@BBcan177: I have posted PR#470 for pfBlockerNG v2.1.2_1 for review by the pfSense devs. https://github.com/pfsense/FreeBSD-ports/pull/470 Changelog: Switch flock() to try_lock() Remove conf_mount_{ro,rw} calls Add 'Alias type' rules to states removal feature Thank you. I ran the patch files but assume I should still update pfBlockerNG which I will do once available in package manager. (not a complaint) Thank you for the work you do.

@xphiles: thanks, although I am confused how when I have rules in place to block any other DNS, it still got past it to AVG? They do that thru an HTTPS (I would hope… and not thru HTTP) call back to their domain. So they are stopping DNS hijacking by doing their own DNS hijacking :) lol...

Most definitely I'll do that. I thought i'd try here first since it referenced 10.10.10.1 IP. Thank you for your continued support to pfSense <3

If you goto the pfSense firewall log, do you see these alerts?

@BBcan177: Thanks for reporting this… Looks like it wasn't picking up Alias type rules with "pfb_" in the Rule descriptions. Can you edit:  /usr/local/pkg/pfblockerng/pfblockerng.inc https://github.com/pfsense/FreeBSD-ports/blob/devel/net/pfSense-pkg-pfBlockerNG/files/usr/local/pkg/pfblockerng/pfblockerng.inc#L5099 and change Line #5099 from: if ($alias['type'] == 'urltable' && strpos($alias['name'], 'pfB_') !== FALSE && strpos($alias['descr'], '[s]') === FALSE) { to: [code] if ($alias['type'] == 'urltable' &&     (strpos($alias['name'], 'pfB_') !== FALSE || strpos($alias['name'], 'pfb_') !== FALSE) &&     strpos($alias['descr'], '[s]') === FALSE) { Please report back ... Thanks! I am still having the same issue after changing the code [/s][/code][/s]

BBcan177, Thank you very much for your help.  It turns out my ISP device had disabled modem mode and this was actually the cause of the problems.  Once I re-set modem modem the entries for pfBlocker reappeared as before in the log. Thanks again.

@dcol: Why not just use https://ransomwaretracker.abuse.ch/downloads/RW_IPBL.txt They are two different Feeds… The URL and DOM feeds should be used in DNSBL as it contains Domain names.... There are also IPs mixed in, so enabling the DNSBL IP option will also pull those IPs...

@tim_co: No worries. I got the information I was looking for. Thanks again. As an FYI: In the Alerts tab, you can click on the "I" infoblock icons and it will load a Threat Lookup page with several Threat Source lookup tools….

@securvark: I'd like to do the same for Steam downloads and Steam games. Preferably, for all my games (Origin, Battle.net, Uplay), but that may be too much to ask (I don't know). Maybe you can try looking up the ASNs for those https://bgp.he.net/dns/battle.net#_ipinfo Or try a google search for list of IPs for those sites… Maybe someone else will chime in if they have accomplished this...

The latest updates to pfBlockerNG are bug fixes. I guess BBCan177 will change version number when the new features are implemented and tested.

Strange. :o With my version (development), Auto reads the https://ipinfo.io/as2906 fine and the listing above is from the Firewall / pfBlockerNG / Log Browser / Match files You can always create your own table using ipinfo.io listing, either with a local disk file or with IPv4 Custom list. The stickys do contain important informations about pfBlockerNG behaviour, so your are not wasting your time reading them.

@RonpfS: Maxmind didn't generate those _rep files (Represented Country) at the last update of it's database. I guess these Could not open ISO messages are harmless and will disappear at some point if Maxmind regenerate those _rep files in the future. Take a look at : Firewall / pfBlockerNG / IP / GeoIP / Antarctica. You can update your selection and save to use the latest Maxmind db choices. Then run a Force Update Got you, thx and trying …

@BBcan177: You don't need to install any dependencies manually, as they are all installed on pkg installation… I don't see any issues with the settings for this custom list.... I would remove the "Filter via Alexa" as that may remove Domains that are in the Alexa TOP sites (as per your Alexa settings).... Also when you add domains to the list, you need to click on the "Update custom list" so that on a Force Update, it knows that there are changes to make... Many thanks I will double check that. All looking good so far ;) BBcan177

@ASM_COPE: Are we able to use a wildcard for sub-domain names in the Domain/AS mode of the IPv4 lists? For example, messagelabs.com use a set of server clusters for their MX's (e.g. cluster5.eu.messagelabs.com). Keeping continual track of all these would be awkward. Does the list option allow *****.eu.messagelabs.com as a way to auto-resolve all the sub-domains? (Similarly desirable for *.protection.outlook.com) Answering my own question: No, it doesn't seem to support sub-domain wildcards. I created a test list with just one known domain (the messagelabs one, first testing *.messagelabs.com), but the add-in log file reported "Aliastable file not found".  Also tested as *.eu.messagelabs.com, but the same logged result.

I'm thinking it might have been a CARP / ARP issue because now it's working and I didn't change pfsense other than a few reboots.

2.1.2 is out and is supposed to have a fix for the issue. https://github.com/pfsense/FreeBSD-ports/commit/8809165ad8f3d1fccabd2766ad11a3446a5317c7 https://forum.pfsense.org/index.php?topic=137103.msg756625#msg756625

Those things usually go haywire eventually.

Thanks.  I missed or didn't understand that instruction at the bottom of the page.