@dgall said in Has Shallalist been removed from the latest version of PfBlocker?: I thought the 3.1.0 was still in the development stage I usually do not use software in the development stage because the bugs are still being worked out I upgraded to 3.1 and shallalist is listed True .... and not so true. The current 3.x series is now under development for over 2 years. The 2.x series is 'abandoned' for development, and upgrades come out if there are security issues. It will be ditched soon (if you asked me). 3.x had about 20 releases, and is now pretty solid.

I had the same problem and it was Squid. In Squid, Transparent Proxy Settings, I had to add 10.10.10.0 (in my case) to the 'Bypass Proxy for These Destination IPs' or simply check 'Bypass Proxy for Private Address Destination'.

@sozler Wow! My post was 3 years ago! I’ve stopped using pfsense and therefore pfblockerNG quite some time ago. I’m using https://nextdns.io now. It’s pretty good and much easier to use and configure. (It’s far from perfect, but it’s way simpler)

@gertjan thanks for the heads up! I left everything running for a week with python mode enabled in Unbound, pfBlocker IP enabled and DNSBL disabled… ran like a charm. Enabled DNSBL last night with one Feed with 10k ish domains, so a pretty small list. Here’s the memory usage, staying consistent until I flipped the switch, within an hour unbound crashed with no obvious log. [image: 1633161495177-3022c956-acac-4caf-8ef4-b30877ccb14b-resized.png]

@steveits Yup, sure does! I was actually on the right track but I gave the wrong setting. It's actually the fake website shield that needs to be disabled. I will update that in my last post. So what happens is that AVG detects that pfSense is trying to change the IP address to the website you're accessing and so it'll circumvent it as it thinks it is an attack. I can't edit my original post, so here's what needs to happen. It's the Fake Website Shield that is responsible for this. So go to Menu > Settings > Full Protection > Fake website shield > Turn it off indefinitely. Not necessarily the course of action that is the most awesome but that is the trouble module causing pfSense to be ignored.

@chudak If you click the actual feed URL on the Feeds page under the Header/URL column does it download? They will occasionally move URLs...though seems unlikely multiple ones did.

That´s of course the first thing, I tested. :) The pfSense box can resolve the internal addresses. I have realized this by using "Domain Overrides" at the DNS resolver. In which for the domain "10.in-addr.arpa" points to an internal DBNS server. On the console I can resolve the addresses and in "Diagnostics"->"DNS Lookup" also works. Only in the Alerts tab it doesn't seem to work...

@andrew453 said in Suppressing IP block in CIDRs other than /24 and /32: https://www.iblocklist.com/list?list=cwworuawihqvocglcoss List of people who have been reported for bad deeds in p2p. This list is for protecting BitTorrent clients. IMHO it could be used on the local machine BitTorrent hosts instead of the Firewall. When Auto-Rules doesn't fit your setup, you can use Alias type with your own FW rules order.

Don't use floating I guess. It is not the default anyways.

@mcury Those numbers also look fine. There’s no massive writing anymore. So you are in the clear :-)

@peterlecki I am not sure I understand completely but when you create a geo list the default is Disabled, it says so next to the List Action dropdown. The point of the comment is that instead of creating IP tables in memory to block 95% of the world, make a default block rule and only allow 5% of the world. Often what I do is make the list Alias Native which only creates an alias. Then I can use that alias in whatever NAT rule or firewall rule I want.