@johnpoz I believe the original (Suricata warning) post said January but wasn’t specific.

@rtorres well Chrome is Google of course. Is there a reason to allow any? I’ve seen one issue, we have Dish satellite and though it’s DVR uses local DNS its video on demand “app” uses public DNS/DoH and I had to allow it out from that device.

@pulsartiger From what I was reading, they mentioned about another job running at the same time the pfBlockerNG CRON is running. Changing the time allows the other job to complete for this one to run without issues. But now I'm having an issue with pfB_PRI1_v4 - ISC_Block_v4 Per the error message, there is an SSL error that times out.. but I can access just fine via the browser. I'll open another thread if I can't figure it out!

@Authec If you have an Android TV, have a look at https://github.com/yuliskov/SmartTube.

@christopherbradski Very interesting!

When I was checking out the IPs - -I noticed quite often that amazon was involved. I unchecked the US reps and will see what happens. I noticed that 85000 addresses were removed when PFB updated... thank you! No changes to Firewall rules, skipping Filter Reload Updating: pfB_NAmerica_v4 85423 addresses deleted. UPDATE PROCESS ENDED [ 02/2/24 06:12:41 ]

@HorstZimmermann I've been working on bringing that support to pfBlockerNG You can find my code here: https://github.com/andrebrait/FreeBSD-ports/tree/pfblockerng-adblock Let me know if you're interested in trying it out :)

Further to my last, an update. I reverted my workaround changes (back from Network to Host) and reloaded pfBlockerNG but the issue did not return. I wonder if converting the type (described above) from Host to Network and back has reset something? Followed your suggestion of installing the non Dev version of pfBlocker and reloaded. All seems normal and operational using Host again. If I come across any subsequent "funnies" I shall report back, but for now I think I'll leave this post as is, in case any one else runs into a similar issue. Cheers again for your help.

@CZvacko For the first attempt/part, technically you can do that without pfBlocker...create an alias, add your hostnames, and pfSense will resolve the hostnames in the alias every 5 minutes by default. However there are caveats as you found: every hostname initially queried has to be entered (www.example.com, svr2.example.com) one cannot use a wildcard (*.example.com) hostnames may change IPs frequently Doing that in pfBlocker, I don't know offhand if it resolves the names every 5 minutes or at reload. Haven't tried. An option is to create a host override or domain override in DNS Resolver, and point the names to nowhere. In pfBlocker one can create a DNSBL Group and block domains, but that's the opposite of what you're asking for. I have not tried, but possibly you could block *.com, *.net, etc., enable Wildcard Blocking (TLD), and then add entries to the DNSBL whitelist?

@nasheayahu pfBlockerNG has to know, which are inbound and which are outbound interfaces. Maybe you have only one each (WAN, LAN), but anyway you have to tell this pfBlockerNG. You can do this on the IP tab in recent versions.

I am having a similar issue, pdfBlockerNGon my dashboard widget says "[ pfB_PRI1_v4 - Talos_BL_v4 ] Download FAIL [ 01/24/24 07:00:15 ]". If I go to Firewall->pdfBlockerNG->IP->IPV4 edit, I see 'Talos_BL' header/label highlighted in yellow. If I manually open the source link, it opens just fine in a browser tab (https://talosintelligence.com/documents/ip-blacklist) Below the main table, it says "Failed download(s) highlighted in yellow. Click here for Guidelines --->". When click on Guidelines, the only listed for Header/Label is "Header/Label: This field must be unique. This names the file and is referenced in the widget.  (ie: Spamhaus_drop, Spamhaus_edrop) " As far as I can see, this field is unique. Any ideas what could be causing this failed download?

@Uglybrian I think I answered my own question. I looked at a couple of the ipv4 lists that had comments embedded. In my case, I am creating a custom IPv4 list and want to include comments to identify what/why I'm blocking, rather than create a lot of small lists. I am building a custom list in the pfBlocker rules rather than include a file from a URL. Note that you're example is using DNSBL, though a similar approach could be used per your example for IPv4. Thanks!

@jrey @Gertjan I wanted to provide update to these issues so you know what happened and in case it might help someone else. I left this thread partly because I didn't want to take up anyone else's time on what was becoming an increasingly complex and consuming problem. It turns out this was 2 main problems: After encountering what seemed like a cascading number of failures and problems, including a boot loop, I was able to verify bad hardware. Consequently the MB, CPU and RAM were replaced with new. The SSD and NIC PCI card did not seem affected. There was indeed a misconfiguration with my account at the VPN provider. Specifically, any filtering at the VPN level was not compatible with DNSSEC. This included any filtering, including of malware, tracking or social sites. This filtering was turned off. Some notes: Before wiping out the SSD and in the old installation of pfSense, I did not use any backup files to transfer settings because it seemed likely to transfer misconfigurations as well. Instead I took screens shots of every page I may have modified from a default installation and used those to transfer most of my setup to the new default install of pfsense on the new hardware. Almost every setting that was to be changed from default was questioned and re-researched before doing so. In this process I came across VPN setup instructions from a competing provider that had more specific and complete instructions which included the warning that VPN filtering was not compatible with DNSSEC. Also, I was able to identify and eliminate a few crazy settings made in an apparently futile attempt to address the problems. Yeah, WAY more than a couple of hours, LOL. But the bad hardware was a far bigger problem than I expected. Everything now works as expected and DNS resolution, and everything else, is faster than it's ever been. In pfBlockerNG, error.log and py_error.log remain empty after a week or two of continuous use. I want to thank @jrey and @Gertjan for your help which I have tried to heed. I do have fewer pfBlockerNG feeds thanks to @Gertjan . And thanks and gratitude to @BBcan177 for creating such an awesome package. Best Regards,

@mooncaptain in general never install or upgrade packages without being on the same version as the Update Branch setting, or it can pull in later libraries.