IP-Blocklist
-
It blocks by rule, not by IP address.
-
Some of you are having issues because of a mistake that was committed. The error has been corrected but you still have the old package running.
Uninstall your package
Reboot your box
Re-install your package.PM me with any errors that you encounter and any specific settings that you have.
I have tested the current package release on a fresh install of 1.2.3 and 1.2.2 and it is working correctly. I also tested unique settings such as Jideels's 'Disable all auto-added VPN rules' setting and the package works fine.Thank you all for your support with this package.
Hopefully version 2 will include scheduled updates and a white-list feature. Keep the suggestions coming!
-
ip blocker don't work with traffic shaper
turn off traffic shaper and enable ip blocker
sorry for my english
-
I tested with traffic shaper enable and the package worked fine. You may have other firewall settings that could be disabling the package. Its really hard to say what is happening without looking at your unique setup. If you want you could send me your pfsense config to my email for further investigation.
-
Mule All I mean is why can't we have the package work the other way around. Would it not be more beneficial than blocking hundreds of thousands of ips? I am just asking a question of logic. I am not asking anyone to make a new package or anything.
-
Version 2 will include a white list feature.
Just remember outbound is usually open/unfiltered on almost all home setups. This is what this package addresses. Its the PeerGuardian2 or PeerBlock alternative for pfsense.
-
Yay….but I dont understand why Tom. To make it more secure, it is better to have the opportunity to block inbound IP's...
Normally it is not an issue with outbound traffic, but more what comes from the outside... I would really muck like to eliminate everything from selected countries.
-
The package stops inbound and outbound traffic in all protocols for the added IP lists.
You can block entire countries with this package. That is one of the main benefits of this package. So if you want to run p2p applications safely or block spam for your email servers, or even block entire countries this is the package for you.
Take a look at some of the public available lists you can use: http://iblocklist.com/lists.php
Remember this package blocks all inbound and outbound traffic on all protocols for the IPs in each list.
-
Thanks Mate!! :) That was exactly what I was looking for….
Looking forward to see if you find the reason for me having trouble getting it to work :)
The package stops inbound and outbound traffic in all protocols for the added IP lists.
You can block entire countries with this package. That is one of the main benefits of this package. So if you want to run p2p applications safely or block spam for your email servers, or even block entire countries this is the package for you.
Take a look at some of the public available lists you can use: http://iblocklist.com/lists.php
Remember this package blocks all inbound and outbound traffic on all protocols for the IPs in each list.
-
Version 2.0 is out!
Version 2.0 fixes several bugs. Some of you that could not get the package working may find that the package will work perfectly on your system.
New features:
White lists are now supported.Changes:
Removed manual IP blocking and replaced with White lists
Fixed a bug where the package would error out due to a large amount of firewall rules (Thank you Supermule!)
Fixed a bug where the package would not start on system boot during rare occasions. -
You are very welcome :) Glad I could help!!
-
Just a note: Package does not work with IE. Then again who uses IE anyway :P.
-
:( I do…...Firefox has problems showing layers on webpages....If I have a transparent webpage with a .jpg background, it doesnt show the background at all.....
IE is also more secure. Therefore I use IE....
-
Opps we don't want to start a FF vs. IE flame war here on this topic.
Just my two cents:
FF: http://secunia.com/advisories/product/28698/
IE:http://secunia.com/advisories/product/21625/Looks like IE has more unpatched bugs and a bigger threat score than FF does. Looks like FF is more secure to me.
-
Sorry…Havent seen the latest bulletins from Secunia :)
I rest my case. ;)
But pls make the package work under IE as well....Just for user friendlyness :D
Opps we don't want to start a FF vs. IE flame war here on this topic.
Just my two cents:
FF: http://secunia.com/advisories/product/28698/
IE:http://secunia.com/advisories/product/21625/Looks like IE has more unpatched bugs and a bigger threat score than FF does. Looks like FF is more secure to me.
-
Nice job! subscribing… ;)
-
The compress lists work well but I tried using this URL http://www.countryipblocks.net/e_country_data/Asia_cidr.txt and could not get it to work. Do they have to be a compressed tarball? I want to block the countries I get the most attacks from.
Wish I could just use this list http://www.countryipblocks.net/e_country_data/North_America_cidr.txt and an allow list but I will take what I can get. Want to block South America, Asia, Russia, and well a lot of others. It just seems like all those IPs would kill my box.
-
The lists can be any format such as .txt, .list, .IPs, and even no extention as long as they are plain text lists. If they are compressed then .gz is the only supported compression.
You list (http://www.countryipblocks.net/e_country_data/Asia_cidr.txt) is not in the correct format. Lists have to be in the PG2 format (Asia:58.16.15.56-58.100.0.100)
For country IPs you can either find countries at http://iblocklist.com/lists.php or make you own list.
I make my own lists at http://gskinner.com/RegExr/
For example I want to convert a .csv of IPs from www.stopforumspam.com to the PG2 format.-
Paste all the IPs in http://gskinner.com/RegExr/
-
Click find a replace, do a find for "\b\d{1,3}.\d{1,3}.\d{1,3}.\d{1,3}\b" and a replace for "\nIP:$&-$&"
Now that only works for single IP addresses
Since your list (http://www.countryipblocks.net/e_country_data/Asia_cidr.txt) is in CIDR format then you will have to find a script or online application to convert CIDR to IP range.
Here is a link that can help you convert CIDR to IP range: http://www.unix.com/shell-programming-scripting/34301-get-ip-list-cidr-2.html
Once you convert your list to IP range then you have to convert to PG2 format with http://gskinner.com/RegExr/If you are going to use www.countryipblocks.net then download the "IP range" list and convert to PG2 Format
-
-
speaking of iblocklist.com, it's as simple as copying the "http://list.iblocklist.com/?list=bt_level1" to add list url and that's it? or do I have to do it some other way?
-
It is that simple. :)
Just make sure you get the true url. Since the link you posted is a pointer to several mirrors that host that file you need to click that link and then copy the url to paste into the package.
Example: http://list.iblocklist.com/?list=bt_level1 points to http://iblocklist.dbnservers.net/files/bt_level1.gz
So you would paste http://iblocklist.dbnservers.net/files/bt_level1.gz into the package.