In PfblockerNG --> General there is the Option Rule order. I think you should define a custom ip list (under ipv4 section) with action "pass" and than define the rule order so pass come before block/reject.

@totalchaos1010 said in Blocked Site Report: @ronpfs Thanks for the response. Have the alerts tab, yes, however I am looking for "total count" reports, not log format. What total count ? Total number of entries per URL ? You should be able to find that in pfblockerng.log. You could also use pfblockerng-devel that has a Reports tab with more statistics about the package.

I downloaded the 1x1 Gif, uploaded the file in the Encode files into Base64 format section, select UTF8, hit >Encode<, I got the same result as the one in the index file.

@fernis IP Tab Edit the Alias name Modify the "Action" setting. Click on the blue infoblock icons for additional details.

@moon_d What do you mean by "directory"?

One is https - with the cert error, but nslookup shows everything is working ok - thanks. I was thinking Chrome was looking at it's list first before it gets to PFB. I don't have anything in the IPv4 list. How your can tell the difference between lists and feeds come to that ? - I guess one has site domains and the other IP's ...

yeah, those are single addresses. You will need ranges, using CIDR notation, like 10.10.0.0/24, or simply a dash, like "1.1.1.1-2.2.2.2". Be careful with these, as it is easy to block too much if you don't know what you are doing, and really mess things up. As long as you don't block your access to the firewall, you can do a little trial and error if needed, though. Facebook has so many IPs though, it's not even funny. They also use datacenters which other companies use, so in an attempt to block Facebook, you may be killing off hundreds of other websites and services running from the same datacenter, or another similar connection. Entire governments are struggling to block services like Facebook, so it's probably not going to be all that easy. This is still something good to learn, but would you be better off just using something like pfBlockerNG's DNSBL? With that, you can just specify that "Facebook.com" should be redirected to a dummy internal server, thus preventing access. For this to work, you do need to have your own DNS server, but pfSense makes that easy.

i already done this.. Torguard has 4 DNS servers, and the fastest two i used is in france. since im from scandinavia, using cloudflare DNS servers from the same city i live in makes the response timings go from above 40ms to under 20 ms.. avarage 14 ms.. this makes my browsing much less inpatient

If you inspect the pfblockerng.log it has been saying that for every Cron update or Force Reload DNSBL since you enable TLD. To track memory usage, use Status Monitoring , System Memory

I've been using some Pi_Hole blacklists too, which you could try: http://sysctl.org/cameleon/hosts (Cameleon ads) https://zeustracker.abuse.ch/blocklist.php?download=domainblocklist (Zeustracker Ads) https://s3.amazonaws.com/lists.disconnect.me/simple_tracking.txt (Disconnect Me Trackers) https://hosts-file.net/ad_servers.txt (Hosts File Ads) https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts (Steven Blacklist) You could also try adding the (slightly outdated?) BlueTack ad server IP list to your firewall. Just make an alias, clean up the list, and import it. https://www.iblocklist.com/list?list=dgxtneitpuvgqqcpfulq&fileformat=p2p&archiveformat=7z Note that it is a pretty big list, so one you import it, expect it to take a little while if you ever want to go back in and view/edit it. For me, it takes almost 5 minutes to load that alias edit page. I hope this helps!

OK Fixed the error on block count =0 It turns out table usage counts were greater than Table Entries Hard Limit. Hard limit was defaulted to 400000, and lists were slightly greater than that. Increased to 600000, and seems we are ok now.

DNSBL http server return different response to the browser depending on what is in the URL : 1x1gif for picture, Javascript or the Blocked page when there is only the domain name in the URL : http://example.com/

@ronpfs, thanks for pointing this detail.

I had check this, I understand part of how it works. Thanks RonpfS.

Okay, it sounds like there is a clear wall. That's good to know. Thanks.

@ronpfs said in pfb_dnsbl, pfb_filter and Unbound error at reboot: TLD will slow down Cron update but will shrink the size of the DNSBL db Live Reload seems to fail without TLD @BBcan177 logged in here (Teamviewer) yesterday, maybe he can come up with something.

Just wanted to report back that its been a few days and I can confirm that disabling Live Sync does indeed solve this issue for myself. Since disabling, DNSBL has been blocking as it should after the cron runs. Thanks for the tip on disabling the "Resolver Live Sync" @RonpfS

@j-koopmann said in Constant unbound reloading with DNSBL: Any ETA or version? We are in the debugging phase now. No ETA is planned yet.

thanks again, I will give the -devel version a look.