Latest devel version, pfsense 2.7.2.

Noticed whilst debugging issues that no updates had been applied for 'any' dns blacklists including local files since 22 April 2024.

In the logs, it reported needed updating, but didnt report failed update.

Top1m was also enabled, but had a repeating error as below for every run.

TOP1M Database downloading ( approx 21MB ) ... Please wait ...
 Building TOP1M Whitelist [
TOP1M conversion Failed. File: top-1m.csv, not found...
 DNSBL - TOP1M changes found - Rebuilding!
 completed    

Its as if pfblocknerng thinks its downloaded a file but it hasnt.

I can edit any file I want fine from within the diagnostics edit feature in pfsense, everything looks fine on the shell.

If I selected force update in the GUI, it also didnt do what I would expect, it said files exist and just skipped to end.

The only way I could force an up to date file was to wipe everything in /var/db/pfblockerng/dnsblorig and also /var/db/pfblockerng/dnsbl, and then finally I got new files pulled down.

In addition the custom file also got populated after I did this as well.

Please let me know what I can do to help debug.

It seems the default DNSBL whitelist no longer populates for me on a fresh setup on my SG8200 despite enabling it during the pfblockerng wizard setup. Would someone be kind enough to list it in this thread.

I'm using pfSense 2.7.2 with pfBlockerNG-devel 3.2.0_20. The MaxMind database fails to refresh with the following error:

[ pfB_PRI3_v4 - MaxMind_BD_Proxy_v4 ] Download FAIL [ 11/29/24 13:02:32 ]
  DNSBL, Firewall, and IDS (Legacy mode only) are not blocking download.
 [ 11/29/24 13:02:32 ]
  Restoring previously downloaded file contents... [ 11/29/24 13:02:32 ]

I found some troubleshooting advice on the web and confirmed that nothing is blocking my connection to the MaxMind web server. I also logged into my MaxMind user portal to ensure the account was still active, and I did not find any errors.

It's at this point that I realized the pfBlocker site in the PRI3 setting is a test page at:
https://www.maxmind.com/en/high-risk-ip-sample-list

Is this the proper setting? Is there something else I need to do?

Thanks for any help.

This is something I've been seeing for several weeks; not quite sure when it started. But the start of it was ailun.com not resolving. I'd enter that in my browser or run a local DNS Query and come up with a DNS error (no information found). When I tried the same address in the pfSense/Diagnostics/Ping page, it would go to 8.8.8.8 (and other DNS servers I configured in General Setup) and resolve things. Thought it might be an Unbound problem, but could not see how.

I was looking in the Reports tab of pfB, but nothing was being blocked. And DNS queries did not return the 10.10.10.1 Virtual IP address pfB tosses out for blocked domains.

I set this aside until a compact FlickR.com URL also failed. These use flic.kr as their domain name. Same problem as with ailun.com. Not blocked by a blacklist, just no data found.

Just for fun I decided to turn off pfB and try again. Everything resolves just fine when pfB is turned off. When it is enabled again, these domains fail.

I am running pfBLockerNG Devel v3.2.0_20 under pfSense 24.03-RELEASE on an SG-5100. I have not made substantive changes to my system (other than system/package updates) in some time.

Holding off upgrading to 24.11 for now while I wait for any ideas/pointers on how to solve this... thanks!

Does anyone have any idea why the DNS Resolver doesn't work after enabling DNSBL? I tried doing some diagnostics (Diagnostic -> DNS Lookup), but unfortunately, 127.0.0.1 returns "No response".

Seen this notice after updating.

New alert found: To utilize the ASN functionality, you must register for a free IPinfo Account. Review IP Tab for more information.

On pfSense 2.7.2, pfBlockerNG-devel 3.2.0_20.

Since (I think) Wednesday last week, I’ve been getting errors saying:

[ pfB_PRI3_v4 - MaxMind_BD_Proxy_v4 ] Download FAIL [ 11/18/24 18:30:01 ]

  DNSBL, Firewall, and IDS (Legacy mode only) are not blocking download.

 [ 11/18/24 18:30:01 ]

 The link to the feed is https://www.maxmind.com/en/high-risk-ip-sample-list and, when I copy and paste this into my web browser, I can see a page with a list of IPv4 addresses.

 The IPv4 “group listing” shows:

Format: Auto

State: On

Source: https://www.maxmind.com/en/high-risk-ip-sample-list

Header/Label : MaxMind_BD_Proxy

 I don’t see any alerts that are blocking this link. I’m at a loss.

does anybody know why the following two lists are failing to parse? first thought was ABP-style, but i thought the parser was modified some number of updates back to accomodate OISD's transition to ABP-style.

https://raw.githubusercontent.com/RPiList/specials/refs/heads/master/Blocklisten/malware https://raw.githubusercontent.com/RPiList/specials/refs/heads/master/Blocklisten/Phishing-Angriffe

[ RPi_Malware ]			 Reload [ 11/15/24 11:51:02 ] . completed .
No Domains Found! Ensure only domain based Feeds are used for DNSBL!

[ RPi_Phishing ]		 Downloading update [ 11/15/24 11:51:25 ] .. 200 OK
No Domains Found! Ensure only domain based Feeds are used for DNSBL!

Does anyone know if one is able to create different block/allow lists in pfBlocker for multiple clients? Thx.

The middle connection is working perfectly, please ignore it. However, the first and last connections have the same remote, and the first connection with the SPI (the unnamed one) was not created by me; it appears and disappears on its own.

please help to solve problem the IPSec connection is destroyed

https://preview.redd.it/hpbnzaqxoo0e1.png?width=1312&format=png&auto=webp&s=da19c6c986cdd7249be67c1cafacd3ecbb9f3d3a

I’ve cleared all logs for reporting and Top Group Count won’t reset, clear. Running latest version pflockerng-devel

I recently updated to version 3.2.0_20. Since then I’ve been having an issue where DNS resolution fails for a full minute at 1 minute past every hour. If I disable pfb, the issue goes away. I don’t see any stop/starts of unbound during this time and nothing in the pfblockerng.log. I’m running this on netgate 7100, with pfSense 24.03

To whom can assist:

I have noticed after enabling PFBlockerNG on my network i am unable to get various streaming apps to stream shows. ALL the apps work as far as opening but many or all shows on that service give errors.

I have tried looking up the literal near hundreds of sites that are called when you pick various shows but is there a good way to manage/allow anything a streaming service needs to work?

EDit: Solved with Workaround.

I Am Using HaGezi Pro+ on Apple IPad. It’s blocked Some but the following are not blocked. I’m surprised, So I Switched to Hagezi full, same result. Shouldn’t it be blocking these?

adservice.google.com
analytics.google.com

ads.youtube.com

Apple

weather-analytics-events.apple.com
metrics.mzstatic.com
api-adservices.apple.com
iadsdk.apple.com

Updated to BlockerNG-devel 3.2.0_20 and using the new Spamhaus feeds (direct from the feeds section)

i.e.

https://www.spamhaus.org/drop/drop_v4.json
https://www.spamhaus.org/drop/drop_v6.json

These don't seem to be working through, getting the following when doing a reload...

I believe pfBlockerNG-devel v3.2.0_19 | Patreon brought in the new json feed "Add "application/x-ndjason" file mime-type for the new Spamhaus json Feed".

Anyone have any ideas? Is this supposed to be working?

---------------------

Source: pfblockerng.log

[ Spamhaus_Drop_v4 ] Downloading update .. 200 OK
[PFB_FILTER - 17] Failed or invalid Mime Type: [application/x-ndjson|0]

[ pfB_Primary_Tier_v4 - Spamhaus_Drop_v4 ] Download FAIL [ 10/27/24 08:48:22 ]
DNSBL, Firewall, and IDS (Legacy mode only) are not blocking download.

----------

[ Spamhaus_Drop6_v6 ] Downloading update .. 200 OK
[PFB_FILTER - 17] Failed or invalid Mime Type: [application/x-ndjson|0]

[ pfB_Primary_Tier_v6 - Spamhaus_Drop6_v6 ] Download FAIL [ 10/27/24 08:48:25 ]
DNSBL, Firewall, and IDS (Legacy mode only) are not blocking download.

Approx 10 days ago, some ASN files when downloaded are empty files.

Is anybody else having this issue?

It has been working for many months untill approx 10 days ago.

Running Netgate 6100MAX and latest pfBlockerNG

eg: from the log file

=========================================

[ AS14618_v4 ] Downloading update .

Downloading ASN: 14618...... completed ..

Empty file, Adding '127.1.7.7' to avoid download failure.

=========================================
If I manually try to download them they have the required data in the files.

https://api.bgpview.io/asn/14618/prefixes

See below for the first few lines

{
  "status": "ok",
  "status_message": "Query was successful",
  "data": {
    "ipv4_prefixes": [
      {
        "prefix": "3.3.3.0/24",
        "ip": "3.3.3.0",
        "cidr": 24,
        "roa_status": "Valid",
        "name": "AT-88-Z",
        "description": "Amazon Technologies Inc.",
        "country_code": "US",
        "parent": {
          "prefix": "3.0.0.0/9",
          "ip": "3.0.0.0",
          "cidr": 9,
          "rir_name": "ARIN",
          "allocation_status": "unknown"
        }
      },

Update: BBcan177 confirmed that 3.2.0_20 is a legitimate update, writing:

The devs forgot to include one patch for a GeoIP page save issue. So that required a bump to _20

I have installed it and it's working fine.

Original post follows:

_________________________________________________________________________________________

My pfSense CE 2.7.2 dashboard shows that pfBlockerNG-devel 3.2.0_19 is no longer the most current version, having been superseded by 3.2.0_20.

I did not find any announcement of a pfBlockerNG-devel 3.2.0_20 on the Patreon BBcan177 page or in email from Patreon.

I did not find an announcement on this r/pfBlockerNG subreddit.

I don't find an announcement on the Netgate pfBlockerNG forum.

Is pfBlockerNG-devel 3.2.0_20 a legitimate, intentional update for pfSense CE 2.7.2 firewalls?

https://preview.redd.it/vgmp8c23v5wd1.png?width=976&format=png&auto=webp&s=7525c8e03db5dd05be5575a15f850df77602e7c6

I am just trying to get the latest version of pfblockerng

I have another thread dealing with this but for some reason reddit will not let me post another comment so new thread...I mean reddit is sucking lately right? IS it just me?

Does pfsense and pfblockerng have discord channels? I mean reddit blows chunks nowadays

SO, I updated pfsense to 2.7.1 and all good

I then update to pfsense 2.7.2 and receive a failure at the very end as below: anyone have any ideas how to fix this? I mean I can't even reboot as the error is related to the efi folder...

Editted:

I did reboot the system and it DID reboot just fine-regardless of the efi error

I DID have enough storage space available-I am using a 256GB SSD and with a LOT of space free after pfsense and packages are installed

logs below------------------------------

Updating pfSense-core repository catalogue...

Fetching meta.conf: . done

Fetching packagesite.pkg: . done

Processing entries: . done

pfSense-core repository update completed. 4 packages processed.

Updating pfSense repository catalogue...

Fetching meta.conf: . done

Fetching packagesite.pkg: ......... done

Processing entries: .......... done

pfSense repository update completed. 550 packages processed.

All repositories are up to date.

Updating pfSense-core repository catalogue...

Fetching meta.conf:

Fetching packagesite.pkg:

pfSense-core repository is up to date.

Updating pfSense repository catalogue...

Fetching meta.conf:

Fetching packagesite.pkg:

pfSense repository is up to date.

All repositories are up to date.

Checking for upgrades (9 candidates): ......... done

Processing candidates (9 candidates): ......... done

Checking integrity... done (0 conflicting)

The following 9 package(s) will be affected (of 0 checked):

Installed packages to be UPGRADED:

curl: 8.5.0 -> 8.6.0 \[pfSense\]

pfSense: 2.7.1 -> 2.7.2 \[pfSense\]

pfSense-base: 2.7.1 -> 2.7.2 \[pfSense-core\]

pfSense-default-config: 2.7.1 -> 2.7.2 \[pfSense\]

pfSense-kernel-pfSense: 2.7.1 -> 2.7.2 \[pfSense-core\]

pfSense-pkg-pfBlockerNG-devel: 3.2.0\_7 -> 3.2.0\_19 \[pfSense\]

pfSense-repo: 2.7.1 -> 2.7.2 \[pfSense\]

strongswan: 5.9.11\_2 -> 5.9.11\_3 \[pfSense\]

unbound: 1.18.0\_1 -> 1.19.1 \[pfSense\]

Number of packages to be upgraded: 9

No packages are required to be fetched.

Integrity check was successful.

Updating pfSense-core repository catalogue...

Fetching meta.conf:

Fetching packagesite.pkg:

pfSense-core repository is up to date.

Updating pfSense repository catalogue...

Fetching meta.conf:

Fetching packagesite.pkg:

pfSense repository is up to date.

All repositories are up to date.

Checking integrity... done (0 conflicting)

The following 1 package(s) will be affected (of 0 checked):

Installed packages to be REINSTALLED:

pfSense-boot-2.7.2 \[pfSense-core\]

Number of packages to be reinstalled: 1

[1/1] Reinstalling pfSense-boot-2.7.2...

[1/1] Extracting pfSense-boot-2.7.2: .......... done

Updating the EFI loader

install: //boot/efi/efi/boot/INS@ABy1Xh: Input/output error

pkg-static: POST-INSTALL script failed

failed.

Failed

----------logs above

Hello,

i need some help please with pfBlocker devel v.3.2.0_17

i added a list to my DNSBL Groups but the log shows the list is empty

log for the specific blocklist from the update

[ Streaming ] Reload [ 10/17/24 07:03:45 ] . completed .
  IDN converted: [ can’t ] [ xn--cant-x96a ].
  ----------------------------------------------------------------------
  Orig.    Unique     # Dups     # White    # TOP1M    Final                
  ----------------------------------------------------------------------
  3        3          3          0          0          0                    
  ----------------------------------------------------------------------

here is the raw file that i added from github Streaming

what does this mean

IDN converted: [ can’t ] [ xn--cant-x96a ].

can i get some help here please....

Thanks

https://preview.redd.it/y3xrcjkyf3vd1.png?width=1199&format=png&auto=webp&s=cba818c513febb6f4268939c9485c367fc286237

Hello,

I've just started using PfBlockerNG at my school. Users are now complaining about slowness on the Internet, and I feel it too. Only users on PfBlockerNG experience them. Have I done something wrong? I've provided you with a screenshot of the PfBlockerNG info and the technical features of my PfSense.

DHCP is configured so that my Windows server is the DNS, and if it doesn't know the resolution (it only knows how to resolve internally), it forwards the request to the Pfsense's DNS resolver, which deals with PfBlockerNG.

It also takes at least 15 minutes to update the PfBlockerNG lists.

My Pfsense is connected in 10G on our 10G fiber link and in 10G to the LAN, then my clients are in 1G.

Thanks for your advice

Hi Folks, I' still pretty new to this. I'm still learning a lot with pfBlockerNG-devel & pfSense.

This dashboard of pfBlockerNG-devel/pfSense gives me the following stats:
pfB_PRI1_v4 1,965 0
DNSBL_EasyList 77,217 30294
DNSBL_ADs 9,511 46663
DNSBL_Malicious 494,603 764
DNSBL_Malicious2 2,013 2202
DNSBL_ADs_Basic 86,534 41

CINS Army was giving me an issue getting to groups (dot) io (typing in the link directly frose the interface), so I disabled it (on my old router). Now that I'm on the new router, the lack of detection is more noticeable. FYI, both are NetGate appliances!

I have no idea wat I should have enabled or disabled. I have not found a great explanation of the feeds (maybe my lack of knowledge). I think for the most part, I have a pretty generic setup.

FYI pfSense 24.03 and pfBlockerNG-devel 3.2.0_18

any help or guidance would be awesome!!

I previously used pfBlockerNG, and disabled it as streaming things like Paramount Plus wouldn't work. I am trying to reinstate pfBlocker, but cannot seem to figure out IP whitelists. I have three streaming devices on the inside network which are in an alias, which I'd like to bypass the block lists from pfBlocker. I cannot see where to add this alias. When I change the rule order in the pfblocker config, it allows too many things to bypass the pfblocker rules, which defeats the whole purpose. Any help would be greatly appreciated.

Resolved by installing patch identified below by BBCan177

(Original post appears below)

I'm running pfBlockerNG-devel 3.2.0_18 on pfSense CE 2.7.2. I have all of my GeoIP aliases set to Alias Native mode. I have a configured Maxmind key valid since 2020-03-28 for GeoLite2 Country, City, and ASN databases

Each time I try to save an alias in the Firewall --> pfBlockerNG--> IP--> GeoIP tab, pfSense crashes, reloads the prior configuration, and leaves me with a notice on the dashboard that reads:

pfSense has detected a crash report or programming bug. Click here for more information.

Clicking on the link reveals a crash log like the one shown below.

Crash report begins. Anonymous machine information:
amd64
14.0-CURRENT
FreeBSD 14.0-CURRENT amd64 1400094 #1 RELENG_2_7_2-n255948-8d2b56da39c: Wed Dec 6 20:45:47 UTC 2023 root@freebsd:/var/jenkins/workspace/pfSense-CE-snapshots-2_7_2-main/obj/amd64/StdASW5b/var/jenkins/workspace/pfSense-CE-snapshots-2_7_2-main/sources/F
Crash report details:
PHP Errors:
[13-Oct-2024 11:43:32 America/New_York] PHP Fatal error: Uncaught TypeError: array_path_enabled(): Argument #1 ($arr) must be of type array, int given, called in /etc/inc/config.lib.inc on line 1250 and defined in /etc/inc/util.inc:3662
Stack trace:
#0 /etc/inc/config.lib.inc(1250): array_path_enabled(-1, 'notifications/s...', 'disable')
#1 /etc/inc/notices.inc(379): config_path_enabled('notifications/s...', 'disable')
#2 /etc/inc/notices.inc(662): notify_via_smtp('pfSense is rest...')
#3 /etc/inc/notices.inc(151): notify_all_remote('pfSense is rest...')
#4 /etc/inc/config.lib.inc(239): file_notice('config.xml', 'pfSense is rest...', 'pfSenseConfigur...', '')
#5 /etc/inc/config.lib.inc(695): restore_backup('/cf/conf/backup...')
#6 /usr/local/www/pfblockerng/pfblockerng_Africa.php(405): write_config('[pfBlockerNG] s...')
#7 {main}
thrown in /etc/inc/util.inc on line 3662
[13-Oct-2024 11:43:32 America/New_York] PHP Fatal error: Uncaught TypeError: array_path_enabled(): Argument #1 ($arr) must be of type array, int given, called in /etc/inc/config.lib.inc on line 1250 and defined in /etc/inc/util.inc:3662
Stack trace:
#0 /etc/inc/config.lib.inc(1250): array_path_enabled(-1, 'notifications/s...', 'disable')
#1 /etc/inc/notices.inc(379): config_path_enabled('notifications/s...', 'disable')
#2 /etc/inc/notices.inc(662): notify_via_smtp('PHP ERROR: Type...')
#3 /etc/inc/notices.inc(151): notify_all_remote('PHP ERROR: Type...')
#4 /etc/inc/config.lib.inc(1154): file_notice('phperror', 'PHP ERROR: Type...', 'PHP errors')
#5 [internal function]: pfSense_clear_globals()
#6 {main}
thrown in /etc/inc/util.inc on line 3662
No FreeBSD crash data found.

Rebooting pfSense (to test after a clean start) does not have any effect -- the problem remains.

I have not knowingly tinkered with pfBlocker files, directories, ownerships, or permissions outside of what I was directed to do in dealing with the problematic update, roll-back, and re-release.

Is this unique to my pfSense CE installation or have others experienced this? Any suggestions for resolving it?

hi all,

I'm trying to add Hagezi's DNS blocking list to my pfblockerng

I put the blocking lists under DNSBL

Most of the lists work except for 3:

RPZ Wildcard Asterix DNS Masq

So the lists apparently don't contain domains, where in pfBlockerNG do I put these lists for them to work?

edit: I tried putting them in ipv4 and it also didn't work not sure where else I can put them

As the title says, the reports section is timing out. This started while back.

I’ve tried uninstalling and setting up from fresh and also upgraded to the latest and is still timing out.

Any ideas?

Hi All,

I seem to have issues with the latest DEV 3.2.0_18. that's using very high CPU, i have an old version that's on another device 3.2.0_8, working great. Both devices running 2.7.2.

Both instances on unbound mode (I'm experiencing the same issue with the python mode). If i disable the service, CPU comes back to normal levels.

Thank you