pfBlockerNG Shallalist and UT1 failed

nimrod · Jun 10, 2022, 6:00 PM

I have the same issue, and it think i know what the problem is. It seems like pfBlockerNG is trying to download UT1 blacklist from this link:

ftp://ftp.ut-capitole.fr/pub/reseau/cache/squidguard_contrib/blacklists.tar.gz

And it fails because that link is no longer valid even though its listed here.

This is the link that pfBlockerNG should use:

https://dsi.ut-capitole.fr/blacklists/download/blacklists.tar.gz

I think pfBlockerNG needs to be updated to use the new link. @BBcan177 please correct me if im wrong.

aspiringnetworkadmin · Jun 13, 2022, 12:14 AM

@nimrod thank for this information Sir

Miguel 1 · Jun 16, 2022, 2:29 PM

@nimrod Where do I go to update the link in pfBlockerNG?

fireodo · Jun 16, 2022, 2:46 PM

@miguel-1 said in pfBlockerNG Shallalist and UT1 failed:

Where do I go to update the link in pfBlockerNG?

Not in the GUI. You have to edit the file:
/usr/local/pkg/pfblockerng/ut1_global_usage

@BBcan177 Correct me if I'm wrong ...

nimrod · Jun 16, 2022, 3:01 PM

I think there is no need to update anything, because, since yesterday, UT1 list update is working again. Whatever the problem was, its gone now. This could be some temporary issue on UT1 servers.

I forced list update 20 minutes ago, and its working just fine.

fireodo · Jun 16, 2022, 3:03 PM

@nimrod said in pfBlockerNG Shallalist and UT1 failed:

I think there is no need to update anything, because, since yesterday, UT1 list update is working again. Whatever the problem was, its gone now. This could be some temporary issue on UT1 servers.
I forced list update 20 minutes ago, and its working just fine.

Then everything is fine and that manual edit of pfblocker file "/usr/local/pkg/pfblockerng/ut1_global_usage" isnt necessary anymore.

Miguel 1 · Jun 16, 2022, 5:32 PM

@fireodo if I update but it does not block the contents.

fireodo · Jun 16, 2022, 5:43 PM

@miguel-1 Force Reload All in pfblocker to be shure all changements get active.

Miguel 1 · Jun 16, 2022, 6:34 PM

@fireodo I already did the forced restart, I also restarted pfsense but it only blocks some pages and not others.

fireodo · Jun 16, 2022, 6:54 PM

@miguel-1 said in pfBlockerNG Shallalist and UT1 failed:

but it only blocks some pages and not others

That means its working - why it not block some other pages that you have to investigate yourself - maybe they arent on the blacklists ...

Miguel 1 · Jun 16, 2022, 7:01 PM

@fireodo How can I include more sites in the list?

fireodo · Jun 17, 2022, 7:09 AM

@miguel-1 said in pfBlockerNG Shallalist and UT1 failed:

How can I include more sites in the list?

In pfblocker under UT1 you have a list of categories - choose here the category that fits the best the type of site you want to block - if that site is not included in any category you have to block it individually. I recommend to read the pfblocker documentation.

reberhar · Mar 1, 2024, 4:57 AM

This post is deleted!

nimrod · Mar 1, 2024, 1:54 PM

@reberhar said in pfBlockerNG Shallalist and UT1 failed:

@nimrod I recently came up against this problem and changed the link as suggested here without result.

As the problem moved with a configuration file, I went ahead and changed the indicated link in the config.xml, which was still pointing to the squidguard link.

This gave partial success, but I am still having some problems that I am waiting for a reply from BBcan177.

However I think that the suggestion in the post of using the https link is wrong in this case. It suggests the https link. For pfblocker the ftp link should be used, but not the one that has squidguard in it, but this one.

ftp://ftp.ut-capitole.fr/blacklist/

That doesnt work any more. It was long time ago.

Use this instead: https://github.com/olbat/ut1-blacklists

reberhar · Mar 1, 2024, 3:56 PM

@nimrod Thanks

reberhar · Mar 4, 2024, 8:00 PM

@nimrod So Nimrod, I am assuming that these lists are not all formatted in the same way, and that part of my problem is the pfblockerng is expecting a certain format for the ut1 list and that the data I am getting from these links is not formatted that way.

I can just download those list to groups and that works.

I don't feel much like writing parsing software to massage the data.

The next thing to do is look at the source code and see what it is expecting.

reberhar · Mar 4, 2024, 11:56 PM

@reberhar So I had two similar machines acting exactly the sameway. They only shared the config file. I am preparing for HA.

Trying lots of links for the UT1 list and changing many settings, one started to work with the squidguard list. Which means that my config file is corrupted. I am not looking forward to doing a pfblocker clean install, but it seems that that is what it needs.

SIGH