng pfsense dnsbl • • diegobph

      3
      0
      Votes
      3
      Posts
      236
      Views

      stephenw10

      Yup that^. You can't make that page work for https as long as you have any sort of sane security in your browser.

      Steve

    • A

      Floating Rules order for pfSenseBlockerNG and Traffic Shaper by Limiter
      pfBlockerNG • pfblockerng traffic shaper rules firewall rules limiters • • ayanpal

      2
      0
      Votes
      2
      Posts
      229
      Views

      S

      If you set pfBlocker to "native alias" instead of block, that will just create an alias and you can create your own block/allow rules however you want them.

    • I

      pfSense NAT not working, nor showing related incoming packet in Packet Capture (even yet it is on wire) or in logs
      NAT • nat pfblockerng packet capture 8080 web server • • icansoft

      28
      0
      Votes
      28
      Posts
      430
      Views

      JeGr

      I'll query the ISP on what are they doing there. Doubt they'll talk... but that is a different story.

      Just as a quick follow up: If you pay for your own public IP to get forwarded to you, they should have no trouble setting their UBNT POP the way you want. Otherwise what's the gain in paying for something you can't successfully use all the way you want? ;)

    • L

      Can't connect to EA Origin app if pfBlocker enable
      Gaming • pfblockerng • • LTran

      4
      0
      Votes
      4
      Posts
      570
      Views

      L

      Thanks Rod-it and Plissje for your info. It will help me to unblock other website. I believe upgraded pfblocker and pfsense to the newest version solved the problem.

    • H

      Cant create Ipv4 custom list
      pfBlockerNG • ipv4 pfblockerng alias custom • • helderingor

      1
      0
      Votes
      1
      Posts
      92
      Views

      No one has replied

    • T

      Pfblocker NAT rules.
      pfBlockerNG • pfblockerng dnsbl firewall rules nat • • tbr281

      2
      0
      Votes
      2
      Posts
      356
      Views

      K

      I'm having the same issue with pfBlocker and NAT rules. I have no issues adding white-list rules for my devices that are on a directly routed subnet. But trying to figure out how to handle an allow rule for an existing NAT rule is causing issues.

      Have you found any solution yourself as of yet?

    • S

      Can't get DNSBL to work
      pfBlockerNG • dnsbl unbound pfblockerng • • SteelCityColt

      6
      0
      Votes
      6
      Posts
      1214
      Views

      S

      Solved it guys, did some googling on that SSL error and found another post here:

      In
      /var/unbound

      Delete
      dnsbl_cert.pem
      unbound_control.key
      unbound_control.pem
      unbound_server.key
      unbound_server.pem

      Reboot and run force update/reload.

      DNSBL now up and running. Thanks for the help in diagnosing guys.

    • C

      PfBlockerNG Blocking Google Home
      pfBlockerNG • dnsbl pfblockerng blocking google home suricata • • ccigas

      5
      0
      Votes
      5
      Posts
      1132
      Views

      E

      I have the same problem but also my google home is blocking, i have added some IP adresses of google but not helped me.

      Anyone a suggestion about that? I think i am not the anyone that this problem have with Google services.

    • awebster

      Help - Memory allocation errors
      pfBlockerNG • pfblockerng • • awebster

      8
      0
      Votes
      8
      Posts
      823
      Views

      awebster

      @kiokoman Aha, that makes much more sense! Thanks!

    • F

      pfBlockerNG-deve + Squid transparente + LightSquid
      Portuguese • pfblockerng squid lightsquid • • Fábio Abreu

      1
      0
      Votes
      1
      Posts
      124
      Views

      No one has replied

    • M

      PfblockerNG 2.2.5_21 - Erro na regra
      Portuguese • pfblocker pfblockerng pfsense 2.4.4 • • michaelroot

      4
      0
      Votes
      4
      Posts
      237
      Views

      M

      Amigos, a solução para o meu problema foi aumentar as entradas máximas da tabela do firewall no campo:
      System / Advanced / Firewall e NAT
      Mudei o valor padrão de 400000 para 800000, mas o valor fica a critério de cada um de acordo a sua necessidade.

    • R

      pfblockerng
      pfBlockerNG • pfblockerng shallalist alias categories dnsbl • • riaanwest

      2
      0
      Votes
      2
      Posts
      458
      Views

      RonpfS

      @riaanwest said in pfblockerng:

      Basically making pfblockerng to create an alias for each category referenced in shallalist so you can create manual firewall rules using those aliases pointing to lets say social networks?

      You can't use FW_Rules with DNSBL tables.

      DNSBL operate on the Domain Name space.

      Firewall rules operate on the IP space.

    • newyork10023

      DNS RPZ (full URL)
      pfBlockerNG • dnsrpz pfblockerng squidguard bind dns rpz • • newyork10023

      2
      0
      Votes
      2
      Posts
      662
      Views

      BBcan177

      DNSBL will block domains, it cannot block based on a URL as it is a DNS based blocker.

    • newyork10023

      pfBlockerNG rule element modification and ordering
      pfBlockerNG • dnsbl whitelist rule ordering suspension pfblockerng • • newyork10023

      2
      0
      Votes
      2
      Posts
      578
      Views

      BBcan177

      @newyork10023 said in pfBlockerNG rule element modification and ordering:

      To begin, pfBlockerNG_devel 2.2.1_2 is awesome. Wow. Thanks.

      Thanks!

      Certain feeds are naughty. For example, adding RFC 1918 (Private Address Space), Multicast addresses, etc., etc., etc., is just BAD. Blocking possibly necessary system addresses, including multicast addresses, etc., is just NASTY. Adding a WhiteList is not going to fix this issue. These rule elements need to be culled from the list(s), and I mean permanently.

      By chance are you using Firehol Level1? That feed contains bogons and should not be used for Outbound blocking. You can also enable "Suppression" which will remove local/loopback addresss.

      A couple of feature suggestions for automatic rule insertion: use rule Separators to bind automatic rule insertion to specific places in the rules. (Indeed, one of my pet peeves is that automatic rules re-arrange Separator organization in seemingly random ways.). Another suggestion would be that automatic rule insertion should not re-arrange rule ordering AT ALL (after their initial placement). Subsequent rule updates should update rules IN PLACE. I like the possibility that Separators could be used to bind automatic rule insertion. But, disabling all automatic rule insertion needs to be an option for DNSBL.

      Firewall rule separators will be very difficult to implement with pfBlockerNG and auto rules...