^ exactly - this is what I would do.. And what I do do for my use of geoip based rules.. But I don't block with them - I allow with them. Only allow the countries my users are in for plex, etc..

Hi @BBcan177, hope you are doing well. I know you have a lot going on, but my employer is willing to pay for this feature. How much do you think a fair price for this would be?!

PS: Can you please delete this thread. It seems a bug with the pfblockerNG 2.1.4_26. The new v3 seems all good

@gertjan Thanks - I appreciate your help. [image: 1635264939192-2021-10-26_11-13-50.png] https://phishing.army/download/phishing_army_blocklist_extended.txt -- that's the Phishing_Army list that's showing up in the DNSBL log. In the phishing_army26OCT2021101209UTC.txt version of the list, it has .. edgekey.net on line 8,328 www-key-com.test.edgekey.net on line 38,876 --note that anything to do with apple.com.edgekey.net is not present in the list. After a reload with ".edgekey.net" in the DNSBL whitelist, all references to edgekey.net are gone from the list -- phishing_army-postprocess.txt . The DNSBL log displays no more entries for the domains shown in the OP. The DNSBL whitelist entry was effective at removing the both root domain and the subdomain. It feels correct to say that a DNSBL whitelist entry with subdomains does not whitelist every parent domain in the string. IE, ".apple.com.edgekey.net" does not remove "edgekey.net" and "com.edgekey.net" and "apple.com.edgekey.net" ad naseum. I suppose that if ".apple.com.edgekey.net" is not defined in the source list it can't be removed, and besides, the whitelisting of every parent domain in a string would lead to ..... well, it's leading me to another question. >>> If I have a list that includes only "edgekey.net" ... and I must whitelist ".apple.com.edgekey.net" ... and I have to whitelist ".edgekey.net" to make it work --- how do I avoid the collateral whitelisting of every other subdomain under "edgekey.net"? Thank you again --

@androgen If there is a demand for it, well, yeah, I guess so.

@timtrace Have a look at the GEOIP files /var/unbound/usr/local/share/GeoIP/ The first big number is probably the number of IPs in the attributed IP range. The second the number of IP listed.

@gertjan I agree. Seems that way to me also. Thanks for the debug code I was struggling with finding a way to display this data since I'm a novice at this. Just having fun learning.

@lowhanger To see what cron does : install the pfSense cron package. "Hourly" will trigger the pfBlockerNG main update function. If a feed is set to daily, then it will upgrade daily, not every hour. The other way arround will not work : If you set a feed to update every 5 minutes (if that was possible) and the main cron delay is 1 hout, then the "5 minute" won't work. Btw : updating every hour a feeds is not needed : check for yoruself : feeds are not updated every hour. Probably not for days ..... More frequent updating can be considered as abusive, and some feed hosts might blacklist your request.

@ciscox Yea that's where we differ, you're using auto-rules where pfBlocker will create the firewall rules for you. I cannot do that as I need to have some outbound only, some in and out etc, so I'm letting it create the aliases and I've created my own firewall rules using those aliases. I think this might be the difference as if it doesn't create the firewall rules automatically, it may also not be creating ip_block.log. I reckon that's the issue.

@andyrh said in Block youtube ADs with PiHole blacklist: For me it broke YouTube. Videos that start with an add never play. Had to remove the list. Same for me. The DoH lists seem to be working fine, though.

@stewart Depends how big the tables are. Our notes from a while back on pfBlocker say to use "minimum 2 million." If it's a PHP memory allocation error that's something else.

@vito-0 I have verified that the update is successful, but the message "Log Viewer Standby" appears in the log section. Why?

@benv22 said in GeoIP autocomplete not working: turns out i had to enable the pfBlockerNG service first on the general page Doh! ;) hehehe

I found the solution: downlaad freebsd 11.2 lib package with missing files winscp to pfsense and copy the missing files each time it ask.. mine needed only 2 files restart pfsense and start doing your upgrades :D

@bbcan177 Hi, thanks for the pointer to the command to fetch and filter the json file. I was not able to work out how to use the commands in an IP alias in the firewall. Does it need to be used within the source for a pfBlockerNG > IP > IPv4 > "IPv4 Source Definitions" entry? If so, do you have any links to documentation that explains how to use it? Thanks,

Sorry linked the wrong tutorial on their website, followed this one obviously

@pftdm007 said in DNSBL is no longer working normally: Am I missing something here ? Maybe this : Whatever you set here about:config (URL in Firefox) will retain, even after updates. So switch DoH of over there, and you'll be fine. If not, Firefox will use DoH, they do so on a new install for while now, at it is undeniable safer for the end user.

@jc1976 Confirmed Redmine issue created: https://redmine.pfsense.org/issues/12443