@RonpfS: Check the DNS configuration on your Macbook, it has to use pfSense DNS resolver in order to have DNSBL blocking effective. Done. Fixed. Thank you.

Thanks for the update, the problem is a firewall issue… I'll put the TL;DR at the top, and all the background below in case it's needed for some reason.  (might help someone like me who is new to this stuff) From the shell Filter Logs output... both ports are being blocked: Rule: 1000000103,em1,match,block Port: 8081 - mss;sackOK;TS;nop;wscale Rule: 1000000103,em1,match,block Port: 8443 - mss;sackOK;TS;nop;wscale Here's the offending rule... but I don't know what to do since this rule is high up in the chain above where the GUI can have influence. @5(1000000103) block drop in log inet all label "Default deny rule IPv4"   [ Evaluations: 813      Packets: 81        Bytes: 7740        States: 0    ]   [ Inserted: pid 55703 State Creations: 0    ] How can I work around this issue since this rule isn't one that I put in? Initial Checks - Server running / Restarted / Ports listening Diagnostics / Status / Services Shows: dnsbl pfBlockerNG DNSBL Web Server as Running # ps aux | grep pfb_dnsbl_lighty root    36686  0.0  0.1  40260  5600  -  S    5:02AM    0:00.52 /usr/local/sbin/lighttpd_pfb -f /var/unbound/pfb_dnsbl_lighty.conf # sockstat -4 USER    COMMAND    PID  FD PROTO  LOCAL ADDRESS        FOREIGN ADDRESS      root    lighttpd_p 36686 5  tcp4  *:8081                *:* root    lighttpd_p 36686 6  tcp4  *:8443                *:* After service stopped and restarted # sockstat -4 USER    COMMAND    PID  FD PROTO  LOCAL ADDRESS        FOREIGN ADDRESS      root    lighttpd_p 22249 5  tcp4  *:8081                *:* root    lighttpd_p 22249 6  tcp4  *:8443                *:* Raw output from Shell Menu 10) Filter Logs``` Jan 20 13:17:14 guardian filterlog: 5,16777216,,1000000103,em1,match,block,in,4,0x0,,64,58770,0,DF,6,tcp,60,192.168.1.10,127.0.0.1,45948,8081,0,S,3847975149,,29200,,mss;sackOK;TS;nop;wscale Jan 20 13:17:14 guardian filterlog: 5,16777216,,1000000103,em1,match,block,in,4,0x0,,64,53302,0,DF,6,tcp,60,192.168.1.10,127.0.0.1,45950,8081,0,S,1577797007,,29200,,mss;sackOK;TS;nop;wscale Jan 20 13:17:18 guardian filterlog: 5,16777216,,1000000103,em1,match,block,in,4,0x0,,64,58771,0,DF,6,tcp,60,192.168.1.10,127.0.0.1,45948,8081,0,S,3847975149,,29200,,mss;sackOK;TS;nop;wscale Jan 20 13:17:18 guardian filterlog: 5,16777216,,1000000103,em1,match,block,in,4,0x0,,64,53303,0,DF,6,tcp,60,192.168.1.10,127.0.0.1,45950,8081,0,S,1577797007,,29200,,mss;sackOK;TS;nop;wscale Jan 20 13:22:19 guardian filterlog: 5,16777216,,1000000103,em1,match,block,in,4,0x0,,64,12996,0,DF,6,tcp,60,192.168.1.10,127.0.0.1,50754,8443,0,S,704351713,,29200,,mss;sackOK;TS;nop;wscale Jan 20 13:22:19 guardian filterlog: 5,16777216,,1000000103,em1,match,block,in,4,0x0,,64,27119,0,DF,6,tcp,60,192.168.1.10,127.0.0.1,50758,8443,0,S,2252854924,,29200,,mss;sackOK;TS;nop;wscale Jan 20 13:22:23 guardian filterlog: 5,16777216,,1000000103,em1,match,block,in,4,0x0,,64,12997,0,DF,6,tcp,60,192.168.1.10,127.0.0.1,50754,8443,0,S,704351713,,29200,,mss;sackOK;TS;nop;wscale Jan 20 13:22:23 guardian filterlog: 5,16777216,,1000000103,em1,match,block,in,4,0x0,,64,27120,0,DF,6,tcp,60,192.168.1.10,127.0.0.1,50758,8443,0,S,2252854924,,29200,,mss;sackOK;TS;nop;wscale **Output from: pfctl -vvsr (Edited to remove some of the noise/confidential info)**``` @@0(0) scrub on em0 all fragment reassemble   [ Evaluations: 154347    Packets: 14254    Bytes: 1197540    States: 0    ]   [ Inserted: pid 55703 State Creations: 0    ] @1(0) scrub on em1 all fragment reassemble   [ Evaluations: 140097    Packets: 14476    Bytes: 2440715    States: 0    ]   [ Inserted: pid 55703 State Creations: 0    ] @0(0) anchor "relayd/*" all   [ Evaluations: 1617      Packets: 0        Bytes: 0          States: 0    ]   [ Inserted: pid 55703 State Creations: 0    ] @1(0) anchor "openvpn/*" all   [ Evaluations: 1616      Packets: 0        Bytes: 0          States: 0    ]   [ Inserted: pid 55703 State Creations: 0    ] @2(0) anchor "ipsec/*" all   [ Evaluations: 1617      Packets: 0        Bytes: 0          States: 0    ]   [ Inserted: pid 55703 State Creations: 0    ] @3(1000000101) block drop in log quick inet from 169.254.0.0/16 to any label "Block IPv4 link-local"   [ Evaluations: 1678      Packets: 0        Bytes: 0          States: 0    ]   [ Inserted: pid 55703 State Creations: 0    ] @4(1000000102) block drop in log quick inet from any to 169.254.0.0/16 label "Block IPv4 link-local"   [ Evaluations: 813      Packets: 0        Bytes: 0          States: 0    ]   [ Inserted: pid 55703 State Creations: 0    ] @5(1000000103) block drop in log inet all label "Default deny rule IPv4"   [ Evaluations: 813      Packets: 81        Bytes: 7740        States: 0    ]   [ Inserted: pid 55703 State Creations: 0    ] @6(1000000104) block drop out log inet all label "Default deny rule IPv4"   [ Evaluations: 1653      Packets: 0        Bytes: 0          States: 0    ]   [ Inserted: pid 55703 State Creations: 0    ] @7(1000000105) block drop in log inet6 all label "Default deny rule IPv6"   [ Evaluations: 1678      Packets: 0        Bytes: 0          States: 0    ]   [ Inserted: pid 55703 State Creations: 0    ] @8(1000000106) block drop out log inet6 all label "Default deny rule IPv6"   [ Evaluations: 867      Packets: 0        Bytes: 0          States: 0    ]   [ Inserted: pid 55703 State Creations: 0    ] ---------------------------------------- @50(1000000301) block drop in log quick proto tcp from <sshlockout:0>to (self:8) port = ssh label "sshlockout"   [ Evaluations: 1677      Packets: 0        Bytes: 0          States: 0    ]   [ Inserted: pid 55703 State Creations: 0    ] @51(1000000351) block drop in log quick proto tcp from <webconfiguratorlockout:0>to (self:8) port = http label "webConfiguratorlockout"   [ Evaluations: 57        Packets: 0        Bytes: 0          States: 0    ]   [ Inserted: pid 55703 State Creations: 0    ] @52(1000000400) block drop in log quick from <virusprot:0>to any label "virusprot overload table"   [ Evaluations: 858      Packets: 0        Bytes: 0          States: 0    ]   [ Inserted: pid 55703 State Creations: 0    ] @53(11000) block drop in quick on em0 from <bogons:3757>to any label "block bogon IPv4 networks from WAN"   [ Evaluations: 858      Packets: 3        Bytes: 924        States: 0    ]   [ Inserted: pid 55703 State Creations: 0    ] @54(11000) block drop in quick on em0 from <bogonsv6:79548>to any label "block bogon IPv6 networks from WAN"   [ Evaluations: 91        Packets: 16        Bytes: 1216        States: 0    ]   [ Inserted: pid 55703 State Creations: 0    ] @55(1000001570) block drop in log on ! em0 inet from 192.168.0.0/24 to any   [ Evaluations: 818      Packets: 0        Bytes: 0          States: 0    ]   [ Inserted: pid 55703 State Creations: 0    ] @56(1000001570) block drop in log inet from 192.168.0.15 to any   [ Evaluations: 810      Packets: 0        Bytes: 0          States: 0    ]   [ Inserted: pid 55703 State Creations: 0    ] @57(1000001570) block drop in log on em0 inet6 from fe80::228:1aff:fee0:1004 to any   [ Evaluations: 818      Packets: 0        Bytes: 0          States: 0    ]   [ Inserted: pid 55703 State Creations: 0    ] @58(1000001591) pass in log on em0 proto udp from any port = bootps to any port = bootpc keep state label "allow dhcp client out WAN"   [ Evaluations: 44        Packets: 0        Bytes: 0          States: 0    ]   [ Inserted: pid 55703 State Creations: 0    ] @59(1000001592) pass out log on em0 proto udp from any port = bootpc to any port = bootps keep state label "allow dhcp client out WAN"   [ Evaluations: 851      Packets: 0        Bytes: 0          States: 0    ]   [ Inserted: pid 55703 State Creations: 0    ] @60(1000002620) block drop in log on ! em1 inet from 192.168.1.0/24 to any   [ Evaluations: 1657      Packets: 0        Bytes: 0          States: 0    ]   [ Inserted: pid 55703 State Creations: 0    ] ---------------------------------------- @61(1000002620) block drop in log on ! em1 inet from 192.168.111.1 to any   [ Evaluations: 264      Packets: 0        Bytes: 0          States: 0    ]   [ Inserted: pid 55703 State Creations: 0    ] ---------------------------------------- @62(1000002620) block drop in log inet from 192.168.1.1 to any   [ Evaluations: 868      Packets: 0        Bytes: 0          States: 0    ]   [ Inserted: pid 55703 State Creations: 0    ] ---------------------------------------- @63(1000002620) block drop in log inet from 192.168.111.1 to any   [ Evaluations: 860      Packets: 0        Bytes: 0          States: 0    ]   [ Inserted: pid 55703 State Creations: 0    ] ---------------------------------------- @68(1000002661) pass in log on lo0 inet all flags S/SA keep state label "pass IPv4 loopback"   [ Evaluations: 1649      Packets: 2113      Bytes: 323093      States: 16    ]   [ Inserted: pid 55703 State Creations: 160  ] @69(1000002662) pass out log on lo0 inet all flags S/SA keep state label "pass IPv4 loopback"   [ Evaluations: 338      Packets: 0        Bytes: 0          States: 0    ]   [ Inserted: pid 55703 State Creations: 0    ] @70(1000002663) pass in log on lo0 inet6 all flags S/SA keep state label "pass IPv6 loopback"   [ Evaluations: 346      Packets: 0        Bytes: 0          States: 0    ]   [ Inserted: pid 55703 State Creations: 0    ] @71(1000002664) pass out log on lo0 inet6 all flags S/SA keep state label "pass IPv6 loopback"   [ Evaluations: 168      Packets: 0        Bytes: 0          States: 0    ]   [ Inserted: pid 55703 State Creations: 0    ] @72(1000002665) pass out log inet all flags S/SA keep state allow-opts label "let out anything IPv4 from firewall host itself"   [ Evaluations: 1657      Packets: 2113      Bytes: 323093      States: 16    ]   [ Inserted: pid 55703 State Creations: 160  ] @73(1000002666) pass out log inet6 all flags S/SA keep state allow-opts label "let out anything IPv6 from firewall host itself"   [ Evaluations: 839      Packets: 0        Bytes: 0          States: 0    ]   [ Inserted: pid 55703 State Creations: 0    ] @74(1000002761) pass out log route-to (em0 192.168.0.1) inet from 192.168.0.15 to ! 192.168.0.0/24 flags S/SA keep state allow-opts label "let out anything from firewall host itself"   [ Evaluations: 839      Packets: 3418      Bytes: 1432738    States: 73    ]   [ Inserted: pid 55703 State Creations: 634  ] @75(10000) pass in log quick on em1 proto tcp from any to (em1:3) port = http flags S/SA keep state label "anti-lockout rule"   [ Evaluations: 1709      Packets: 2275      Bytes: 770250      States: 10    ]   [ Inserted: pid 55703 State Creations: 13    ] @76(10000) pass in log quick on em1 proto tcp from any to (em1:3) port = ssh flags S/SA keep state label "anti-lockout rule"   [ Evaluations: 117      Packets: 4107      Bytes: 1578034    States: 2    ]   [ Inserted: pid 55703 State Creations: 5    ] @77(0) anchor "userrules/*" all   [ Evaluations: 1580      Packets: 0        Bytes: 0          States: 0    ]   [ Inserted: pid 55703 State Creations: 0    ] ---------------------------------------- @78(1770002729) pass quick on em1 inet from any to 192.168.111.1 flags S/SA keep state label "USER_RULE: pfB_DNSBL_Allow_access_to_VIP"   [ Evaluations: 1691      Packets: 0        Bytes: 0          States: 0    ]   [ Inserted: pid 55703 State Creations: 0    ] ---------------------------------------- @79(1770008293) block return log quick on em1 inet from any to <pfb_dnsblip:46>label "USER_RULE: pfB_DNSBLIP AR"   [ Evaluations: 581      Packets: 0        Bytes: 0          States: 0    ]   [ Inserted: pid 55703 State Creations: 0    ] @80(1770008377) block return log quick on em1 inet from any to <pfb_ethreats:3223>label "USER_RULE: pfB_ETHREATS AR"   [ Evaluations: 581      Packets: 0        Bytes: 0          States: 0    ]   [ Inserted: pid 55703 State Creations: 0    ] @81(1770008328) block return log quick on em1 inet from any to <pfb_rw_ipbl:10627>label "USER_RULE: pfB_RW_IPBL AR"   [ Evaluations: 581      Packets: 0        Bytes: 0          States: 0    ]   [ Inserted: pid 55703 State Creations: 0    ] @82(1770008734) block return log quick on em1 inet from any to <pfb_sh_ipv4:60>label "USER_RULE: pfB_SH_IPv4 AR"   [ Evaluations: 581      Packets: 0        Bytes: 0          States: 0    ]   [ Inserted: pid 55703 State Creations: 0    ] @83(1770008690) block return log quick on em1 inet from any to <pfb_level_1:167115>label "USER_RULE: pfB_Level_1 AR"   [ Evaluations: 581      Packets: 0        Bytes: 0          States: 0    ]   [ Inserted: pid 55703 State Creations: 0    ] @84(1770008714) block return log quick on em1 inet from any to <pfb_level_2:137>label "USER_RULE: pfB_Level_2 AR"   [ Evaluations: 581      Packets: 0        Bytes: 0          States: 0    ]   [ Inserted: pid 55703 State Creations: 0    ] @85(1469301982) block drop quick on em0 inet6 all label "USER_RULE: Keep IPv6 Noise Out of The Logs"   [ Evaluations: 1691      Packets: 0        Bytes: 0          States: 0    ]   [ Inserted: pid 55703 State Creations: 0    ] @86(1469301982) block drop quick on em1 inet6 all label "USER_RULE: Keep IPv6 Noise Out of The Logs"   [ Evaluations: 1015      Packets: 8        Bytes: 512        States: 0    ]   [ Inserted: pid 55703 State Creations: 0    ] @87(1469300765) block drop in quick on em0 inet6 all label "USER_RULE: Noise Block IPv6_WAN-Keeps Log Clean"   [ Evaluations: 356      Packets: 0        Bytes: 0          States: 0    ]   [ Inserted: pid 55703 State Creations: 0    ] @88(0) block drop in quick on em0 inet6 from <easyruleblockhostswan:2>to any label "USER_RULE: Easy Rule: Blocked from Firewall Log View"   [ Evaluations: 0        Packets: 0        Bytes: 0          States: 0    ]   [ Inserted: pid 55703 State Creations: 0    ] @89(1483770230) block drop in quick on em1 inet6 all label "USER_RULE: Noise Block IPv6_LAN-Keeps Log Clean"   [ Evaluations: 356      Packets: 0        Bytes: 0          States: 0    ]   [ Inserted: pid 55703 State Creations: 0    ] ---------------------------------------- @98(1469733859) pass in quick on em1 inet proto tcp from 192.168.111.1 to 192.168.1.1 port = 3000 flags S/SA keep state label "USER_RULE: Allow NTOPNG"   [ Evaluations: 3        Packets: 0        Bytes: 0          States: 0    ]   [ Inserted: pid 55703 State Creations: 0    ] ---------------------------------------- @99(1468341693) pass in log quick on em1 inet proto tcp from any to 192.168.1.1 port = domain flags S/SA keep state label "USER_RULE: Allow pfSense to handle DNS requests"   [ Evaluations: 0        Packets: 0        Bytes: 0          States: 0    ]   [ Inserted: pid 55703 State Creations: 0    ] @100(1468341693) pass in log quick on em1 inet proto udp from any to 192.168.1.1 port = domain keep state label "USER_RULE: Allow pfSense to handle DNS requests"   [ Evaluations: 544      Packets: 1062      Bytes: 72729      States: 124  ]   [ Inserted: pid 55703 State Creations: 532  ] @101(1468981713) pass in log quick on em1 inet proto tcp from 192.168.1.0/24 to any port = http flags S/SA keep state label "USER_RULE: Web Traffic"   [ Evaluations: 47        Packets: 27        Bytes: 21493      States: 1    ]   [ Inserted: pid 55703 State Creations: 1    ] @102(1468981713) pass in log quick on em1 inet proto tcp from 192.168.1.0/24 to any port = https flags S/SA keep state label "USER_RULE: Web Traffic"   [ Evaluations: 34        Packets: 375      Bytes: 94278      States: 2    ]   [ Inserted: pid 55703 State Creations: 8    ] ---------------------------------------- @103(1468981713) pass in log quick on em1 inet proto tcp from 192.168.111.1 to any port = http flags S/SA keep state label "USER_RULE: Web Traffic"   [ Evaluations: 26        Packets: 0        Bytes: 0          States: 0    ]   [ Inserted: pid 55703 State Creations: 0    ] @104(1468981713) pass in log quick on em1 inet proto tcp from 192.168.111.1 to any port = https flags S/SA keep state label "USER_RULE: Web Traffic"   [ Evaluations: 1        Packets: 0        Bytes: 0          States: 0    ]   [ Inserted: pid 55703 State Creations: 0    ] ----------------------------------------</easyruleblockhostswan:2></pfb_level_2:137></pfb_level_1:167115></pfb_sh_ipv4:60></pfb_rw_ipbl:10627></pfb_ethreats:3223></pfb_dnsblip:46></bogonsv6:79548></bogons:3757></virusprot:0></webconfiguratorlockout:0></sshlockout:0>

Select "Force Reload" in the update tab

Firehol is converting those Domain based lists into an IP format… I'd not recommend that...  The pfBlockerNG package has an IP and a Domain section.... so best to use the applicable format (IP or DNSBL)... Yes hpHosts has individual Feeds, or the combined feed linked above... Take a look at their website for further details.

@guardian: Can you give us any idea of how they are compiled (source) so we know if they are a good match for our use case? Take a look at the Gist URLs… it will show a comment line for the source(s)...

I'll certainly defer to the developers, but I doubt that it will cause any problems.

I will post a much shortened list I ended up with which I got to by removing domains I know for sure are not for telemetry and also that broke other services.  The list is way shorter as expected.  But bear in mind its a game of whack a mole.  Microsoft at any point can change the domain names used or even connect directly to ip's.  This list I got here was last updated probably a year or so ago when I gave up on windows 10. choice.microsoft.com choice.microsoft.com.nsatc.net df.telemetry.microsoft.com diagnostics.support.microsoft.com oca.telemetry.microsoft.com oca.telemetry.microsoft.com.nsatc.net reports.wes.df.telemetry.microsoft.com services.wes.df.telemetry.microsoft.com settings-sandbox.data.microsoft.com settings-win.data.microsoft.com sqm.df.telemetry.microsoft.com sqm.telemetry.microsoft.com sqm.telemetry.microsoft.com.nsatc.net survey.watson.microsoft.com telecommand.telemetry.microsoft.com telecommand.telemetry.microsoft.com.nsatc.net telemetry.appex.bing.net telemetry.microsoft.com telemetry.urs.microsoft.com vortex.data.microsoft.com vortex-sandbox.data.microsoft.com vortex-win.data.microsoft.com watson.ppe.telemetry.microsoft.com wes.df.telemetry.microsoft.com

Yes it needs to be in an unused network range, and is used to host the DNSBL Webserver…

Maybe the MaxMind Database didn't get downloaded and installed correctly during installation… On the SG-1000, it might take more time to sort the MaxMind database... From looking at the partial install log from the other post, its missing the balance of the installation... Try to uninstall/Re-install. There is a setting in the General tab to "keep settings", uncheck that option so that it starts with a fresh installation...  Then do not move away from the installation window, until its completed its installation...

As for setting it up, in general just read through the info panes built into pfbng & dnsbl. That should get you going, then whatever specific questions you may have after setting up either search the forum or post a quetion. As for feeds, here are some good places to start. The php import that BBCan177 wrote is what I primarily use. https://forum.pfsense.org/index.php?topic=86212.msg508975#msg508975 https://forum.pfsense.org/index.php?topic=86212.msg510369#msg510369 https://forum.pfsense.org/index.php?topic=86212.msg548372#msg548372 https://forum.pfsense.org/index.php?topic=117806.msg652480#msg652480 I also just posted this which has some links to get you setup for really good content filtering. https://forum.pfsense.org/index.php?topic=124013.0 I am not at all a computer or networking person, but through this forum and the info panes in pfbng I've been able to get it up and running and it's great. IMO it's the single most useful package for a home or small office looking to filter their network.

@BBcan177: PR # 156/157 have been posted for pfBlockerNG v2.1.1 CHANGELOG: Other Improvements Add Malware Corpus Tracker to the DNSBL parser www.h3x.eu @BBcan177: Here are the links for Malware Corpus Tracker which can be used w/ pfBlockerNG DNSBL: Site: http://track.h3x.eu/about/400 Available Feeds: https://tracker.h3x.eu/api/sites_1month.php https://tracker.h3x.eu/api/sites_1week.php https://tracker.h3x.eu/api/sites_1day.php https://tracker.h3x.eu/api/sites_1hour.php DO NOT Select all of these Feeds. You should pick only one Feed. For example: the "1Month" will include the "1Week/1Day/1Hour". [ Edit - change to https ] Twitter: https://twitter.com/h3x2b

sure I used SECOIT GmbH's solution (crediting the original guy). His post is here. https://forum.pfsense.org/index.php?topic=89589.msg517047#msg517047 Be aware with this solution, if you do an action that requires a unbound restart/configure, you will manually need to stop and then start in the gui. pfblockerng will still be fine tho.

ok will keep that in mind, thanks.

sorry I didnt think of the obvious :)

awesome… thanks a ton

@lpallard: @BBcan177: Typically best to use "Permit Outbound", so that it only allows access to those IPs when the LAN makes the request… Also ensure that the Permit rule is above the Block rules on the LAN interface. If you're using "Auto type" rules, you might need to select the correct "Rule Order" option in the General Tab. Thanks for you reply.  I think the rules order was the problem.  I completely forgot to change it from defaults after I had reinstalled the package and did not click the checkbox to retain the settings.. Thanks Anthony! Anytime my friend :)

Excellent!!! Thank you so much. It 's because i didn't known if it was a normal behaviour or not :) Thanks! I will keep an eye to see if everything seems to be fine with the update and the catch of any ip listed in the list.

Any suggestions as to which lists would be better to use?

Thank you this has now worked for me Which I have also added to the page https://www.facebook.com/groups/pfsense.official/ to help others…