Monster pfBlockerNG import script pfBlockerNG_import_gravity.php 224 lists
-
pfBlockerNG_import_gravity.php Copyright (C) 2016 gravity@demarctech.com All rights reserved.
URL and Header data pull from firehole project file update-ipsets.in https://github.com/firehol/firehol
Orginal pfBlockerng_import.php script pfBlockerNG Copyright (C) 2014 BBcan177@gmail.com All rights reserved.Total 224, 36 Organisations rest block lists for Ads, Abuse, Reputation, SPAM/Bots/PHP, TOR, Anonymizers and bogons
Notes: Includes all the lists from the original script1. ssh into the pfSense console
2. Type 8 to get to the shell
3. Paste```
curl https://raw.githubusercontent.com/tonymorella/pfsense_scipts/master/pfBlockerNG_import_gravity.php > pfBlockerNG_import_gravity.php4\. Paste``` php -f ./pfBlockerNG_import_gravity.php5. Press Return
6. Will return pfBlockerNG Alias List Import Completed
7. Exit pfSense console
8. Select Firewall>pfBlockerNG>IPv4
9. Enable Level_1 and Level_2 to have the least amount of false positives, select Deny_Outbound action with update time of 1 hour
10. Enable Attacks and Malware, but expect to have false positives and update white lists, select Deny_Outbound action with update time of 8 hours.
11. Enable Ads if you want to back ads select Deny_Outbound action with update time of EveryDayEnjoy :)
Tony
10/3/2016 UPDATE: Moved a bunch of lists into Level 1, primarily used for to block bad ips outbound i.e. browsers.
-
Appreciated, is it only for firehol or is it for firehol + original ones from BBCan77? Since I have original ones installed, don't want to be screwed. Thanks.
-
It includes the ones from the original, but under different alias and header names so it will not overwrite
Tony
-
It includes the ones from the original, but under different alias and header names so it will not overwrite
Tony
Thanks, is it possible to just import the firehol ones?
-
It includes the ones from the original, but under different alias and header names so it will not overwrite
Tony
Thanks, is it possible to just import the firehol ones?
Could just do the import and turn off the ones you don't want, the Alias are disabled so they will not run until you set them to. Or modify the script before doing the import, delete the ones you don't need.
-
Parse error: syntax error, unexpected 'infolists' (T_STRING), expecting ')' in /usr/local/www/pfBlockerNG_import_gravity.php on line 563… and more
-
Parse error: syntax error, unexpected 'infolists' (T_STRING), expecting ')' in /usr/local/www/pfBlockerNG_import_gravity.php on line 563… and more
Same error here :/
-
Parse error: syntax error, unexpected 'infolists' (T_STRING), expecting ')' in /usr/local/www/pfBlockerNG_import_gravity.php on line 563… and more
Same error here :/
Crud sorry about that typo on line 563
"description" => "Malware Expect false positives white lists will need to be created",",Change to
"description" => "Malware Expect false positives white lists will need to be created",Also update file on Github
-
also change this:
line 680
"header" => "trustedsec_atif"),->
"header" => "trustedsec_atif")),and
line 1020"custom_update" => "disabled")->
"custom_update" => "disabled"), -
Hello.
Very good tool for pfBlockerNG :)
this is my debugged script that works for me, (zip file attached. or in my web: http://www.javcasta.com/?smd_process_download=1&download_id=33310 )
Regads.
-
also change this:
line 680
"header" => "trustedsec_atif"),->
"header" => "trustedsec_atif")),and
line 1020"custom_update" => "disabled")->
"custom_update" => "disabled"),Thanks for the review, changes updated on github. This is what happens when your up 24 hours straight :)
-
Ok, thanks for update in github
One detail, wget is not by default in pfSense 2.3.2, other way to download script:
curl https://raw.githubusercontent.com/tonymorella/pfsense_scipts/master/pfBlockerNG_import_gravity.php > pfBlockerNG_import_gravity.php -
Some of the lists blocked other lists. e.g. Malware[ransomware_feed] blocks Spam_Bots_PHP[lashback_ubl], Attacks[gofferje_sip] blocks Attacks[blueliv_crimeserver_online, blueliv_crimeserver_recent]. Totally confusion. Also, can't get access from "https://freeapi.blueliv.com"
-
Some of the lists blocked other lists. e.g. Malware[ransomware_feed] blocks Spam_Bots_PHP[lashback_ubl], Attacks[gofferje_sip] blocks Attacks[blueliv_crimeserver_online, blueliv_crimeserver_recent]. Totally confusion. Also, can't get access from "https://freeapi.blueliv.com"
Good point, by default I added all the URLs to a custom allow lists so they can not block each other :) Also you need to create and account to access the blueliv.com API
-
Some of the lists blocked other lists. e.g. Malware[ransomware_feed] blocks Spam_Bots_PHP[lashback_ubl], Attacks[gofferje_sip] blocks Attacks[blueliv_crimeserver_online, blueliv_crimeserver_recent]. Totally confusion. Also, can't get access from "https://freeapi.blueliv.com"
Good point, by default I added all the URLs to a custom allow lists so they can not block each other :) Also you need to create and account to access the blueliv.com API
Added 88.198.202.51 (blueliv.com) into the pfBlockerNG surpress list, but it was still blocked by gofferje, What am I missing?
-
Also, can't get access from "https://freeapi.blueliv.com"
Added 88.198.202.51 (blueliv.com) into the pfBlockerNG surpress list, but it was still blocked by gofferje, What am I missing?
I haven't used blueliv, but your not checking the correct domain name…
ping freeapi.blueliv.com
PING f01.blueliv.com (88.198.51.46): 56 data bytes
-
Also, can't get access from "https://freeapi.blueliv.com"
Added 88.198.202.51 (blueliv.com) into the pfBlockerNG surpress list, but it was still blocked by gofferje, What am I missing?
I haven't used blueliv, but your not checking the correct domain name…
ping freeapi.blueliv.com
PING f01.blueliv.com (88.198.51.46): 56 data bytes
Hi,
if I manually add the ip in the suppress list and apply the changes, Should I do a update or force reload?
-
I think you should put a warning about false positives on the bots and organisations ones. I had to delete them.
-
I think you should put a warning about false positives on the bots and organisations ones. I had to delete them.
Sure why not :) I used Organisations for allow rules not block, did you notice issues with this one??
-
blocking emails to/from me.com from a local mail server I think it was.
