https://forum.pfsense.org/index.php?topic=138904.0

What version of DNSBL will this be implemented?

@anttechs:

I use these on my Pfblocker its great https://github.com/crazy-max/WindowsSpyBlocker/tree/master/data/firewall

Confirmed, the updates are working again with the proposed list as a whitelist.

Thanks

I binned off phishtank a while back as it had a really high false-positive count.  I got fed up with it blocking genuine content…

Solved the problem - it seems when I started looking at others peoples problems and offering suggestions I saw mine in a new light

I had Alexa TLD exclusions selected - several of them
I removed all exclusions and TLD is back working just fine

Though I will be putting custom FQDN's I want to block into the proper category - DNSBL Feeds -  from now on

To summarize - packet loss was the first issue + configuration error on my part the second

Turn on Global logging, for debugging purposes, and try inbound and outbound on just the LAN for starters

Choose the 2nd or 3rd "Rule Order" option so all your firewall pass rules are evaluated first

pfBlockerNG rules on the WAN can complicate updates

I prefer floating rule sets

my 2 cents

Specify "Floating Rules" under general setup

Hi,

Start posting here : pfSense Forum » pfSense English Support » Packages » pfBlockerNG as it seems to be a pfBlockerNG  issue.

Well I am not running your version of pfblockerNG
So concentrate on the infoblock under your table.

Under IPv4 Source Definitions you can use local files. Clic on the infoblock to get more info.

However the files need to be present when pfblockerNG run Update.

Thanks for the advise, everything is working now@RonpfS:

Looks at the Alerts tab to figure out what to whitelist. Do a Force Reload DNSBL once you have enuf whitelist done.

Press F12 in your browser to determine what's not loading as well.

Don't know about the syslog option, but I am emailing the dnsbl.log using the mailreport package.  Once installed choose Status-Email Reports-Add New Report.  Name it, save it, then edit and add this command:
cat /var/log/pfblockerng/dnsbl.log

This is assuming email is already working, configured on the system-advanced-notifications page.

You might get more sense if you filter the wire shark capture on port 53 (dns).

That will tell you what addresses it is trying to look up.

Also pfBlocker has a tab where you can see blocked traffic, it’s worth a look.

@tagit446:

I was getting the same errors with those list so I gave up.

I did however get this one to work:
https://raw.githubusercontent.com/CHEF-KOCH/NSABlocklist/master/HOSTS

Thank you Tagit446…that worked.

I work with firewalls all day long and every other major brand out there (CheckPoint, Fortinet, Palo Alto) implements geo-blocking as a separate process outside of firewall rules, otherwise you get the things I complained about.

But with pfSense, I guess I'll have to re-order and manipulate things to get what I want.  Obviously it works fine with blacklisting, but with whitelisting, allowing North America does nothing to block Russia.

Then change it to a rule that blocks everything except your work IP.

I didn't need to do that before I implemented GeoIP blocking.  It was already assumed by my original rule.  Now I need to add a bunch more.

That's one way, the nice way.  Another way is to simply put in a firewall block on port 53 except for pfSense and let your kids figure out why they can't get anywhere.