@BBcan177:

You don't need to install any dependencies manually, as they are all installed on pkg installation…

I don't see any issues with the settings for this custom list.... I would remove the "Filter via Alexa" as that may remove Domains that are in the Alexa TOP sites (as per your Alexa settings)....

Also when you add domains to the list, you need to click on the "Update custom list" so that on a Force Update, it knows that there are changes to make...

Many thanks I will double check that.
All looking good so far ;) BBcan177

@ASM_COPE:

Are we able to use a wildcard for sub-domain names in the Domain/AS mode of the IPv4 lists?

For example, messagelabs.com use a set of server clusters for their MX's (e.g. cluster5.eu.messagelabs.com).
Keeping continual track of all these would be awkward.

Does the list option allow *****.eu.messagelabs.com as a way to auto-resolve all the sub-domains?
(Similarly desirable for *.protection.outlook.com)

Answering my own question: No, it doesn't seem to support sub-domain wildcards.
I created a test list with just one known domain (the messagelabs one, first testing *.messagelabs.com), but the add-in log file reported "Aliastable file not found".  Also tested as *.eu.messagelabs.com, but the same logged result.

I'm thinking it might have been a CARP / ARP issue because now it's working and I didn't change pfsense other than a few reboots.

2.1.2 is out and is supposed to have a fix for the issue.

https://github.com/pfsense/FreeBSD-ports/commit/8809165ad8f3d1fccabd2766ad11a3446a5317c7

https://forum.pfsense.org/index.php?topic=137103.msg756625#msg756625

Those things usually go haywire eventually.

Thanks.  I missed or didn't understand that instruction at the bottom of the page.

https://forum.pfsense.org/index.php?topic=137625.0

Thank you. It seems to have started working now by itself before I tried your suggestion. I can see many entries in the alerts page.

I had initially configured the wrong time zone (nearly 12 hours difference) when setting up pfsense. Sometime later, I changed to my timezone. This was done after I configured pfblockerng. I think that may have caused some issue.

@BBcan177:

Goto the general tab and uncheck "Keep Settings", then uncheck "Enable pfBlockerNG" followed by a Save. This will wipe all previously downloaded files. Re check both boxes then Force Update.

I did this now just to be sure. Its blocking fine after that.

You can't "Suppress" IPs for GeoIP blocked IPs…

Create a "Whitelist" Alias in the IPv4 and/or v6 tab.
Add the IPs that you want to allow into the Custom list at the bottom.
Set the Action to "Permit Outbound"

Goto the General tab and ensure that the "Rule Order" places the Permit rules above your Blocked rules..

Fantastic! Thank you.

Here is a URL for the MalwareBytes hpHosts feeds:    https://www.hosts-file.net/

Feed URLs here:  https://hosts-file.net/?s=Download

I would not recommend to use the  hphosts.zip feed, as that is only updated once per month… There are new malicious domains added daily, and any False positive domains will not be removed for the full month....  This also applies to the hphosts-partial Feed… 
So instead use the individual Feeds for DNSBL...

Hope that helps!

When you see "Update not required", then the Feed that the pkg is downloading is already up to date, so there is no reason to re-download and re-process the same feed again….  It also shows the Remote and Local timestamps in the logs...

I have had poor results with that Feed… I'd disable due to the FPs in the feed...

Turn "Global logging" off… Then in the TOP20 Tab disable the Logging...

Alternatively, instead of using the TOP20 tab, you can make an IPv4/6 Alias with any GeoIP combinations and configure the options as required. Click on the Blue Infoblock icons for further details.

That is a LEGEND.

Here is the PR to fix this bug… Thanks!

https://github.com/pfsense/FreeBSD-ports/pull/424/files

Here is the PR to fix this bug… Thanks!

https://github.com/pfsense/FreeBSD-ports/pull/424/files

Well that actually makes sense. I wasn't making the mental distinction between the IP logging vs DNS logging. Sure enough, under alerts they are there. Alerts also shows which DNSBL list it is on too which the log file doesn't appear to show.

Thanks.

This is addressed in the upcoming release of the package.

MaxMind contains a "Represented" list of IPs for Countries. Unfortunately, MaxMind can list IPs in a GeoIP one month, but list none for the following month. The Database doesn't contain any blank dummy data to act as a placeholder.

So its safe to ignore the log message as there were no IPs listed by MaxMind for those Represented GeoIPs for this specific month.

The next release will create a placeholder GeoIP file for each empty represented GeoIP.

I saw that they appeared different.
Went to the rules, then floating rules, and saw what you meant, source and destination.
Thank you dok.