have a lot of Apple iOS devices in company/home and need to quickly add rules to pfSence after You buy new appliance from Netgate;
company buy a software product that need to communicate with outside servers on a developer side;
company buy a new hardware (servers (like IBM IMM service, Dell/HP have similar) , email antivirus DPI inspector, etc...), that need to communicate with outside servers on a developer side;
Every appliance uses it own list of ports, that can be changed
It is better to check this information with the vendor
May be 5 or 7 years ago I was agree with You, because there are a huge bunch of SaaS services and the pool of IPs cannot able to be collected in reasonable timeslot.
BUT now in 2020 exist only 30-100 SaaS services that used by MOST OF USERS: Amazon AWS, Google ~Servises, Apple, 5 email services (Google, Yahoo, ...), and around 10 most-usable hardware vendors (Dlink, TPlink, Amazon devices, Google devices, ...)
Sorry, I need to repeat again:
The main question are the most users just need "push button and all working well" solution. Just look at this NetGate forum - more than 80% are about something described in official doc, or more than one time appear on forum. But same questions popup again and again, again and again, countless.
Even pinned on top of official pfBlockerNG part of this forum Bypassing DNSBL for specific IPs have words like CloudFlare. Rock... :)
And from point of view of ordinary users if something goes wrong, each user clime the "NetGate pfSense router" rather himself for not setup pfSense correctly. You may see on this forum even sysadmins of small organization are to lazy to correctly setup the pfBlockerNG-devel. This is reality of our life.
So at the bottom line are: if some solution exist on level "push button - and we do the rest" - more than 80% of users are happy with this. And buy more and more of pfSense devices, and recommend to others. NetGate are open source but not source of donation, this is "open source / business" balance.
And my proposition also about increase the power of this "open source / business" balance.
blocking using social networks (we all need that our stuff pay attention on work neither spent working hours on instagram, tinder, facebook, twitter...)
You can block it with the pfBlockerNG-devel / DNSBL Category
You can also find/add some specific DNSBL/IP lists there,
Most cloud providers have these lists,
Thank You for source! Appreciate Your attention and time!
Your statement that "pkg can't reach the pfsense servers" pointed me to the right direction; I haven't understood it fully, but I found a way at least to unlock the pkg issue.
In my case, it was due to a double stack IPv4/IPv6 issue: to solve it, I had to temporaly disable the network interface linked to the GIF port; removing IPv6 name resolution plus removing the IPv6 default gateway and firewall rules to route IPv6 traffic didn't suffice.
I don't like to be so inaccurate in test results, but as IPv6 connectivity was actually working, defining this problem will require some more tests and I meant to find a quick workaround for everybody experiencing this kind of issue.