I have very similar setup as you and it works for me. Not really sure. I say double-check everything again.

Have you tried rebooting the system after making those changes?

I did a little poking around, and my DNS Resolver was set so that Network Interfaces and Outgoing Network Interfaces were both set to "All." I changed Network Interfaces to LAN and Localhost, and Outgoing Network Interfaces to "WAN" and things are MUCH better now. Thanks!

Yes this will be in the next release…

https://forum.pfsense.org/index.php?topic=138887.0

Thanks BBcan177

@BBcan177:

I have posted PR#470 for pfBlockerNG v2.1.2_1 for review by the pfSense devs.

https://github.com/pfsense/FreeBSD-ports/pull/470

Changelog:

Switch flock() to try_lock()

Remove conf_mount_{ro,rw} calls

Add 'Alias type' rules to states removal feature

Thank you. I ran the patch files but assume I should still update pfBlockerNG which I will do once available in package manager. (not a complaint) Thank you for the work you do.

@xphiles:

thanks, although I am confused how when I have rules in place to block any other DNS, it still got past it to AVG?

They do that thru an HTTPS (I would hope… and not thru HTTP) call back to their domain. So they are stopping DNS hijacking by doing their own DNS hijacking :) lol...

Most definitely I'll do that. I thought i'd try here first since it referenced 10.10.10.1 IP.

Thank you for your continued support to pfSense <3

If you goto the pfSense firewall log, do you see these alerts?

@BBcan177:

Thanks for reporting this… Looks like it wasn't picking up Alias type rules with "pfb_" in the Rule descriptions.

Can you edit:  /usr/local/pkg/pfblockerng/pfblockerng.inc

https://github.com/pfsense/FreeBSD-ports/blob/devel/net/pfSense-pkg-pfBlockerNG/files/usr/local/pkg/pfblockerng/pfblockerng.inc#L5099

and change Line #5099

from:

if ($alias['type'] == 'urltable' && strpos($alias['name'], 'pfB_') !== FALSE && strpos($alias['descr'], '[s]') === FALSE) { to: [code] if ($alias['type'] == 'urltable' &&     (strpos($alias['name'], 'pfB_') !== FALSE || strpos($alias['name'], 'pfb_') !== FALSE) &&     strpos($alias['descr'], '[s]') === FALSE) { Please report back ... Thanks! I am still having the same issue after changing the code [/s][/code][/s]

BBcan177,

Thank you very much for your help.  It turns out my ISP device had disabled modem mode and this was actually the cause of the problems.  Once I re-set modem modem the entries for pfBlocker reappeared as before in the log.

Thanks again.

@dcol:

Why not just use
https://ransomwaretracker.abuse.ch/downloads/RW_IPBL.txt

They are two different Feeds…

The URL and DOM feeds should be used in DNSBL as it contains Domain names.... There are also IPs mixed in, so enabling the DNSBL IP option will also pull those IPs...

@tim_co:

No worries. I got the information I was looking for. Thanks again.

As an FYI:

In the Alerts tab, you can click on the "I" infoblock icons and it will load a Threat Lookup page with several Threat Source lookup tools….

@securvark:

I'd like to do the same for Steam downloads and Steam games.
Preferably, for all my games (Origin, Battle.net, Uplay), but that may be too much to ask (I don't know).

Maybe you can try looking up the ASNs for those

https://bgp.he.net/dns/battle.net#_ipinfo

Or try a google search for list of IPs for those sites… Maybe someone else will chime in if they have accomplished this...

The latest updates to pfBlockerNG are bug fixes.

I guess BBCan177 will change version number when the new features are implemented and tested.

Strange. :o
With my version (development), Auto reads the https://ipinfo.io/as2906 fine and the listing above is from the Firewall / pfBlockerNG / Log Browser / Match files

You can always create your own table using ipinfo.io listing, either with a local disk file or with IPv4 Custom list.

The stickys do contain important informations about pfBlockerNG behaviour, so your are not wasting your time reading them.

@RonpfS:

Maxmind didn't generate those _rep files (Represented Country) at the last update of it's database.

I guess these Could not open ISO messages are harmless and will disappear at some point if Maxmind regenerate those _rep files in the future.

Take a look at : Firewall / pfBlockerNG / IP / GeoIP / Antarctica.
You can update your selection and save to use the latest Maxmind db choices. Then run a Force Update

Got you, thx and trying …