Creating a list for pfBlockerNG from uBlock's Logger



  • So I have visited a site and have uBlock's Logger running. I see several items in red. I assume the red items are being blocked by uBlock.
    Can I add those items into pfBlocker?
    Should they go in TLD Blacklist?
    Or should I create a feed and host it on a site like pastebin and put the link in DNSBL Feeds?

    Thanks for your help

    ![ublock logger.jpg](/public/imported_attachments/1/ublock logger.jpg)
    ![ublock logger.jpg_thumb](/public/imported_attachments/1/ublock logger.jpg_thumb)



  • Ublock Originin probably use some of the same DNSBL blocklists as pfBlockerNG




  • Ron, thanks for responding and taking the time to post a screen. I see now what you are referring to.
    I have the clients behind pfSense and pfBlocker enabled with all the DNSBL categories selected. Adblocking is effectively working on many other sites thanks to pfBlocker.

    I'm curious though why I am seeing a difference between visiting the site through a browser (ie. Firefox) and not seeing ads and using the Google App to load the site and it serves ads. Any thoughts on this difference and what I could do to block ads at the app level too?



  • You can always check out my site I am making for block lists for PfSense/PfBlocker at ant-techs.is/ip-blocklists

    Most of everyone uses Github to do block lists as I have started to make some lists of my own on Github and its far better than doing it on pastebin because Github will show any updates to the lists and 100% open source free.



  • I have been scolded by Netgate support for entering FQDNs into the TLD Blacklist - though it does work

    Creating a DNSBL feed with custom a FQDNs list that never needs updating will greatly reduce the overhead on Unbounds workload during the pfBlockerNG Update process.

    The unbound configuration doesn't need to know anything other than the FQDNs to ignore.

    TLD Blacklist probably has to do many lookups to create the lists for Unbound

    On another issue - how do I port pfBlockerNG config to another machine - there is zero capacity for pfBlockerNG in Backup/Restore under Diagnostics



  • There is a sync Tab under pfBlockerNG  ;)



  • You are truly a hero Ron !
    Thank you



  • Hmmm  to be specific regarding Sync and my import export dilemma

    …. I need to take portions of a huge Old config, port it to the new machine and then modify it. A lot of it is IPv4 ASN lookups for outbound rules

    This is more of a one time replication of portions of an old config, which does have unknown misconfigurations in it that I dont want to propagate to the new machine.

    I dont think this going to be possible



  • You also have the option of editing config.xml to your taste, but that's prone to error.



  • So before Locked hi-jacked the thread…

    I was asking for thoughts on the difference between an ad being blocked by pfBlocker when using a browser and an ad not being blocked when using a Google App to access the same site. What am I overlooking as to why one is served ads and the other is blocked? Thanks.



  • My guess is the google app is bypassing your DNS to query their servers directly.

    There are instructions for blocking other DNS services, you should probably implement them.



  • Thank you for your reply. The LAN is on a VPN and should be routing through the VPN's DNS. By adding this firewall rule an ad will begin to play, then the app crashes. Interesting results. That's not what I was expecting.




  • IP6?  Or it’s querying a different domain for ads…

    I’d consider putting a trace on the port 53 traffic from that host to see what it’s looking for and where.


Log in to reply