Thank you. I've gone ahead and recreated the LVL1 with direct feeds without the bogons. Great idea. NP… I always recommend to use the original source of a feed. Regarding the "Suppression" feature I'm wondering whether it applies to me. Suppression, when enabled will remove RFC1918 and loopback addresses from a blocklist that are sometimes added incorrectly by a feed maintainer. Suppression will will also add a "+"icon to each blocked IP address (/32 and /24 only) in the Alerts tab  Clicking that icon will allow removing the selected IP from the blocklists.  Otherwise, to overcome an IP that is blocked, you will have to create a "Permit outbound" alias and add the Whitelisted IPs to the customlist. Then ensure that this permit rule is above the block/reject rules (rule order option).

Welp said screw it, and went to do your suggestion and just worry about guests, and figure something else for the servers. Nope lol, doesn't work, well it does work, when I disable the guest captive portal :(. So do I have any other options? I have to have captive portal and I cannot filter their Network.

There can only be 1 DNSBL running per pfsense box. So I you have many pfsense boxes, you can have many DNSBL setup. Devices can then point to different DNS Server on different pfsense boxes.

2.4 packages are only updated when new snapshots are built so that every part of it can be updated at the same time. Otherwise we run the risk of a package depending on a new change in base that isn't out there yet, or other similar mismatch situations.

Glad to hear you got it up and running! @DaveB: One final silly question. While following a guide for setting up pfblocker I have created an alias pfB_DNSBLIP. I have no idea what it is but it has the black down arrow indicating there are no rules for the alias. Can anyone shed any light on this? The DNSBL service is used to block domain names only (www.example.com) and not IP addresses (xxx.xxx.xxx.xxx). Sometimes the DNSBL feeds that you set up may contain IP addresses. The pfB_DNSBLIP ailas filters out the IP addresses that are in the DNSBL feeds, thereby creating an alias which can be used by the firewall to act on  the IP addresses that show up in the DNSBL feeds. You still need to apply the firewall rules that will use the pfB_DNSBLIP alias. You can create thoses rules in pfSense at "Firewall/pfBlockerNG/DNSBL/DNSBL IP Firewall Rule Settings" If you go to the pfB_DNSBLIP alias rule and then hover over the alias you should not see any IP addresses in the list that pops up. The black down arrow indicates that the alias currently does not contain any IP addresses and there is nothing for the rule to act against. This will most likely change as you add additional DNSBL feeds.

works perfect, great support as always :)

I will give that a try - thanks for the quick response

Yes there is a bug with IPv6… You will have to use "alias type" rules for now, until the next release... Sorry...

I struggled with pfBlocker set up as well but I have it blocking now…BBcan177 had some great tips, I'll share what I can, open to feedback if I have done some things wrong myself: Make sure you can navigate to 10.10.10.1-pixel....this was a little confusing but its a blank page(no pixels I could see on the page!). I had to add a rule on my interface to allow access to 127.0.0.1 Some of the lists I use in DNSBL are: https://gist.githubusercontent.com/BBcan177/4a8bf37c131be4803cb2/raw/be5fddb116667699c246df97b79e1032ab71bb1c/MS-2 https://gist.githubusercontent.com/BBcan177/bf29d47ea04391cb3eb0/raw/b344ebc9475acdea1fae38a12c4ea9332838a184/MS-1 http://jasonhill.co.uk/pfsense/ad_servers_dnsbl.txt http://osint.bambenekconsulting.com/feeds/dga-feed.gz http://osint.bambenekconsulting.com/feeds/c2-dommasterlist.txt Some of the lists I use in the iPV4: http://cinsscore.com/list/ci-badguys.txt https://zeustracker.abuse.ch/blocklist.php?download=badips In the general settings I only use my internal interfaces i.e. I don't run it on my WAN or VPN Don't turn on GeoIP quite yet and be selective, as an example I originally blocked Brazil but it prevented me from downloading some SNORT rules(The servers are in Brazil) While my pfBlocker is working I still have some questions/concerns I am trying to address, see my outstanding post here(which also gets into my DNS resolver settings): https://forum.pfsense.org/index.php?topic=135363.0 While I don't think its perfect it might help get you going...good luck. Hang in there... [image: IMG_0208.JPG] [image: IMG_0208.JPG_thumb]

I too get this when ever my pfsense reboots, but self corrects at the top of the hour when the update runs.  I'm following this to see what transpires. BBcan177 Thank you for your hard work on this over the years.  Keep up the amazing work sir. Ash

Create a new Alias in the IPv4/6 Tabs called "Whitelist" and add the IPs to the "Custom List" at the bottom of the page. Set the Format to "Permit Outbound".  Then confirm that the "Rule Order" option in the General Tab places the Permit rules above the Block/Reject rules…. Alternatively, use "Alias Type" rules and manually create the rules as required....  Firewall rules are processed Top to Bottom....

@mtk: Hello Qinn, have you solved this issue? https://forum.pfsense.org/index.php?topic=135118.0 MtK Yes, it is just as RonpfS in reply #3 said, "disable pfBlockerNG, DNSBL, Suricata, etc before doing an update. Then re-enable them after the update" and errors during updating will be gone. Cheers Qinn

@pfBasic: Why are you blocking inbound on your LAN? Did you open up the WAN to your LAN? This should be blocked by default. Yes it is totally pointless to have inbound-only blocklists, but basically I love to sit and watch the firewall log, hard to describe but I find it fascinating how many IPs from across the globe are in those lists.

################# IPv4 lists ################# –----------------------------------------------------------------------------- Alias Name: Deny_Both, Action: Deny_Both, Frequency: ?? Alias Name: Deny_Inbound, Action: Deny_Inbound, Frequency: ?? Alias Name: Deny_Outbound, Action: Deny_Outbound, Frequency: ?? Alias Name: Whitelist, Action: Permit_Both, Frequency: ??

Ok, so you do live with ADs ;D

Which DNSBL Listening interface did you assign in the DNSBL Tab?  Do you use HA/CARP?

You would need to create rules to allow those GeoIPs to access the services …  When people are traveling, you can just re-enable those permit rules to let them in...

Thanks BBCAN…love the functionality! I managed to get it working! Keep up the great work...

Thank you BB! I've often wondered what lists you specifically use, and perhaps why those specific lists. Thank you!