@Laxarus

Thank you Laxarus,

It seems to have worked.

@mikekoke You should just set Null Block in the DNSBL Groups Summary section.
As @gertjan clearly explained, HTTPS traffic cannot be intercepted and redirected like HTTP.
This means showing a block page when accessing a blocked HTTPS domain (like stats.g.doubleclick.net) won’t work — your browser will flag a certificate error, because pfBlockerNG cannot present a valid certificate for those domains.

➡️ The recommended solution is to switch to Null blocking (logging), which silently blocks access without trying to show a redirect page.
This way, users won’t see certificate errors, and the block is still effective.

Let me know if you need help finding where to set this.

@Gertjan Thanks for the thoughts!!
I find that most Windows PCs generate more traffic in general. There is lots of app and utilities that cause the traffic.

@Uglybrian said in LibreWolf: Block Applications from Connecting to a IP (*.googleusercontent.com):

I myself just used a blocking method.

Yes, I've done this before myself in another system but keep putting it off for my current, I used pfSense pfBlockerNG configuration guide. So I decided today to get this back working. Its much easeir using granular control then generic. My system diagram is like:

Bond0 Diagram.jpg

I will be using the above quide for the Lab-pfSense. I was trying to get blocking working just using pfBlocker alone, but unsuccessful. This guide and pfSense baseline guide with VPN, Guest and VLAN support for the Bare-bone pfSense.

What do you think, any inputs and additions?

Yeah, I would use auto generated aliases in user created rules personally. That gives you complete control with all the benefits of auto updating.

@Gertjan I specifically chose my list of public DNS servers becasue they do support DNSSEC, I've seen what DNS poisining can do. I don't need to see a movie I've lived it. Did I mention damned near 30 years in the business? BTW, doing just a root hint forward doesn't do DNSSEC as root hint servers are not DNSSEC complaint yet that.

BTW, in the beginning of the post packet forwarding was being stopped, not just DNS being blocked when pfBlocker was enabled. Through a lot of reboots I was able to get the packet forwarding going again with pfBlocker going, but then found the DNS block.

I did use ICMP from the firewall itself to validate the lack of packet forwarding. I wish the logs would indicate which rule has the "offending" match that caused the block, but it sounds like the process roles all the lists up into a single firewall rule.

I really don't want to tear down all of pfBlocker and start over, but it sounds like I will have to do that. Need to see if I can pull all the data out of a backup so that I have all my lists then can just recreate them as needed.

I'm going to look more into what @BBcan177 mentioned, although I think I am already there since I have disabled all my lists, just not 100% sure.

@jlw52761 Yes, I followed the suggestions in the answers and started disabling the feeds one by one and found the culprit. I checked the logs and found which feeds were mentioning the DNS address ( there were about 8) then just disabled them one at a time and found the one blocking DNS traffic.

@thuizt You can create them as Alias Native format (eg mot Deny) and it only creates aliases not rules.

@jlw52761 Unfortunately i didnt find a solution with pfblocker(ng). My current solution is to have switches back to my pihole setup and dont use pfblocker. Its still frustrating because of my dns force i dont have dns in lan when my server is off due to running pihole in a docker on the server.

@fireodo Somehow this one escaped me.
Didn't notice it until I updated to CE 2.8.
Anyway, much appreciated.

@lohphat https://forum.netgate.com/topic/190285/changes-to-snort-org-talos-intel-ip-block-list-affecting-pfblockerng