@BBcan177:

Here are more DNSBL Feeds that can be used in pfBlockerNG.
(Copy and paste URLS as plain text)

Create a new alias for these.
These are not necessarily ADvert domains. So I named mine "Malicious"

hpHosts
http://hosts-file.net/download/hosts.zip

SWC
http://someonewhocares.org/hosts/hosts

spam404
https://spam404bl.com/blacklist.txt
https://raw.githubusercontent.com/Dawsey21/Lists/master/main-blacklist.txt

malc0de
https://malc0de.com/bl/BOOT

MDS (use 'Flex' state)
https://mirror1.malwaredomains.com/files/justdomains

MVPS
http://winhelp2002.mvps.org/hosts.txt

MDL
http://www.malwaredomainlist.com/hostslist/hosts.txt

GJTech
http://adblock.gjtech.net/?format=unix-hosts

dShield_SD  (They also have a conservative list available)
https://www.dshield.org/feeds/suspiciousdomains_High.txt

Zeus
https://zeustracker.abuse.ch/blocklist.php?download=domainblocklist

These two feeds post full URLs, so there can be some more false positives.
Create a new Alias, and use Alexa as a recommendation.

PhishTank
https://data.phishtank.com/data/online-valid.csv.bz2

OpenPhish
https://www.openphish.com/feed.txt

MPatrol (You need to register - Free or Paid subscription. Use Danguardian feed)
https://lists.malwarepatrol.net

This is a feed that I manage (as time permits)
MS_2
https://gist.githubusercontent.com/BBcan177/4a8bf37c131be4803cb2/raw

Use this in its own Alias:

BBC_DGA  (This is a large feed of DGA for the likes of Cryptolocker et al…)
http://osint.bambenekconsulting.com/feeds/dga-feed.gz

BBC_C2
http://osint.bambenekconsulting.com/feeds/c2-dommasterlist.txt

Use this feed in its own alias as it is updated more frequently.
So you can update it more often than once per day.

hpHosts_partial
http://hosts-file.net/hphosts-partial.asp

If users find other feeds, please post back so that others may benefit also.
Its also important to donate to the feeds provider (IP and/or Domain) as they all need support.

BBCan,

When you say "create a new alias…" do you mean under DNSBL Feeds or Firewall Aliases?

That was an awesomely fast reply BBcan ~ thanks!

Um; Okay, but I'm only forcing CRON because my BlackList feed disappears overnight - presumably, due to the same CRON issue at 4:45 am daily?

Can you elaborate upon "Select how often List files will be downloaded. This must be within the Cron Interval/Start Hour settings." ?

I.e: how should I set my DNSBL feed to be updated within my CRON?

UPDATE thanks for looking into this issue BBcan! It seems to have gone away now, and I don't know why.  I'll write again if the problem returns.

AWESOME!  Thanks!

I am eager to upgrade to 2.3 but unfortunately each time I upgrade my CARP configs the upgrade produces a crash dump loop.

Thanks for the solution!

Spot on!

After removing /var/run/booting everything works as expected.

Thank you!

BBcan177 was able to figure out the issue. I was using the same header/label in multiple alias lists. This was preventing all the lists from updating. Changing the header's to being unique has fixed the issue.

Thanks to BBcan177 for all his work on this package and figuring out this problem.

@dsefcik:

I think pkg manager is broken, I installed rsync and it also had the same effect, upgrading to 2.3.2 in the console fixed the broken pkg manager but I still need to test pfBlocker but suspect it will be fine.

https://forum.pfsense.org/index.php?topic=115777.0

–

Just an update, after upgrading both systems to 2.3.2 I was able to install pfBlocker fine and it seems to work as expected, thank you for your help.

To resolve the issue :

https://forum.pfsense.org/index.php?topic=102470.msg647719#msg647719

Use another browers can solved it.But it's no any solution?

To increase memory_limit over 512M you also need to fix /usr/local/etc/php.ini, /etc/rc.php_ini_setup

To install or re-install pfBlockerNG 2.1.1_2

https://forum.pfsense.org/index.php?topic=102470.msg647400#msg647400

So you put the IPs in the Custom Address(es) of an Alias.
When you save the change, you have to change Update Custom List from Default to Update Custom List , then click Save

Then do a Force Update

You can select the Rules order in    Firewall / pfBlockerNG / General

@ivor:

I think one of the built in blocklists had certain YouTube IP's blacklisted, it happened to me as well. I just updated feeds and problem is gone.

I updated the feeds and that seems to have resolved the issue. Thanks everyone.

There is a fix you can try https://forum.pfsense.org/index.php?topic=116307

These are the main threads :

Original pfBlocker thread https://forum.pfsense.org/index.php?topic=86212.0
pfBlockerNG v2.0 w/DNSBL https://forum.pfsense.org/index.php?topic=102470
pfBlockerNG v2.1 w/TLD https://forum.pfsense.org/index.php?topic=115357

I have seed a guide not long ago but I can't remember which one.

https://forum.pfsense.org/index.php?topic=102470.msg643960#msg643960

BBCan177 you're quick to reply!!!  THanks!

Yes I have modified the headers/labels (thats the name I was searching for…) to be unique ones.

Is it just normal for me to find all my lists under a single Alias named "CustomBlockedLists"??  I really do not remember to have merged everything like that, unless I was drunk?  :o

Looking forward to the TLD feature in pfblockerNG!!  This will save us from entering multiple domains, and simplify things...

Thanks again!

Sooooooooooooooo, I figured it out.

The problem was (is) me.  pfBlocker was working as it should.

The problem was that I have a few NAT / Firewall rules that pick off DNS requests from certain hosts on my LAN.
These DNS requests are to be sent to a different DNS server…  a service that I use (GetFlix).  I know that I can use domain overrides within DNS Resolver, but I never could figure out how to send an entire hosts DNS requests using Resolver... so instead, I just use NAT rules to redirect them before they reach resolver.

I usually only have my AppleTV and a few other streaming devices in an alias that this rule applies to... however, the desktop I was doing all this testing on (posts above) was in this alias as well.
I was doing some testing the other day with the DNS requests being redirected aaaaaaaaaand forgot to take my desktop out of this alias.

So I just took it out... retested... bam.  Works like a charm.

Thanks for your help, much appreciated.

If you restored a config from a different box, maybe the interfaces are different in this hardware. Check the interface assignments in pfSense, as the package reads those pfSense settings.

And that's where I went wrong.  I thought that by enabling it on the General Tab that enabled everything.  I should have checked the DNSBL tab since, you know, that's the service that wasn't running.  I guess it's because in my previous build it didn't have the extra options.  Am I correct in seeing that pfBlockerNG General is IP and Region blocking and that the DNSBL blocks based on DNS categories like Advertising?  I guess it's changed a lot since my last setup!  I don't usually do the updates since things tend to break when I do but then I get thrown when there are extra things I'm not expecting.  Good Job!