You can try to use the "Adv. In/out" rule settings to create a pfB rule. The customlist at the bottom of the alias settings can be used to add IPs. Entering "0.0.0.0/0" for "any".

Alternatively, use "Alias type" rules and configure the pfB rules as required.

In the Ipv4/6 tabs, you can set the State setting to "Flex" which will lower the ssl requirements. Click on the blue infoblock icons for further details.

Yeah TLD + More lists + Force Google Safe Search & Block other search engines, block TOR, block VPNs, and you'll still have leaks in your ship.

Like you said, it's an impossible feat to actually block porn unless you whitelist the internet.

But you can do a really good job of avoiding it unless it is overtly searched for. That's about the best you can search for without going to extremes.

@Nic12:

Ok, it seems that I misunderstood some basic principles of pfBlockerNG.
"Advanced Outbound Firewall Rule Settings" and "Floating rules" misled me.
Sorry for the newbie questions… ???

Please, read the description there:

Configure settings for Firewall Rules when any DNSBL Feed contain IP Addresses

I'm using pfBNG & DNSBL on 2.4.0 BETA with Unbound and it works great.

@Wolf666:

I don't see it available on 2.4 repository.

Thanks, I sent the devs a message!

Thanks BBcan177.  I was confused, I thought the "Terminated - Easylists cannot be used" message was referring to the easylists provided by default in pfblocker.  I removed the incompatible lists and the message went away.

@micropone:

using my WAn (comcast) pfb DNSBLIP has many ip address in it… have no clue how the ip addresses got there..

In DNSBL, you added the "DNSBL IP" option that collects any IP address that's found in a DNSBL Feed and adds it to a block firewall rule.  All DNSBL Domains are blocked via DNS Resolver (Unbound).

I don't recommend to use the Firehole Level 1 for Outbound. That list contains Bogon IP Addresses…

The pkg doesn't have that option. You could create another pfSense Box and use the XMLRPC Sync tab to copy the settings.

The next version of the pkg will have a Feed Management Tab that will have auto-import capabilities…

There is an Red url in the GeoIP tabs :

@ :

GeoIP data by MaxMind Inc. - GeoLite2
Click here for IMPORTANT info –> What new in GeoIP2

Country, Registered Country, and Represented Country

We now distinguish between several types of country data. The country is the country where the IP address is located. The registered_country is the country in which the IP is registered. These two may differ in some cases.

Finally, we also include a represented_country key for some records. This is used when the IP address belongs to something like a military base. The represented_country is the country that the base represents. This can be useful for managing content licensing, among other uses.

Pfsnooker,
Thank you.

dont worry i'm in the same boat… after i updated to 2.3.3 all my list stopped working..i cant figure it out... none of my config changed... now i see porn and stupid ads...

@BBcan177:

ps: Don't add Unbound to Service watchdog when using DNBSL … :)

Would be a good idea for the devs to exclude Unbound when DNSBL is used... Same goes for Snort/Suritcata...
When these packages are updating, the watchdog thinks its down, and restart it midstream...

So I discovered.  Unfortunately I had to find this out for myself, armed only with a black belt in Linux sysadmin - I only speak BSD with a really strong accent and a limited vocabulary.  On the bright side I now know a lot more about how pfSense is put together.

Could pfBlockerNG do a test for the existence of the service watchdog package when the DNSBL is enabled and issue a warning?

Ok, so I have to set up the man in the middle to intercept Https and get a CA to every device then block the pages in Squid or squidguard….  Thanks for the help.

Hi there

Just registered to post my conclusion.

I had the same issue with my pfsense box v. 2.3.3.

Unbound-service was restarting very frequently, unbound worked, but due to the restart i had sometimes gaps where in some special cases services broke down / where not able to synchronize etc.

It was caused by dhcp which tried to register new leases or entries (not 100% what it exactly wanted to register) but i see a lot of dhcpv6 log-entries.

At the end i figured out that on my WAN interface that the configuration type of ipv6 was dhcp, after i switched it to none, all problems disappeared.

Why this configuration exactly caused this problem, not sure at this moment, i'm anyway not using actively ipv6.

I will post more information if i have them.

Hopefully this helps.

Cheers, treeol

Hi all,

I created a custom aliases to IPv4.
I wish one of the internal lanip, it was not locked by pfblockerng.
I tried several solutions without success.

Can you help me in solving this puzzle?  :D

thank you so much

I have posted a patch in redmine for this issue:

https://redmine.pfsense.org/issues/7326

We have a winner here! (I hope :-))

Added a firewall rule and so far so good. If this works - this is indeed the answer I was looking for.

Yup - that's exactly what i needed - many thanks for that BBcan177.

And a personal thank you for all your hard work on PfBlockerNG too!