I add jasonhill's to a online doc and provided it as feed list.

Thanks both

Excellent. I just re-enabled all the feeds and the whitelisting seems to be working.

Thanks!
Matt

@sreeram
I don't use it, but I suspect you're right.

The DNS-BL VIP uses 10.10.10.1 by default. It looks like you're already using a subnet containing that so you need to change the default value there to something you're not using before it can start.

Steve

Yeah, probably not the best idea but it works. Im thinking to run a hotspot and dont want to find myself feeding bots.

I'll get that done this evening or tomorrow morning. I guess it goes without saying it's not a wide spread problem but something out of wack with my config. That you sir!

@trilobite
Yea, I use about 1/2 the feeds in Malicious_2, basically chose the ones that give the least grief. Frankly, relying on lists that someone else decides on will always get some domains blocked that you want. Between being choosy (yea this takes time to tweak) with what lists I use, maintaining white lists and setting the TOP1M whitelist to the top 5k, I rarely have an issue. None of this is turn-key it is all trial and error and frankly never ends. Lists go from good to bad and vice versa, lists go away and new lists popup. I peak in there every week or two to validate that the lists I chose are still 'live' and being maintained.

Yes very simple, configure cloud DNS ip's on the general setup screen under "dns server settings"

Then go to services -> dns resolver.

Tick the box next to "dns query forwarding"

Save, apply, done.

I read your post, checkpointed my VM and upgraded pfB. Saw the same thing. Rolled back, Maxmind back. Rolled forward, Maxmind still there... Huh. Rolled back, upgraded pfB again, Maxmind there. Maybe try dumping browser cache or rebooting pfSense. All I got.

If you set pfBlocker to "native alias" instead of block, that will just create an alias and you can create your own block/allow rules however you want them.

@provels I'm using the free version so I don't really have any active scanning going on. I think I'll stick with just not having it running at the moment, but that's not a bad idea.

@fireodo said in pfblockerNG: delete list:

Hi, here you maybe find your answer (see the post of "BBCan177")

https://www.reddit.com/r/pfBlockerNG/comments/dmm8za/cant_find_feed_causing_ip_to_be_blocked/

Regards,
fireodo

Thanks, this worked for me.

@johnpoz said in pfBlockerNG MaxMind Registration required to continue to use the GeoIP functionality!:

Just pick IT, and security for its use.. That is not lying at all..

Your "home" company, IT and security is how its used..

Ended up picking Security and ''Utilities''. Thanks for all your help guys.
I'm setting pfblocker up eight now and it's already started doing a great job.

@blackops786187

I didn't see anything in the logs that you posted that stands out as an issue but, a quick Google search for "pfblockerng dnsbl service not starting" brought up some other ideas. You might give that a try if you haven't already Googled this issue.

One thing that caught my eye was, Do you have DNS resolver enabled in your pfsense settings? DNSBL requires the DNS Resolver to be enabled.

Maybe some other folks will chime in including @BBcan177, the developer of pfBlockerNG, if he has time.

@Making_sense_of_pfSense said in 404 on EasyList_Adware:

I'm wondering what pfBlockerNG users are supposed to do when block lists go offline.

This, Firewall > pfBlockerNG > Feeds is what should be seen as a list with possible feed suggestions.
Most feeds are created and/or maintained and/or hosted by non-profit organisations - some of them are just guys like you and me, who pay for their server, and offer their free time.

Before the pi-hole / pfBlockerNG / other DNSBL mania, only a small number of people actually used these lists (feeds) as they knew what DNS is all about, and how to implement the lists into the local DNS cache/resolver.

Now we have a lot of pi-hole / pfBlockerNG / other DNSBL, and these feed-servers get hit real hard, especially by those who force update their lists every hours (even when they know it's actually updated on the server every week or less frequent) : the server gets overloaded, the hoster sends bigger bills to the server owner .... and he looses interest as he starts to lose $.
Or the feed owner just stops hosting it - as it is a lot of work - live goes on, etc.
The feeds stops ...
That will happen all the time.

When you use pi-hole / pfBlockerNG / other DNSBL, you gave yourself a weekly (monthly at a max) task : check if the lists you use are still maintained, and shift to others if needed. This will be the 'price' you pay - as nothing is for free - never.

@Making_sense_of_pfSense said in 404 on EasyList_Adware:

Will future updates of the package fix the issue by replacing the offline list?

I guess that : when a new version of pfBlockerNG comes out (that is : pfBlockerNG-devel, as pfBlockerNG isn't developed any more) and the pfBlockerNG author knows that the feed is gone, he could update the "Feeds" page.

I did it...

Made sure the settings are saved on package delete and then deleted the package.

Rebooted the FW and installed the devel branch. No problems at all.