I set up pfBlockerNG about a year ago by following Tom's tutorial. After making some other changes to my firewall setup recently I decided to re-run pfBlocker's wizard just so I could start with a fresh config. This tutorial is still as spot-on as it was when Tom first made it. So I'm giving another tip of my hat to Tom for his outstanding guidance and thorough explanation of this package.
it almost 1.5 years that I undoubtedly follow your tutorials for pfsense configuration, really good content and knowledge shared at it upmost form, thank you very much.
Been using this for a couple years and forgot to donate. Just signed up for the Patreon and I encourage others who have the means to do so as well. It's these developers who continue to push pfSense to the top.
Just wanna say thanks for the great info! I know it's a massive effort to put together all these videos. They've been such a help for me as I've gotten started with pfSense and TrueNAS over the last couple of weeks.
One of the first things I do when setting up pfblocker-ng is add the (public) DNS servers I use to the IP whitelist. For example; Some time ago the 1.1.1.1 was put on a blacklist :( I had to spend some time figuring out why internet was "dead" on every device in the entire network 🤬
@S K that is exact how I have my setup. However, if a pfblocker ip blacklist contain the ip of the dns you use for the dns resolver then the dns resolver can not contact that external dns server and nothing in your network will be able to resolve external sites. I found this out the hard way :(
It's important to note that pfBlockerNG won't work if you're running DNS Forwarder. I was getting address bind errors with unbound after running the setup wizard. To fix, I needed to disable DNS Forwarder and set up DNS Resolver instead. This might be obvious to many, but for a noob like me it took some time to work out the problem.
Great video. Small request: can you please zoom in when you show what you do on screen? It would be much easier to see on the phone the details you show Thanks👍
Tom, excellent information here, so I added it to my cybercentric T-channel (FlynnInfoSec1). As a recent NG6100 owner, it is nice to have such a great resource!
Nice introduction to PFblocker. I deployed it yesterday following this video , hoping to block websites , however many are still getting through . http versions of sites are blocked but https versions are returning . Any advise ? ( Using Shallalist , Already enabled TLD , Force reloaded , rebooted )
Thank you for sharing this video which is super useful to anyone starting new to use pfSense / pfBloker. I have a question:: the GEO IP page suggests not blacklisting "the whole world" but to whitelist a few countries from which one is interested in receiving traffic. I believe the approach demonstrated in the video the whole world blacklisting. If you provided instructions, or a dedicated video, on how to whitelist a few countries, that would be super ! (simply a suggestion for consideration)
I was hoping that you would hit on Unbound mode, whether through Unbound mode or through the Unbound Python mode, and what, if any changes need to be made. But good content as always Tom, and I thank you for putting this out.
I was hoping for that as well, but I can understand if he doesn't as its still listed as BETA. I just attempted changing to the "unbound python mode" and DNSBL broke in all sorts of ways so I just went back to "unbound mode" for now. Still works great!
Hey Lawrence, I want to run pfSense but it has to be on a box with multiple 10GbE SFP+ slots. Know of any such commonly available hardware that can be used with pfSense?
Thanks, for this explanation. I would appreciate that you would make a video explaining the lists you are using, and custom lists not found in the Feeds . Cheers
It seems like with version 2.1.4_28 the wizard is gone. Also there is no Feed and IP tab. Tthere is nothing set up for IPv4 as well as no lists in the Source Definitions. There are no DNSBL Groups and the EasyList is just blank. Is there a meaning to the Header/Label field for the URL of the list or can it be anything?
I know this video is a year or so old, but after I go through the wizard for pfblockerng-devel 3.0.. i am only seeing 1 dnsbl group? In the video it looks like there's 3? Is this some sort of recent update or did I mess something up?
pfb_dnsbl pfBlockerNG DNSBL service shows disabled and when I click enable it doesn't start the service. Looked around and cannot find the answer for this issue.
Hello, regarding the DNSBL VIP Address, if you have 2 pfsense firewalls syncing via XMLRPC, should that IP be different for each firewall or that doesnt matter since its virtual?
I tried to only allow my computer IP to access without blocking but no working. I put rules on the top at Floating, WAN and LAN interface, still not working. I use your examples blocking the UDP 53(DNS). What I did wrong?
I've been trying to allow a specific port forward to bypass the GeoIP lists. I can't seem to find a good resource for this latest version. Since you mentioned enabling floating rules, would I just add a new floating FW rule to the top of the list that allows that one port?
Hello , i’m new to pfsense , and have pfBlockNG setup and working okay , but right now pfsense blocked Radarr for search or add new exiting movies. How can i whitelist Radarr ?
I've looked at pfblockerng-devel a few times now and I just can't get it to not hog the CPU on my Netgate SG2100. The SG2100 normally sits at 95 to 98% idle in normal conditions on my home network, but with pfblockerng-devel enabled just after running through the Wizard and making no changes the router sits at 30 to 40% idle and gets a lot hotter to touch. I don't get it since there really isn't much going on in the network, the pihole does the same work using less than 1% CPU on a Raspberry Pi 4. I'd love to use pfblockerng, but given the strain it puts on the Netgate router, it's just not feasible. Am I doing something wrong there? Am I missing something?
Thank you for all your videos! I really want to buy a couple of your shirts like the crimp hand one, but they are black and I work outdoors mostly in texas :(
How would you add a range of IPs (ie cloudflare) to the whitelist? I'm having issues with the cloudflare proxy (orange cloud) not responding due to pfblocker.
Hi I have a question about PfblokkerNG. When I use Pi-Hole as a DNS blocker, I have the opportunity to see an active here and now updated log file that shows in color what is blocked and what is not blocked. I use a Nategate 4100 which I am very happy with, but am considering using PfblockingNG rather than Pi-hole. However, I really like the online log reading that is possible in Pi.Hole. Is it somehow possible to get the same information from my Nategate?
Please a quick elaboration on why in Firewall/pfBlockerNG/IP/GeoIP all rules have as action Deny inbound (so deny what comes from outside to the network according to my GeoIP rules which seems right as a choice) where in Firewall/pfBlockerNG/IP/IPv4 for all block lists the action is Deny outbound. Its like our network is the malicious one and prevents it from contaminated net :) Am I missing something here> Shouldnt all actions in both GeoIp and Blocklists set to Inbound than outbound????? What purpose serves the outbound? New Edit: hmmm.... probably block lists set to outbound in order to prevent the user/s to visit already known malicious sites .. so this traffic is considered to be outbound right?
Thx for great video. Although I think its pretty confusing :D NFL Game Pass android app(on tv), is getting ad-blocked when I want to start streaming a game, and then black screen. But I cant find out how find the specific host to whitelist. :S
Hey everyone, I have setup this as per the video instructions and cannot for the life of me get it to work correctly. I ads still come through.. Under rules, floating, the stats for the rule that pfBlocker created remain at 0/0 B Which appears to indicates that no traffic is flowing through/using this rule. I am at a bit of a loss what to do to rectify this, can anyone assist?
Will it work on SG-1100 without any other plugins set, configured and enabled? I’m just concerned that the SG-1100 is too small to work with pfBlocker-NG. Can anyone confirm this please? Thanks.
I've tried mine working smoothly until I found out that it didn't work in https sites... The documentation says that it will also apply to https sites but it doesn't. Can you help me with my problem?
@@LAWRENCESYSTEMS I wanted to make sure it wasn't indicative of another issue, or if the block list(s) were blocking just that portion of fb. it shows the video on my phone, but not on my computer. weird.
I've had issues with false positives using pfBlocker in the past. I ended up switching to pihole instead for its UI/ease of use as well. What are your thoughts on the two for a home user? Does it matter?
This might be a dumb question. I apology in advance but I still ask... So, I want to use pfSense to restrict my kids from accessing other domains that I want (those from school). Is that easy doable? Can you suggest anything?
Untangle Firewalls has only paid option as far as I can see ... which for household looks expensive to me. Thank you for pointing me to the right direction.
Just becasue a webpage says they're a data analytics company it doesn't mean that "clearly" they're a data analytics company. It's just a web page son. I have a bridge for sale. Interested? Fantastic video though. This makes me want to stay with PFSense. You've got one of the lowest thumbs down ratios I've ever seen. Keep up the good work. Thank you.
Hopefully you already figured this out, but it would depend on what your subnet mask is. If you are using 192.168.0.0/24, then setting a VIP of 192.168.1.1 (as would any thing between 1 and 253 in that 3rd octet) would be fine because it's not part of that subnet. Same thing if you are using 10.0.0.0/24, 10.10.10.1 like in the example would be fine. Your subnets define how your internal traffic is routed, so any private IP that is on a different subnet than what's already in use would be fine. If there's a conflict, you wouldn't be able to get to the VIP because your router would send that traffic to the interface responsible for that subnet instead of hitting the VIP.
What if I setup Nord VPN on pfSense? Would that be my WAN port even though I still have a "Wan" port listed? My external Ip of cours shows my true IP on the "WAN" interface.
Mister Rossmann insists everybody using pfBlocker-ND yet it is very confusing. I am not using that, why is there not a simple button that I can click and instead all this text, I hate how people do it, it is not for public for if it is not available! Countless of pages of text and half an hour tutorial just to use a single button!
Even with version 3 I am still getting [DNSBL_Misc - hpHostsFSA] Download FAIL [12/11/20 11:10:22] [DNSBL_Misc - BBCDGAAgr] Download FAIL [12/11/20 11:10:00] Do I have to remove them ?
@@LAWRENCESYSTEMS Than k you for your quick reply!! Well yes at least with ver 2 they were keep failing with each update, I have a couple of hours running ver 3 and got the below also [ DNSBL_Misc - hpHostsFSA ] Download FAIL [ 12/11/20 12:01:09 ] [ DNSBL_Misc - Quidsup ] Download FAIL [ 12/11/20 12:00:33 ] [ DNSBL_Misc - hpHosts ] Download FAIL [ 12/11/20 12:00:29 ] [ DNSBL_Misc - hpHostsFSA ] Download FAIL [ 12/11/20 11:10:22 ] [ DNSBL_Misc - BBCDGAAgr ] Download FAIL [ 12/11/20 11:10:00 ] [ DNSBL_Misc - Quidsup ] Download FAIL [ 12/11/20 11:09:59 ] [ DNSBL_Misc - hpHosts ] Download FAIL [ 12/11/20 11:09:55 ] So any info of the web ui path I follow to do this? Also just registered with Maxmind in order to avoid in extra fail messages (my eye tends to spot them and stare them for a long time :) ) I just generated a key for ver 3.1.1 and newer and pasted it in the relevant field in pfsense in the IP tab. In the Maxmind page though it also has : For Usage with GeoIP Update We've generated a config file for you to use with GeoIP Update. See the Automatic Updates for GeoIP2 and GeoIP Legacy Databases page to learn how to use this config file to set up automatic updates. Download Config button Do I need this because even if I downloaded I didnt figure a way to import it inside pfsense Thank you once more!!!! PS Either you didnt leave it your comments below as you mentioned or I am blind and cant see the previous video where you talk about the way to setup the GeoIP
I like your minimalist approach to the DNSBL. I'm going to turn them all off for now. Have you or anyone found a list to block ads when browsing on mobile devices? 🤔
just run the wizard and it just works for a base config lol no it does not and spent 2 hrs trying to get it to work and nothing (pfb_dnsbl pfBlockerNG DNSBL service wont start)
I set up pfBlockerNG about a year ago by following Tom's tutorial. After making some other changes to my firewall setup recently I decided to re-run pfBlocker's wizard just so I could start with a fresh config. This tutorial is still as spot-on as it was when Tom first made it. So I'm giving another tip of my hat to Tom for his outstanding guidance and thorough explanation of this package.
it almost 1.5 years that I undoubtedly follow your tutorials for pfsense configuration, really good content and knowledge shared at it upmost form, thank you very much.
Been using this for a couple years and forgot to donate. Just signed up for the Patreon and I encourage others who have the means to do so as well. It's these developers who continue to push pfSense to the top.
Just wanna say thanks for the great info! I know it's a massive effort to put together all these videos. They've been such a help for me as I've gotten started with pfSense and TrueNAS over the last couple of weeks.
Glad you like them!
Perfect timing! I installed this plug ages ago and was about to finally going and set it up.
Thanks for the guide Tom. Upgraded from 2.5 to 3.0. Sound advice as always.
Great to hear!
I see for North America you have it set for "Match Both". What does match both do?
One of the first things I do when setting up pfblocker-ng is add the (public) DNS servers I use to the IP whitelist.
For example; Some time ago the 1.1.1.1 was put on a blacklist :(
I had to spend some time figuring out why internet was "dead" on every device in the entire network 🤬
@S K that is exact how I have my setup.
However, if a pfblocker ip blacklist contain the ip of the dns you use for the dns resolver then the dns resolver can not contact that external dns server and nothing in your network will be able to resolve external sites.
I found this out the hard way :(
Best pfSense content ever. Thankyou your stuff has been a big help!
Tom, thanks for another great update it's much appreciated!
Thanks for this Tom, very complete and awesome explanations.
It's important to note that pfBlockerNG won't work if you're running DNS Forwarder. I was getting address bind errors with unbound after running the setup wizard. To fix, I needed to disable DNS Forwarder and set up DNS Resolver instead. This might be obvious to many, but for a noob like me it took some time to work out the problem.
Great video. Small request: can you please zoom in when you show what you do on screen? It would be much easier to see on the phone the details you show
Thanks👍
Always a great tutorial. Used it again after updating to a 4-port intel NIC from a 2-port...thanks!
Finally I find something to block Ads. Thanks
Love it Tom! Always great detailed content for exactly what I am looking for, best PfSense tutorials on RUclips!
Thank you
Thank you very much for the great Information. You are awesome.
Thank you very much for sharing knowledge. may God return you in much more ...
Thanks Tom. Its a lil of time that i want to start a pfblocker. Hope your guides can help me. Ciao
Thanks Tom for the update, can we get an update on connecting Truenas to PfSense in LACP, please? Pref with a Netgear managed switch!!! lol
Great video and thanks for the help. If you have VPN setup do you select openvpn for both inbound and outbound interfaces during the setup.
Thank you, as always very good information
Thank you Tom, your videos are awsome and i have learned so much... love my netgate 5100!!! (got it cheap...)
Tom, excellent information here, so I added it to my cybercentric T-channel (FlynnInfoSec1). As a recent NG6100 owner, it is nice to have such a great resource!
Nice introduction to PFblocker. I deployed it yesterday following this video , hoping to block websites , however many are still getting through . http versions of sites are blocked but https versions are returning . Any advise ? ( Using Shallalist , Already enabled TLD , Force reloaded , rebooted )
Thank you for sharing this video which is super useful to anyone starting new to use pfSense / pfBloker. I have a question:: the GEO IP page suggests not blacklisting "the whole world" but to whitelist a few countries from which one is interested in receiving traffic. I believe the approach demonstrated in the video the whole world blacklisting. If you provided instructions, or a dedicated video, on how to whitelist a few countries, that would be super ! (simply a suggestion for consideration)
I was hoping that you would hit on Unbound mode, whether through Unbound mode or through the Unbound Python mode, and what, if any changes need to be made. But good content as always Tom, and I thank you for putting this out.
I was hoping for that as well, but I can understand if he doesn't as its still listed as BETA.
I just attempted changing to the "unbound python mode" and DNSBL broke in all sorts of ways so I just went back to "unbound mode" for now. Still works great!
Super helpful video, best one I've seen yet on pfBlocker. Many thanks!!
Hey Lawrence, I want to run pfSense but it has to be on a box with multiple 10GbE SFP+ slots. Know of any such commonly available hardware that can be used with pfSense?
Tom, I was watching your PfblockerNG video from 2019, and then i ran into the MaxMind error, then i searched for this video and bang, problem solved
Thank you for the thorough explanation!
Thanks, for this explanation. I would appreciate that you would make a video explaining the lists you are using, and custom lists not found in the Feeds . Cheers
top banana. Common sense approach. Sensible application. Thanks for posting this.
Great, especially the custom list
It seems like with version 2.1.4_28 the wizard is gone. Also there is no Feed and IP tab.
Tthere is nothing set up for IPv4 as well as no lists in the Source Definitions. There are no DNSBL Groups and the EasyList is just blank. Is there a meaning to the Header/Label field for the URL of the list or can it be anything?
How do I block all websites and allow only few websites to access from specific LAN IP's, and allow all websites on other IP's of LAN
As always excellent content. Thank you.
Thanks for the demo and info, have a great day
I know this video is a year or so old, but after I go through the wizard for pfblockerng-devel 3.0.. i am only seeing 1 dnsbl group? In the video it looks like there's 3? Is this some sort of recent update or did I mess something up?
pfb_dnsbl pfBlockerNG DNSBL service shows disabled and when I click enable it doesn't start the service. Looked around and cannot find the answer for this issue.
Hello, regarding the DNSBL VIP Address, if you have 2 pfsense firewalls syncing via XMLRPC, should that IP be different for each firewall or that doesnt matter since its virtual?
Why in the GeoIP setting for North America, do you have it as Match Both vs Deny Inbound?
As always thanks for the video, your vids are always great!
Basically for newbies, leave settings as defaults which works for me.
Best of the best as always.. thank you 🙏 for awesome videos!!
I tried to only allow my computer IP to access without blocking but no working. I put rules on the top at Floating, WAN and LAN interface, still not working. I use your examples blocking the UDP 53(DNS). What I did wrong?
Can I have lan1 non filtered via pf blocker and. Having lan2 or opt filtered by pf blocker?
I've been trying to allow a specific port forward to bypass the GeoIP lists. I can't seem to find a good resource for this latest version. Since you mentioned enabling floating rules, would I just add a new floating FW rule to the top of the list that allows that one port?
Thank you for making these videos!!
Great tutorial! Thank you sir.
Hello , i’m new to pfsense , and have pfBlockNG setup and working okay , but right now pfsense blocked Radarr for search or add new exiting movies.
How can i whitelist Radarr ?
I've looked at pfblockerng-devel a few times now and I just can't get it to not hog the CPU on my Netgate SG2100. The SG2100 normally sits at 95 to 98% idle in normal conditions on my home network, but with pfblockerng-devel enabled just after running through the Wizard and making no changes the router sits at 30 to 40% idle and gets a lot hotter to touch. I don't get it since there really isn't much going on in the network, the pihole does the same work using less than 1% CPU on a Raspberry Pi 4. I'd love to use pfblockerng, but given the strain it puts on the Netgate router, it's just not feasible.
Am I doing something wrong there? Am I missing something?
If anyone is having problems with MaxMind licence being rejected, just update pfBlockerNg to version 3.2.0_4.
Thank you for all your videos! I really want to buy a couple of your shirts like the crimp hand one, but they are black and I work outdoors mostly in texas :(
When do we think v3 of pfblockng will be stable and not dev? thanks for all your pfsense video's they really help.
How would you add a range of IPs (ie cloudflare) to the whitelist? I'm having issues with the cloudflare proxy (orange cloud) not responding due to pfblocker.
Wonder if there's a reason to run PFblocker together with the blacklist blocker on CloudFlare.
dang, something broke in the latest update of PFB for me...when I try to go into the reporting section, I time out no matter what browser/pc etc.
Hi
I have a question about PfblokkerNG.
When I use Pi-Hole as a DNS blocker, I have the opportunity to see an active here and now updated log file that shows in color what is blocked and what is not blocked.
I use a Nategate 4100 which I am very happy with, but am considering using PfblockingNG rather than Pi-hole. However, I really like the online log reading that is possible in Pi.Hole.
Is it somehow possible to get the same information from my Nategate?
pihole has better reporting.
Please a quick elaboration on why in
Firewall/pfBlockerNG/IP/GeoIP all rules have as action Deny inbound (so deny what comes from outside to the network according to my GeoIP rules which seems right as a choice) where in
Firewall/pfBlockerNG/IP/IPv4 for all block lists the action is Deny outbound. Its like our network is the malicious one and prevents it from contaminated net :) Am I missing something here>
Shouldnt all actions in both GeoIp and Blocklists set to Inbound than outbound?????
What purpose serves the outbound?
New Edit: hmmm.... probably block lists set to outbound in order to prevent the user/s to visit already known malicious sites .. so this traffic is considered to be outbound right?
Yes, blocking outbound prevents internal systems from connecting to those IP's.
ty for all the great info, and any site taht i found taht "you must unblock us to view content" is a big okay bye bye for me. i don't need them. lol
Excellent stuff Lawrence!
Thx for great video. Although I think its pretty confusing :D NFL Game Pass android app(on tv), is getting ad-blocked when I want to start streaming a game, and then black screen. But I cant find out how find the specific host to whitelist. :S
Cool needed this but some of the default feeds gone. Does anyone have new feeds that will replace the ones we lost?
Hey everyone, I have setup this as per the video instructions and cannot for the life of me get it to work correctly. I ads still come through.. Under rules, floating, the stats for the rule that pfBlocker created remain at 0/0 B Which appears to indicates that no traffic is flowing through/using this rule. I am at a bit of a loss what to do to rectify this, can anyone assist?
Will it work on SG-1100 without any other plugins set, configured and enabled? I’m just concerned that the SG-1100 is too small to work with pfBlocker-NG. Can anyone confirm this please? Thanks.
Should the Action under PfBlockerNG\IP PRI1 be Deny Outbound or Deny Inbounnd?
I've tried mine working smoothly until I found out that it didn't work in https sites... The documentation says that it will also apply to https sites but it doesn't. Can you help me with my problem?
Very helpful! Thanks
Kind of off topic, but how did you get the selected check boxes in pfSense a different color? :-)
If things look off, its because you downloaded the wrong package.... took me a while of fighting to figure out what was going on.
Great video as always. Keep it up!
How can I customize DSNBL blocking page on PfblockerNg3,
Any thoughts as to why fb isn't loading videos or video thumbnails on my wall?
"Sorry, we're having trouble playing this video"
No idea, just watch it on RUclips.
@@LAWRENCESYSTEMS I wanted to make sure it wasn't indicative of another issue, or if the block list(s) were blocking just that portion of fb. it shows the video on my phone, but not on my computer. weird.
it seems to be working now. default blocklists are enabled and "deny both" is selected...
I've had issues with false positives using pfBlocker in the past. I ended up switching to pihole instead for its UI/ease of use as well. What are your thoughts on the two for a home user? Does it matter?
You can use feeds from one in the other. I like have it all in my firewall without a separate device.
This might be a dumb question. I apology in advance but I still ask... So, I want to use pfSense to restrict my kids from accessing other domains that I want (those from school). Is that easy doable? Can you suggest anything?
It does not do a great job of that, we usually recommend Untangle Firewalls for web site filtering.
Untangle Firewalls has only paid option as far as I can see ... which for household looks expensive to me. Thank you for pointing me to the right direction.
Just becasue a webpage says they're a data analytics company it doesn't mean that "clearly" they're a data analytics company. It's just a web page son. I have a bridge for sale. Interested? Fantastic video though. This makes me want to stay with PFSense. You've got one of the lowest thumbs down ratios I've ever seen. Keep up the good work. Thank you.
ok so what exactly is the difference with _rep countries and non _rep countries?
Hi, Can you please help with a query. Suppose we need to bypass a LAN side host for PFblockerNG then how it is possible. Pls, suggest.
Assign a different DNS server.
I installed it and it works great except for some reason it is blocking Amazon app. Is there a way to fix this?
Thank you. It helped a lot!
hello bro! I have range ip in route , so how to use pfblockng with range ip in static route
Floating Rule and LAN rule in the firewall, which one is evaluate first?
docs.netgate.com/pfsense/en/latest/firewall/rule-methodology.html
Hello, can we configure webfilter on user groups on pfsense? if yes how?
I confused. What if I already have 3 LAN Address with IP's of 192.168.0.0, 10.0.0.0 & 172.16.0.0, what VIP Address can/should I add?
Hopefully you already figured this out, but it would depend on what your subnet mask is. If you are using 192.168.0.0/24, then setting a VIP of 192.168.1.1 (as would any thing between 1 and 253 in that 3rd octet) would be fine because it's not part of that subnet. Same thing if you are using 10.0.0.0/24, 10.10.10.1 like in the example would be fine. Your subnets define how your internal traffic is routed, so any private IP that is on a different subnet than what's already in use would be fine. If there's a conflict, you wouldn't be able to get to the VIP because your router would send that traffic to the interface responsible for that subnet instead of hitting the VIP.
What if you have a VPN? In Inbound/Outbound Firewall Rules - do I select WAN+VPN and LAN+VPN?
LAN & VPN
Can't believe you are still setting up ipv4-only firewall not a dual stack one, especially in USA
How does this compare against the PiHole project on the RPi?
I don't use PiHole but they are similar
What if I setup Nord VPN on pfSense? Would that be my WAN port even though I still have a "Wan" port listed? My external Ip of cours shows my true IP on the "WAN" interface.
For outgoing blocking you would need to list all the gateways including NORD if you have it configured as such.
@@LAWRENCESYSTEMS Thank you sir!
I can seem to find any rules in the Floating tab. What would be the reason ?
That is an option you have to enable under the IP settings.
@@LAWRENCESYSTEMS Aren't they auto-generated when enabling 'Floating Rules'. How do i do them otherwise ?
i was waiting a mention to Unbound Python mode...the new of the 3 version
I am curious what the difference is between unbound and python mode...
Mister Rossmann insists everybody using pfBlocker-ND yet it is very confusing. I am not using that, why is there not a simple button that I can click and instead all this text, I hate how people do it, it is not for public for if it is not available! Countless of pages of text and half an hour tutorial just to use a single button!
I am from michigan same area :P
Thank you!!
Even with version 3 I am still getting
[DNSBL_Misc - hpHostsFSA] Download FAIL [12/11/20 11:10:22]
[DNSBL_Misc - BBCDGAAgr] Download FAIL [12/11/20 11:10:00]
Do I have to remove them ?
If they are failing temporarily then no, if they are always failing then yes.
@@LAWRENCESYSTEMS Than k you for your quick reply!! Well yes at least with ver 2 they were keep failing with each update, I have a couple of hours running ver 3 and got the below also
[ DNSBL_Misc - hpHostsFSA ] Download FAIL [ 12/11/20 12:01:09 ]
[ DNSBL_Misc - Quidsup ] Download FAIL [ 12/11/20 12:00:33 ]
[ DNSBL_Misc - hpHosts ] Download FAIL [ 12/11/20 12:00:29 ]
[ DNSBL_Misc - hpHostsFSA ] Download FAIL [ 12/11/20 11:10:22 ]
[ DNSBL_Misc - BBCDGAAgr ] Download FAIL [ 12/11/20 11:10:00 ]
[ DNSBL_Misc - Quidsup ] Download FAIL [ 12/11/20 11:09:59 ]
[ DNSBL_Misc - hpHosts ] Download FAIL [ 12/11/20 11:09:55 ]
So any info of the web ui path I follow to do this?
Also just registered with Maxmind in order to avoid in extra fail messages (my eye tends to spot them and stare them for a long time :) ) I just generated a key for ver 3.1.1 and newer and pasted it in the relevant field in pfsense in the IP tab. In the Maxmind page though it also has :
For Usage with GeoIP Update
We've generated a config file for you to use with GeoIP Update. See the Automatic Updates for GeoIP2 and GeoIP Legacy Databases page to learn how to use this config file to set up automatic updates.
Download Config button
Do I need this because even if I downloaded I didnt figure a way to import it inside pfsense
Thank you once more!!!!
PS Either you didnt leave it your comments below as you mentioned or I am blind and cant see the previous video where you
talk about the way to setup the GeoIP
What type of support i may have if I purchase the Netgate device?
www.netgate.com/support
I like your minimalist approach to the DNSBL. I'm going to turn them all off for now. Have you or anyone found a list to block ads when browsing on mobile devices? 🤔
I have them on for a little bit but it blocks site that supposed to be working for work. I have to enable whitelist.
just run the wizard and it just works for a base config lol no it does not and spent 2 hrs trying to get it to work and nothing (pfb_dnsbl pfBlockerNG DNSBL service wont start)
👍👍
Is there an easy way to tell if my clients IP is on one or more of the lists?
I will just whitelist it for now but curious how to do this.