You don't. Not possible. Put them on a non-proxied VLAN.

@micropone: i noticed 2 of my list one has 0.0.0.0 x.com and 127.0.0.1 q.com. the one with 0.0.0.0 has no count of hosts but the txt file has like 200 hosts in it! Does pfsense prefer 0.0.0.0 or 127.0.0.1. at the beginning ? DNSBL will parse those feeds and collect the domain name, regardless of the two formats you indicate… So no issue with either...

@healeyc: where did I lose you? Right in the subject of the thread.  ::) I cannot see how pfBNG would be causing any interface to lose an IP, except that you did not RTFM and configured the DNSBL IP to be inside your current networks. The VIP must be completely outside of any subnets used on pfSense. [image: Screenshot_pfBNG_DNSBL_VIP.png_thumb] [image: Screenshot_pfBNG_DNSBL_VIP.png]

@rnmixon: Arrggh! Thanks - I made a (bad) assumption that they would be ordered/condensed for faster lookup. Does that happen when they get loaded? The alias table seems to be created by appending the file one after the other (US_v4 + CA_v4 + AU_v4 > pfB_PERMITTED_AUTH_IP.txt).

IMHO Its just as important to protect the outbound… YMMV

Run the following command from the shell to re-download/re-build the MaxMind DB: php /usr/local/www/pfblockerng/pfblockerng.php dc Follow that with a "Force Reload - ALL".

My boss wants to allow facebook, and this info helps a lot. I've set up the IP4 rule in pfBlockerNG as presented earlier (thanks), but I'm not getting all pictures though. I do have a couple of questions: 1)  Are my changes supposed to be taking effect when I force update?  or only when I reboot?  (I seem to get different results at times) 2)  Should I permit Outbound only?  or Both? 3)  Should I allow the IP6 range for facebook?  see  (http://bgp.he.net/search?search%5Bsearch%5D=facebook&commit=Search for list) I have tried all the above, but still missing a lot of pictures. facebook does work fine when i disable pfBlockerNG. P.S.  I've also turned on Alexa 1k whitelist…perhaps bumping that up would help?  But at what cost?

On my P4 386 system, Cron update takes 20-40 minutes to complete, DNS reload of the 92MB pfb_dnsbl.conf takes 4-5 minutes. 2016-12-07 02:27:16 Daemon.Info 1.2.3.4 Dec  7 02:27:19 unbound: [66112:0] info: service stopped (unbound 1.5.10). 2016-12-07 02:31:23 Daemon.Info 1.2.3.4 Dec  7 02:31:26 unbound: [66112:0] info: start of service (unbound 1.5.10). ```During the reload, DNS fails, so it's not a bad idea to run cron update off-hours. As for the Maxmind database, once it is rebuilt, there is no need to run``` php /usr/local/www/pfblockerng/pfblockerng.php dc ```until something breaks or a new MaxMind database is released and for some reason the cron MaxMind update failed.

Thanks for the heads up!

Hey BBcan177, you made my day! This solved the issue: @BBcan177: Alternatively, you can try to manually run the MaxMind update process from the shell: php /usr/local/www/pfblockerng/pfblockerng.php dc Thanks a lot! And thanks for this helpful package!!!

Thanks

Good on the prod boxes. Whatever it is- it's just on initial sync. After that I can seem to make changes, etc. without issue and just let CRON do its job. SOLVED. Thanks

@BBcan177: See the following: https://forum.pfsense.org/index.php?topic=102470.msg671811#msg671811 Will give it a go, thanks.

2.3.3 snapshots, browser being mostly Chrome. Why's unbound compiled without python, no idea.

@Mr.: Thank you BB  :-* Is it very difficult to have pfBlockerNG generate a human understandable error like 'feed is DOA'? I just need to write a fully automated system to read the thoughts of each admin and configure/monitor/tweak ….  <grin>  :P :P If I find a decent solution to improve this error, I will for sure add it to the code.... code name Jingle …</grin>

Hi, I don't have your environment to test, but I do have some changes to the Lighttpd web server configuration to listen on 10.10.10.1 (For DNS requests made from pfSense itself) and log those blocked domains… Not sure if this will help your situation or not? Save to  [  /var/unbound/pfb_dnsbl_lighty.conf  ] # #pfBlockerNG Lighttpd DNSBL configuration file # server.bind                    = "0.0.0.0" server.port                    = "8081" server.event-handler            = "freebsd-kqueue" server.network-backend          = "freebsd-sendfile" server.dir-listing              = "disable" server.document-root            = "/usr/local/www/pfblockerng/www/" server.errorlog                = "/var/log/pfblockerng/dnsbl_error.log" server.pid-file                = "/var/run/dnsbl.pid" server.modules                  = ( "mod_access", "mod_fastcgi", "mod_rewrite" ) server.indexfiles              = ( "index.php" ) mimetype.assign                = ( ".html" => "text/html", ".gif" => "image/gif" ) url.access-deny                = ( "~", ".inc" ) fastcgi.server                  = ( ".php" => ( "localhost" => ( "socket" => "/var/run/php-fpm.socket", "broken-scriptfilename" => "enable" ) ) ) debug.log-condition-handling    = "enable" $HTTP["host"] =~ ".*" {         url.rewrite-once = ( ".*" => "index.php" ) } $SERVER["socket"] == "10.10.10.1:80" {         $HTTP["host"] =~ ".*" {                 url.rewrite-once = ( ".*" => "index.php" )         } } $SERVER["socket"] == "0.0.0.0:8443" {         ssl.engine              = "enable"         ssl.pemfile            = "/var/unbound/dnsbl_cert.pem"         ssl.use-sslv2          = "disable"         ssl.use-sslv3          = "disable"         ssl.honor-cipher-order  = "enable"         ssl.cipher-list        = "AES128+EECDH:AES256+EECDH:AES128+EDH:AES256+EDH:AES128-SHA:AES256-SHA:!aNULL:!eNULL:!DSS"         $HTTP["host"] =~ ".*" {                 url.rewrite-once = ( ".*" => "index.php" )         } } $SERVER["socket"] == "10.10.10.1:443" {         ssl.engine              = "enable"         ssl.pemfile            = "/var/unbound/dnsbl_cert.pem"         ssl.use-sslv2          = "disable"         ssl.use-sslv3          = "disable"         ssl.honor-cipher-order  = "enable"         ssl.cipher-list        = "AES128+EECDH:AES256+EECDH:AES128+EDH:AES256+EDH:AES128-SHA:AES256-SHA:!aNULL:!eNULL:!DSS"         $HTTP["host"] =~ ".*" {                 url.rewrite-once = ( ".*" => "index.php" )         } } then: /usr/local/etc/rc.d/dnsbl.sh restart Note: The NAT address of 127.0.0.1, is defined here: /usr/local/pkg/pfblockerng/pfblockerng.inc https://github.com/pfsense/FreeBSD-ports/blob/devel/net/pfSense-pkg-pfBlockerNG/files/usr/local/pkg/pfblockerng/pfblockerng.inc#L791

Hi. Stop the fw filter, via shell ( menú, option 8 ) Shell):``` pfctl -d Reconfigure your pfBlockerNG or whatever you need. … and enable the fw filter again pfctl -e Regards.

Either will work… Up to you whats an easier method to manage...

I haven't tested these myself, but you could try these for Proxy blocking … http://tools.rosinstrument.com/proxy/l100.xml http://tools.rosinstrument.com/proxy/plab100.xml http://www.xroxy.com/proxyrss.xml http://www.sslproxies.org/ http://www.socks-proxy.net/ http://www.proxz.com/proxylists.xml http://www.proxylists.net/proxylists.xml http://txt.proxyspy.net/proxy.txt http://www.proxyrss.com/proxylists/all.gz