@jperezme You may be looking for pfBlockerNG-devel, which we've had in use at all clients for several years and I've seen the package maintainer recommend. It looks like non-devel still does have some updates...two commits last year that weren't Netgate URLs or copyright dates. But -devel has way more functionality. We could not get the MaxMind codes to work with the non-devel version.

@rkbest Hmm. There have been a few pfSense and pfBlockerNG updates since the instructions were posted. I wonder if something has changed that would affect that command. Unfortunately, I am not knowledgable enough to troubleshoot that - I was basically following a recipe to make this work. Sorry I can't be of more help here.

@lpd7 You can do that or create your own custom list then be sure to add to firewall floating rule with the quick set option check and that blocks quickly, instantly...I am away from my system and unable to share screen shots...hopefully someone will share.

@keyser Thank you very much!

@alek said in pfBlockerNG blocking SMTP: No ? That's the easy / easier way. Have a look at this list : Youtube Netgate everything you always wanted to know, and more. There is a Muti WAN video. There is a video about VIP, Carps, etc. The videos are old, but still very valid and very informative. It's a guy from Netgate talking about Netgate/pfSense.

@nollipfsense Respected sir There is top spamer country Option and i selected all country of top spamer deny both then Gmail and other country website not working Please suggest

@cukal re the rep files https://dev.maxmind.com/geoip/whats-new-in-geoip2 "Finally, we also include a represented_country key for some records. This is used when the IP address belongs to something like a military base. The represented_country is the country that the base represents. This can be useful for managing content licensing, among other uses." You do know you can use pfBlocker to create aliases using GeoIP country codes, under Firewall -> pfBlockerNG -> IP -> IPv4. Allow SSH/SFTP access to a host in my DMZ from the UK & Ireland only. [image: 1649786362251-screenshot-2022-04-12-at-18.56.25.png] [image: 1649786369456-screenshot-2022-04-12-at-18.56.00.png]

@gertjan You dont read what I write... I ask for a honeypot to collect the IP's used in a DDoS stress test. Nothing else. Then feed them into a pfblocker list so the compromised IP's doesnt reach servers behind pfsense in any way. Adblock and trackers are not important here.... just a bonus on top of the honeypot list. And then the lists could be distributed to others as a feed.

@patch said in ransomwaretracker.abuse.ch feed: Did I do something wrong with the installation? pfBlockerng-devel, by itself, does nothing. True, on the Firewall > pfBlockerNG > Feeds page it shows sources that could consider using. pfBlockerng-devel has no affiliation with them (exception : the PRI5 BBcan177 feed maybe). You should assure yourself that these sources do what you want, and that they (still) exist. Most of them are created and maintained by a person or small group of persons, and as such, these feeds come, and go. Btw : it has been seen that sources (feeds) included their own IP and/or host name as a DNSBL ^^

Ah, looks like the ASN source is returning errors right now. For example: https://api.bgpview.io/asn/6161/prefixes returns a 500 server error.

@gertjan Okay, there's a bunch of Alphanumeric characters between "suppression" tags, and I used a hex64 -> ASCII to convert and bingo! You're right! Good to know... Same for the other IPV4 lists. Thanks a lot @Gertjan !

@akuma1x Thanks I will look these up. I like videos compared to text due to my learning style but the drawback is that there is the potential for wasted time due to older versions, superficial info or just plain lousy content which is why referrals is a good way to filter out the noise. Thanks again.

So I guess one solution would be to not reconnect the PPPoE connection from my side. Another would be to let pfBlocker not create the rules but only aliases and to create the rules myself. All in all I have a bad feeling regarding reconnecting the PPPoE connection in pfSense, often the web-UI is not accessible for some time, could be a more general problem.

While using pfsense 2.4.5.1 pfblockerng allowed the selection of AS Numbers. But that has disappeared in the 2.1.4_26 version supported by pfsense 2.5.2. Can anyone advise what happened or how I can block a site by ASN

@steveits God, totally misread the table, thanks!

Yes, after upgrading to 3.1.0_4, everything is fine.. Thanks BBcan177 and pfsense team

@gertjan Upgraded to v3.1.0_4 (new one came out already?) and now it works! Thank you!