You are mixing things up. pfSense has two DNS services: DNS Forwarder (DNSmasq) DNS Resolver (Unbound) Unbound can be configured in Forwarder or Resolver mode. So my suggestion was to use DNSmasq for port 53 (general user) and then have unbound on port 5353. So you can then force the LAN users to the correct DNS service. If you need more help with that. Check the DNS threads and/or post there for more detailed help.

Works fine here, slow to start, but only meta.streamcloud.eu is blocked by hpHosts_ads

@BBcan177: You need to ensure that the vlans devices can ping and browse to the DNSBL IP. The default Permit rule is an optional rule to allow multiple lan segments to access the dnsbl vip address. So you can skip this option and create your own rule if that's easier. For the optional rule, you should be able to select all of the vlans in the select options (ctrl-click) and allow traffic to the dnsbl Web server on the dnsbl listening interface. In my case I am hitting the default deny rule IPv4 (1000000103) on 127.0.0.1:8081 / :8443 NOT the VIP.  Any thoughts on that? At least I've learned enough to unblock them, but I'm wondering if I screwed something up, or if there is an issue that pfBlockerNG is overlooking? I posted my rules above, but in my case I'm keeping DNS/NTP caged with port forwarding rules so that programs can go around the firewall with their own server settings.

@cooLopke: So I guess there is no possible way to remove those ads in google search? DNSBL can't manipulate the Web page like a browser extension. So when you see (AD) in Google search, clicking on those may result in a blank page since DNSBL may be blocking those domains.

In theory you could install Privoxy on your pfSense box and setup a cron entry to download the adblock2privoxy lists, say every week? adblock2privoxy downloads page

@BBcan177: The file  /usr/local/www/pfblockerng/www/index.php https://github.com/pfsense/FreeBSD-ports/blob/devel/net/pfSense-pkg-pfBlockerNG/files/usr/local/www/pfblockerng/www/index.php#L36 Just change the base_64 image to another image… Another similar thread:   https://forum.pfsense.org/index.php?topic=120253.0 That's exactly what I was looking for.  I'll be testing it out later today when I get home.

Also, it won't display the log information from the shell… So while the reload task does complete... its not reporting that data to the shell... It's important to review the log for any issues... You would need to run a tail command in another window: tail -f /var/log/pfblockerng/pfblockerng.log

I wish you could see me face palm myself. So the problem was I had my webconfigurator https port set on dnsbl's ssl port. Now the service shows a green check mark. Conflict…always seems to be my problem XD

Maybe you could try the other Rule order, where pfB_Pass/Match is before Block/Reject rules. Tried a different rule order. Worked perfectly. Thanks,

@BBcan177: The next version will have a new page that improves this layout… See the following: https://github.com/pfsense/FreeBSD-ports/blob/devel/net/pfSense-pkg-pfBlockerNG/files/usr/local/pkg/pfblockerng/pfblockerng_sync.xml#L152-L153 The first entry is "http" and the second entry is "https" Thanks For that…  8)

You cannot unless you use 2.4. Limiters are broken with NAT.

Upgraded from 2.2, maybe I ended up with both. I'll try removing one.

If you are using Squid, you need to exclude the VIP from proxy.

It depends on your WAN FW rules. By default everything is blocked by the default Block rule. So adding single Permit rule from the "Selected GeoIPs" to the "Selected WAN Port(s)" to the "Selected Destination" should only allow those IPs to hit the open ports.

@BBcan177: See here: https://forum.pfsense.org/index.php?topic=124945.0 In my version of the file the line number is different and I also see several lines with identical content. I will wait for an official release. But thank you anyway.

See here: https://forum.pfsense.org/index.php?topic=124945.0

What about Firewall / pfBlockerNG / Alerts?

@Ibor: @BBcan177: The package has a feature to backup and restore the DNSBL database for RAMDisk installations. Where can I find that feature precisely? Thanks in advance! Its done automatically in the background when RAMDisks are enabled…. No real need to touch it...

@EDinATL: I had some particularly nasty ads popping up on my android which led me to want to manually block some ad servers via the DNSBL, so I eventually figured out how to do this today and used the method spoiler describes.  I found the process a bit confusing since the 'feeds' section would seem to be for feeds and not necessarily user defined lists.  At first I was manually editing a file in /var/unbound and mimicking the format used in pfb_dnsbl.conf which was cumbersome.  I was glad to find this method but I wish there had been kind of clue as to how to get there.  Thanks spoiler! Its not recommended to edit the /var/unbound/pfb_dnsbl.conf file as that will get overwritten on cron updates… The DNSBL Feeds Custom list is the easiest option to manually add Domains... You can also write the Domains to a text file accessible to the pfSense box (Local webserver) or on the pfSense box itself...  See the blue infoblock icons on the DNSBL Feed tab for more details...