@jperezme You could try replacing Unified hosts = (adware + malware) with Unified hosts + porn https://github.com/StevenBlack/hosts

@noonstarx said in pfblocker is not working. it does not block anything.: There are a couple of NAT rules: Those are not WAN based, they redirect 10.10.10.1, the IP of the build in web browser, to 127.0.0.1 so it can show you the "You've accessed a blocked site" page. Which, IMHO, is a useless functionality, as most sites are accessed by https these days, and https can't redirected like that. Only ancient http request could be redirected. I'm not using the this pfblockerng web server, but do 0.0.0.0+logging. Your outbound nat rules are by default, that's fine. This is pure BS : @noonstarx said in pfblocker is not working. it does not block anything.: C:\Users\user>nslookup facebook.com Server: dns.google Address: 8.8.8.8 why would you want your device (PC) to ask 8.8.8.8 to resolve for you ? ? ? You are completely bypassing the resolver running on pfSense. Conclusion : you are bypassing the pfSense resolver == bypassing pfblockerng. Remember : pfblockerng integrates itself into unbound, the resolver. Read again : [image: 1664184109570-3d213e58-f9be-4689-9793-242929fbeb5f-image.png] I guess its 'case closed' now

@Gertjan The Unbound python mode seems to be working. It's definitely stripping content from advertising emails but not all. I'll take what I can get.

@periko No, of course not I'm using pfSense at work, a hotel, and I'm also using the captive portal so my clients can have a Wifi Internet connection (they always have use up their monthly xxx GB) so they use the hotel-Wifi. I'm not trying to block a maximum of DNSBL, as I'm not the one that should decide what people are seeing on their screen : They want it ? They have it ! Dono what they are doing with that connection. Must be work related, right

I have tried the update in those posts. I have updated /usr/local/pkg/pfblockerng/pfblockerng.inc Finding $r = explode(')', $result, 2); and replacing it with $r = explode(' ', $result, 2); as instructed. In all those posts they are saying the issue happens in version 22.05, however looking at the release information the base version of pfSense CE software release 2.6.0 is version 22.01. So I do not think this applies in this situation. Am I incorrect in this information?

@igoldstein said in issue with a non USA IP getting added to North America IPV4 List: IPs that are used in USA, not just Registered in USA Good luck finding that list... Not sure how many times this needs to be said, there is no such list. There will always be mistakes, IPs move all the time. I could route a network out of Dallas today, and Paris tomorrow.. Your best solution is IPs you find that are not coming from the US put in your own block list, and put this top your rules order. Before you allow of the US IP list. Still curious how you found this IP was not coming from the US. Did you go through the complete list of networks in the US list? edit: https://support.maxmind.com/hc/en-us/articles/4407630607131-Geolocation-Accuracy "It is not possible for us to guarantee 100% geolocation accuracy. Accuracy exhibits high variability according to country, distance, type of IP (cellular vs. broadband, IPv4 vs. IPv6), and practices of ISPs."

@leonardo-2 said in TLD processing with pfBlockerNG-devel v3.1.0_4: In the UT1 adult's list there is This list : [image: 1663662889644-04208776-cd2c-4281-ac47-c775491ab58f-image.png] ? Read : This is an Advanced process to determine if all Sub-Domains should be wildcard blocked for each listed Domain. Click infoblock before enabling this feature!  Definition: TLD -  represents the last segment of a domain name. IE: example.com (TLD = com), example.uk.com (TLD = uk.com) When enabled and after all downloads for DNSBL Feeds have completed; TLD will process the Domains. TLD uses a predetermined list of TLDs, to determine if the listed Domains should be wildcard blocked (Block all sub-Domains). The predetermined TLD list can be found in  /usr/local/pkg/pfblockerng/dnsbl_tld To exclude a TLD/Domain from the TLD process, add the TLD/Domain to the TLD Exclusion custom list: • This only excludes the domain from the TLD process, it doesn't whitelist the domain. • Only the specific Sub-Domains/Domains listed in the DNSBL Feeds will be blocked. • A Force Reload - DNSBL, is required after manually adding to the TLD Exclusion Note:  Whitelisting a "sub-Domain" for a TLD Blocked "Domain" in the Custom Domain Whitelist will not whitelist a TLD Wildcard Blocked domain!     Either add the domain to the TLD Exclusion, or wildcard Whitelist the whole domain. TLD Blacklist, can be used to block whole TLDs.  IE: xyz When Enabling/Disabling this option, a Force Reload - DNSBL is required. And when you and observe a force reload of pfblockerng-devel, do you see this : [image: 1663662951353-ee037757-0500-4944-9ce1-34e45bcae8ff-image.png] Note the x's My advise : when the x's show up, stop uisng "Wildcard Blocking (TLD)" or use smaller feed/lists. @leonardo-2 said in TLD processing with pfBlockerNG-devel v3.1.0_4: is inserted in pfb_py_zone.txt, others in pfb_py_zone.txt That's just pfb_py_zone.txt ;)

@steveits Yeah this is very screwed up, last time I had this issue a few days ago setting up another unit, it simply worked later out of nothing...

@beerguzzle Because pfblocker itself does ... nothing. It uses the syslog to build most of the pages with IP related stats. I gets the info from the logs, as the firewall logs into the stats. IP feeds are build into aliases, and these aliases have to 'firewall' log. DNSBL uses the its own, internal logs.

@keyser Thanks for the advice. I got v2 outta there per your instructions, got v3 in place, and got things working again.

@matthiasvd said in pfBlockerNG blocking SMTP (country blacklist): There is no option to have a single exception for SMTP When I use pfB, I use Alias Native. That creates the alias and no rules. Then you can use the alias in a NAT or firewall rule as desired. BTW, it's more efficient to allow Europe than block not-Europe. (less memory usage and time looking through the IPs)

@gertjan I totally overlooking that tiny link for profile builder... thank you- I did not look hard enough. It's working now.

@maxburn I didn't, but I just did. I was thinking it would do that itself based on the schedule. I see the new name in the update output and can't find the old one so hopefully that's the end of it.

@czar666 I have deleted your sig per your request, given you a couple of thumbs ups - if you get 5 you can then edit your own signature again. edit: there you go, now your at 5 rep points, you should be able to no put in what you want for your signature.

@mcury said in Just updated to pfsense 22.05, is it fully compatible with 3.1.0_4?: @paul2019 said in Just updated to pfsense 22.05, is it fully compatible with 3.1.0_4?: @mcury The service "pfb_dnsbl" is not starting, is that normal? I never checked this before. No, this is not normal It is normal if DNSBL is not enabled. Many of our installs we use pfB for block lists and not DNSBL so it's off. @paul2019 said in Just updated to pfsense 22.05, is it fully compatible with 3.1.0_4?: Unresolvable source alias If the alias doesn't exist pfSense will throw that error, if a firewall or NAT rule uses the alias. It can happen for instance when uninstalling pfBlocker in order to install an update to pfSense...years ago I locked myself out that way, installing an update to our office at night through a pfB NAT rule, but fortunately had other ways to get connected. I have also seen it on rare occasions after a reboot. Just run an update in pfB to recreate the alias.

@provels I'm used to Windows, when I see that I'm using up 50-60% of my RAM, it's time add more RAM... :) I just don't want to spend $700 on a 4100 MAX and wish I had spent the extra $200 down the road when or if I need more RAM. This machine is just a test desktop.