For now, the only automatic whitelisting option is with TOP1M. To automate DNSBL whitelisting, more code would need to be added. So for now, you will have to update the DNS Whitelist when the ebates-cash-back-shopping.txt list change.

Thanks, Grimson, I missed that on the first page. I will give that a try.

Not familiar with your hardware but if your Asus router can handle VLANs in AP mode you should be good. I am sure others have more experience with this…its likely good for a single WLAN. You have a Managed switch which can handle VLANs (although some have expressed concern with TPlink...I am sure it is fine!) As mentioned it looks like your pfbox works...nice RAM(32G)! The Unifi AP is well regarded and super easy to setup for VLANs. Again find out if your ASUS supports VLANs before spending the $100. Not a huge value in GeoBlocking I also share the same concern...TOR, VPN, hijacked PC are likely the hackers route. I only suggested getting IPv4 and GeoBlocking as a way to get started with pfBlockerNG. The real prize, I found is with DNSBL in the blocking of ads but it requires you to make sure your DNS Resolver is set specifically. Make sure you can navigate to the DNSBL Virtual IP...if not it won't work. Also go to the alerts tab and see if you get an alert after navigating to the DNSBL Virtual IP....

OK, I think I have it.  I had to disable all of the other GeoIP rules and only chose the two United States rules.  I then did a "Deny Inbound", and then chose the "Inverse" in the advanced options.  This seems to be working now.

This might be a stupid question, but is your DNSBL working? I see this behavior since DNSBL doesn't work for me because I'm also using OpenVPN. So far I can't find a way to make them work together in a secure way.

So you are just using the default DNS servers? Aren't those your ISP's DNS servers? That means you'll be leaking DNS, which defeats the purpose of using the VPN. I'm still trying to solve this issue too, but that doesn't seem like the way to do it.

I checked the DNS at whatsmydns.net and it came back with all green check marks.  I assume that is good.  As far as the rest of the thread, there were a lot of commands that went over my head. I have not seen the problem since that one incident.  It so happened when this incident happened, the finance.yahoo.com site was real sluggish and I would get a lot of connection errors.  So maybe yahoo was under attacked? I did a full scan of my laptop with Windows defender and it came back clean.

You have to inspect the System Logs, Resolver Logs and pfblockerng.log to pinpoint the issue. Depending on your system, Unbound reload can take minutes to complete, during that time no DNS resolution is available. Check Services / DNS Resolver / General Settings DHCP Registration should be uncheck as every DHCP lease will reload Unbound.

…looking back at comments, I found out this domain blocked as well, somewhat similar config... (192.168.0.1 being my VIP) grep steepto.com /var/db/pfblockerng/dnsbl/.txt /var/db/pfblockerng/dnsblorig/.orig /var/unbound/pfb_dnsbl.conf /usr/local/pkg/pfblockerng/dnsbl_tld /var/db/pfblockerng/dnsbl/easy_list.txt:local-data: "steepto.com 60 IN A 192.168.0.1" /var/db/pfblockerng/dnsblorig/ad_servers.orig:127.0.0.1 imgg.steepto.com /var/db/pfblockerng/dnsblorig/easy_list.orig:||steepto.com^$third-party /var/db/pfblockerng/dnsblorig/easylist.orig:||steepto.com^$third-party /var/db/pfblockerng/dnsblorig/hpHosts.orig:127.0.0.1 imgg.steepto.com /var/db/pfblockerng/dnsblorig/hpHosts_ads.orig:127.0.0.1 imgg.steepto.com /var/unbound/pfb_dnsbl.conf:local-zone: "steepto.com" redirect local-data: "steepto.com 60 IN A 192.168.0.1"

Try to increase the Firewall Maximum Table Entries  under  System / Advanced / Firewall & NAT

I never had luck with that list…try doing a "Force reload" with the list removed. Maybe a reinstall of package(making sure you "checked" the box that says "don't keep block or settings".

Thanks for the update Rick, hopefully BBcan will provide more info on the feed choices. Either way it certainly looks like the next big release has some really exciting stuff in it.

I sent you a PM…

@drewsaur: I love this stuff as much as the next guy, but since this is likely a moving target, you could spend the same time mixing some nice drinks and making popcorn while the trailers play. :) Cheers! They are just so damn annoying though - why they would choose to do this i have no idea.

FireTV stick….slingtv works without either exceptions....was trialing vue.....may switch to vue next month......roku ultra being delivered tomorrow, so will move this stick to another tv for now.

Next Release will have a Feeds Management Tab which will make this easier to manage:     https://www.patreon.com/pfBlockerNG/posts?tag=Screenshots

If you use pfSense Aliases, they are not accessible as a table unless you use the URL Table IPs option… Otherwise the IPs are stored in base64 format in the pfSense config.xml file

@code4u: Awesome. Thank you. That solved my problem! Now the "No Domains Found" error makes sense. :-) Maybe it would help newbies if the error further stated:  "Check to ensure that you're not adding IP based feeds to the DNSBL tab which is for domains based feeds. IP based feeds need to be added to the IPv4 tab." or something similar. Ok I will adjust the text…Thanks... Some DNSBL Feeds listed here:     https://forum.pfsense.org/index.php?topic=102470.msg572943#msg572943     https://forum.pfsense.org/index.php?topic=102470.msg573159#msg573159 Next Release will have a Feeds Management Tab:     https://www.patreon.com/pfBlockerNG/posts?tag=Screenshots

@Xentrk: @BBCan177, how come the DNSL Alert Log reports the IF and Source as unknown?  Is there a setting I need to configure?  I still see IF and Source information from some LAN clients. This is already addressed in the upcoming release…

Thanks. Managed to do it and whitelist the domains.