Glad to hear you got it up and running!

@DaveB:

One final silly question.
While following a guide for setting up pfblocker I have created an alias pfB_DNSBLIP.
I have no idea what it is but it has the black down arrow indicating there are no rules for the alias.
Can anyone shed any light on this?

The DNSBL service is used to block domain names only (www.example.com) and not IP addresses (xxx.xxx.xxx.xxx). Sometimes the DNSBL feeds that you set up may contain IP addresses. The pfB_DNSBLIP ailas filters out the IP addresses that are in the DNSBL feeds, thereby creating an alias which can be used by the firewall to act on  the IP addresses that show up in the DNSBL feeds. You still need to apply the firewall rules that will use the pfB_DNSBLIP alias. You can create thoses rules in pfSense at "Firewall/pfBlockerNG/DNSBL/DNSBL IP Firewall Rule Settings"

If you go to the pfB_DNSBLIP alias rule and then hover over the alias you should not see any IP addresses in the list that pops up. The black down arrow indicates that the alias currently does not contain any IP addresses and there is nothing for the rule to act against. This will most likely change as you add additional DNSBL feeds.

works perfect, great support as always :)

I will give that a try - thanks for the quick response

Yes there is a bug with IPv6… You will have to use "alias type" rules for now, until the next release... Sorry...

I struggled with pfBlocker set up as well but I have it blocking now…BBcan177 had some great tips, I'll share what I can, open to feedback if I have done some things wrong myself:

Make sure you can navigate to 10.10.10.1-pixel....this was a little confusing but its a blank page(no pixels I could see on the page!). I had to add a rule on my interface to allow access to 127.0.0.1

Some of the lists I use in DNSBL are:
https://gist.githubusercontent.com/BBcan177/4a8bf37c131be4803cb2/raw/be5fddb116667699c246df97b79e1032ab71bb1c/MS-2
https://gist.githubusercontent.com/BBcan177/bf29d47ea04391cb3eb0/raw/b344ebc9475acdea1fae38a12c4ea9332838a184/MS-1
http://jasonhill.co.uk/pfsense/ad_servers_dnsbl.txt
http://osint.bambenekconsulting.com/feeds/dga-feed.gz
http://osint.bambenekconsulting.com/feeds/c2-dommasterlist.txt

Some of the lists I use in the iPV4:
http://cinsscore.com/list/ci-badguys.txt
https://zeustracker.abuse.ch/blocklist.php?download=badips

In the general settings I only use my internal interfaces i.e. I don't run it on my WAN or VPN

Don't turn on GeoIP quite yet and be selective, as an example I originally blocked Brazil but it prevented me from downloading some SNORT rules(The servers are in Brazil)

While my pfBlocker is working I still have some questions/concerns I am trying to address, see my outstanding post here(which also gets into my DNS resolver settings):
https://forum.pfsense.org/index.php?topic=135363.0

While I don't think its perfect it might help get you going...good luck. Hang in there...

IMG_0208.JPG
IMG_0208.JPG_thumb

I too get this when ever my pfsense reboots, but self corrects at the top of the hour when the update runs.  I'm following this to see what transpires.

BBcan177 Thank you for your hard work on this over the years.  Keep up the amazing work sir.

Ash

Create a new Alias in the IPv4/6 Tabs called "Whitelist" and add the IPs to the "Custom List" at the bottom of the page. Set the Format to "Permit Outbound".  Then confirm that the "Rule Order" option in the General Tab places the Permit rules above the Block/Reject rules…. Alternatively, use "Alias Type" rules and manually create the rules as required....  Firewall rules are processed Top to Bottom....

@mtk:

Hello Qinn,
have you solved this issue?

https://forum.pfsense.org/index.php?topic=135118.0

MtK

Yes, it is just as RonpfS in reply #3 said, "disable pfBlockerNG, DNSBL, Suricata, etc before doing an update. Then re-enable them after the update" and errors during updating will be gone.

Cheers Qinn

@pfBasic:

Why are you blocking inbound on your LAN? Did you open up the WAN to your LAN? This should be blocked by default.

Yes it is totally pointless to have inbound-only blocklists, but basically I love to sit and watch the firewall log, hard to describe but I find it fascinating how many IPs from across the globe are in those lists.

#################
IPv4 lists
#################

–-----------------------------------------------------------------------------
Alias Name: Deny_Both, Action: Deny_Both, Frequency: ?? Alias Name: Deny_Inbound, Action: Deny_Inbound, Frequency: ?? Alias Name: Deny_Outbound, Action: Deny_Outbound, Frequency: ?? Alias Name: Whitelist, Action: Permit_Both, Frequency: ??

Ok, so you do live with ADs ;D

Which DNSBL Listening interface did you assign in the DNSBL Tab? 
Do you use HA/CARP?

You would need to create rules to allow those GeoIPs to access the services …  When people are traveling, you can just re-enable those permit rules to let them in...

Thanks BBCAN…love the functionality! I managed to get it working! Keep up the great work...

Thank you BB!
I've often wondered what lists you specifically use, and perhaps why those specific lists.
Thank you!

thanks!  I'm also having WAN drop issues since upgrading to 2.3.4-p1 so I might just re-install with 2.4 and try that out as well.

It's just a home firewall so not like I have massive rules/etc set :)

When you are interleaving your rules like that, its very difficult to auto-generate the order…. I would recommend to use "Alias type" rules and then manually create the rules as required.  Click on the blue infoblock icon in the IPv4 tab to get more details....

Its not recommended to use the LVL1 feed to block Outbound since it contains Bogons. Also IBlock doesn't seem to be maintained very well… I'd not recommend to use Feeds that are not maintained.

@killmasta93:

Hi,
I was wondering if someone else has had this issue before? Recently users been complaining about slow internet speeds. Right now its configured as windows server DNS root are pointed to pfSense and the DNS on pfSense are 8.8.8.8. So Im guessing it might be a DNS issue for the request. I checked the unbound DNS cache and seems to be allright, What i also been noting at times on chrome shows that the page connection is not private but if i reload it again it shows normal the website. My question is there to troubleshoot the issue by checking DNS speed from pfBlockerNG to the roots of the windows server?

Thank you

If browsing is slow it could be one of two things generally…

You Lan segments cannot access the DNSBL VIP address... to test, try to ping the DNSBL VIP address, and try to browse to the DNSBL VIP address from each of your LAN Segments. If that doesn't work then ensure that you have selected the DNSBL Permit option to allow those subnets to access the DNSBL VIP address... You can also check your NAT/Limiter rules to see if something is interfering with the access...

When a LAN segment cannot access the DNSBL VIP, it will timeout the browser as its still looking to access the blocked domain.

One of the blocked domains is causing the browser to timeout...

Your LAN devices should have there DNS settings set to your MS AD/DNS Server only. Then the AD/DNS should have its Forwarders set to pfSense which will then be filtered via DNSBL.

Another thing to keep in mind, is that when you try to open a web page that is blocked via DNSBL via HTTPS, the browser will show a certificate error since the browser sees that the DNSBL certificate does not match the Domain that was blocked.... Its safe to ignore...