@bbcan17 said in DNSBL and PlayStation Vue issue - again: manually add domain to the Whitelist I really need hand-holding with this. I get the general concept, but where to "manually add domain to the Whitelist" and then to figure out (for example duappsdap.wshifen.com) an run 'drill' command, is not clear to me. I hope it will be useful to many users. Thx

I have plans to add this at some point, so for now, you can manually add this to the DNSBL Whitelist customlist: fetch -o /tmp/file.txt "https://www.archlinux.org/mirrorlist/?country=all&protocol=https&ip_version=4&use_mirror_status=on" grep '=' /tmp/file.txt | cut -d '/' -f3 mirror.koddos.net ftp.lysator.liu.se mirrors.kurnode.com mirrors.dotsrc.org mirrors.nix.org.ua archlinux.us-west.mirror.zoidplex.net arlm.tyzoid.com ftp.lanet.kr archimonde.ts.si mirror.wormhole.eu archlinux.mirror.wearetriple.com ftp.fau.de arch.eckner.net mirror.i3d.net mirrors.arnoldthebat.co.uk arch-mirror.wtako.net www.ratenzahlung.de archlinux.us-east.mirror.zoidplex.net mirror.hackingand.coffee mirror.metalgamer.eu mirror.lty.me mirror.smith.geek.nz mirror.fra10.de.leaseweb.net ftp.sh.cvut.cz fooo.biz arch.mirror.constant.com mirrors.rutgers.edu archlinux.mivzakim.net mirror.pseudoform.org archlinux.thelinuxnetworx.rocks mirror.system.is muug.ca mirrors.n-ix.net archlinux.beccacervello.it mirrors.cat.net repo.itmettke.de packages.oth-regensburg.de mirror.netcologne.de mirrors.phx.ms mirror.csclub.uwaterloo.ca sgp.mirror.pkgbuild.com pkg.adfinis-sygroup.ch mirror.hactar.xyz gluttony.sin.cvut.cz mirrors.neusoft.edu.cn ftp.heanet.ie arch.mirror.square-r00t.net mirrors.celianvdb.fr arch.yourlabs.org jpn.mirror.pkgbuild.com mirror.puzzle.ch linuxmirrors.ir repo.sadjad.ac.ir archlinux.mirror.pkern.at mirror.epiphyte.network mirror.dkm.cz mirror.aarnet.edu.au archlinux.eu.mirror.zoidplex.net mirrors.kernel.org ftp.jaist.ac.jp mirrors.ukfast.co.uk mirror.thomaskilian.net archlinux.dynamict.se mirror.srv.fail mirrors.nxthost.com mirror.sfo12.us.leaseweb.net mirrors.sjtug.sjtu.edu.cn mirror.lnx.sk ftp.rnl.tecnico.ulisboa.pt foss.aueb.gr mirror.osbeck.com mirror.sergal.org archlinux.layer8.fail mirrors.rit.edu mirrors.atviras.lt www.mirrorservice.org ftp.halifax.rwth-aachen.de mirrors.sonic.net archlinux.asia-east.mirror.zoidplex.net mirror.kku.ac.th mirrors.lug.mtu.edu archlinux.mailtunnel.eu mirror.reisenbauer.ee archlinux.nautile.nc archlinux.ip-connect.vn.ua ind.mirror.pkgbuild.com mirror.michael-eckert.net mirrors.niyawe.de mirror.yandex.ru mirror.f4st.host mirror.0x.sg archlinux.vi-di.fr ftp.spline.inf.fu-berlin.de mirror.ams1.nl.leaseweb.net mirrors.xjtu.edu.cn mirror.kaminski.io mirrors.uni-plovdiv.net mirror.bethselamin.de mirror.t-home.mk mirror.homelab.no arch.jensgutermuth.de mirror.ubrco.de ftp.wrz.de mirror.neostrada.nl mirror.armbrust.me ftp.myrveln.se mirror.xtom.com.hk mirror.neuf.no mirror.dal10.us.leaseweb.net mirrors.ocf.berkeley.edu k42.ch mirrors.ustc.edu.cn mirrors.pidginhost.com mirror.one.com archlinux.nullpointer.io mirror.orbit-os.com mirror.thekinrar.fr mirror.jankoppe.de mex.mirror.pkgbuild.com mirror.stephen304.com ftp.acc.umu.se mirror.aur.rocks mirrors.shu.edu.cn mirror.datacenterlight.ch archlinux.thaller.ws mirrors.tuna.tsinghua.edu.cn archlinux.us-central.mirror.zoidplex.net mirror.wdc1.us.leaseweb.net archlinux.surlyjake.com glua.ua.pt mirror.grig.io

@pfsensetest Thank you. The format with the .*conf is correct.

@xentrk Thanks! You should also check out the DEVEL version.

@telecomguy you have to clear your browser and OS DNS cache between these events or wait for the TTL to expire.

I've not tried to read a file directly, but since the country aliases were created as URL aliases I copied that to create https://127.0.0.1:443/pfblockerng/pfblockerng.php?pfb=pfB_GeoIPUSv4. Can you try loading via URL? Our Asia alias for instance is https://127.0.0.1:443/pfblockerng/pfblockerng.php?pfb=pfB_Asia_v4 and I'm pretty sure I didn't create that one.

@ronpfs said in Alias Native Logging: @morgion Can you use Adv. Inbound rules and use "Permit Inbound" and let it auto-create the rule which will have the 177 tracker id prefix? Those rules do work, I have just been trying to not to create more aliases, and have more flexibility.

@ronpfs Oh, that is actually not a problem. I changed all the IPs in the config to 10.10.10.x for obfuscation. My LAN/VLANs all use the 10.100.0.0/16 range. So the VIP being on 10.10.10.1 isn't an issue.

@ronpfs I had it whitelisted EVERYWHERE!

I ran a reinstall and that seems to have fixed it

@iyad: Please i got this message and i can't find the issue ===[  IPv4 Process  ]================================================= [ forbid ] Downloading update  .. completed ..   Empty file, Adding '1.1.1.1' to avoid download failure. [ Badsites_custom ] Downloading update [ 05/14/18 12:52:00 ]connect: No route to host connect: No route to host connect: No route to host . completed .. [ pfB_Badsites Badsites_custom ] Custom List Error ] In the IPv4/6 tab, click on the blue infoblock icons and you will see the correct format for adding URLs. It looks like the pfSense box can't connect to the URL you entered: Local file:    http(s)://127.0.0.1/filename  or  /var/db/pfblockerng/filename For the customlist, you need to enter one IP per line (also click on blue infoblock icon for details)

In pfblockerNG General tab, disable pfBlockerNG and uncheck Keep Settings, save, this will clear all downloaded lists. Then remove package pfBlockerNG. Last add package pfBlockerNG, this should gave you a blank pfBlockerNG configuration.

Ok thanks. I got that to work. But I guess I was looking for a way to bypass the firewall rules as well as DNSBL (i.e. I wanted a subnet on my LAN which would behave as though pfblockerng was not installed). I found this post: https://forum.pfsense.org/index.php?topic=119031.0 which seems to suggest that the only way around DNSBL is to push an entirely separate DNS entry for the hosts that will bypass DNSBL. The problem with this though is that these hosts will not be able to take advantage of DNS over TLS as implemented in pfsense. Is there any other way to bypass DNSBL?

Thanks. That was it obviously

As pointed out to me in another post. https://forum.pfsense.org/index.php?topic=139634.0

I had missed that but am now a supporter. Thanks.

Okay so here is what I really need help with. I want to block Outgoing packets to Russian and China with the exception of my torrents which I want to send through port 17000. How would I implement this, as the "Invert" option does not appear for ports only for sources or destinations.