@jdeloach Sounds exactly what is needed! Thank you!

That did not solve the issue. Then I tried your 2nd suggestion and it seems to have worked. No issues so far. Thanks a lot for the quick help.

@Stewart said in dnsbl Crashing: Congratulations. I've seen plenty of instances where c-icap, Squid, SquidGuard, Snort, etc. have crashed. Many times it's because of lack of space, usually because a log file (often Snort or Suricata) gets out of control and fills the entire SSD. And how does using the watchdog to restart them makes any sense in that cases? If disk is full the service dies. That's normal. It's just like @Gertjan says: simply restarting with a "dumb" service checker doesn't do any good. I've tested the package myself and simply found no use case at all. All points where one could use it have underlying problems as cause that you have to fix yourself (or by correcting settings etc. etc.) so simply hitting restart after restart doesn't do any good to them. But besides that, with Surricata and probably other memory eaters, 4GB seem a bit on the very low side when running DNSBL mode with pfBNG. Do you have other memory intensive settings activated in pfBNG?

@Elliott32224 so it turns out it didn't fix my issue actually. Lol AliExpress apparently uses a plethora of sources for images on their site/app... I may have to figure something else out in order to get it to work lol

I think I know what is going on. One of my other block lists already included this lists IP addresses (via an ASN list), so they must be interefering due to the deduplication list. After disabling dedupe and forcing a reload I can see the list as it should be.

Sorry for bringing up such an old post, but the recommendations @BBcan177 mentioned worked for me. In my case, I had to make sure the two ports used for HTTP and HTTPS traffic didn't overlap with any other rules I had already defined.

It appears that the site you were visiting has been blocked by the DNSBL. You'll need to create another DNSBL list and add the sites you were visiting that you know to be safe...be sure to set group order to primary and disable logging as shown below. Then add the sites to the DNSBL Custom_List. Then, force reload pfBlockerNG. [image: 1574400957620-screen-shot-2019-11-21-at-11.30.20-pm.png] [image: 1574401029423-screen-shot-2019-11-21-at-11.30.52-pm.png]

I can tell there are many of you dying to know what happened with this. </sarcasm> I rebooted the whole firewall. Botta bing botta boom. Both are blocked now. That didn't cross my mind to do that because you wouldn't think that'd be necessary for such a problem, but...isn't that actually always the answer?

@mh13 said in Can I block IPs of my DNS-based lists?: Automatically? That's the feature we're waiting on you to develop.

@BBcan177 Thanks for your help. It's error was resolved.

I'm using Safari. At least, to view Youtube. I'll try to block outbound DNS not using the resolver on pfSense and disable DoH on Firefox.

@BBcan177 I see. I was hoping there would be a way that I was just ignorant of. Thank you for taking the time to review this. If anyone else has a suggestion beyond manually resolving these domains externally and manually updating the lists, please let us know!

@ryanca said in DNSBL modify default bloked webpage: Thanks, but I would rather go back to the old way with the (GIF Image, 1 × 1 pixels). Could i just upload that gif image to the /usr/local/www/pfblockerng/www/ folder and delete the default html files in there? Or do I need to do something else? Copy the default page and create a new one with your modifications. Then select the new page in the DNSBL Tab.

Does this help: https://forum.netgate.com/topic/129365/bypassing-dnsbl-for-specific-ips

It's running i386, and 2.3.x is the latest version available for that, because we do not support i386 on 2.4.x and later. 2.3.x has been EOL for over a year: https://www.netgate.com/blog/pfsense-release-2-3-x-eol-reminder.html If that hardware is capable of running a 64-bit OS, you can reinstall with the latest 2.4.4-p3 installer and get back up and running. If that hardware is 32-bit only, it will need to be replaced.

@Hurkamurka said in Noobie questions about pfblockerng: I installed pfblockerng (non devel) This reply doesn't answer your question but suggests installing devel version.

@AndrewD I would try clearing your browser cache and may be reboot your pfSense box too. When I did, it took a full day before I could visit the site because I didn't do a force update/reload nor set group to primary.

Hey! Thanks for come by. Yes, i run the latest pfSense. The extra info about the custom lines was hidden way too at the end of the blog, but i've found it after my post, and now i changed my settings according to that. Strange thing, but changing the DNS server to UncensoredDNS, seems now everything working fine. I think i will let Applied Privacy know about this behaviour. Maybe do you have a clue why could i resolve the hostname in the browser, but not in the DNSBL feeds update?

@jward101 said in Feeds not added to 'DNSBL Feeds': Correct. They are also displayed on the DNSBL > DNSBL Feeds interface BUT only after I added a feed manually through that interface. Before I added that manual feed they were not displayed in that location. I have a few like that...I was looking through to post for instance; however, they do show under the feed menu as duplicates though.