I found this answer elsewhere that will allow maintaining a proper whitelist instead of disabling the entire Top Spammers feed . "You can add Canonical, Inc's ASN to the IPv4 source list and permit outbound. It's AS41231. In the IPv4 category, click the green Add button at the bottom. Click the Format pulldown and select ASN. Click the State pulldown and select ON. In Source, type in AS41231. Under Settings, click the Action pulldown and select Permit Outbound. Under Update Frequency, select Weekly. After you save it, force an Update or wait for it to run at the next scheduled time. Many enterprises have at least one ASN, so I think it's a pretty good tool to use to automatically maintain an IP whitelist for each organization. You can use https://bgp.he.net/ to search for ASNs.", /user/ontheroadtonull

@dgall P.S when I changed my computer ipaddress I cleaned the Cache cookies history and rebooted before retesting

@RonpfS Got it, thanks

@securli said in Bug report: PfblockerNG add 1.1.1.1 when threat source input is empty: @JeGr Thank you very much, this bug is so stupid, it should check the downloaded file is zero or not instead of random block an IP address. That's what it does. But pf can't handle empty files/lists so it has to be at least one entry in it, that's why in the old version there was a default value - 1.1.1.1 - long before that IP was made a DNS service by Cloudflare and APNIC. That's why it was changed to 127.1.1.7 per (new) default.

@CyberMinion said in DNSBL: Whitelisted URL still being blocked: I do have TLD enabled at present. Hello! Make sure to follow the "Click infoblock before enabling this feature!" text under the TLD option. There is a section on TLD Exclusions and whitelisting. John

@bhjitsense said in Testing DNSBL with DNS Lookup: firewall itself is somehow exempt or is bypassing DNSBL. The firewall is using "127.0.0.1 - port 53" - on on that port unbound, the resolver is listening. That is, if you did not add other servers, which isn't needed. (people tend to throw in 1.1.1.1 - 8.8.8.8 - etc and then strange things happens ;) )

One option i have considered is manually altering the /var/db/pfblockerng/dnsbl/Shallalist_porn.txt to just include the www versions of those site in addition to those without www. Would that be a mad idea?

Today I checked the log again and it shows 570893 pfSense Table Stats ------------------- table-entries hard limit 2000000 Table Usage Count 570893 UPDATE PROCESS ENDED [ 07/18/20 14:49:15 ] Looks more realistic. I changed nothing.

@mcury Wow! Okay. Now I think I had read that somewhere. Thanks for the help.

@trumee said in Error: cannot load "/var/db/aliastables/pfB_Top_v6.txt": Invalid argument Hi, please read this: https://forum.netgate.com/topic/143884/pfblocker-there-were-error-s-loading-the-rules

Install Privacy Badger and uBlock Origin on your Chrome browsers. Should help.

@psp said in (SOLVED) How to change pfBlockerNG rules order: Just one note: don't use the prefix pfB_ as first string on "Description" for your own rules with pfBlockerNG aliases. This will ensure that your rules will not be handled by pfBlockerNG during updates. Thanks you for let me know. When @JeGr mentioned the 'alias Denys' option, I notice that there was a description on GeoIP explaining all available options, and notice that part.

From the DNS Resolver page in the pfSense manual: DNS Query Forwarding: Disabled by default. When enabled, unbound will use the system DNS servers from System > General Setup or those received from a dynamic WAN, rather than using the root servers directly. Just the confirmation I was looking for :)

@vishal3213208 said in "Authentication failed due to problem verifying server certificate." error while trying to connect to Anyconnect SSL VPN.: and thus blocked Blocked IP's are shown on the report page / alert and or DNSBL Up to you to check who / which device was using that Ip - was it pfSense itself ? The IP must be in one of your feeds used.

I found an unbound error unrelated to these issues and fixed it. error: duplicate forward zone . ignored. Other than that, everything else was functioning properly. Must be some internal code, because all of my logs and settings are clean as a whistle. Thank you all for your kind help. I'll just chalk this up to experience and call it a day. Take care.

Post continued here due to a problem I had replying (it was marked as spam). Feel free to delete this thread, sorry for the mess!