Here is the PR to fix this bug… Thanks! https://github.com/pfsense/FreeBSD-ports/pull/424/files

Here is the PR to fix this bug… Thanks! https://github.com/pfsense/FreeBSD-ports/pull/424/files

Well that actually makes sense. I wasn't making the mental distinction between the IP logging vs DNS logging. Sure enough, under alerts they are there. Alerts also shows which DNSBL list it is on too which the log file doesn't appear to show. Thanks.

This is addressed in the upcoming release of the package. MaxMind contains a "Represented" list of IPs for Countries. Unfortunately, MaxMind can list IPs in a GeoIP one month, but list none for the following month. The Database doesn't contain any blank dummy data to act as a placeholder. So its safe to ignore the log message as there were no IPs listed by MaxMind for those Represented GeoIPs for this specific month. The next release will create a placeholder GeoIP file for each empty represented GeoIP.

I saw that they appeared different. Went to the rules, then floating rules, and saw what you meant, source and destination. Thank you dok.

I know this thread is 3+ months old, but I stumbled upon it and think I know what the issue was. I had stumbled upon this Reddit thread and added the WindowsTelemetry hostslist. After I added to a DNSBL feed and forced an update, DNS resolution slowed to a crawl. After removing it, forcing another update and then rebooting pfSense via CLI, everything was resolved.

The above solution was a false positive. It did not work.  I ended up removing the Host Overrides in DNS Resolver to get it working. However, ads are now appearing.  We'll, I am paying for the lower tier with ads. So I can live with it. Enjoying it ad free was nice while it lasted though.

HI BBCan.. Your link shows this: IP information 191.238.35.129 IP address 191.238.35.129 Location Boydton, Virginia, United States (US) flag Registry lacnic Is there a difference between physical IP location and GEO based lookups? Jon

Each lan segment should be able to access the DNSBL VIP via ping and browsing to the IP. There is a DNSBL permit rule option that you can select which will create a floating permit rule for the selected lan segments. Also check the NAT rules and see if there is another NAT rule that is interfering with the DNSBL NAT rules.

With this domain as an example: api.content-ad.net With TLD enabled, it will not block all sub-domains unless content-ad.net is in the blocklist, since net is the TLD. So you could add that domain to a cuatomlist and Reload for it to take effect.

if you want to use GEOIP and TOR, you can create a TOR alias and add the TOR exit node feeds. Set the Action to "Permit Outbound".  Then ensure that the Rule Order option has the permit rules above the Block/Reject rules. Firewall rules are processed top to bottom.

Thank you. I've gone ahead and recreated the LVL1 with direct feeds without the bogons. Great idea. NP… I always recommend to use the original source of a feed. Regarding the "Suppression" feature I'm wondering whether it applies to me. Suppression, when enabled will remove RFC1918 and loopback addresses from a blocklist that are sometimes added incorrectly by a feed maintainer. Suppression will will also add a "+"icon to each blocked IP address (/32 and /24 only) in the Alerts tab  Clicking that icon will allow removing the selected IP from the blocklists.  Otherwise, to overcome an IP that is blocked, you will have to create a "Permit outbound" alias and add the Whitelisted IPs to the customlist. Then ensure that this permit rule is above the block/reject rules (rule order option).

Welp said screw it, and went to do your suggestion and just worry about guests, and figure something else for the servers. Nope lol, doesn't work, well it does work, when I disable the guest captive portal :(. So do I have any other options? I have to have captive portal and I cannot filter their Network.

There can only be 1 DNSBL running per pfsense box. So I you have many pfsense boxes, you can have many DNSBL setup. Devices can then point to different DNS Server on different pfsense boxes.

2.4 packages are only updated when new snapshots are built so that every part of it can be updated at the same time. Otherwise we run the risk of a package depending on a new change in base that isn't out there yet, or other similar mismatch situations.

Glad to hear you got it up and running! @DaveB: One final silly question. While following a guide for setting up pfblocker I have created an alias pfB_DNSBLIP. I have no idea what it is but it has the black down arrow indicating there are no rules for the alias. Can anyone shed any light on this? The DNSBL service is used to block domain names only (www.example.com) and not IP addresses (xxx.xxx.xxx.xxx). Sometimes the DNSBL feeds that you set up may contain IP addresses. The pfB_DNSBLIP ailas filters out the IP addresses that are in the DNSBL feeds, thereby creating an alias which can be used by the firewall to act on  the IP addresses that show up in the DNSBL feeds. You still need to apply the firewall rules that will use the pfB_DNSBLIP alias. You can create thoses rules in pfSense at "Firewall/pfBlockerNG/DNSBL/DNSBL IP Firewall Rule Settings" If you go to the pfB_DNSBLIP alias rule and then hover over the alias you should not see any IP addresses in the list that pops up. The black down arrow indicates that the alias currently does not contain any IP addresses and there is nothing for the rule to act against. This will most likely change as you add additional DNSBL feeds.

works perfect, great support as always :)

I will give that a try - thanks for the quick response

Yes there is a bug with IPv6… You will have to use "alias type" rules for now, until the next release... Sorry...