Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    pfBlockerng very slow at DNS

    pfBlockerNG
    4
    9
    3.1k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      pooperman
      last edited by

      Hi I recently virtualized pfSense and installed pfBlockerng.
      With activated pfblocker it take about 20 seconds to start loading the page.
      If I turn it off, it is at ~1.5 sec

      any idea what causes this massive delay?

      virtualized with esxi 6.7, running on 1 core, 8gb ram 35gb space.
      ![alt text](3_1551810030383_4.JPG 2_1551810030383_3.JPG 1_1551810030383_2.JPG 0_1551810030382_1.JPG image url)

      1 Reply Last reply Reply Quote 0
      • BBcan177B
        BBcan177 Moderator
        last edited by BBcan177

        Check the Alerts tab to see what is being blocked.
        Try to enable IP blocking first, then enable DNSBL to narrow down which component to review.

        Also there are some Dashboard notices. What do they say?

        "Experience is something you don't get until just after you need it."

        Website: http://pfBlockerNG.com
        Twitter: @BBcan177  #pfBlockerNG
        Reddit: https://www.reddit.com/r/pfBlockerNG/new/

        1 Reply Last reply Reply Quote 0
        • P
          pooperman
          last edited by

          0_1551897486529_5.JPG
          1_1551897495565_7.JPG 0_1551897495565_6.JPG

          2_1551897502891_10.JPG 1_1551897502891_9.JPG 0_1551897502891_8.JPG

          with
          DNSBL->ON
          IP De-Dublication-> ON
          PFblockerNG->ON
          I am not able to upload the pics above

          with
          DNSBL->OFF
          IP De-Dublication-> ON
          PFblockerNG->ON
          I am not able to upload the pics above

          with
          DNSBL->OFF
          IP De-Dublication-> OFF
          PFblockerNG->ON
          I am not able to upload the pics above

          with
          DNSBL->OFF
          IP De-Dublication-> OFF
          PFblockerNG->OFF
          I am able to upload the pics above

          Will do some more testing and come back. Thanks for support!

          1 Reply Last reply Reply Quote 0
          • P
            pooperman
            last edited by

            is any issue known with the RADIUS package of pfSense and pfblockerng?

            I uninstalled it and it seems much faster!

            Will continue testing tomorrow.

            RonpfSR 1 Reply Last reply Reply Quote 0
            • RonpfSR
              RonpfS @pooperman
              last edited by

              @pooperman said in pfBlockerng very slow at DNS:

              There were error(s) loading the rules: /tmp/rules.debug:46: cannot define table

              Try to increase the Firewall Maximum Table Entries under System / Advanced / Firewall & NAT

              2.4.5-RELEASE-p1 (amd64)
              Intel Core2 Quad CPU Q8400 @ 2.66GHz 8GB
              Backup 0.5_5, Bandwidthd 0.7.4_4, Cron 0.3.7_5, pfBlockerNG-devel 3.0.0_16, Status_Traffic_Totals 2.3.1_1, System_Patches 1.2_5

              P 1 Reply Last reply Reply Quote 2
              • P
                pooperman @RonpfS
                last edited by

                @ronpfs

                thanks for feedback, changed it. will try performance and report back.

                1 Reply Last reply Reply Quote 0
                • P
                  pooperman
                  last edited by

                  I think it is now running quite well.
                  many thanks for your help.

                  one more point I would like to ask.
                  I'd like to browse through this news page, but I do not know why the ads are note being blocked with TLD, DNSBL etc.
                  0_1552066812755_11.JPG

                  Any idea what to do?

                  1 Reply Last reply Reply Quote 0
                  • BBcan177B
                    BBcan177 Moderator
                    last edited by

                    Right-click on the AD, and click "Inspect".... If the HTML code shows a domain name, and the domain is not from the site itself, then you can add that Domain to a DNSBL Customlist at the bottom of any DNSBL Feed page.

                    "Experience is something you don't get until just after you need it."

                    Website: http://pfBlockerNG.com
                    Twitter: @BBcan177  #pfBlockerNG
                    Reddit: https://www.reddit.com/r/pfBlockerNG/new/

                    1 Reply Last reply Reply Quote 1
                    • C
                      CyberMinion
                      last edited by

                      Definitely inspect the content--you will probably find a URL which is not blocked being used there.

                      Sometimes you may be getting ads from a subdomain, so you may need to check the "Enable TLD" to attempt to deal with these subdomains.
                      Also, so sites host ads locally, but that is less common. A content inspection should tell you.

                      1 Reply Last reply Reply Quote 0
                      • First post
                        Last post
                      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.