If you goto the pfSense firewall log, do you see these alerts?

@BBcan177:

Thanks for reporting this… Looks like it wasn't picking up Alias type rules with "pfb_" in the Rule descriptions.

Can you edit:  /usr/local/pkg/pfblockerng/pfblockerng.inc

https://github.com/pfsense/FreeBSD-ports/blob/devel/net/pfSense-pkg-pfBlockerNG/files/usr/local/pkg/pfblockerng/pfblockerng.inc#L5099

and change Line #5099

from:

if ($alias['type'] == 'urltable' && strpos($alias['name'], 'pfB_') !== FALSE && strpos($alias['descr'], '[s]') === FALSE) { to: [code] if ($alias['type'] == 'urltable' &&     (strpos($alias['name'], 'pfB_') !== FALSE || strpos($alias['name'], 'pfb_') !== FALSE) &&     strpos($alias['descr'], '[s]') === FALSE) { Please report back ... Thanks! I am still having the same issue after changing the code [/s][/code][/s]

BBcan177,

Thank you very much for your help.  It turns out my ISP device had disabled modem mode and this was actually the cause of the problems.  Once I re-set modem modem the entries for pfBlocker reappeared as before in the log.

Thanks again.

@dcol:

Why not just use
https://ransomwaretracker.abuse.ch/downloads/RW_IPBL.txt

They are two different Feeds…

The URL and DOM feeds should be used in DNSBL as it contains Domain names.... There are also IPs mixed in, so enabling the DNSBL IP option will also pull those IPs...

@tim_co:

No worries. I got the information I was looking for. Thanks again.

As an FYI:

In the Alerts tab, you can click on the "I" infoblock icons and it will load a Threat Lookup page with several Threat Source lookup tools….

@securvark:

I'd like to do the same for Steam downloads and Steam games.
Preferably, for all my games (Origin, Battle.net, Uplay), but that may be too much to ask (I don't know).

Maybe you can try looking up the ASNs for those

https://bgp.he.net/dns/battle.net#_ipinfo

Or try a google search for list of IPs for those sites… Maybe someone else will chime in if they have accomplished this...

The latest updates to pfBlockerNG are bug fixes.

I guess BBCan177 will change version number when the new features are implemented and tested.

Strange. :o
With my version (development), Auto reads the https://ipinfo.io/as2906 fine and the listing above is from the Firewall / pfBlockerNG / Log Browser / Match files

You can always create your own table using ipinfo.io listing, either with a local disk file or with IPv4 Custom list.

The stickys do contain important informations about pfBlockerNG behaviour, so your are not wasting your time reading them.

@RonpfS:

Maxmind didn't generate those _rep files (Represented Country) at the last update of it's database.

I guess these Could not open ISO messages are harmless and will disappear at some point if Maxmind regenerate those _rep files in the future.

Take a look at : Firewall / pfBlockerNG / IP / GeoIP / Antarctica.
You can update your selection and save to use the latest Maxmind db choices. Then run a Force Update

Got you, thx and trying …

@BBcan177:

You don't need to install any dependencies manually, as they are all installed on pkg installation…

I don't see any issues with the settings for this custom list.... I would remove the "Filter via Alexa" as that may remove Domains that are in the Alexa TOP sites (as per your Alexa settings)....

Also when you add domains to the list, you need to click on the "Update custom list" so that on a Force Update, it knows that there are changes to make...

Many thanks I will double check that.
All looking good so far ;) BBcan177

@ASM_COPE:

Are we able to use a wildcard for sub-domain names in the Domain/AS mode of the IPv4 lists?

For example, messagelabs.com use a set of server clusters for their MX's (e.g. cluster5.eu.messagelabs.com).
Keeping continual track of all these would be awkward.

Does the list option allow *****.eu.messagelabs.com as a way to auto-resolve all the sub-domains?
(Similarly desirable for *.protection.outlook.com)

Answering my own question: No, it doesn't seem to support sub-domain wildcards.
I created a test list with just one known domain (the messagelabs one, first testing *.messagelabs.com), but the add-in log file reported "Aliastable file not found".  Also tested as *.eu.messagelabs.com, but the same logged result.

I'm thinking it might have been a CARP / ARP issue because now it's working and I didn't change pfsense other than a few reboots.

2.1.2 is out and is supposed to have a fix for the issue.

https://github.com/pfsense/FreeBSD-ports/commit/8809165ad8f3d1fccabd2766ad11a3446a5317c7

https://forum.pfsense.org/index.php?topic=137103.msg756625#msg756625

Those things usually go haywire eventually.

Thanks.  I missed or didn't understand that instruction at the bottom of the page.

https://forum.pfsense.org/index.php?topic=137625.0

Thank you. It seems to have started working now by itself before I tried your suggestion. I can see many entries in the alerts page.

I had initially configured the wrong time zone (nearly 12 hours difference) when setting up pfsense. Sometime later, I changed to my timezone. This was done after I configured pfblockerng. I think that may have caused some issue.

@BBcan177:

Goto the general tab and uncheck "Keep Settings", then uncheck "Enable pfBlockerNG" followed by a Save. This will wipe all previously downloaded files. Re check both boxes then Force Update.

I did this now just to be sure. Its blocking fine after that.

You can't "Suppress" IPs for GeoIP blocked IPs…

Create a "Whitelist" Alias in the IPv4 and/or v6 tab.
Add the IPs that you want to allow into the Custom list at the bottom.
Set the Action to "Permit Outbound"

Goto the General tab and ensure that the "Rule Order" places the Permit rules above your Blocked rules..

Fantastic! Thank you.