@gertjan
I have figured it out now.
I was running the reload command and not the cron command.
When i run the cron command it updates the list in the firewall.
And you are right I shouldn't spam other list. A workround for now is that i make my own custom list that contains the IP addresses from the other list and update the backend list once a day.
Thanks for the help

@gertjan & @SteveITS Thank you both for your assistance. It doesn't go unnoticed.

@gertjan okey, that log was just over 20k lines after I increased it to 100k according to keysers suggestion. So it sounds like this is going to help.

The log I increased to 100k was the dns_reply.log it seems that it is containing only the dns replys, whereas the unified.log contains a lot of other information as well.

Interesting comment on that they will degrade the SSDs. Might be a good idea for me to go for enterprise grade SSD:s when they start to degrade too much then. They should have significantly better lifespan for the amount of writes they can take.

@cburbs said in DNSBL Source list ?:

How do I know if this list is getting updated/etc?

Here is the answer :

Easylist - https://easylist-downloads.adblockplus.org/easylist_noelemhide.txt

Whats not clear for you :

[Adblock Plus 2.0] ! Checksum: L6s8GbrfOL9KuXYzlRkeXw ! Version: 202212021441 ! Title: EasyList without element hiding rules ! Last modified: 02 Dec 2022 14:41 UTC ! Expires: 4 days (update frequency) ! Homepage: https://easylist.to/ ! Licence: https://easylist.to/pages/licence.html ! ! Please report any unblocked adverts or problems ! in the forums (https://forums.lanik.us/) ! or via e-mail (easylist@protonmail.com). ! !-----------------------General advert blocking filters-----------------------

@cburbs said in DNSBL Source list ?:

I noticed if I try and open it it's getting blocked from GeoIP

You geoip blocked a German IP network. Well, ok, why not.
That's a typical shoot in your own foot situation. My advise : don't (use geoip).
But don't feel bad about it. It has been seen before : people used that new great perfect DNSBL list and it contained the DNSBL (host names) of all the other DNSBL feeds ... guess what happened ? ;)

And what's next : you block (yourself !) the access to the Netgate upgrade servers ?
Microsoft upgrade servers ?

IMHO geoip isn't really useful these days. Most IPs are ok, but there to many false positives.
It's something from the past, when everybody knew who was who etc.
And the upcoming IPv6 will blast geoip to oblivion.

@cburbs said in DNSBL Source list ?:

does this mean it won't download correctly either?

Ask your pfSense :

On the console :

curl https://easylist-downloads.adblockplus.org/easylist_noelemhide.txt

For me, in comes in just fine.

Or do a pfblockerng-devel force update and look at the resulting log on the screen.

@gertjan Rereading, I confused this thread with the other thread we're both in for the same topic. Sorry. :)

@rcoleman-netgate Thank you. It was a typo. We're using pfSense 2.6.

UPDATE:

The displaying date issue seems to at least somewhat resolved itself. However, today it began using these placeholders instead of showing the hours. See screenshot.
FW-pfBlockerNG-Report.PNG

Has anyone had a similar issue or know what might be the cause of this?

@pfsjap

No I haven't and I don't recall seeing that. I must be blind in one eye and can't see out of the other. Will look for it and try it.

Thank you for the tip.

Take Care and Enjoy!

Edit: I found it, I set it, now to play around and see what it does.

Or click here :

02cf2e15-1341-4e8f-bd79-dd3b33b75727-image.png

@dharmender-bankal said in Unable to block website.:

Created alias for yatra and facebook along with IP address for both sites.

Read Aliases, especially the Warning and the Note.
Facebook uses thousand of IPs. Not 'one'.

You have to look up what an "ASN" is, and how to use use it with pfBlockerng-devel.

@kenj05
Version 2.1.4_28 of pfBlockerNG is an old version that is no longer supported nor recommended by the package maintainer.

You need to upgrade to the latest version of pfBlockerNG-devel 3.1.0_6 or _x, depending on which version of pfSense you are using.

If you are still having issues after you upgrade, come back to forum and someone will be glad to help you.

@bob-dig unfortunately that’s still not what I mean. I’m referring to dnsbl feeds in bfblocker blocking domains.

@steveits said in pfblockerNG- tuning needed or do i have an error in config?:

There is also DNS over HTTPS or DNS over TLS which bypasses local DNS servers altogether. :)

I think this could be blocked true the ip feeds for DoH ("ipv4 DoH_IP the Great Wall" for example) and block port 853 for DNS over TLS (DoT) as long as i don't use it.

@victor-1

I'm using pfBlockernd-devel - latest version.
facebook isn't blocked for me.
If it is for you :
a) stop using the feed that blocks it ?!
b) whist-list it ?!

yatra.com is, according their web page, not accessible for European visitors (wonder what they have done to earn that position).

@lohphat said in ASN lookup failing with empty files [solved]:

I still think that the failure mode could be better handled and alerted -- the logs indicated empty files, but was it due to d/l failure or the server returned an empty file? Something should throw an alert if possible.

Ofcourse that could be a good Idea!