Oops, I guess I missed that. Thank you for adding the Cisco list to the next release.

All settings are stored in the

If you have a backup config, once you restore it, all the settings should be there. No need for anything further. What it won't do is restore downloaded lists.

pfSense uses FreeBSD which does not have iptables functionality. It uses packet Fence instead.

You can either use the pfSense aliastable functionality or use pfBlockerNG for this functionality. This can also be scripted from the shell but what's the point when the functionality exists in the gui.

You are mixing things up.

pfSense has two DNS services:

Unbound can be configured in Forwarder or Resolver mode.

So my suggestion was to use DNSmasq for port 53 (general user) and then have unbound on port 5353. So you can then force the LAN users to the correct DNS service.

If you need more help with that. Check the DNS threads and/or post there for more detailed help.

Works fine here, slow to start, but only meta.streamcloud.eu is blocked by hpHosts_ads

@BBcan177:

You need to ensure that the vlans devices can ping and browse to the DNSBL IP. The default Permit rule is an optional rule to allow multiple lan segments to access the dnsbl vip address. So you can skip this option and create your own rule if that's easier.

For the optional rule, you should be able to select all of the vlans in the select options (ctrl-click) and allow traffic to the dnsbl Web server on the dnsbl listening interface.

In my case I am hitting the default deny rule IPv4 (1000000103) on 127.0.0.1:8081 / :8443 NOT the VIP.  Any thoughts on that?

At least I've learned enough to unblock them, but I'm wondering if I screwed something up, or if there is an issue that pfBlockerNG is overlooking?

I posted my rules above, but in my case I'm keeping DNS/NTP caged with port forwarding rules so that programs can go around the firewall with their own server settings.

@cooLopke:

So I guess there is no possible way to remove those ads in google search?

DNSBL can't manipulate the Web page like a browser extension. So when you see (AD) in Google search, clicking on those may result in a blank page since DNSBL may be blocking those domains.

In theory you could install Privoxy on your pfSense box and setup a cron entry to download the adblock2privoxy lists, say every week?

adblock2privoxy
downloads page

@BBcan177:

The file  /usr/local/www/pfblockerng/www/index.php

https://github.com/pfsense/FreeBSD-ports/blob/devel/net/pfSense-pkg-pfBlockerNG/files/usr/local/www/pfblockerng/www/index.php#L36

Just change the base_64 image to another image…

Another similar thread:
  https://forum.pfsense.org/index.php?topic=120253.0

That's exactly what I was looking for.  I'll be testing it out later today when I get home.

Also, it won't display the log information from the shell… So while the reload task does complete... its not reporting that data to the shell... It's important to review the log for any issues...

You would need to run a tail command in another window:

I wish you could see me face palm myself. So the problem was I had my webconfigurator https port set on dnsbl's ssl port. Now the service shows a green check mark. Conflict…always seems to be my problem XD

Maybe you could try the other Rule order, where pfB_Pass/Match is before Block/Reject rules.

Tried a different rule order. Worked perfectly.

Thanks,

@BBcan177:

The next version will have a new page that improves this layout…

See the following:
https://github.com/pfsense/FreeBSD-ports/blob/devel/net/pfSense-pkg-pfBlockerNG/files/usr/local/pkg/pfblockerng/pfblockerng_sync.xml#L152-L153

The first entry is "http" and the second entry is "https"

Thanks For that…  8)

You cannot unless you use 2.4. Limiters are broken with NAT.

Upgraded from 2.2, maybe I ended up with both. I'll try removing one.

If you are using Squid, you need to exclude the VIP from proxy.

It depends on your WAN FW rules.
By default everything is blocked by the default Block rule.

So adding single Permit rule from the "Selected GeoIPs" to the "Selected WAN Port(s)" to the "Selected Destination" should only allow those IPs to hit the open ports.

@BBcan177:

See here:

https://forum.pfsense.org/index.php?topic=124945.0

In my version of the file the line number is different and I also see several lines with identical content. I will wait for an official release. But thank you anyway.

See here:

https://forum.pfsense.org/index.php?topic=124945.0

What about Firewall / pfBlockerNG / Alerts?