Added to that, "names" = host names exists for humans.
DNS exists sot that all these names are converted to IP's, something that device actually can use.
You could throw away all host names.

Try visiting https://[2610:160:11:18::199]/ or https://208.123.73.199/ - your browser will yell at you because the cert of that web site doesn't have 2610:160:11:18::199 or 208.123.73.199 in it's ALT DNS list, so for the sake of testing, just override the warning, accepts it, and you'll see ...... this forum. Without using names (URLs).

Edit : when you see these browser certificate warniong, inspect the cert. drill down to the cert info list, and you will find :

219e97a7-a3fe-4b91-8519-73eccf73fa58-image.png

so you know that you are connected to netgate.com or any sub domain of that site - forum.netgate.com in this example.

@WannabeMKII : when you call someone, do you enter his name, or his phone number ?
=> Well, you use your contact list, a sort of DNS lookup, to have the phone select the according phone number. The phone circuit isn't aware of 'names'. Just numbers. Setting up a contact list without phone numbers ... that's .... not useful.

"Cannot allocate memory" on 2.4.5 does not mean you don't have enough table entries. On 2.4.5 that error will be "Too many elements" if you need to increase the table entries limit.

"Cannot allocate memory" is likely just what it says, it ran out of kernel memory trying to load the table. Usually this is only temporary and will resolve itself in the next filter reload. See https://redmine.pfsense.org/issues/10310 for more info.

The Force option Update will download the IP lists and create the aliases. If you're getting an error with the update, then it probably didn't create the aliases. In other words it has no information to work with. I've not run into an error there, let alone mentioning an ISO.

Generally when I've created them I use Alias Native and then create my own firewall rules.

Alright... I'll give that a try next.

Had to resort to a cron tab that did a:
/bin/cat /dev/null > /var/log/pfblockerng/dnsbl_error.log

every 15 minutes. That's a hack!

Will try the dev version next...

Thx,
Bob

@siam yes

@RonpfS
I just did a test. You need to "Force Reload" and "Force Reload DNSBL" in case If you remove an entity from custom white list. The entity behavior will change to blocking. You don't need to restart pfsense.

Thanks for clarification.

Just bumping this in case someone has a thought on it. I've also tried running this script as a shellcmd, but w/o success.

#!/bin/sh sleep 120 /usr/local/bin/php /usr/local/www/pfblockerng/pfblockerng.php update >> /var/log/pfblockerng/pfblockerng.log exit

Thank you for that information. I will downgrade now pfSense. Would you @getcom mind to set up a bug-report? Your reputation is surely better than mine and i expect you can describe the problem better i could ever do.

Well, i guess this is the answer. The second router DNS has to be pointed to Pfsense DNS resolver address.

@durianbusuk

Thanks for this! Didn’t know about it and am trying it out now.

@lordofpc734 Oh nvm. i just had to rename the rules (changed pfB_ to pfb_) this was in some infoblock in the IPv4 page

@provels When you enable these you have the option of doing so. You can allow or block or use them as aliases.

@FMRC_Cheeky No worries. Don't be afraid to ask questions. You'll get up to speed faster than you may think!

I had to "recreate" my geo-IP alias for that, because I was not able to combine the existing one with the custom IP. But it works!
👍