I've been using some Pi_Hole blacklists too, which you could try: http://sysctl.org/cameleon/hosts (Cameleon ads) https://zeustracker.abuse.ch/blocklist.php?download=domainblocklist (Zeustracker Ads) https://s3.amazonaws.com/lists.disconnect.me/simple_tracking.txt (Disconnect Me Trackers) https://hosts-file.net/ad_servers.txt (Hosts File Ads) https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts (Steven Blacklist) You could also try adding the (slightly outdated?) BlueTack ad server IP list to your firewall. Just make an alias, clean up the list, and import it. https://www.iblocklist.com/list?list=dgxtneitpuvgqqcpfulq&fileformat=p2p&archiveformat=7z Note that it is a pretty big list, so one you import it, expect it to take a little while if you ever want to go back in and view/edit it. For me, it takes almost 5 minutes to load that alias edit page. I hope this helps!

OK Fixed the error on block count =0 It turns out table usage counts were greater than Table Entries Hard Limit. Hard limit was defaulted to 400000, and lists were slightly greater than that. Increased to 600000, and seems we are ok now.

DNSBL http server return different response to the browser depending on what is in the URL : 1x1gif for picture, Javascript or the Blocked page when there is only the domain name in the URL : http://example.com/

@ronpfs, thanks for pointing this detail.

I had check this, I understand part of how it works. Thanks RonpfS.

Okay, it sounds like there is a clear wall. That's good to know. Thanks.

@ronpfs said in pfb_dnsbl, pfb_filter and Unbound error at reboot: TLD will slow down Cron update but will shrink the size of the DNSBL db Live Reload seems to fail without TLD @BBcan177 logged in here (Teamviewer) yesterday, maybe he can come up with something.

Just wanted to report back that its been a few days and I can confirm that disabling Live Sync does indeed solve this issue for myself. Since disabling, DNSBL has been blocking as it should after the cron runs. Thanks for the tip on disabling the "Resolver Live Sync" @RonpfS

@j-koopmann said in Constant unbound reloading with DNSBL: Any ETA or version? We are in the debugging phase now. No ETA is planned yet.

thanks again, I will give the -devel version a look.

Thanks, but from what I can see they don't a URL auth mechanism.

Well from pfB_PRI1_v4 - Abuse_DYRE_v4 you could decode that : It IPv4 Table PR1, the Header/Label is PRI1_Abuse_DYRE Go to Firewall / pfBlockerNG / IP / IPv4 select PRI1 Table, then change the State of PRI1_Abuse_DYRE to off

Thank you so much for the link. This worked. I've enabled the ad/malware lists from the tutorial and added Steve's Black Lists for adult content. I was also able to add the easy lists. Unfortunately I quickly found that some common URL's are note on these lists. I am going to open a new thread trying to get OpenDNS working as another layer. Unfortunately I've found that if I follow a setup for open DNS it breaks the platform.

See this thread: https://www.reddit.com/r/pfBlockerNG/comments/ao98u1/dnsbl_certificate_error/

Then find and disable that specific pfB block. I can't be more specific because I don't use it myself. Maybe this will help? https://forum.netgate.com/topic/101452/url-shortener-blocked/3

@emammadov thank you!

@cdls make sure that you are on version 2.2.5_21 as there was a fix for Category Blacklists.

@jpvonhemel Install pfblockerNG-devel, as it's much improved

@l0rdraiden said in PfblockerNG breaks host override: But is a bug that will be fixed or I can not enable that setting if I want to use host override? Let's see if it fix the failure mode after next Cron update. Resolver Live Sync make dynamic change to Unbound db on the fly. When you disable it, Unbound will reload the pfb_dnsbl.conf file instead. Depending on your host override settings, it may break the Resolver Live Sync. If you send me your host override settings by MP, I may find what's wrong. Well there is no MP on this forum. Let's try a chat instead. Host Override are in /var/unbound/host_entries.conf Domain Override are in /var/unbound/domainoverrides.conf