The answer on https://forum.netgate.com/topic/153909/pfblockerng-devel-dnsbl-safesearch-exclusion-list

@viktor_g Thank you for your help.

I works for me, otherwise I would be in trouble. As shown, I added several domains myself. The format is very important. One space or dot on the wrong place, and it's "BS-in-BS-out" time. The (multiple) pfBlocker logs don"t sow any awkward warning or error messages ? @DjAlbert said in Manual Whitelist dont work: But when i add a Whitelist from the Reports/alert tab it works instantly. I'm not sure, but my entries all came from me, whitelisting from the Report/Alert tab. It always works like that : you add some feeds and the you follow the alerts for some time, whilte-listing all false-positives.

I have the same problem but also my google home is blocking, i have added some IP adresses of google but not helped me. Anyone a suggestion about that? I think i am not the anyone that this problem have with Google services.

I actually agree with you, but if I think about it better, then not. In case, if we always let them to observe us and let's say it still fits, it will only be catastrophic this situacion. The people you're talking about on flower language, we gave them all the technology to make them for us afterwards. They’re just smoothly seizing the opportunity and have grown bigger ever since. Maybe it’s basically our fault for getting here. So I destroy down telemetry as much as possible.

@Gertjan Okay so put simply, it's just not possible Thanks anyway :)

Install the latest version pfBlockerNG-devel 2.2.5_32 This will show you what you need to know explicitly : [image: 1590127242899-b0183606-b46e-4d3a-a8cd-401a9fc11ac9-image.png] Implicit : You need to know how to access the pfSense file system. You need to know what a file is. What a PHP file is. Then use "dnsbl_default.php" as a starting point to write you own php file.

@NollipfSense I think I sussed it... I had the Alexa Top1M set to 500K thinking this was a verified list. I've changed it 10K and it seems to be blocking everything in the list now. Anything wrong with using this list or setting it to 10K if using it?

Thanks @jazzl0ver, I found that article a couple days ago. So far error hasn't returned however previously it would come up at random times, not consistent hence fingers crossed.

On 2.4.5 that is not indicative of the size of your tables. If it was, it would have a different error that says there are too many entries. This error on 2.4.5 means that it didn't have enough memory at that moment to load the table. Generally it's non-fatal, however, as a later filter reload will likely succeed. Check the table in question and see if it contains the values you expect. If it does, there isn't likely much to worry about. This can happen on systems with low RAM or many packages running which consume memory (especially kernel memory). It should be better on 2.4.5-p1, though that particular scenario is more difficult to isolate and test.

@gnichols said in pfblockerng-devel causing browsers security alert: I've installed pfblockerng-devel but having a problem with browsers throwing an privacy/security alert on google ads and other links tied to google services. It appears that it's breaking HTTP Strict Transport Security. I want to continue using pfblockerng but is there a way to fix this? Any help is appreciated! That's because you enabled rules that blocks those domains with ad content ... you can go to Firewall > pfBlockerNG > Alerts then scroll down to DNSBL then look for the domain you wanted to visit and click the plus symbol (+) to add to whitelist.

@RonpfS I tried that, but I'm only able to get an entire interface to bypass DNSBL. The top post shows where they are able to get a single host to bypass DNSBL, while everything else in that /24 is sent DNSBL That part doesn't seem to work for me.

In the IPv4/6 tabs (devel version) you can change the "State" setting to "GeoIP" and use that to create your own combination of ISOCodes as required. The Source field is an autocomplete field, so after a few typed characters, it will show all available matches. Then use the TAB key to auto-populate the Label field.

@n257jy I would add to custom list than ditch the feed ... congrats on the self-learning that brought you more confidence as network administrator.

Hi, Look at the pfBlockerNG-devel Reports page. Look at the Alerts and DNSBL lists. Look for the IP your device us using, and then a destination that should have a relation with this "sagepay " (whatever that is). Note : Feeds used by pfBlockerNG are created by humans like you and me - most often 'just for fun and to help the community'. They could be useful for some one, contain IP's that shouldn't be blocked for others. It's NOT an exact science.

@jot thanks for the info. You are right. Though I do not understand why to force whitelist google and yandex subdomains which are used for ads - ads.google.com|adservices.google.com. I just can not block ads if I enable safesearch option

Resolved. Just an update on the issue if someone ever face the same problem. I reinstalled PFSense, then PFBlockerNG-DEV. I didn't create any auto-rules and only uses native aliases. Maybe it's something obvious, but in my case they didn't play well together. I installed ntopng to find out all the required ASN, there are a few more than just netflix/youtube for the APPs. However, I got a second problem from time to time I wouldn't get an IP from the WAN and many dpinger send-to error 65. The problem was my onboard NIC is a RealTek and not Intel. Moving the WAN to an Intel port seem to fix the issue for me. I understand the recommendation is to use Intel. Thank you John for your time and help!

In the end I disabled tld blocking since it led to many issues allowing certain sites with their own subdomains. I am maintaining a blocklist of individual sites. This is more effort but more reliable for use.