See the following link about your first question: https://forum.pfsense.org/index.php?topic=99929.msg556801#msg556801 MaxMind updates once a month, so there is no reason to run cron updates hourly for GeoIP. However. If you add other IP feeds, you should update at an increased frequency.

@rajl: Thanks for the advice.  I'm running the latest version, so I'll bump the max table entries up to 10m (currently set at 4m) and Force Reload like you suggested.  I'll see what happens and report back in a few days. I've done this as well and it still hasn't resolved my issue. Are you getting these dpinger errors when this happens in your logs? send_interval 500ms loss_interval 2000ms time_period 60000ms report_interval 0ms data_len 0 alert_interval 1000ms latency_alarm 500ms loss_alarm 20% dest_addr xx.xx.xx.xx bind_add xx.xxx.xx.xx identifier "TPWANGW " I get these errors but only on my CARP Backup device, not the main. For me all of my gateways go down every 6 hours and that's when this error occurs and I have to run a CRON in pfBlocker to fix it. The only CRON that runs every 6 hours is Snort, but I've set it to run :05 minutes after the hour and I still see errors. This happens as well, I'm not sure if it's directly related Oct 17 00:01:03 kernel ovpns2: link state changed to DOWN Oct 17 00:01:03 php-fpm 32369 /xmlrpc.php: Resyncing OpenVPN instances. Oct 17 00:01:02 php-fpm 32369 /xmlrpc.php: ROUTING: setting default route to xx.xx.xx.xx Oct 17 00:01:02 check_reload_status Reloading filter Oct 17 00:01:02 check_reload_status Syncing firewall When that ROUTING entry happens all my OpenVPN interfaces reset. I don't mean to hijack and I need to start my own thread but I was just curious if you had the same issues. I have Snort and Squid running as well, but this only happens every 6 hours which leads me to think it's related to Snort in some way.

@BBcan177: If you see an AD in a web page, right click on it, and click "Inspect"… This will show what the domain of the AD is... There are other DNSBL Feeds that can be added (Check the DNSBL thread), and you can also manually add Domains to the Custom Lists... actually i see Ads on youtube app on my android and iOS devices, is there any solution?

Hey BBcan177! Thank you SO much for taking the time to explain this to me. I was scratching my head trying to figure out exactly why my PrivacyGuard alerts weren't showing, but my general pfBlocker alerts were. This makes perfect sense, now. Thank you again for the clear, concise explanation. You rock!  ;D

This is not a bug with the package… If you use the GeoIP rules and depending on what Countries you add, you can block access to the Root DNS Servers. So its up to how you configure the rules and the blocklists... Anything being blocked will show in the Alerts Tab. Here is an IP list of the Root DNS Servers, which should not be blocked... https://www.internic.net/domain/named.root btw - I am not actively maintaining pfBlockerNG in pfSense 2.2.x... Best to move to pfSense 2.3.x asap...

php /usr/local/www/pfblockerng/pfblockerng.php dc seems to have fixed the issue thanks for your help

https://forum.pfsense.org/index.php?topic=99929.msg556801#msg556801

@centurioapertus: I solved my problems by installing Linux, but I digress.  Since I still have a few Windows 10 machines, my plan is to block all traffic to microsuck except from one VM which will be running as a WSUS server.  All my Windows 10 machines will be pointed to the WSUS server for updates. I just thought I would drop the idea of a WSUS server into the mix. Noob question from me:  I've used a little SCCM 2012 but never WSUS to push out Windows Updates.  Does WSUS require a Windows Server OS?  I'm curious if a home user can spin up a WSUS VM for free (legally).

The package allows for different options to define the firewall rules… There isn't one better than the other.... Its wants better for you network environment.... Your observations about the differences between those rule options is sound tho.. I will say that its best not to overload the widget statistics/Alerts Tab with useless information with packets that are already being dropped by the stateful implicit deny firewall rule and then concentrate on those Alerts that are important to review.

Just pfBlockerNG.  Deleted all lists manually, did a force update to clear everything, uninstalled the package, rebooted the machine and installed pfBlocker from scratch and re configured from a blank slate. Not sure what preciusely that fixed, other then to know that it is now working as expected, again.

If Avast uses a CDN, it might be hit or miss with a TLD domain in the whitelist… Try your google FU and see if you can find the whole list of IPs that are used for the update process, or send Avast Support a request for those IP ranges.... Then add those IPs to the Whitelist....

To bypass DNSBL, you can configure the LAN devices to use a different DNS server and that should solve this issue for you. Could also run the DNS Forwarder (dnsmasq) on a different port….

Ah! So basically configure this at the device level. Android for example: https://support.opendns.com/hc/en-us/articles/228009007-Android-Configuration-instructions-for-OpenDNS Thats a duplicable solution indeed. Thanks!

@Mr.: BB: isn't the not-reporting-no-logging a bug? Feature … :) Someone needs to find a way to bypass those human validation measures in these sites to get the list to download...

Quoting the MaxMind doc: Country, Registered Country, and Represented Country We now distinguish between several types of country data. The country is the country where the IP address is located. The registered_country is the country in which the IP is registered. These two may differ in some cases. Finally, we also include a represented_country key for some records. This is used when the IP address belongs to something like a military base. The represented_country is the country that the base represents. This can be useful for managing content licensing, among other uses.

@BBcan177: No that is to increase the "State Table"… System / Advanced / Firewall&NAT  -  Firewall Maximum Table Entries too BBCan177's fix above worked for me. Let me take this opportunity to thank BBCan for his work on the pfblockerNG package - very impressive work fella!

@tonymorella: @Mr.: @RonpfS: For DNSBL to work, all clients on all networks have to point to the DNS Resolver of the pfsense with DNSBL. I'm trying to figure out the sentence to google for that actually gives relevant results so I can figure out what to do, Ron  ;D I mean: how can I be sure/test my Windows, Linux and Android stuff do what you wrote above? Is it simply a case of DHCP an IP to all clients (including static P's), or is there more to be done (like disabling services on the clients, for example (?)). Thank you for any tips  :P Setup rules to redirect all DNS request to the local DNS Firewall > NAT > Port Forward> Edit Interface LAN Protocal TCP/UDP Click Invert match select LAN Address Destination port range From Port DNS and to Port DNS Redirect target IP 127.0.0.1 Redirect target port DNS NAT reflection Use system default Filter rule association Create new associated filter rule Create rule that allows TCP/UDP from LAN net to  LAN address on port 53 Create rule that allows TCP/UDP from This Firewall to Any on port 53 For example, if a device has 8.8.8.8 setup as its DNS server this rule says anything that is not the LAN address for the request to 127.0.0.1 from port 53 to port 53 Tony I am lost on last 2. Is the 2nd last one created under Firewall rules-lan and the last one is firewall  rules-floating, Thanks for sharing, regards, boatingdude

Did you see the DNSBL Feeds that i posted in the DNSBL sticky thread?

Hello Thanks, tonymorella :)  ( the last space was my mistake ) Regards.