@moon_d
What do you mean by "directory"?

One is https - with the cert error, but nslookup shows everything is working ok - thanks. I was thinking Chrome was looking at it's list first before it gets to PFB. I don't have anything in the IPv4 list. How your can tell the difference between lists and feeds come to that ? - I guess one has site domains and the other IP's ...

yeah, those are single addresses. You will need ranges, using CIDR notation, like 10.10.0.0/24, or simply a dash, like "1.1.1.1-2.2.2.2". Be careful with these, as it is easy to block too much if you don't know what you are doing, and really mess things up. As long as you don't block your access to the firewall, you can do a little trial and error if needed, though.

Facebook has so many IPs though, it's not even funny. They also use datacenters which other companies use, so in an attempt to block Facebook, you may be killing off hundreds of other websites and services running from the same datacenter, or another similar connection. Entire governments are struggling to block services like Facebook, so it's probably not going to be all that easy. This is still something good to learn, but would you be better off just using something like pfBlockerNG's DNSBL? With that, you can just specify that "Facebook.com" should be redirected to a dummy internal server, thus preventing access. For this to work, you do need to have your own DNS server, but pfSense makes that easy.

i already done this.. Torguard has 4 DNS servers, and the fastest two i used is in france.
since im from scandinavia, using cloudflare DNS servers from the same city i live in makes the response timings go from above 40ms to under 20 ms.. avarage 14 ms..

this makes my browsing much less inpatient

If you inspect the pfblockerng.log it has been saying that for every Cron update or Force Reload DNSBL since you enable TLD.

To track memory usage, use Status Monitoring , System Memory

I've been using some Pi_Hole blacklists too, which you could try:
http://sysctl.org/cameleon/hosts (Cameleon ads)
https://zeustracker.abuse.ch/blocklist.php?download=domainblocklist (Zeustracker Ads)
https://s3.amazonaws.com/lists.disconnect.me/simple_tracking.txt (Disconnect Me Trackers)
https://hosts-file.net/ad_servers.txt (Hosts File Ads)
https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts (Steven Blacklist)

You could also try adding the (slightly outdated?) BlueTack ad server IP list to your firewall. Just make an alias, clean up the list, and import it.
https://www.iblocklist.com/list?list=dgxtneitpuvgqqcpfulq&fileformat=p2p&archiveformat=7z
Note that it is a pretty big list, so one you import it, expect it to take a little while if you ever want to go back in and view/edit it. For me, it takes almost 5 minutes to load that alias edit page.

I hope this helps!

OK Fixed the error on block count =0

It turns out table usage counts were greater than Table Entries Hard Limit. Hard limit was defaulted to 400000, and lists were slightly greater than that. Increased to 600000, and seems we are ok now.

DNSBL http server return different response to the browser depending on what is in the URL : 1x1gif for picture, Javascript or the Blocked page when there is only the domain name in the URL : http://example.com/

@ronpfs, thanks for pointing this detail.

I had check this, I understand part of how it works.
Thanks RonpfS.

Okay, it sounds like there is a clear wall. That's good to know. Thanks.

@ronpfs said in pfb_dnsbl, pfb_filter and Unbound error at reboot:

TLD will slow down Cron update but will shrink the size of the DNSBL db
Live Reload seems to fail without TLD 😖

@BBcan177 logged in here (Teamviewer) yesterday, maybe he can come up with something.

Just wanted to report back that its been a few days and I can confirm that disabling Live Sync does indeed solve this issue for myself.

Since disabling, DNSBL has been blocking as it should after the cron runs.

Thanks for the tip on disabling the "Resolver Live Sync" @RonpfS

@j-koopmann said in Constant unbound reloading with DNSBL:

Any ETA or version?

We are in the debugging phase now. No ETA is planned yet.

thanks again, I will give the -devel version a look.

Thanks, but from what I can see they don't a URL auth mechanism.

Well from pfB_PRI1_v4 - Abuse_DYRE_v4 you could decode that :

It IPv4 Table PR1, the Header/Label is PRI1_Abuse_DYRE

Go to Firewall / pfBlockerNG / IP / IPv4
select PRI1 Table, then change the State of PRI1_Abuse_DYRE to off

Thank you so much for the link. This worked.

I've enabled the ad/malware lists from the tutorial and added Steve's Black Lists for adult content. I was also able to add the easy lists.

Unfortunately I quickly found that some common URL's are note on these lists. I am going to open a new thread trying to get OpenDNS working as another layer. Unfortunately I've found that if I follow a setup for open DNS it breaks the platform.