Ok this is werid, I did update after update, and reload. Decided to give up for the day and hit it tomorrow, woke up this morning to get back at it, it is working now. I did nothing from yesterday, the only thing is the cron job probably ran and that fixed it. No clue what else is in the cron job, but all has green lights and is blocking what is in my lists.

I'm not a web guy these days, but it's only blocking domains so I would think that any constructs the page is supposed to render, like frames and containers, will still be there. I suspect that it only works for static images and other simple content.

Spoke too soon, I removed ntopng, snort, darkstat and avahi and I'm still getting the IP's in pi-hole. My thoughts are not to use pi-hole or what I'm doing is wrong in some way. Also nothing connected on the LAN side at all - laptop off.

I think the obvious answer is Pfblocker or some weird interaction with pi-hole. Why I think this, I turn on another laptop WIFI'd to the router (so it's on the WAN side of pfsense and pi-hole starts seeing these IP's.

I'll take pi-hole out of the loop and put 9.9.9.9 into pfsense in the system/general DNS

@BBcan177 said in [Solved] Ad-Blocking broken after VM Host reboot:

@provels said in Ad-Blocking after VM Host reboot:

@BBcan177 Yes, that must be it. Using RAM for /var and /tmp.
Thanks for a great package!

Thanks for the feedback!
Disabling Ramdisks will solve that issue. Or just run a "Force Reload - All" after each reboot to get it all back.

Would there be a way to add a script to automate "reload all" post-reboot when using RAM disks? I also use XigmasNAS (was NAS4Free) and they have a GUI option for that (adding pre- and postinit scripts), but I would have no idea how to add that to pfSense. I'm pretty BSDumb. Maybe add

/usr/local/bin/php /usr/local/www/pfblockerng/pfblockerng.php cron >> /var/log/pfblockerng/pfblockerng.log

somewhere?
EDIT - Found this. I'll try. https://docs.netgate.com/pfsense/en/latest/development/executing-commands-at-boot-time.html

After changing the "Max Table Entries", try a Reboot.

Thanks @jdeloach for suggesting I tried the dev version it appears to work, although I feel a bit uneasy whitelisting a Cloudflare IP 😒 (not an issue with outbound of course 🙄 )

I can now confirm Pfblocker dev whitelisting works - almost as good as Pi-hole 😆

@BBcan177 said in Did pfBlocker break my config.xml?:

pfSense ACB

As I get them upgraded to 2.4.4_3, yes. But these are not. This unit is at 2.3.4-p1. I'm hoping to have all the units upgraded by the end of the year and have ACB configured on them.

After a little research I decided to try using reputation with no whitelist. If I am currently only using the top 20 spammers geoip list, and I am actively blocking 6 of them, then this will keep tabs on the rest without downloading a ton of extra stuff or doing too much extra processing. If I understand how reputation works correctly (and that might be a stretch) then this should be a safe bet to make good use of the top 20 spammers geoip list.

@P3R Yes, and for that little security increase I bet your firewall takes a big performance hit. I noticed that the USA list is massive and to have to check everything against that would take some processing power. Not to mention having to unblock things all the time. I actually tried it then reverted back to my current settings just based on how long the update took, haha.

I was a little confused as it says right on the configuration pages "It's also not recommended to block the 'world', instead consider rules to 'Permit' traffic from selected Countries only". I read that as "deny all/all by default then allow what you need".

Right now I have it set to reject outbound to a few of the top spammer countries and I am looking into the reputation settings. I also DNS blacklist using Pi-hole as I like DNS/DHCP on a seperate box, but I do see that you could just add those lists to DNSBL if you didnt want to do it that way.

@BBcan177 Reading that, it takes my one machine out of DNSBL, but then use squid to block the site?

There is no way to use DNSBL filtering per WAN correct?

I have them load balanced right now.

@BBcan177
Okay, I increased it to every hour...thank you!

@wdupreez said in dnsbl.log - Log file is empty or does not exist:

Should I change the DNSBL > Webserver Interface to GUEST and/or Enable the Permit Firewall Rules and select the GUEST interface?

Yes you will probably need this permit rule to allow the GUEST network to communicate with the DNSBL Webserver. You should be able to ping and browse to the DNSBL VIP and also ping and get a reply to any blocked domain.
Thanks for the feedback!

If you use the devel version, many are built in. I would recommend it.

@dma_pf

Start with which Feeds contain these domains blocking windows updates.

Make sure;

Your clients/workstations behind pfSense are pointing to the pfSense box for DNS (normally the LAN address of your pfSense firewall)

using "nslookup" tool, query the pfSense DNS directly (normally the LAN IP address) and test for domain names that should be blocked

Do you need to check the box TLD under pfBlockerNG so that www.domainname.com and xxx.domainname.com is also blocked?

DNSBL works great, I suspect it's a setup issue on your pfSense and/or network.