pfBlockerNG-devel v3.0.0_5

BBcan177

pfBlockerNG-devel v3.0.0_5

There is a new pull request that was submitted to the pfSense devs for review and will hopefully be approved and merged this week.

Update: It has been merged and is available

https://github.com/pfsense/FreeBSD-ports/pull/1002

• Fix incorrect widget sequence ":show" to ":open:0"
• Allow for Alias type rules to be reported in Dashboard widget without the 'pfb_' prefix
• Fix XMLRPC sync Skew setting from being sync'd to nodes
• For pfSense 2.5, Fix issue with IP Firewall reporting (Added tail -n0) setting to pfb_filter service
• For pfSense 2.5, add Syslog (RFC5424) format compatibility
• Add Dashboard widget - 'Last Packet Clear' to the tooltips
• Fix Dashboard widget column sort - reset on background refresh
• Add noAAAA feature to Unbound Python mode
• Feeds - Move the ISC Onyphe feed to the Scanners Group
• Improve Threat lookups (https://www.reddit.com/r/pfBlockerNG/comments/k5invv/list_of_nonworking_threat_lookups/)
• Add the IP Suffix (auto rule) to pfB_Permit and pfB_Ping Floating Rules

If you haven't already, please subscribe to my Twitter @BBcan177 and Reddit /r/pfBlockerNG Feed.

Thanks!

jdeloach

@bbcan177

Is there a pfBlockerNG-devel v3.0.0_5? If so, is it available for pfSense 2.4.5-p1? When I check package manager, the latest version I see is v3.0.0_3.

Gertjan

@jdeloach said in pfBlockerNG-devel v3.0.0_5:

the latest version I see is v3.0.0_3.

@bbcan177 said in pfBlockerNG-devel v3.0.0_5:

Update: It has been merged and is available

as soon as things are synced up, it will be visible.

jdeloach

@gertjan said in pfBlockerNG-devel v3.0.0_5:

as soon as things are synced up, it will be visible.

What do you mean by "as soon as things are synced up, it will be visible"? When will that happen as I saw this message yesterday but it wasn't available then nor is it now?

Gertjan

When the PR is merged it takes some time for the packages to be available at the "package server".
There could even be a manual operation involved, so ... office hours and Netgate personal has to be available.

A couple of minutes ... hours ? Promised ;)

jdeloach

@gertjan said in pfBlockerNG-devel v3.0.0_5:

When the PR is merged it takes some time for the packages to be available at the "package server".
There could even be a manual operation involved, so ... office hours and Netgate personal has to be available.

A couple of minutes ... hours ? Promised ;)

OOPS, I misread the thread, I guess, even tho it says that it had already been merged and is available. My mistake.

Cool_Corona

@jdeloach I cant see it as available yet...

Bob.Dig

I just deleted all existing feeds and added them all new. There is one warning I couldn't say what the problem was.

Gertjan

Look like 3.0.0_5 is available then ...

@Bob-Dig : dono : I always give new packages a 24/48 hours cooldown.
( have the others trying first so they can prepare the gotha's )

Bob.Dig

@gertjan It is and I run it, that is why I am posting it here.
Also, I lost all my separators on WAN. (no big deal) .

provels

FWIW, Package Manager is showing me _3, though _3 has been installed since it was released. Second time this has happened. Maybe a browser cache thing, as clicking the update link offers _5.

mcury

Hello BBcan177, thanks for your efforts.
Upgraded successfully to 3.0.0_5 from 3.0.0_3

Ran the wizard again, and noticed something in the MDL feed.
Everything else went smoothly.

[ MDL ]				 Reload [ 12/11/20 11:46:20 ] . completed .
 No Domains Found! Ensure only domain based Feeds are used for DNSBL!

provels

@mcury said in pfBlockerNG-devel v3.0.0_5:

[ MDL ]

MDL has been dead for a while.

Cool_Corona

CTRL+F5 solved the missing update in the GUI

lcbbcl

I have a weird problem with the new version, if i enable HSTS mode for DNSBL, on reports i have unknown unknown for Lan but for Wifi is working fine.
Before the v3.0.0 i had web server interface set as LAN and now i set localhost.
Btw can someone guide me how to use regex?
Thanks.

BBcan177

@lcbbcl said in pfBlockerNG-devel v3.0.0_5:

I have a weird problem with the new version, if i enable HSTS mode for DNSBL, on reports i have unknown unknown for Lan but for Wifi is working fine.
Before the v3.0.0 i had web server interface set as LAN and now i set localhost.
Btw can someone guide me how to use regex?

pfSense 2.4.5 uses Unbound v1.10.1 which has a regression that fails to pass some information to the python modules. It has been fixed, but there is no way to upgrade Unbound to v.1.12.0 in pfSense 2.4.5.

In pfSense 2.5, it has Unbound v1.12.0, soon to be v1.13.0.

For the DNSBL Blocking part, you can enable the checkbox in the DNSBL Tab > DNSBL Event Logging , and that will stop the python integration from logging, and use the DNSBL Webserver to log the events. Unfortunately, that is only limited to HTTP events.

And for DNS Reply logging, there is no other workaround.

Not much I can do unfortunately.

Its recommended to use localhost instead.

For Regex, here is a list of Regexs that can be used:
https://www.reddit.com/r/pfBlockerNG/comments/k08n33/pfblockerngdevel_v300_no_longer_bound_by_unbound/gdkaod4/?utm_source=reddit&utm_medium=web2x&context=3

tman222

@bbcan177 said in pfBlockerNG-devel v3.0.0_5:

Allow for Alias type rules to be reported in Dashboard widget without the 'pfb_' prefix

Hi @BBcan177 - I have a quick clarification question on the above: Does this mean we now don't need to have firewall rule description start with 'pfb_'? Or is it referring to something else? Thanks in advance.

BBcan177

@tman222 said in pfBlockerNG-devel v3.0.0_5:

Hi @BBcan177 - I have a quick clarification question on the above: Does this mean we now don't need to have firewall rule description start with 'pfb_'? Or is it referring to something else? Thanks in advance.

Yes it should be ok now... However, the Kill States option won't filter if you don't use either "pfB_" or "pfb_"

lcbbcl

@bbcan177 said in pfBlockerNG-devel v3.0.0_5:

@lcbbcl said in pfBlockerNG-devel v3.0.0_5:

I have a weird problem with the new version, if i enable HSTS mode for DNSBL, on reports i have unknown unknown for Lan but for Wifi is working fine.
Before the v3.0.0 i had web server interface set as LAN and now i set localhost.
Btw can someone guide me how to use regex?

pfSense 2.4.5 uses Unbound v1.10.1 which has a regression that fails to pass some information to the python modules. It has been fixed, but there is no way to upgrade Unbound to v.1.12.0 in pfSense 2.4.5.

In pfSense 2.5, it has Unbound v1.12.0, soon to be v1.13.0.

For the DNSBL Blocking part, you can enable the checkbox in the DNSBL Tab > DNSBL Event Logging , and that will stop the python integration from logging, and use the DNSBL Webserver to log the events. Unfortunately, that is only limited to HTTP events.

And for DNS Reply logging, there is no other workaround.

Not much I can do unfortunately.

Its recommended to use localhost instead.

For Regex, here is a list of Regexs that can be used:
https://www.reddit.com/r/pfBlockerNG/comments/k08n33/pfblockerngdevel_v300_no_longer_bound_by_unbound/gdkaod4/?utm_source=reddit&utm_medium=web2x&context=3

Regex seems to be like a add-on to PfB.
Thank you.