Those are the default settings now... If none of those Auto rule settings work for your needs, you can always use "Alias Type" Action settings and manually create the firewall rules to suit. Click on the blue infoblock icon for the Action setting for more details.

Perhaps @BBcan177 can add them to the feed list in one of the next sub-versions?

Yeah if your MS shop using AD, its prob best to let MS be your dhcp and dns... Then just have your AD dns use pfsense/pfblocker for your dns to external domains.

You can put in a domain override in pfsense so it can resolve your PTRs for networks and the like.

Hi,

He (@BBcan177 ) already spoke about it here (the DNS forum).

Thanks for the reply. I found a way to get it to work...

At the bottom of the Custom Address List, there is a drop-down menu with the option "Update Custom List" -- selecting that item and then forcing an update fixed the issue and the address was correctly blocked.

What's odd is that I've never had to select that before. I've always just added the address, forced an update and literally watched as no more targeted traffic made it through the firewall.

I'm not sure what changed, but at least I was able to get it working.

Thanks again!
-Michael

@skilledinept said in What does "SFS_Toxic_BD" mean? – Is Zoho bad?:

Just to be clear, I'm not blaming anyone or anything, it's only curiosity and, I did install the developer version. The whole UI change threw me for a loop so I followed the little walkthrough just enough to get filtered DNS and left the rest for later.

Those in the know install the developer version ☺

https://www.reddit.com/r/pfBlockerNG/comments/chsajn/cant_get_geoip_to_block_foreign_countries/

@Koent
When you run a "Reload" it uses the previously downloaded feed if it was previously downloaded.
Goto the Log Tab, view the file in the "dnsbl" folder, and delete it, then run a Force Reload/Update

If you are using static mappings in the DHCP, I believe that one alternative to modifying unbound's custom options would be to specify DNS servers in the DHCP static mapping(s) of the host(s) that you wish to exclude from DNSBL. Of course, this is only if you're willing to use other DNS servers. For example:
e34b1368-01ba-42a4-9823-862e35fed9b7-image.png
That way, the host(s) won't use the pfSense machine for DNS at all. Note that you would need to take additional steps for this to work if you have also configured a NAT port forward to redirect any DNS requests from hosts on your LAN to unbound.

Also, keep in mind DNSBL IPs (if enabled), which are handled via firewall rules instead of unbound:
8942b15e-05a0-427a-8c20-3fc57f2a1077-image.png

If you want certain static IPs to also be excluded from this, you can set the list action to Alias Deny, as in my screen shot, and then create your own block rules that do not apply to the static IP(s) in question. Or you could leave the List Action set to one of the "Deny" options that automatically creates rules, but configure advanced rules that exclude your static IP(s):
100b1944-6399-4c4a-950b-6012b05a0edd-image.png

@BBcan177, if any of this is terrible or misguided advice, please feel free to set me straight 😉

The following PR has been created for Feed Maintenance and a change to the cURL user-agent string:
https://github.com/pfsense/FreeBSD-ports/pull/674

Please consider supporting the project:
https://www.patreon.com/pfBlockerNG

@RonpfS

Ok, so I don't use pfblocker for this at all :)

I created an alias with all the ip addresses I want to block

Under Firewall/Rules/LAN1 I created a rule
Reject
LAN1
IPv4
Any

Source Any
Destination 'Single host or alias' 'my_alias'

I placed the rule after the Pfblocker auto rules and it seems to be working but the question is if I did it correctly ?

Many thanks for the simple solution 👍

@Stewart said in Can't tell if pfBlocker is being updated:

@NogBadTheBad

I'm having to do that since I can't just whitelist the USA. I'm having to block countries that I've seen attacks on the NATed ports and am now adding in IPs that aren't being blocked by the lists. Gotta stop them somehow. Does pfBlockerNG-devel use different lists?

Create an Alias Permit rule using the US GeoIP and apply it to the NAT rules, everything else would be denied by default.

You can also add IP addresses to the IPv4 Custom_List at the bottom.

Here's how I allow SSH / SFTP to my Raspberry Pi that sits in the DMZ.

Screenshot 2019-09-19 at 16.20.39.png

Screenshot 2019-09-19 at 16.18.41.png

@NogBadTheBad Okay Brother Thanks i am using Kiwi Syslog for tracking this.

Got Ya!

Yeah, I was in a rush last night and posted in the wrong place for a start also didn't have time to search bit I shall check out the links chears.

This can be deleted by staff if need be ;)

I had already rebooted once, but I rebooted again, just as I was getting ready to do a full reinstall and was able to add back my custom options and dns is working. The 'dnsbl' line happens to fall on line 108, so I guess it was still cached?

I think everything is normal now... having been struggling with this all afternoon...

@Ojisang said in pfblockerNG Whitelist Clarification:

I wanted to add an alias in the rules using the pfblockerNG whitelist but I couldn't.

Add an Alias to the rules using the whitelist?

OK now I'm completely confused. Could you please detail, what you're trying to achieve?`To me it sounds like you're trying it the wrong way?

@Gertjan said in DNSBL - Alerts not showing IF or SOURCE:

As already said back in 2017 :

@BBcan177 said in DNSBL - Alerts not showing IF or SOURCE:

This is fixed and will be in the next release…

Install pfBlockerNG-devel

Thank you so much! I totally have forwarding on. Furthermore, I realized that specific lists were super trigger happy so I will be debugging sources one by one I guess

@jakes
Yes this will be possible with the upcoming Unbound python integration, but this "profile" feature is not currently completed. I agree that this will be a great feature to have including scheduling times for rules to apply to different profiles...

There are some screenshots and info of the upcoming version on my Patreon page: https://www.patreon.com/pfBlockerNG