@bbcan177 Yes, I did restart both services. But the issue solved itself: I've looked after a few hours again and now the log and stats are filled. Strange, I have no idea why it took a while ...

@newyork10023 said in pfBlockerNG rule element modification and ordering: To begin, pfBlockerNG_devel 2.2.1_2 is awesome. Wow. Thanks. Thanks! Certain feeds are naughty. For example, adding RFC 1918 (Private Address Space), Multicast addresses, etc., etc., etc., is just BAD. Blocking possibly necessary system addresses, including multicast addresses, etc., is just NASTY. Adding a WhiteList is not going to fix this issue. These rule elements need to be culled from the list(s), and I mean permanently. By chance are you using Firehol Level1? That feed contains bogons and should not be used for Outbound blocking. You can also enable "Suppression" which will remove local/loopback addresss. A couple of feature suggestions for automatic rule insertion: use rule Separators to bind automatic rule insertion to specific places in the rules. (Indeed, one of my pet peeves is that automatic rules re-arrange Separator organization in seemingly random ways.). Another suggestion would be that automatic rule insertion should not re-arrange rule ordering AT ALL (after their initial placement). Subsequent rule updates should update rules IN PLACE. I like the possibility that Separators could be used to bind automatic rule insertion. But, disabling all automatic rule insertion needs to be an option for DNSBL. Firewall rule separators will be very difficult to implement with pfBlockerNG and auto rules...

DNSBL will block domains, it cannot block based on a URL as it is a DNS based blocker.

Thanks, You gave me the direction I needed. I thought the Geo-IP tab was just a way to create rule in the IPv4 and v6 tab. I didn't realize it also kept rules independently. So solved Again, thanks

Check the IPs with this shell command to see what MaxMind is listing as the GeoIP ISOcode (Change the x.x.x.x - to the IP your looking at): geoiplookup x.x.x.x You also need to ensure that you have the blocking rules on the appropriate outbound Interfaces.

It may be wishful thinking but my SG-3100 is running much better with lower CPU and RAM utilization across the board now that I'm using the -devel version.

Perfect! Thanks

@pfadmin said in Sync doubles virt. IP 10.10.10.1: Hi, I sync to 2nd pfsense in my lan so the pfdnsbl config is the same on the 2nd DNS. But the virtuell IP 10.10.10.1 is synced too so it ends with two 10.10.10.1 in my network. Am I wrong? There is a "BETA" option in the pfBlockerNG-Devel 2.2.1 package to allow for HA setups. In the DNSBL tab, there is an option called "VIP Address Type" which is defaulted to "IP Alias"... Since you have a HA setup, you could beta test the "carp" option which should fix this issue.... I have done limited testing with this option and as such is marked as "BETA"... but would appreciate any feedback.

I see 2.2.1 devel is now listed in my available packages. Running latest stable.

There is a Sync Tab that enable you to XMLRPC Sync to other hosts. Another option is to copy/paste pfblockerNG settings from a config.xml to the other pfsense config.xml

@RonpfS thanks for the reply. I have the exact same NAT as yours, but still cannot browse the VIP.

@ar15usr said in No IP Alias/Group defined from Feed?: Should I change them all? No, those are normal when nothing is defined / configured for these entries.

Run a "Force Reload - DNSBL" and check the pfblockerng.log for more details.

@deividuska said in Site Blocking Using pfblocker DNSBL Unblock device: @ronpfs Hi So what are my options in pfBlockerNG? DNSBL EasyList? If I follow, you have one device that you do not want ad blocking on. If true, manually set the DNS on that device to the server you want. It will bypass DNSBL.

@r-oliveira Guys I resolved this problem uninstalled the pfBlockerNG 2.1.2_3 , after that i installed the version pfBlockerNG-devel net 2.2.1 it worked for me

Run the following command: grep -A30 "<menu" /conf/config.xml And check to see if there is an empty <menu></menu> tag... I have seen this with another user, but am not sure if its a pfSense bug or a pfBlockerNG bug? If there is an empty tag, you can edit /conf/config.xml and remove that empty tag. If you do that from pfSense > Edit File, that will reload the config after you press save and hopefully that fixes it.

Yes make a Permit Outbound Alias and add the IPs to the customlist and ensure that this Permit rule is above the other block rules.

@krischeu It might not generate alerts for that range if it is in a whitelist.