I've gotten error notices regularly upon entering dashboard, it happening overnight and waking up to it. I got one after I instructed pfSense to reboot. I think I also got one for looking at it the wrong way. So they've come back often, even after total clear out of settings and reinstall. Have rebooted numerous times, even updated pfSense one of those times.

Note that the Snort openappid rules are hosted in a University server in Brazil… and the Snort rules are hosted on s3.amazonaws.com ... https://forum.pfsense.org/index.php?topic=131806.msg725825#msg725825 There is no whitelist per se... Just review the Alerts Tab to see what is getting blocked. You can either use the "+" Suppression/whitelist option, or create a permit outbound rule to allow your LAN to access those blocked IPs before the other Block rules take effect...

@skillsboy: I have tried that pachage, but for some reason it didn't work for me. @anajames: The package does not work for me either. Any guide would be appreciated. To implement this in pfBlockerNG DNSBL, just follow these basic instructions:     https://forum.pfsense.org/index.php?topic=102470.msg572943#msg572943 Then enable the TLD option. Enter all of the TLDs that you would like to block ie "ru" "cn" "pw" "top" etc… into the TLD Blacklist customlist. You can click on the blue infoblock icons for further details… The benefit of using the TLD feature of the pfBlockerNG package is that blocking a TLD will also remove all other blocklist references to domains that have these blocked TLDs. So this will reduce the overall size of the DNSBL database... You can also leverage the TLD Whitelist option, to allow a specific Domain while still blocking all other domains in a TLD. Here is a list of the worst TLDs as reference: https://www.spamhaus.org/statistics/tlds/     http://toolbar.netcraft.com/stats/tlds Hope that helps!

I think squid and squidguard package are the preferred package for this purpose. Do a web search on blocking websites using squid. https://turbofuture.com/internet/URL-Filtering-How-To-Configure-SquidGuard-in-pfSense Another option For blocking for all users by web categories, such as gambling, I use OpenDNS dns servers and create a free account to block categories and specific domains for one site I support. When someone goes to a blocked site, they get a HTML page with a message and the option to request the site be unblocked. An email is then sent to me.

Suddenly it works  :o even with RW_IPBL? Thanks for all reply's

Did you get it working? I had problems too. Here is how I fixed it. https://forum.pfsense.org/index.php?topic=126780.0

Do you have TLD enabled? If so, the whole domain might be blocked, so you need to read the whitelist popup instructions to see why the IP was blocked in the first place. There is also an Icon Legend at the bottom of the page which will indicate the Whitelist Icon details. Did you clear the DNS cache after applying the whitelist? You can also set the DNS on a particular LAN device to use another DNS server (say 8.8.8.8), which will essentially bypass DNSBL until you have time to figure out what blocked domain is causing issues.

If anyone else is having the same issue I was having with pfblockerNG while having a traffic shaper (especially with this method) https://forum.pfsense.org/index.php?topic=63531.0 I was able to completely resolve this issue by upgrading to the 2.4 beta (at the time I'm posting this) and was able to have no issues with my iOS devices loading web pages slow or certain apps hanging.

@BBcan177: I believe that the Snort OpenAppID Detector Feed is based in South America… Yep, Brazil…    this is the one you helped me with.  I don't use the country lists for that region. TLD blacklist br edu.br TLD whitelist www.ifs.edu.br|200.133.48.21 # for SNORT OpenAppID rule ifs.edu.br|200.133.48.21 # for SNORT OpenAppID rule thor.ifs.edu.br|200.133.48.21 # SNORT OpenAppID rule

Yes, that would make sense.

@BBcan177: Next release will have a whole set of recommended feeds to use… Thanks, I am looking forward to that one!

Working for me as well. Thanks for your help!

Excellent !!! Cant wait for that ;) Your a star!!

Great work!! Looking forward to the new IP block lists  :)

Thank you for your post ;) Always good to block windows ;)

Check the  pfblockerng.log  for details. You can try to clear out all the previously downloaded feeds: Uncheck - Enable pfBlockerNG Uncheck - Keep Settings Save Then check both checkboxes Force Update

Awesome thanks for the very detailed and easy to understand explanation! Keep up the good work!!

@BBcan177: They 80 and 443 are forwarded to my nextcloud server and 443 UDP to my openVPN server. For this Permit Inbound you should define a new alias with the two destination IPs of those two servers. I would assume that they are static since you have port forwards in place? If you wanted to control the outbound that is defined in the permit outbound firewall rule settings, so it can be defined as required. Did you run a Force update after the changes? Did you enable floating rules? Is so, it would be placed in the floating rule tab. I didn't enable floating rules but didn't realized I need to run a Forced update.  After the update the rule was there. So I have now prevented anyone outside the US from gaining access to my nextcloud and openVPN servers as this rule is above my default WAN: block IPv4 and IPv6 rules.  Thanks for your help, and patience. [image: pfBlockerAmericaRule.jpg] [image: pfBlockerAmericaRule.jpg_thumb]

@justsomeguy6575: Makes sense. Thanks for the explanation and all the work you put into this. am I correct in assuming it's not possible to block say github.com/gentilkiwi/mimikatz/releases/download/2.0.0-alpha-20141213/ but not block github.com itself? No DNS Filtering (DNSBL) will block the full domain or sub-domain DNS resolution… You would have to use a Proxy to filter by a URL.

worked ty