I wanted to update on the resolution to this problem I had. I didn't want to post a problem and leave it the way this thread went. It turned out that pfblockerng-devel was my problem. Even though it was disabled both in the general tab and dnsbl, when I uninstalled the package, performance went to normal internet speeds. I tested and verified performance before anything was touched, and after I uninstalled it. I put the older version on and it did not affect my performance. I enabled what I wanted and was still good. I'm not sure why this was the issue, but all appears to be good now.

I ran into the same thing. After look around it appears the IP might have changed. There is a reddit thread about it I found here: https://www.reddit.com/r/pfBlockerNG/comments/inat95/new_ip_address_for_safeduckduckgocom_old_ip/ September 5th is about when it broke for my setup, which lines up with the IP change

Hi, i mean it is normal, then you click the "Anzeige" and behind this "Anzeige" is a https redirect to Ads Server System "ad.doubleclick.net" and pfblockerng broken this Link and you see this "Error Messages". To open this Link behind the "Anzeige" you must have add this "ad.WHATEVER" to DNSBL Whitelist in pfblockerng. i think you must clean the browser cache and try it again. i use always the Update / Reload DNSBL function too. but, what says your firewall / pfblocker logfiles in the same moment when you try it to open this link? BR

@ex1580 @johnpoz Thank you both!

Excellent. Thank you so much for the quick response and reassurances.

@johnpoz John, I have to go. Thanks again for your help. I'll check back later in the day.

Getting stranger, they are blocked again. According to the rule it should be suppressed but clearly it was blocked. I now manually added the ips to the alias and did a "update - reload -all) and now it is working again. ===[ Suppression Stats ]=================================== List Pre Suppress Master ----------------------------------------------------------- BinaryDefence_IPs_v4 1445 1445 67583 Suppression ET_Block_IP_Ranges_v4: 1.1.1.0/24 (Excluding: 1.1.1.1/32) ET_Block_IP_Ranges_v4 995 994 67837 ET_Compromised_IPs_v4 450 450 67837 ISC_1000_30_v4 451 450 67836 So the alias "pfBlockerNGSuppress" was apparently the right place to add them, only when I added it from the reports it did not show up there and was not working again a little later

Got added to CINS army as well. I added all IPs to the suppression list 1.1.1.1/32 1.0.0.1/32 1.1.1.2/32 1.0.0.2/32 1.1.1.3/32 1.0.0.3/32 Forced Reload and got this: CINS_army_v4 15000 15000 19434   Suppression ET_Block_v4: 1.1.1.0/24 (Excluding: 1.1.1.1/32)  Suppression ET_Block_v4: 1.1.1.0/24 (Excluding: 1.1.1.2/32)  Suppression ET_Block_v4: 1.1.1.0/24 (Excluding: 1.1.1.3/32) Everything working again. Until all the lists are clean just add the IPs to your suppression list.

This duplicate to this https://forum.netgate.com/topic/156300/strange-issue-with-1-1-1-1 See my answer there.

I think I figured it out... was using wifi DHCP and that was not letting the DNSBL stats to update properly - even tho firewall was blocking properly. So once I set the wifi to bridge mode - all started working as expected... basically bad config causing it.

Turns out, the one thing I wasn't doing was a forced reload, only a forced update, which apparently is not good enough. I guess I was under the impression a forced update included reloading the lists, but apparently not.

ipfw shows a perfect match. And local DNS is working perfectly fine. Although I seem to have found the problem in which one of the feeds is blocking the localhost for some reason. For now I disabled localhost being included in the DNS and thing works ok now. If somewhere breaks again, might be better to just remove that feed. thnx for the reply.

@Rogerboomhouser FYI; https://twitter.com/BBcan177/status/1296638315437993984

Got same issue but in my case no error is generated, all I see is after I added to watchdog it is been started every minute in the system log, no errors, just stopping right after started. If I check logs inside pfblockerng-devel, is no errors. Any ideas? What does the service even do? as the actual functionality seems fine otherwise. 2.5-snapshot, on my 2.4.5 unit it is running.

@py sorry for the late reply! You may have already solved this, but perhaps this can help someone else who comes here after trying to reach krebs, or something similar. I expect the reason why whitelisting krebsonsecurity.com in DNSBL did not solve the problem for you is because DNSBL is not what is blocking you, your IP blocking is. Go to your Reports / Alerts tab, and see where the block is happening. I expect you may see that an attempt to hit krebsonsecurity.com with a browser results in: [image: 1597776343628-krebsblock.png] showing the block in the Deny section, and not in the DNSBL section. If this is the case, instead of whitelisting the domain name in DNSBL Whitelist, try adding 130.211.45.45/32 to the IP / IPv4 Suppression list. Works for me. For the record, ipinfo.io confirms that krebsonsecurity.com is among the domain names hosted at 130.211.45.45. [image: 1597776519325-krebsblockdomains.png]

Thanks All I have updated the link in pfsense