I binned off phishtank a while back as it had a really high false-positive count.  I got fed up with it blocking genuine content…

Solved the problem - it seems when I started looking at others peoples problems and offering suggestions I saw mine in a new light I had Alexa TLD exclusions selected - several of them I removed all exclusions and TLD is back working just fine Though I will be putting custom FQDN's I want to block into the proper category - DNSBL Feeds -  from now on To summarize - packet loss was the first issue + configuration error on my part the second

Turn on Global logging, for debugging purposes, and try inbound and outbound on just the LAN for starters Choose the 2nd or 3rd "Rule Order" option so all your firewall pass rules are evaluated first pfBlockerNG rules on the WAN can complicate updates I prefer floating rule sets my 2 cents

Specify "Floating Rules" under general setup

Hi, Start posting here : pfSense Forum » pfSense English Support » Packages » pfBlockerNG as it seems to be a pfBlockerNG  issue.

Well I am not running your version of pfblockerNG So concentrate on the infoblock under your table.

Under IPv4 Source Definitions you can use local files. Clic on the [image: Yxodhwt.jpg] infoblock to get more info. However the files need to be present when pfblockerNG run Update.

Thanks for the advise, everything is working now@RonpfS: Looks at the Alerts tab to figure out what to whitelist. Do a Force Reload DNSBL once you have enuf whitelist done. Press F12 in your browser to determine what's not loading as well.

Don't know about the syslog option, but I am emailing the dnsbl.log using the mailreport package.  Once installed choose Status-Email Reports-Add New Report.  Name it, save it, then edit and add this command: cat /var/log/pfblockerng/dnsbl.log This is assuming email is already working, configured on the system-advanced-notifications page.

You might get more sense if you filter the wire shark capture on port 53 (dns). That will tell you what addresses it is trying to look up. Also pfBlocker has a tab where you can see blocked traffic, it’s worth a look.

@tagit446: I was getting the same errors with those list so I gave up. I did however get this one to work: https://raw.githubusercontent.com/CHEF-KOCH/NSABlocklist/master/HOSTS Thank you Tagit446…that worked.

I work with firewalls all day long and every other major brand out there (CheckPoint, Fortinet, Palo Alto) implements geo-blocking as a separate process outside of firewall rules, otherwise you get the things I complained about. But with pfSense, I guess I'll have to re-order and manipulate things to get what I want.  Obviously it works fine with blacklisting, but with whitelisting, allowing North America does nothing to block Russia. Then change it to a rule that blocks everything except your work IP. I didn't need to do that before I implemented GeoIP blocking.  It was already assumed by my original rule.  Now I need to add a bunch more.

That's one way, the nice way.  Another way is to simply put in a firewall block on port 53 except for pfSense and let your kids figure out why they can't get anywhere.

Try going into pfBlocker - updates - force reload both IP & DNSBL.

Can you access those lists from a client on the network?

You'll need to look at all the domains the page loads and see what they are. The comments are blocked on mine too, and I took a quick look and saw requests go from one article to subdomains of:- optimizely.com googleapis.com googletagservices.com twitter.com tiqcdn.com typekit.net addthis.net That list may not be exhaustive, but if you use the debug tools of your browser (I happen to be using MS Edge for this, use the F12 dev tools -> Network, then open the page) you should be able to see what sites requests are going to and can work through them one by one.