Select "Force Reload" in the update tab

Firehol is converting those Domain based lists into an IP format… I'd not recommend that...  The pfBlockerNG package has an IP and a Domain section.... so best to use the applicable format (IP or DNSBL)...

Yes hpHosts has individual Feeds, or the combined feed linked above... Take a look at their website for further details.

@guardian:

Can you give us any idea of how they are compiled (source) so we know if they are a good match for our use case?

Take a look at the Gist URLs… it will show a comment line for the source(s)...

I'll certainly defer to the developers, but I doubt that it will cause any problems.

I will post a much shortened list I ended up with which I got to by removing domains I know for sure are not for telemetry and also that broke other services.  The list is way shorter as expected.  But bear in mind its a game of whack a mole.  Microsoft at any point can change the domain names used or even connect directly to ip's.  This list I got here was last updated probably a year or so ago when I gave up on windows 10.

choice.microsoft.com choice.microsoft.com.nsatc.net df.telemetry.microsoft.com diagnostics.support.microsoft.com oca.telemetry.microsoft.com oca.telemetry.microsoft.com.nsatc.net reports.wes.df.telemetry.microsoft.com services.wes.df.telemetry.microsoft.com settings-sandbox.data.microsoft.com settings-win.data.microsoft.com sqm.df.telemetry.microsoft.com sqm.telemetry.microsoft.com sqm.telemetry.microsoft.com.nsatc.net survey.watson.microsoft.com telecommand.telemetry.microsoft.com telecommand.telemetry.microsoft.com.nsatc.net telemetry.appex.bing.net telemetry.microsoft.com telemetry.urs.microsoft.com vortex.data.microsoft.com vortex-sandbox.data.microsoft.com vortex-win.data.microsoft.com watson.ppe.telemetry.microsoft.com wes.df.telemetry.microsoft.com

Yes it needs to be in an unused network range, and is used to host the DNSBL Webserver…

Maybe the MaxMind Database didn't get downloaded and installed correctly during installation… On the SG-1000, it might take more time to sort the MaxMind database... From looking at the partial install log from the other post, its missing the balance of the installation...

Try to uninstall/Re-install. There is a setting in the General tab to "keep settings", uncheck that option so that it starts with a fresh installation...  Then do not move away from the installation window, until its completed its installation...

As for setting it up, in general just read through the info panes built into pfbng & dnsbl. That should get you going, then whatever specific questions you may have after setting up either search the forum or post a quetion.

As for feeds, here are some good places to start. The php import that BBCan177 wrote is what I primarily use.
https://forum.pfsense.org/index.php?topic=86212.msg508975#msg508975
https://forum.pfsense.org/index.php?topic=86212.msg510369#msg510369
https://forum.pfsense.org/index.php?topic=86212.msg548372#msg548372
https://forum.pfsense.org/index.php?topic=117806.msg652480#msg652480

I also just posted this which has some links to get you setup for really good content filtering.
https://forum.pfsense.org/index.php?topic=124013.0

I am not at all a computer or networking person, but through this forum and the info panes in pfbng I've been able to get it up and running and it's great.

IMO it's the single most useful package for a home or small office looking to filter their network.

@BBcan177:

PR # 156/157 have been posted for pfBlockerNG v2.1.1

CHANGELOG:

Other Improvements

Add Malware Corpus Tracker to the DNSBL parser www.h3x.eu

@BBcan177:

Here are the links for Malware Corpus Tracker which can be used w/ pfBlockerNG DNSBL:

Site:
http://track.h3x.eu/about/400

Available Feeds:
https://tracker.h3x.eu/api/sites_1month.php
https://tracker.h3x.eu/api/sites_1week.php
https://tracker.h3x.eu/api/sites_1day.php
https://tracker.h3x.eu/api/sites_1hour.php

DO NOT Select all of these Feeds. You should pick only one Feed. For example: the "1Month" will include the "1Week/1Day/1Hour".

[ Edit - change to https ]

Twitter:
https://twitter.com/h3x2b

sure

I used SECOIT GmbH's solution (crediting the original guy).

His post is here.

https://forum.pfsense.org/index.php?topic=89589.msg517047#msg517047

Be aware with this solution, if you do an action that requires a unbound restart/configure, you will manually need to stop and then start in the gui. pfblockerng will still be fine tho.

ok will keep that in mind, thanks.

sorry I didnt think of the obvious :)

awesome… thanks a ton

@lpallard:

@BBcan177:

Typically best to use "Permit Outbound", so that it only allows access to those IPs when the LAN makes the request…

Also ensure that the Permit rule is above the Block rules on the LAN interface. If you're using "Auto type" rules, you might need to select the correct "Rule Order" option in the General Tab.

Thanks for you reply.  I think the rules order was the problem.  I completely forgot to change it from defaults after I had reinstalled the package and did not click the checkbox to retain the settings..

Thanks Anthony!

Anytime my friend :)

Excellent!!! Thank you so much. It 's because i didn't known if it was a normal behaviour or not :)
Thanks! I will keep an eye to see if everything seems to be fine with the update and the catch of any ip listed in the list.

Any suggestions as to which lists would be better to use?

Thank you this has now worked for me
Which I have also added to the page https://www.facebook.com/groups/pfsense.official/ to help others…

There was a request for this awhile back… Hasn't really gone anywhere, so I'm working on it as time permits... 
    https://twitter.com/pfsense/status/788203605950025728

Here is a sneak peak of what it will look like...

@gabrimonfa:

IMHO it would be better to warn the user if he/she sets the ports and protocol is left to any.

Or maybe the UI should be made consistent with the "Add rule".
Default protocol is TCP and choosing any hide source and dest ports

This is already fixed in the next package release… Just in testing phase now ...