After changing the "Max Table Entries", try a Reboot.

Thanks @jdeloach for suggesting I tried the dev version it appears to work, although I feel a bit uneasy whitelisting a Cloudflare IP (not an issue with outbound of course ) I can now confirm Pfblocker dev whitelisting works - almost as good as Pi-hole

@BBcan177 said in Did pfBlocker break my config.xml?: pfSense ACB As I get them upgraded to 2.4.4_3, yes. But these are not. This unit is at 2.3.4-p1. I'm hoping to have all the units upgraded by the end of the year and have ACB configured on them.

After a little research I decided to try using reputation with no whitelist. If I am currently only using the top 20 spammers geoip list, and I am actively blocking 6 of them, then this will keep tabs on the rest without downloading a ton of extra stuff or doing too much extra processing. If I understand how reputation works correctly (and that might be a stretch) then this should be a safe bet to make good use of the top 20 spammers geoip list.

@P3R Yes, and for that little security increase I bet your firewall takes a big performance hit. I noticed that the USA list is massive and to have to check everything against that would take some processing power. Not to mention having to unblock things all the time. I actually tried it then reverted back to my current settings just based on how long the update took, haha. I was a little confused as it says right on the configuration pages "It's also not recommended to block the 'world', instead consider rules to 'Permit' traffic from selected Countries only". I read that as "deny all/all by default then allow what you need". Right now I have it set to reject outbound to a few of the top spammer countries and I am looking into the reputation settings. I also DNS blacklist using Pi-hole as I like DNS/DHCP on a seperate box, but I do see that you could just add those lists to DNSBL if you didnt want to do it that way.

@BBcan177 Reading that, it takes my one machine out of DNSBL, but then use squid to block the site? There is no way to use DNSBL filtering per WAN correct? I have them load balanced right now.

@BBcan177 Okay, I increased it to every hour...thank you!

@wdupreez said in dnsbl.log - Log file is empty or does not exist: Should I change the DNSBL > Webserver Interface to GUEST and/or Enable the Permit Firewall Rules and select the GUEST interface? Yes you will probably need this permit rule to allow the GUEST network to communicate with the DNSBL Webserver. You should be able to ping and browse to the DNSBL VIP and also ping and get a reply to any blocked domain. Thanks for the feedback!

If you use the devel version, many are built in. I would recommend it.

@dma_pf Start with which Feeds contain these domains blocking windows updates.

Make sure; Your clients/workstations behind pfSense are pointing to the pfSense box for DNS (normally the LAN address of your pfSense firewall) using "nslookup" tool, query the pfSense DNS directly (normally the LAN IP address) and test for domain names that should be blocked Do you need to check the box TLD under pfBlockerNG so that www.domainname.com and xxx.domainname.com is also blocked? DNSBL works great, I suspect it's a setup issue on your pfSense and/or network.

i've find a solution, i made an repository on github en load up an txt with the ip's from whatsapp server that a find on the documentation from developer facebook, and make a new ip rule with that link!!

By all means keep the custom openvpn port, I find that practice as reasonable, bots and what not scanning services causes spam, the problem is tho if you get used to seeing that spam, then the one day you have a legit attempt at your security you likely to ignore it as you just used to seeing daily spam. Which is why I use custom ports for non public services a lot of the time. On the question of things like snort, I wouldnt bother in a situation where the one and only listening service is a private VPN server.

Hello, I just switched the pfblocker from standard to devel and the problem went away. Sadly I didn't have time to check the logs :(