I recently updated to version 3.2.0_20. Since then I’ve been having an issue where DNS resolution fails for a full minute at 1 minute past every hour. If I disable pfb, the issue goes away. I don’t see any stop/starts of unbound during this time and nothing in the pfblockerng.log. I’m running this on netgate 7100, with pfSense 24.03

To whom can assist:

I have noticed after enabling PFBlockerNG on my network i am unable to get various streaming apps to stream shows. ALL the apps work as far as opening but many or all shows on that service give errors.

I have tried looking up the literal near hundreds of sites that are called when you pick various shows but is there a good way to manage/allow anything a streaming service needs to work?

EDit: Solved with Workaround.

I Am Using HaGezi Pro+ on Apple IPad. It’s blocked Some but the following are not blocked. I’m surprised, So I Switched to Hagezi full, same result. Shouldn’t it be blocking these?

adservice.google.com
analytics.google.com

ads.youtube.com

Apple

weather-analytics-events.apple.com
metrics.mzstatic.com
api-adservices.apple.com
iadsdk.apple.com

Updated to BlockerNG-devel 3.2.0_20 and using the new Spamhaus feeds (direct from the feeds section)

i.e.

https://www.spamhaus.org/drop/drop_v4.json
https://www.spamhaus.org/drop/drop_v6.json

These don't seem to be working through, getting the following when doing a reload...

I believe pfBlockerNG-devel v3.2.0_19 | Patreon brought in the new json feed "Add "application/x-ndjason" file mime-type for the new Spamhaus json Feed".

Anyone have any ideas? Is this supposed to be working?

---------------------

Source: pfblockerng.log

[ Spamhaus_Drop_v4 ] Downloading update .. 200 OK
[PFB_FILTER - 17] Failed or invalid Mime Type: [application/x-ndjson|0]

[ pfB_Primary_Tier_v4 - Spamhaus_Drop_v4 ] Download FAIL [ 10/27/24 08:48:22 ]
DNSBL, Firewall, and IDS (Legacy mode only) are not blocking download.

----------

[ Spamhaus_Drop6_v6 ] Downloading update .. 200 OK
[PFB_FILTER - 17] Failed or invalid Mime Type: [application/x-ndjson|0]

[ pfB_Primary_Tier_v6 - Spamhaus_Drop6_v6 ] Download FAIL [ 10/27/24 08:48:25 ]
DNSBL, Firewall, and IDS (Legacy mode only) are not blocking download.

Approx 10 days ago, some ASN files when downloaded are empty files.

Is anybody else having this issue?

It has been working for many months untill approx 10 days ago.

Running Netgate 6100MAX and latest pfBlockerNG

eg: from the log file

=========================================

[ AS14618_v4 ] Downloading update .

Downloading ASN: 14618...... completed ..

Empty file, Adding '127.1.7.7' to avoid download failure.

=========================================
If I manually try to download them they have the required data in the files.

https://api.bgpview.io/asn/14618/prefixes

See below for the first few lines

{
  "status": "ok",
  "status_message": "Query was successful",
  "data": {
    "ipv4_prefixes": [
      {
        "prefix": "3.3.3.0/24",
        "ip": "3.3.3.0",
        "cidr": 24,
        "roa_status": "Valid",
        "name": "AT-88-Z",
        "description": "Amazon Technologies Inc.",
        "country_code": "US",
        "parent": {
          "prefix": "3.0.0.0/9",
          "ip": "3.0.0.0",
          "cidr": 9,
          "rir_name": "ARIN",
          "allocation_status": "unknown"
        }
      },

Update: BBcan177 confirmed that 3.2.0_20 is a legitimate update, writing:

The devs forgot to include one patch for a GeoIP page save issue. So that required a bump to _20

I have installed it and it's working fine.

Original post follows:

_________________________________________________________________________________________

My pfSense CE 2.7.2 dashboard shows that pfBlockerNG-devel 3.2.0_19 is no longer the most current version, having been superseded by 3.2.0_20.

I did not find any announcement of a pfBlockerNG-devel 3.2.0_20 on the Patreon BBcan177 page or in email from Patreon.

I did not find an announcement on this r/pfBlockerNG subreddit.

I don't find an announcement on the Netgate pfBlockerNG forum.

Is pfBlockerNG-devel 3.2.0_20 a legitimate, intentional update for pfSense CE 2.7.2 firewalls?

https://preview.redd.it/vgmp8c23v5wd1.png?width=976&format=png&auto=webp&s=7525c8e03db5dd05be5575a15f850df77602e7c6

I am just trying to get the latest version of pfblockerng

I have another thread dealing with this but for some reason reddit will not let me post another comment so new thread...I mean reddit is sucking lately right? IS it just me?

Does pfsense and pfblockerng have discord channels? I mean reddit blows chunks nowadays

SO, I updated pfsense to 2.7.1 and all good

I then update to pfsense 2.7.2 and receive a failure at the very end as below: anyone have any ideas how to fix this? I mean I can't even reboot as the error is related to the efi folder...

Editted:

I did reboot the system and it DID reboot just fine-regardless of the efi error

I DID have enough storage space available-I am using a 256GB SSD and with a LOT of space free after pfsense and packages are installed

logs below------------------------------

Updating pfSense-core repository catalogue...

Fetching meta.conf: . done

Fetching packagesite.pkg: . done

Processing entries: . done

pfSense-core repository update completed. 4 packages processed.

Updating pfSense repository catalogue...

Fetching meta.conf: . done

Fetching packagesite.pkg: ......... done

Processing entries: .......... done

pfSense repository update completed. 550 packages processed.

All repositories are up to date.

Updating pfSense-core repository catalogue...

Fetching meta.conf:

Fetching packagesite.pkg:

pfSense-core repository is up to date.

Updating pfSense repository catalogue...

Fetching meta.conf:

Fetching packagesite.pkg:

pfSense repository is up to date.

All repositories are up to date.

Checking for upgrades (9 candidates): ......... done

Processing candidates (9 candidates): ......... done

Checking integrity... done (0 conflicting)

The following 9 package(s) will be affected (of 0 checked):

Installed packages to be UPGRADED:

curl: 8.5.0 -> 8.6.0 \[pfSense\]

pfSense: 2.7.1 -> 2.7.2 \[pfSense\]

pfSense-base: 2.7.1 -> 2.7.2 \[pfSense-core\]

pfSense-default-config: 2.7.1 -> 2.7.2 \[pfSense\]

pfSense-kernel-pfSense: 2.7.1 -> 2.7.2 \[pfSense-core\]

pfSense-pkg-pfBlockerNG-devel: 3.2.0\_7 -> 3.2.0\_19 \[pfSense\]

pfSense-repo: 2.7.1 -> 2.7.2 \[pfSense\]

strongswan: 5.9.11\_2 -> 5.9.11\_3 \[pfSense\]

unbound: 1.18.0\_1 -> 1.19.1 \[pfSense\]

Number of packages to be upgraded: 9

No packages are required to be fetched.

Integrity check was successful.

Updating pfSense-core repository catalogue...

Fetching meta.conf:

Fetching packagesite.pkg:

pfSense-core repository is up to date.

Updating pfSense repository catalogue...

Fetching meta.conf:

Fetching packagesite.pkg:

pfSense repository is up to date.

All repositories are up to date.

Checking integrity... done (0 conflicting)

The following 1 package(s) will be affected (of 0 checked):

Installed packages to be REINSTALLED:

pfSense-boot-2.7.2 \[pfSense-core\]

Number of packages to be reinstalled: 1

[1/1] Reinstalling pfSense-boot-2.7.2...

[1/1] Extracting pfSense-boot-2.7.2: .......... done

Updating the EFI loader

install: //boot/efi/efi/boot/INS@ABy1Xh: Input/output error

pkg-static: POST-INSTALL script failed

failed.

Failed

----------logs above

Hello,

i need some help please with pfBlocker devel v.3.2.0_17

i added a list to my DNSBL Groups but the log shows the list is empty

log for the specific blocklist from the update

[ Streaming ] Reload [ 10/17/24 07:03:45 ] . completed .
  IDN converted: [ can’t ] [ xn--cant-x96a ].
  ----------------------------------------------------------------------
  Orig.    Unique     # Dups     # White    # TOP1M    Final                
  ----------------------------------------------------------------------
  3        3          3          0          0          0                    
  ----------------------------------------------------------------------

here is the raw file that i added from github Streaming

what does this mean

IDN converted: [ can’t ] [ xn--cant-x96a ].

can i get some help here please....

Thanks

https://preview.redd.it/y3xrcjkyf3vd1.png?width=1199&format=png&auto=webp&s=cba818c513febb6f4268939c9485c367fc286237

Hello,

I've just started using PfBlockerNG at my school. Users are now complaining about slowness on the Internet, and I feel it too. Only users on PfBlockerNG experience them. Have I done something wrong? I've provided you with a screenshot of the PfBlockerNG info and the technical features of my PfSense.

DHCP is configured so that my Windows server is the DNS, and if it doesn't know the resolution (it only knows how to resolve internally), it forwards the request to the Pfsense's DNS resolver, which deals with PfBlockerNG.

It also takes at least 15 minutes to update the PfBlockerNG lists.

My Pfsense is connected in 10G on our 10G fiber link and in 10G to the LAN, then my clients are in 1G.

Thanks for your advice

Hi Folks, I' still pretty new to this. I'm still learning a lot with pfBlockerNG-devel & pfSense.

This dashboard of pfBlockerNG-devel/pfSense gives me the following stats:
pfB_PRI1_v4 1,965 0
DNSBL_EasyList 77,217 30294
DNSBL_ADs 9,511 46663
DNSBL_Malicious 494,603 764
DNSBL_Malicious2 2,013 2202
DNSBL_ADs_Basic 86,534 41

CINS Army was giving me an issue getting to groups (dot) io (typing in the link directly frose the interface), so I disabled it (on my old router). Now that I'm on the new router, the lack of detection is more noticeable. FYI, both are NetGate appliances!

I have no idea wat I should have enabled or disabled. I have not found a great explanation of the feeds (maybe my lack of knowledge). I think for the most part, I have a pretty generic setup.

FYI pfSense 24.03 and pfBlockerNG-devel 3.2.0_18

any help or guidance would be awesome!!

I previously used pfBlockerNG, and disabled it as streaming things like Paramount Plus wouldn't work. I am trying to reinstate pfBlocker, but cannot seem to figure out IP whitelists. I have three streaming devices on the inside network which are in an alias, which I'd like to bypass the block lists from pfBlocker. I cannot see where to add this alias. When I change the rule order in the pfblocker config, it allows too many things to bypass the pfblocker rules, which defeats the whole purpose. Any help would be greatly appreciated.

Resolved by installing patch identified below by BBCan177

(Original post appears below)

I'm running pfBlockerNG-devel 3.2.0_18 on pfSense CE 2.7.2. I have all of my GeoIP aliases set to Alias Native mode. I have a configured Maxmind key valid since 2020-03-28 for GeoLite2 Country, City, and ASN databases

Each time I try to save an alias in the Firewall --> pfBlockerNG--> IP--> GeoIP tab, pfSense crashes, reloads the prior configuration, and leaves me with a notice on the dashboard that reads:

pfSense has detected a crash report or programming bug. Click here for more information.

Clicking on the link reveals a crash log like the one shown below.

Crash report begins. Anonymous machine information:
amd64
14.0-CURRENT
FreeBSD 14.0-CURRENT amd64 1400094 #1 RELENG_2_7_2-n255948-8d2b56da39c: Wed Dec 6 20:45:47 UTC 2023 root@freebsd:/var/jenkins/workspace/pfSense-CE-snapshots-2_7_2-main/obj/amd64/StdASW5b/var/jenkins/workspace/pfSense-CE-snapshots-2_7_2-main/sources/F
Crash report details:
PHP Errors:
[13-Oct-2024 11:43:32 America/New_York] PHP Fatal error: Uncaught TypeError: array_path_enabled(): Argument #1 ($arr) must be of type array, int given, called in /etc/inc/config.lib.inc on line 1250 and defined in /etc/inc/util.inc:3662
Stack trace:
#0 /etc/inc/config.lib.inc(1250): array_path_enabled(-1, 'notifications/s...', 'disable')
#1 /etc/inc/notices.inc(379): config_path_enabled('notifications/s...', 'disable')
#2 /etc/inc/notices.inc(662): notify_via_smtp('pfSense is rest...')
#3 /etc/inc/notices.inc(151): notify_all_remote('pfSense is rest...')
#4 /etc/inc/config.lib.inc(239): file_notice('config.xml', 'pfSense is rest...', 'pfSenseConfigur...', '')
#5 /etc/inc/config.lib.inc(695): restore_backup('/cf/conf/backup...')
#6 /usr/local/www/pfblockerng/pfblockerng_Africa.php(405): write_config('[pfBlockerNG] s...')
#7 {main}
thrown in /etc/inc/util.inc on line 3662
[13-Oct-2024 11:43:32 America/New_York] PHP Fatal error: Uncaught TypeError: array_path_enabled(): Argument #1 ($arr) must be of type array, int given, called in /etc/inc/config.lib.inc on line 1250 and defined in /etc/inc/util.inc:3662
Stack trace:
#0 /etc/inc/config.lib.inc(1250): array_path_enabled(-1, 'notifications/s...', 'disable')
#1 /etc/inc/notices.inc(379): config_path_enabled('notifications/s...', 'disable')
#2 /etc/inc/notices.inc(662): notify_via_smtp('PHP ERROR: Type...')
#3 /etc/inc/notices.inc(151): notify_all_remote('PHP ERROR: Type...')
#4 /etc/inc/config.lib.inc(1154): file_notice('phperror', 'PHP ERROR: Type...', 'PHP errors')
#5 [internal function]: pfSense_clear_globals()
#6 {main}
thrown in /etc/inc/util.inc on line 3662
No FreeBSD crash data found.

Rebooting pfSense (to test after a clean start) does not have any effect -- the problem remains.

I have not knowingly tinkered with pfBlocker files, directories, ownerships, or permissions outside of what I was directed to do in dealing with the problematic update, roll-back, and re-release.

Is this unique to my pfSense CE installation or have others experienced this? Any suggestions for resolving it?

hi all,

I'm trying to add Hagezi's DNS blocking list to my pfblockerng

I put the blocking lists under DNSBL

Most of the lists work except for 3:

RPZ Wildcard Asterix DNS Masq

So the lists apparently don't contain domains, where in pfBlockerNG do I put these lists for them to work?

edit: I tried putting them in ipv4 and it also didn't work not sure where else I can put them

As the title says, the reports section is timing out. This started while back.

I’ve tried uninstalling and setting up from fresh and also upgraded to the latest and is still timing out.

Any ideas?

Hi All,

I seem to have issues with the latest DEV 3.2.0_18. that's using very high CPU, i have an old version that's on another device 3.2.0_8, working great. Both devices running 2.7.2.

Both instances on unbound mode (I'm experiencing the same issue with the python mode). If i disable the service, CPU comes back to normal levels.

Thank you

i have added reddit.com to the DNSBL Custom_List, it gets blocked in safari but when i openen it in firefox or librewolf i access the website even in private window

Hi u/BBcan177

At the moment anything I put in Python Regex is system wise. It would be great if the blocking can be controlled at interfaces level.

I am supporting a small shop. Personal Cloud storage like google drive or dropbox bear a high risk of data loss from the company's perspective as staffs can easily copy GB of data to those cloud storage without notice.

However it is very hard to block drive.google.com alone without affecting other legistimate google services.

A quick solution is to put drive.google.com in the python regex and it works great. However for staff's personal IoT devices or guest wifi network, blocking drive.google.com raise many complaints. There are many other websites which should not be allowed on company LAN but okay for personal IoT.

Could you please consider this suggestion.

My pfSense firewall is blocking WhatsApp for about 5 minutes every hour and then allowing it again. How can I fix this issue?

I installed snort and I think this is the reason

I have a firewall rule in place that allows traffic to a specific TCP destination port to a specific host on my network. When I look at the logs, pfBlockerNG is blocking this traffic because the source addresses are tied to a specific geography and I'm blocking it. How can I get my firewall rules to be processed before the pfBlocker rules so that that specific permitted port is allowed?

I can include screenshots if needed, but I built a couple IP block lists and trying to use the ASN method of blocking. It takes the ASN number, but says there is nothing to download. Anyone else having issues with this?

[ vpn_v4 ]			 exists.
[ vpn_custom_v4 ]		 Downloading update
  Downloading ASN: 16815..... . completed ..
[ pfB_vpn_v4 vpn_custom_v4 ] Custom List: No IPs found! Ensure only IP based Feeds are used! ]

[ roblox_v4 ]			 exists. [ 09/25/24 09:10:30 ]
[ roblox_custom_v4 ]		 Downloading update
  Downloading ASN: 22697..... . completed ..
[ pfB_roblox_v4 roblox_custom_v4 ] Custom List: No IPs found! Ensure only IP based Feeds are used! ]

AS16815 should be Goto Group (seems to be the parents company for Hamachi/vpn.net)

AS22697 should be for Roblox

Side note... is there a better/easier way to block these?

I am still on version 3.2.0_8

I read about all kind of problems with pfBlocker > 3.2.0_8.

Is it safe to upgrade or is it better to wait?

My firewall is sort of fubar. Broken gui and can't get the thing to reinstall PFBlockerNG. Any thoughts ?

Setting vital flag on php83...done.

Removing pfSense-pkg-pfBlockerNG-devel...

Checking integrity... done (0 conflicting)

Deinstallation has been requested for the following 1 packages (of 0 packages in the universe):

Installed packages to be REMOVED:

pfSense-pkg-pfBlockerNG-devel: 3.2.0\_16

Number of packages to be removed: 1

The operation will free 7 MiB.

[1/1] Deinstalling pfSense-pkg-pfBlockerNG-devel-3.2.0_16...

Removing pfBlockerNG-devel components...

Menu items... done.

Services... done.

Loading package instructions...

First, sorry that this last update caused a GUI crash. A function call for the upcoming pfSense Plus was merged and cause a PHP failure.

They reverted back to the previous release which does not include the IPinfo ASN update.

So if you have already installed 3.2.0_15 and have restored the GUI access, you can leave it as is until _17 is released. Or you can install the _16 version to fully restore the menu links but IPinfo ASN will not be there.

Hopefully the final fix is released shortly

Sorry again.

Anybody have any issues installing this update on the PFSense plus 24.03? The update is in the install packages now

I've been running pfSense with pfBlockerNG on CE 2.7.2. The last days some people reported that there boxes run with pfB 3.2.0_10 or 3.2.0_11. u/BBCan177 released his new version 3.2.0_15.

But i stay on 3.2.0_8? Is this correct?

For pfBlockerNG-devel (ONLY), there seems to be an issue with it showing as an available package to be installed.

You can follow these steps to manually install the changes.

NOTE/DISCLAIMER:

Keep in mind that there is always some risk in doing this, so please take a backup of pfSense Config before proceeding, and have a backup plan in place!

If there are issues, try to reinstall the pkg from pfSense Package Manager.

You will need to copy these files from my Github Gist to your Local pfSense Box.

Having console access and SSH access is preferable before updating.

Note, this will not change the version number shown in pfSense Package Manager.

For pfSense Plus ONLY:

**UPDATE: I have one reported issue with these changes on pfSense Plus. So please have access to SSH or console access before proceeding. Still investigating. **

curl -o /usr/local/pkg/pfblockerng/pfblockerng.inc "https://gist.githubusercontent.com/BBcan177/72d559647564acc6a0b8353b72a40049/raw"
curl -o /usr/local/pkg/pfblockerng/pfblockerng.sh "https://gist.githubusercontent.com/BBcan177/abdeba2d1ee055efe3d5c23ab558c40d/raw"
curl -o /usr/local/www/pfblockerng/pfblockerng.php "https://gist.githubusercontent.com/BBcan177/8d67e132ad16b895b5dd8996c22359e3/raw"
curl -o /usr/local/www/pfblockerng/pfblockerng_ip.php "https://gist.githubusercontent.com/BBcan177/ff538442a2e7cf78a9f24119b70f575a/raw"
curl -o /usr/local/www/pfblockerng/pfblockerng_alerts.php "https://gist.githubusercontent.com/BBcan177/f2873a9b59bb491f5af6802c72807110/raw"

For pfSense 2.7.x ONLY:

curl -o /usr/local/pkg/pfblockerng/pfblockerng.inc "https://gist.githubusercontent.com/BBcan177/e0347961852bfed16408bae2b475c36a/raw"
curl -o /usr/local/pkg/pfblockerng/pfblockerng.sh "https://gist.githubusercontent.com/BBcan177/abdeba2d1ee055efe3d5c23ab558c40d/raw"
curl -o /usr/local/www/pfblockerng/pfblockerng.php "https://gist.githubusercontent.com/BBcan177/8d67e132ad16b895b5dd8996c22359e3/raw"
curl -o /usr/local/www/pfblockerng/pfblockerng_ip.php "https://gist.githubusercontent.com/BBcan177/ff538442a2e7cf78a9f24119b70f575a/raw"
curl -o /usr/local/www/pfblockerng/pfblockerng_alerts.php "https://gist.githubusercontent.com/BBcan177/5a9a16698410c1171ddbb74df1007c7b/raw"
curl -o /usr/local/pkg/pfblockerng/pfblockerng_extra.inc "https://gist.githubusercontent.com/BBcan177/324e291bdf7636d34d274cc26490e764/raw"

Following the file downloads:

1. you will need to Restart the "pfb_filter" Service.
2. For pfSense 2.7.x, you might need to Restart PHP-FPM and (Option 16 from the shell) to read the changes required.
3. Run a Force Update