Hi, Thanks for your reply,

I have 5-10 IP addresses in the block list. i also periodically flush that list. I am thinking of Pfblocker as i've recently added DNSBL lists, could those be the reason? otherwise my block lists are reasonable... i am not doing any reputation based blocking..

would you like any logs from my system... if this may help?

Cheers

Yes, most definitely the DNSBL will cause the problem if you have lots of IP lists (and most folks do with that option).

I have 5-10 IP addresses in the block list. i also periodically flush that list. I am thinking of Pfblocker as i've recently added DNSBL lists, could those be the reason? otherwise my block lists are reasonable... i am not doing any reputation based blocking..

would you like any logs from my system... if this may help?

Cheers

How many blocked IPs do you have? And are you running any other package that might be generating and or maintaining large pf tables?

There is a known issue with the pfctl utility when it is manipulating large tables in the pf firewall engine. That issue is being investigated by the pfSense team. The problem seems to have come over with the update to FreeBSD 11.3/STABLE. The BLOCKED tab calls the pfctl utility to grab the list of IP addresses currently held in the snort2c table Snort uses for blocking hosts.

You really need to be running the periodic task to remove blocked hosts if you do not already have that enabled. Go to the GLOBAL SETTINGS tab and enable the option to "Remove Blocked Hosts" and set it to a reasonable interval. I suggest 1 hour as a good time. That is enough to discourage port scanners and the like. There is no reason whatsoever to keep IPs in the blocked table for days or weeks. If the offending IP targets your box again, Snort will block it again. The 1-hour suggested blocked host interval is plenty of time to leave an IP blocked.

If you have the "Remove Blocked Hosts" option enabled and still have slow page loading on the BLOCKED tab, then how many IPs are in that list?