Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    pfblockerNG TLD help

    pfBlockerNG
    2
    5
    242
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      bschaefer66 last edited by

      I am new to pfsense and pfblockerNG, but have recently installed this following blogs and forum posts to get things working.

      My system has an Intel i5-2400 with 8GB Ram. It seems to handle the firewall very well (very little CPU/MEM usage), even with pfblockerNG, however when I enabled TLD in pfblocker, then update -> force reload, my system would hang and peg the RAM, take a long time to complete, and finally show errors when completed.

      I upgraded to 16GB RAM and tried to enable TLD again. Now it completes without error - I noticed the RAM utilization doesn't get past 39% with the same config, which is odd since I should have had enough RAM before the upgrade.

      Now when TLD successfully completes, clients can no longer get to webpages. I found ping works but DNS resolution seems to break.

      Any idea would be greatly appreciated!

      1 Reply Last reply Reply Quote 0
      • V
        vesalius last edited by

        Which version of pfblocker are you using?

        1 Reply Last reply Reply Quote 0
        • B
          bschaefer66 last edited by

          3.0.0_3 - I just noticed a new version is avail which I didn't know about. I may install it once I had a chance to research what it is

          1 Reply Last reply Reply Quote 0
          • V
            vesalius last edited by

            Seems like unbound may have crashed. Are you running the new dnsbl python mode? Have you made sure that the “register DHCP leases” options are unchecked on Services/DNS Resolver/General Settings?

            Also is Firewall/pfBlockerNG/DNSBL/Web Server Interface set to Localhost?

            B 1 Reply Last reply Reply Quote 0
            • B
              bschaefer66 @vesalius last edited by

              @vesalius said in pfblockerNG TLD help:

              dnsbl python mode

              I wasn't 100% sure what the difference between unbound and python mode was, so I decided not to change it just yet until I had a better understanding. However, since you asked, I thought I would try it and see if it worked that way. I checked your other suggestions, and yes they were set as you mentioned.

              After changing to python mode, TLD is now working - thank you! Also, pretty cool that my RAM usage is down to 15% now.. guess I didn't need the upgrade, oh well.

              I did read the following post from BBcan177, along with the "more info" under "dnsbl mode", but was wondering if you had more info I can check out to better understand. Also, because of this, I didn't enable anything else under DNSBL other than TLD

              More info
              This mode will allow logging of DNS Replies, and more advanced DNSBL Blocking features.
              BBcan177 post
              https://forum.netgate.com/topic/158592/pfblockerng-devel-v3-0-0-no-longer-bound-by-unbound/2

              1 Reply Last reply Reply Quote 0
              • First post
                Last post