Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    IP-Blocklist

    Scheduled Pinned Locked Moved pfSense Packages
    496 Posts 86 Posters 538.9k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G
      greengolftee87
      last edited by

      I tried all three lists on the configuration page to no avail.

      1 Reply Last reply Reply Quote 0
      • T
        tommyboy180
        last edited by

        IP-Blocklist 3.0.1 released!

        fixed uninstall problem.
        updated perl to 5.12
        updated netCIDR to 0.14

        pfsense 1.2.3 has been tested.

        pfsense 2.0BETA not tested.

        Completely uninstall IP-Blocklist. If you still have a link for IP-Blocklist then run "rm -R /usr/local/www/packages/ipblocklist" and "rm /usr/local/etc/rc.d/IP-Blocklist.sh" before re-installing 3.0.1

        -Tom Schaefer
        SuperMicro 1U 2X Intel pro/1000 Dual Core Intel 2.2 Ghz - 2 Gig RAM

        Please support pfBlocker | File Browser | Strikeback

        1 Reply Last reply Reply Quote 0
        • G
          greengolftee87
          last edited by

          You are all kinds of awesome. Started working right away.
          Thanks

          1 Reply Last reply Reply Quote 0
          • T
            tommyboy180
            last edited by

            @greengolftee87:

            You are all kinds of awesome. Started working right away.
            Thanks

            Glad to hear it!

            -Tom Schaefer
            SuperMicro 1U 2X Intel pro/1000 Dual Core Intel 2.2 Ghz - 2 Gig RAM

            Please support pfBlocker | File Browser | Strikeback

            1 Reply Last reply Reply Quote 0
            • RonpfSR
              RonpfS
              last edited by

              So I rm the package rm -R /usr/local/www/packages/ipblocklist" and "rm /usr/local/etc/rc.d/IP-Blocklist.sh"
              I reinstalled, doesn't block any .gz list

              Removed, uninstallation went fine, the menu are not present in Firewall menu  :)

              Install again, still You are blocking 0 Networks/IPs

              I modified /etc/inc/config.inc from 128MB to 256M and /usr/local/lib/php.ini from 32M to 128M
              no change (not sure if I have to reboot or not)

              Uninstall is my next move

              2.4.5-RELEASE-p1 (amd64)
              Intel Core2 Quad CPU Q8400 @ 2.66GHz 8GB
              Backup 0.5_5, Bandwidthd 0.7.4_4, Cron 0.3.7_5, pfBlockerNG-devel 3.0.0_16, Status_Traffic_Totals 2.3.1_1, System_Patches 1.2_5

              1 Reply Last reply Reply Quote 0
              • T
                tommyboy180
                last edited by

                @RonpfS:

                So I rm the package rm -R /usr/local/www/packages/ipblocklist" and "rm /usr/local/etc/rc.d/IP-Blocklist.sh"
                I reinstalled, doesn't block any .gz list

                Removed, uninstallation went fine, the menu are not present in Firewall menu  :)

                Install again, still You are blocking 0 Networks/IPs

                I modified /etc/inc/config.inc from 128MB to 256M and /usr/local/lib/php.ini from 32M to 128M
                no change (not sure if I have to reboot or not)

                Uninstall is my next move

                Uninstall the package from your package manager page and then re-install. That should do it. The rm -R command was only for those that still had a link after uninstalling and still had the package installed.

                -Tom Schaefer
                SuperMicro 1U 2X Intel pro/1000 Dual Core Intel 2.2 Ghz - 2 Gig RAM

                Please support pfBlocker | File Browser | Strikeback

                1 Reply Last reply Reply Quote 0
                • F
                  firestrife23
                  last edited by

                  It seem to working perfectly, without any issues. However, how do I know it's actively blocking in real time, is there's a way to monitor this similar to logfile? I enabled Logging, and I don't see it under Status > System Logs

                  1 Reply Last reply Reply Quote 0
                  • D
                    DigitalJer
                    last edited by

                    hm, I seem to be failing at everything, lol.

                    Uninstall IP-Blocklist OK, but link remains.

                    Executed the CL as suggested above to remove the link, and the link remains (when clicked, 404 - Not Found).  Reboot / reinstall / uninstall in any/every order doesn't seem to help, IP-Blocklist 3.0 keeps installing (instead of 3.0.1), and Running, but Blocking = 0 Networks.

                    –------------------------------------------------
                    2.4.3-RELEASE (amd64)
                    built on Mon Mar 26 18:02:04 CDT 2018
                    FreeBSD 11.1-RELEASE-p7
                    VM in ESXi 5.5
                    1 x 1000baseTX (WAN)
                    1 x 1000baseTX (LAN)

                    1 Reply Last reply Reply Quote 0
                    • T
                      tommyboy180
                      last edited by

                      An old config is preventing you from getting the new version. I forget where the directory is but I think it somewhere near /usr/etc/pkgs or something like that. Just delete everything IP-Blocklist/ipblocklist.

                      I can't tell for sure since I'm away from home right now (working on my CCENT/CCNA). If you can't get it working let me know, I can probably get a VM of pfsense up if I need to.

                      -Tom Schaefer
                      SuperMicro 1U 2X Intel pro/1000 Dual Core Intel 2.2 Ghz - 2 Gig RAM

                      Please support pfBlocker | File Browser | Strikeback

                      1 Reply Last reply Reply Quote 0
                      • F
                        firestrife23
                        last edited by

                        just a small feature request, can you add this to bottom of whitelist page like "You're currently unblocking #### IPs"

                        1 Reply Last reply Reply Quote 0
                        • D
                          DigitalJer
                          last edited by

                          Found a cpl ipblockist.* in /usr/local/pkg -deleted them, same prob(s) still exist - no worries though, thanks for the tip :)

                          –------------------------------------------------
                          2.4.3-RELEASE (amd64)
                          built on Mon Mar 26 18:02:04 CDT 2018
                          FreeBSD 11.1-RELEASE-p7
                          VM in ESXi 5.5
                          1 x 1000baseTX (WAN)
                          1 x 1000baseTX (LAN)

                          1 Reply Last reply Reply Quote 0
                          • D
                            DWAyotte
                            last edited by

                            @tommyboy180:

                            An old config is preventing you from getting the new version. I forget where the directory is but I think it somewhere near /usr/etc/pkgs or something like that. Just delete everything IP-Blocklist/ipblocklist.

                            I can't tell for sure since I'm away from home right now (working on my CCENT/CCNA). If you can't get it working let me know, I can probably get a VM of pfsense up if I need to.

                            Hey good buddy. I was on a wicked old version, like 2.2.1, something like that. I am having no luck getting the latest to work for me. I tried looking all over the fs, using your other awesome package btw, and couldn't find anything in terms of remnants from a past config.

                            The newest package installs fine, but when I add .gz lists I still have 0 showing for number of blocks with service Running. Any ideas? Thanks again!

                            1 Reply Last reply Reply Quote 0
                            • T
                              tommyboy180
                              last edited by

                              @DWAyotte:

                              @tommyboy180:

                              An old config is preventing you from getting the new version. I forget where the directory is but I think it somewhere near /usr/etc/pkgs or something like that. Just delete everything IP-Blocklist/ipblocklist.

                              I can't tell for sure since I'm away from home right now (working on my CCENT/CCNA). If you can't get it working let me know, I can probably get a VM of pfsense up if I need to.

                              Hey good buddy. I was on a wicked old version, like 2.2.1, something like that. I am having no luck getting the latest to work for me. I tried looking all over the fs, using your other awesome package btw, and couldn't find anything in terms of remnants from a past config.

                              The newest package installs fine, but when I add .gz lists I still have 0 showing for number of blocks with service Running. Any ideas? Thanks again!

                              I have some ideas. First are you using 1.2.3 or the BETA 2.0? I have been having problems keeping this package working smoothly for those with BETA2.0. Someone was kind enough to agree to send me a laptop for development but unfortunately it hasn't arrived yet.
                              If you're on 1.2.3 then we should be able to figure it out quickly. Just to confirm you have IP-Blocklist ver 0.3.0 or 0.3.1 correct?
                              Can you try this .gz file: http://iblocklist.dbnservers.net/files/bt_ads.gz    Just to be sure.

                              Edit: By the way thank you for your suggestion for a whitelist feature a long time ago. I hope you can enjoy the package here soon.

                              -Tom Schaefer
                              SuperMicro 1U 2X Intel pro/1000 Dual Core Intel 2.2 Ghz - 2 Gig RAM

                              Please support pfBlocker | File Browser | Strikeback

                              1 Reply Last reply Reply Quote 0
                              • D
                                DWAyotte
                                last edited by

                                I was very excited to see the whitelist! I can't wait to start using it. I have been plenty happy with the package so far, as you can tell, I haven't upgraded since I first installed it :)

                                I am on pfSense 1.2.3 with IP Blocklist 0.3.1 and I did as you suggested, adding this list: http://iblocklist.dbnservers.net/files/bt_ads.gz

                                Still shows running with 0 blocked.

                                1 Reply Last reply Reply Quote 0
                                • T
                                  tommyboy180
                                  last edited by

                                  @DWAyotte:

                                  I was very excited to see the whitelist! I can't wait to start using it. I have been plenty happy with the package so far, as you can tell, I haven't upgraded since I first installed it :)

                                  I am on pfSense 1.2.3 with IP Blocklist 0.3.1 and I did as you suggested, adding this list: http://iblocklist.dbnservers.net/files/bt_ads.gz

                                  Still shows running with 0 blocked.

                                  This might be a really stupid question but do you have the enable check box checked before clicking save?

                                  SSH in to your system and check the contents of /usr/local/www/packages/ipblocklist/lists  The .gz file should be in that directory if it got downloaded correctly. Also check the contents of /usr/local/www/packages/ipblocklist/lists/ipfw.ipfw and see if there is anything in there.

                                  -Tom Schaefer
                                  SuperMicro 1U 2X Intel pro/1000 Dual Core Intel 2.2 Ghz - 2 Gig RAM

                                  Please support pfBlocker | File Browser | Strikeback

                                  1 Reply Last reply Reply Quote 0
                                  • D
                                    DWAyotte
                                    last edited by

                                    No worries man.

                                    Yes the box is checked to enable.

                                    # ls -l /usr/local/www/packages/ipblocklist/lists
                                    total 132
                                    -rw-r--r--  1 root  wheel  133982 Dec 30 18:00 bt_ads
                                    -rw-r--r--  1 root  wheel       0 Dec 30 22:25 ipfw.ipfw
                                    #
                                    
                                    
                                    1 Reply Last reply Reply Quote 0
                                    • T
                                      tommyboy180
                                      last edited by

                                      So it looks like the ads file does get downloaded but for some reason it's not being processed to ipfw.ipfw.

                                      Check the format of the bt_ads file. If it looks good then run /usr/local/www/packages/ipblocklist/convert-execute.sh from the command line manually so you can see any errors if any.

                                      -Tom Schaefer
                                      SuperMicro 1U 2X Intel pro/1000 Dual Core Intel 2.2 Ghz - 2 Gig RAM

                                      Please support pfBlocker | File Browser | Strikeback

                                      1 Reply Last reply Reply Quote 0
                                      • T
                                        ToxIcon
                                        last edited by

                                        Tommyboy having the same issue ipfw.ipfw 0

                                        /usr/local/www/packages/ipblocklist/convert-execute.sh
                                        no errors just a list of numbers 0 to 283

                                        everything was working good for months then

                                        You are blocking 0 Networks/IPs

                                        all .gz files did download  and listed in the dir
                                        haven't installed anything new or did any updates

                                        uninstall and reinstall about 6 times with no luck

                                        1 Reply Last reply Reply Quote 0
                                        • T
                                          tommyboy180
                                          last edited by

                                          I just installed a fresh copy of pfsense 1.2.3 and installed the latest IP-Blocklist. Added the bt_ads.gz URL and everything worked.
                                          I'm surprised you didn't get any errors from running the executable.

                                          Does that packages at least tell you that it's running?

                                          On command line run "pfctl -s rules | grep  ipblocklist". Paste output.
                                          Also see if "pfctl -T show -t ipblocklist" has any output but don't paste.

                                          If you want you can email me your config file and I will be able to figure out the issue much faster.

                                          EDIT: My output from convert-execute.sh looks like this:

                                          ./convert-execute.sh

                                          1 table deleted.
                                          1 table deleted.
                                          rm: /usr/local/www/packages/ipblocklist/lists/ipfw.ipfwTEMP: No such file or directory
                                          rm: Wlists/whitelistTEMP: No such file or directory
                                          rm: /tmp/rules.debug.tmp: No such file or directory
                                          rm: /tmp/rules.debug.tmp: No such file or directory
                                          0
                                          1
                                          2
                                          3
                                          …
                                          ....
                                          145

                                          -Tom Schaefer
                                          SuperMicro 1U 2X Intel pro/1000 Dual Core Intel 2.2 Ghz - 2 Gig RAM

                                          Please support pfBlocker | File Browser | Strikeback

                                          1 Reply Last reply Reply Quote 0
                                          • T
                                            ToxIcon
                                            last edited by

                                            $ pfctl -s rules | grep  ipblocklist
                                            pass quick from <ipblocklistw>to any flags S/SA keep state label "IP-Blocklist"
                                            pass quick inet from 192.168.1.100 to <ipblocklistw>flags S/SA keep state label "IP-Blocklist"
                                            pass quick on em1 inet6 from fe00::3e3:5yff:fgx44:8c84 to <ipblocklistw>flags S/SA keep state label "IP-Blocklist"
                                            block drop quick inet from <ipblocklist>to 192.168.1.100 label "IP-Blocklist"
                                            block drop quick on em1 inet6 from <ipblocklist>to fe00::3e3:5yff:fgx44:8c84 label "IP-Blocklist"
                                            block drop quick inet from 192.168.1.100 to <ipblocklist>label "IP-Blocklist"
                                            block drop quick on em1 inet6 from fe00::3e3:5yff:fgx44:8c84 to <ipblocklist>label "IP-Blocklist"
                                            pass quick from <ipblocklistw>to any flags S/SA keep state label "IP-Blocklist"
                                            pass quick on em0 inet6 from fe93::6k04:hh:fhg0:5783 to <ipblocklistw>flags S/SA keep state label "IP-Blocklist"
                                            pass quick inet from 42.200.59.16 to <ipblocklistw>flags S/SA keep state label "IP-Blocklist"
                                            block drop quick on em0 inet6 from <ipblocklist>to fe93::6k04:hh:fhg0:5783 label "IP-Blocklist"
                                            block drop quick inet from <ipblocklist>to 192.168.1.100 label "IP-Blocklist"
                                            block drop quick on em0 inet6 from fe93::6k04:hh:fhg0:5783 to <ipblocklist>label "IP-Blocklist"
                                            block drop quick inet from 42.200.59.16 to <ipblocklist>label "IP-Blocklist"

                                            pfctl -T show -t ipblocklist 
                                            has no output

                                            $ /usr/local/www/packages/ipblocklist/convert-execute.sh
                                            0
                                            1
                                            2
                                            3
                                            4
                                            5
                                            269
                                            270
                                            271
                                            272
                                            273
                                            274</ipblocklist></ipblocklist></ipblocklist></ipblocklist></ipblocklistw></ipblocklistw></ipblocklistw></ipblocklist></ipblocklist></ipblocklist></ipblocklist></ipblocklistw></ipblocklistw></ipblocklistw>

                                            1 Reply Last reply Reply Quote 0
                                            • First post
                                              Last post
                                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.