pfBlockerNG

Your browser does not seem to support JavaScript. As a result, your viewing experience will be diminished, and you have been placed in read-only mode.

Please download a browser that supports JavaScript, or enable it if it's disabled (i.e. NoScript).

B

pfBlockerNG_devel commit reverse

• • BBcan177

21

11
Votes

21
Posts

725
Views

P

Has everything now settled down so as to proceed with an update to _18 with a functional ASN lookup?
B

pfBlockerNG-devel v3.2.0_15

• • BBcan177

45

15
Votes

45
Posts

2.0k
Views

J

@slu

Just wait on a production system. there will be more. _17 still has "show stoppers"

yes you can "get around" some of them, but not all.
production wait.
installing and package testing -devel
B

pfBlockerNG-devel v3.0.0 - No longer bound by Unbound!

• • BBcan177

94

10
Votes

94
Posts

72.6k
Views

G

@flepti said in pfBlockerNG-devel v3.0.0 - No longer bound by Unbound!:

my setup too

You mean you use pfSense 2.4.5 and "007" fBlockerNG-devel ?
Easy solution : upgrade ?!
S

Firewall Rules Order

• • Stewart

34

0
Votes

34
Posts

18.7k
Views

V

so happy to find the explanation relating the tables and lists!! thanks!
N

Bypassing DNSBL for specific IPs

• • Ns8h

108

5
Votes

108
Posts

66.0k
Views

S

@gertjan

Just following up on this -- (Thanks for your help!)

The Python Group Policy action works for whitelisting any clients, per host address e.g. 192.168.1.100 that we do not want DNSBL to filter.

However I have another problem, sort of in the same neighborhood.

I am using GeoIP as well using a domain name white list alias (domain a/s lookup enabled) that I created called "domain_whitelist_v4"

This is the alias URL in the fw:

https://127.0.0.1:443/pfblockerng/pfblockerng.php?pfb=pfB_domain_whitelist_v4

I'm trying to use the same GeoIP alias file " domain_whitelist_v4" in a DNSBL Group Feed source definition to not take action/block on.

The URL I set of the DNSBL group feed source definition is https://127.0.0.1:443/pfblockerng/pfblockerng.php?pfb=pfB_domain_whitelist_v4.txt

I have the action set to "Disabled" instead of Unbound.

I figure that If I update the GeoIP alias "domain_whitelist_v4" section, that I do not have to then also update the DNSBL Whitelist section too since their (DNSBL & GeoIP) are both referencing the same domain name list (domain_whitelist_v4). Instead I have to update in 2 places for domain reachability sometimes depending if its also being blocked via GeoIP

Ideally, I don't want to remove all filtering for some clients, but instead I'd like to update one alias file that covers both DNSBL (permit) and GeoIP (permit)
I

Support pfBlockerNG development!

• • ivor

5

3
Votes

5
Posts

10.4k
Views

A

I can not wait to see how he is going to do the mass import for IP4 and DNSBL, I hope its just a simple text doc you can just upload just like you would a backup file on Ublock extension.
Looking forward to it.

I may have to get some more Ram lol only got 8 gig and I bet doing mass list imports will hit the Ram hard.

Great work hope it's coming along well ;)

Great job.
B

PfBlockerNG v2.1 w/TLD

• • BBcan177

124

0
Votes

124
Posts

242.5k
Views

E

It would be really cool if it could automatically update the blocked TLDs based on the spamhaus statistics (https://www.spamhaus.org/statistics/tlds/) on a regular schedule. I realize that this may be more difficult than it sounds as I cant seem to find a spamhaus TLD feed, just a website. But if we dont dream then it will never happen!
B

PfBlockerNG v2.0 w/DNSBL

• • BBcan177

1.1k

2
Votes

1.1k
Posts

1.3m
Views

R

@ck42 The entry is related to Firewall / pfBlockerNG/ DNSBL / DNSBL Category Blacklist.
W

PfBlockerNG

• • wbennett77

1.2k

2
Votes

1.2k
Posts

1.4m
Views

K

@breeoge said in PfBlockerNG:

@belt9:

I wanted to chime in here as I just updated from a month old RC to 2.4.0-RELEASE last night and ran into this problem today.

I haven't read through all of the many pages of the many threads that seem related to this issue (show how popular pfBNG is!), so maybe this has already been covered.

But I've seen several people state that this doesn't happen on ZFS - I have a raidz2 ZFS install, and this happened to me, just throwing that out there.

That is good to know. Thank you for the report. BBcan177 is currently updating it to use SQLlite and this should fix any issues in the future. In the other thread there is a temp fix posted..

https://create.vista.com/colors/palettes/

Thank you
BreeOge

Hello my friend. Many thanks to Bbcan177 for keeping the report up to date. as a result of this, in principle, the given problems are corrected.
T

pfBlockerNG-devel Not Downloading ASN Information

• • tman222

18

0
Votes

18
Posts

128
Views

T

@jrey and @FCS001FCS - thank you both for your help. I believe I now have this resolved and part of the problem was my unfamiliarity with the ASN process in pfBlockerNG. It turns out that the post from @FCS001FCS was right on and the process does need to be bootstrapped somewhat with an ASN IPv4 list to download the files for the first time.

More Details:
If just enable ASN reporting (e.g. 1 hour cache and enter IPinfo token), save, and force an update, nothing happens, and no ASN files are initially downloaded. If I perform step 1, and then also create a new ASN IPv4 list, add an ASN to it under the Source field (as described above), save & enable that list and then force an update, the IPinfo ASN files are downloaded as part of the forced update and the ASN IPv4 list is populated. It turns out that I could see ASN information all along when creating a new ASN IPv4 list. I incorrectly formatted the text in the Source field the first time preventing the drop down list from showing. If I do not perform step 1 first, but still create the ASN IPv4 list and force an update as described in step 2, I will get an error during the update that I need to register for an IPinfo token and ASN IPv4 list will not be populated.
Long story short, after enabling the ASN reporting capability, to trigger the initial download of ASN files from IPinfo during a forced update, an IPv4 block list with one or more ASNs should be created as well. So in my view the initial download process is bootstrapped via the existence of an ASN IPv4 list.

A couple follow up questions:
Do the ASN files from IPInfo get updated on a regular basis now? Should ASN information also show up in the pfBlockerNG reports (e.g. permit, deny, unified logs)?
Thanks again for all your help, I really appreciate it.
Q

pfBlockerNG-devel 3.2.0_18

• • Qinn

22

4
Votes

22
Posts

426
Views

T

@jrey said in pfBlockerNG-devel 3.2.0_18:

@tman222

so this maybe.

what is in your extras.log ? that is where the download is logged --

@jrey said in pfBlockerNG-devel 3.2.0_18:

regarding the change regarding the setting for ASN Reporting which must be enabled now.
The old feed would download even if the setting was disabled, the new ones won't even though ASN reporting means something else. Enable 1 hour

Thanks @jrey for the response. I'll continue the conversation regarding this issue in the other thread I posted.
M

pfBlocker remove Shalla and UT1

• • mak73

12

0
Votes

12
Posts

318
Views

M

@smolka_J No tweaking , i don't like that.
T

Firewall rules question

• • telserv

5

0
Votes

5
Posts

81
Views

T

@johnpoz Thank you for the detailed and quick reply! I'm still looking at it to ensure I understand.
@ahking19 I did understand your message, and I created the firewall rules myself, as opposed to auto. Thank you.
O

pfBlockerNG sync not working

• • Overlord

59

1
Votes

59
Posts

7.5k
Views

I

@planedrop You can always (re)apply the one liner fix to the pfblockerng.php file under /usr/local/www/pfblockerng/ on the Master node. Haven't had any issues since.
E

Custom Client Lists in pfBlockerNG

• • engkirk

3

0
Votes

3
Posts

74
Views

E

@michmoor
Right thanks. I thought I had read somewhere that the functionality I wanted would be coming in a future release of pfblocker.
I have Pihole currently doing what I want but had wanted to simplify or consolidate the functionality in a single device.
Thanks for your feedback again.
B

Download failed for certain Lists "PFB_FILTER - 17"

• • Beerman

12

0
Votes

12
Posts

236
Views

S

@Beerman Some form of fix will be but may be in a different area or dependency package that pfBlockerNG uses. That line wasn't present in 3.2.0_8 and earlier versions of the pfblockerng.inc so I'm assuming something had changed in the magic database file(s) that's used to determine mime types. I have a similar error on feed PRI4_v4 - CCT_IP_v4 https://cybercrime-tracker.net/fuckerz.php that is coming up invalid Mime Type application/javascript, while the same feed is working fine on my CE VMs on pfBlockerNG 3.2.0_8. Tried adding a line with 'application/javascript' but that didn't do anything for it specifically
S

changes to snort.org/talos intel ip block list affecting pfBlockerNG

• • scrowley

2

0
Votes

2
Posts

149
Views

S

They had an earlier post about the upcoming changes as well which kinda explains it better:
https://blog.snort.org/2024/08/upcoming-changes-to-snortorg-sample-ip.html
?

pfBlockerNG update kills web UI

• • A Former User

9

0
Votes

9
Posts

432
Views

P

My plus Offers me upgrade to 3.2.0.10 Is that safe? Or should I stay on 3.2.0.9
M

pfblocker - speed up search

• • michmoor

14

0
Votes

14
Posts

246
Views

J

@michmoor said in pfblocker - speed up search:

I cant speak for @Gertjan but

just looking at the various screen captures provided the return expectation of @Gertjan is at least 500 results. That means on whatever search you are doing please return the most recent 500 that match. For alerts in particular if all (4) sections of the report have the same return value limit and you are searching you are telling each section to return 500 results. Could generate a lot of reading and then looking up related "stuff" to do that on top.

Screen Shot 2024-09-20 at 6.15.34 PM.png

if you are looking for DNSBL set that field to 50 to start, set the other 3 to 0
Screen Shot 2024-09-20 at 6.43.57 PM.png

for the alerts report Unified setting and DNS Reply setting will have no impact
this is how the 6 return value settings line up to the 3 reports.

Screen Shot 2024-09-20 at 6.46.14 PM.png

Sorry the IP Permit and IP Match both go to Alerts, made the green lines too wide and the overlapped. Honest there are 4 green lines there... 😊
K

DNSBL SQLite3 database [ lastevent ] corrupt messages in system logs

• • Klaus2314

21

0
Votes

21
Posts

226
Views

K

Hi all,

since I deleted the files and de-installed watchdog no more errors occurred in the last 24 hours (which included a few cron jobs by pfblocker) so things seem to be fine again.

Oh, and yes, I have been running the python mode before (and still am) on DNSBL.

thanks again for helping.

1 / 126