So I solved it myself. Turned off "keep settings", uninstalled and reinstalled pfblocker, making sure to delete the DNSBL default packages before running my first force reload.

Use the cron package.

@ihavealegohead: Yes, I know about the Chrome settings, but I am more concerned with dealing with this globally, not browser by browser. Also with my IoT devices that hardwire access (e.g. 8.8.8.8 over HTTPS). It seems I've gotten rid of the last of those devices, since a floating rule I put in place to detect HTTPS connections to DNS servers is no longer getting hits.

As for pfBlocker displaying a secure page: if it blocks an HTTPS page, your browser will never show it to you. The certificate in use at that moment is an internal pfBlocker cert, while the browser is expecting to see a certificate for the domain name you entered (while it is asked to show the internal pfBlocker SITE BLOCKED page). Ergo there will always be a certificate mismatch.

Actually, some thinking on my side was needed ;)

@Abdulkarim said in DNSBL doesn't work:

[ DNSBL FAIL ] [ Skipping : Social ].

Do you see this message in an pfBlocker 'update log' ?
Doesn't this mean that the download of feed that implements social blocking failed ? Which would explain the non blocking.

Can you give more info / context ?

@provels Thanks, I may update the version. I know that the author recommends the devel version for a long time, but for me this always sounded too much like "beta". Cheers!

@provels said in High CPU from lighttp_pfd:

.malwarebytes.com

thank you very much!
also in my case your suggestion solved the issue.

You need to force reload after adding whitelist entries.
Also clear the clients DNS cache.

-Rico

@Jack37 said in Wrong geoip classification:

Is there a chance to reclassify the ip?

The theory :
As you might know, "pfBlockerNG" doesn't know anything about an IP and their location. The info comes from lists, like the "MaxMind GeoIP " -where you took a subscription to have access to their lists.

Contact them if you want something gets changed.

The reality :
As said often : because the stock with IPv4 has been totally depleted, their is a real traffic of IPv4 going on. Thye are sold and bought all the time in big blocks or small chunks. This traffic is a world wide thing. It's close to impossible to trace - or keep up to date - the exact IP location.
It's nice if it works - but often GEOIP info is plain wrong - and/or takes time to mute to another place.

Keep in mind : with IPv6 things will get worse as just make a list == mission impossible.

Rico...thanks for the reply. I appreciate your time in answering. Is there anything I need to do in the console such as delete files, change anything, etc.?

When I chose to delete the package from the Package Manager, this is what happened, it just hangs -
pfSense Package Manager.png

However, when I checked my dashboard, it looks like it was deleted from my system. I can't be for sure though.

Ah, so a DNS issue then? That would be unrelated to the auto firewall rule ordering you were seeing.

Steve

@gwaitsi
Have a look at https://www.reddit.com/r/pfBlockerNG/comments/jt9k89/pfblockerng_malwarebytes_telementery_increased/

https://docs.netgate.com/pfsense/en/latest/troubleshooting/upgrades.html#segmentation-fault-in-pkg

@Draco

Thanks I like the idea of puutin win update or global dns on a whitelist
Havnt come to my mind just yet
Thx

This worked. Thanks Ron