There is an Red url in the GeoIP tabs :

@ :

GeoIP data by MaxMind Inc. - GeoLite2
Click here for IMPORTANT info –> What new in GeoIP2

Country, Registered Country, and Represented Country

We now distinguish between several types of country data. The country is the country where the IP address is located. The registered_country is the country in which the IP is registered. These two may differ in some cases.

Finally, we also include a represented_country key for some records. This is used when the IP address belongs to something like a military base. The represented_country is the country that the base represents. This can be useful for managing content licensing, among other uses.

Pfsnooker,
Thank you.

dont worry i'm in the same boat… after i updated to 2.3.3 all my list stopped working..i cant figure it out... none of my config changed... now i see porn and stupid ads...

@BBcan177:

ps: Don't add Unbound to Service watchdog when using DNBSL … :)

Would be a good idea for the devs to exclude Unbound when DNSBL is used... Same goes for Snort/Suritcata...
When these packages are updating, the watchdog thinks its down, and restart it midstream...

So I discovered.  Unfortunately I had to find this out for myself, armed only with a black belt in Linux sysadmin - I only speak BSD with a really strong accent and a limited vocabulary.  On the bright side I now know a lot more about how pfSense is put together.

Could pfBlockerNG do a test for the existence of the service watchdog package when the DNSBL is enabled and issue a warning?

Ok, so I have to set up the man in the middle to intercept Https and get a CA to every device then block the pages in Squid or squidguard….  Thanks for the help.

Hi there

Just registered to post my conclusion.

I had the same issue with my pfsense box v. 2.3.3.

Unbound-service was restarting very frequently, unbound worked, but due to the restart i had sometimes gaps where in some special cases services broke down / where not able to synchronize etc.

It was caused by dhcp which tried to register new leases or entries (not 100% what it exactly wanted to register) but i see a lot of dhcpv6 log-entries.

At the end i figured out that on my WAN interface that the configuration type of ipv6 was dhcp, after i switched it to none, all problems disappeared.

Why this configuration exactly caused this problem, not sure at this moment, i'm anyway not using actively ipv6.

I will post more information if i have them.

Hopefully this helps.

Cheers, treeol

Hi all,

I created a custom aliases to IPv4.
I wish one of the internal lanip, it was not locked by pfblockerng.
I tried several solutions without success.

Can you help me in solving this puzzle?  :D

thank you so much

I have posted a patch in redmine for this issue:

https://redmine.pfsense.org/issues/7326

We have a winner here! (I hope :-))

Added a firewall rule and so far so good. If this works - this is indeed the answer I was looking for.

Yup - that's exactly what i needed - many thanks for that BBcan177.

And a personal thank you for all your hard work on PfBlockerNG too!

Oops, I guess I missed that. Thank you for adding the Cisco list to the next release.

All settings are stored in the

If you have a backup config, once you restore it, all the settings should be there. No need for anything further. What it won't do is restore downloaded lists.

pfSense uses FreeBSD which does not have iptables functionality. It uses packet Fence instead.

You can either use the pfSense aliastable functionality or use pfBlockerNG for this functionality. This can also be scripted from the shell but what's the point when the functionality exists in the gui.

You are mixing things up.

pfSense has two DNS services:

Unbound can be configured in Forwarder or Resolver mode.

So my suggestion was to use DNSmasq for port 53 (general user) and then have unbound on port 5353. So you can then force the LAN users to the correct DNS service.

If you need more help with that. Check the DNS threads and/or post there for more detailed help.

Works fine here, slow to start, but only meta.streamcloud.eu is blocked by hpHosts_ads

@BBcan177:

You need to ensure that the vlans devices can ping and browse to the DNSBL IP. The default Permit rule is an optional rule to allow multiple lan segments to access the dnsbl vip address. So you can skip this option and create your own rule if that's easier.

For the optional rule, you should be able to select all of the vlans in the select options (ctrl-click) and allow traffic to the dnsbl Web server on the dnsbl listening interface.

In my case I am hitting the default deny rule IPv4 (1000000103) on 127.0.0.1:8081 / :8443 NOT the VIP.  Any thoughts on that?

At least I've learned enough to unblock them, but I'm wondering if I screwed something up, or if there is an issue that pfBlockerNG is overlooking?

I posted my rules above, but in my case I'm keeping DNS/NTP caged with port forwarding rules so that programs can go around the firewall with their own server settings.

@cooLopke:

So I guess there is no possible way to remove those ads in google search?

DNSBL can't manipulate the Web page like a browser extension. So when you see (AD) in Google search, clicking on those may result in a blank page since DNSBL may be blocking those domains.

In theory you could install Privoxy on your pfSense box and setup a cron entry to download the adblock2privoxy lists, say every week?

adblock2privoxy
downloads page

@BBcan177:

The file  /usr/local/www/pfblockerng/www/index.php

https://github.com/pfsense/FreeBSD-ports/blob/devel/net/pfSense-pkg-pfBlockerNG/files/usr/local/www/pfblockerng/www/index.php#L36

Just change the base_64 image to another image…

Another similar thread:
  https://forum.pfsense.org/index.php?topic=120253.0

That's exactly what I was looking for.  I'll be testing it out later today when I get home.