IP-Blocklist
-
Found a cpl ipblockist.* in /usr/local/pkg -deleted them, same prob(s) still exist - no worries though, thanks for the tip :)
-
An old config is preventing you from getting the new version. I forget where the directory is but I think it somewhere near /usr/etc/pkgs or something like that. Just delete everything IP-Blocklist/ipblocklist.
I can't tell for sure since I'm away from home right now (working on my CCENT/CCNA). If you can't get it working let me know, I can probably get a VM of pfsense up if I need to.
Hey good buddy. I was on a wicked old version, like 2.2.1, something like that. I am having no luck getting the latest to work for me. I tried looking all over the fs, using your other awesome package btw, and couldn't find anything in terms of remnants from a past config.
The newest package installs fine, but when I add .gz lists I still have 0 showing for number of blocks with service Running. Any ideas? Thanks again!
-
An old config is preventing you from getting the new version. I forget where the directory is but I think it somewhere near /usr/etc/pkgs or something like that. Just delete everything IP-Blocklist/ipblocklist.
I can't tell for sure since I'm away from home right now (working on my CCENT/CCNA). If you can't get it working let me know, I can probably get a VM of pfsense up if I need to.
Hey good buddy. I was on a wicked old version, like 2.2.1, something like that. I am having no luck getting the latest to work for me. I tried looking all over the fs, using your other awesome package btw, and couldn't find anything in terms of remnants from a past config.
The newest package installs fine, but when I add .gz lists I still have 0 showing for number of blocks with service Running. Any ideas? Thanks again!
I have some ideas. First are you using 1.2.3 or the BETA 2.0? I have been having problems keeping this package working smoothly for those with BETA2.0. Someone was kind enough to agree to send me a laptop for development but unfortunately it hasn't arrived yet.
If you're on 1.2.3 then we should be able to figure it out quickly. Just to confirm you have IP-Blocklist ver 0.3.0 or 0.3.1 correct?
Can you try this .gz file: http://iblocklist.dbnservers.net/files/bt_ads.gz Just to be sure.Edit: By the way thank you for your suggestion for a whitelist feature a long time ago. I hope you can enjoy the package here soon.
-
I was very excited to see the whitelist! I can't wait to start using it. I have been plenty happy with the package so far, as you can tell, I haven't upgraded since I first installed it :)
I am on pfSense 1.2.3 with IP Blocklist 0.3.1 and I did as you suggested, adding this list: http://iblocklist.dbnservers.net/files/bt_ads.gz
Still shows running with 0 blocked.
-
I was very excited to see the whitelist! I can't wait to start using it. I have been plenty happy with the package so far, as you can tell, I haven't upgraded since I first installed it :)
I am on pfSense 1.2.3 with IP Blocklist 0.3.1 and I did as you suggested, adding this list: http://iblocklist.dbnservers.net/files/bt_ads.gz
Still shows running with 0 blocked.
This might be a really stupid question but do you have the enable check box checked before clicking save?
SSH in to your system and check the contents of /usr/local/www/packages/ipblocklist/lists The .gz file should be in that directory if it got downloaded correctly. Also check the contents of /usr/local/www/packages/ipblocklist/lists/ipfw.ipfw and see if there is anything in there.
-
No worries man.
Yes the box is checked to enable.
# ls -l /usr/local/www/packages/ipblocklist/lists total 132 -rw-r--r-- 1 root wheel 133982 Dec 30 18:00 bt_ads -rw-r--r-- 1 root wheel 0 Dec 30 22:25 ipfw.ipfw # -
So it looks like the ads file does get downloaded but for some reason it's not being processed to ipfw.ipfw.
Check the format of the bt_ads file. If it looks good then run /usr/local/www/packages/ipblocklist/convert-execute.sh from the command line manually so you can see any errors if any.
-
Tommyboy having the same issue ipfw.ipfw 0
/usr/local/www/packages/ipblocklist/convert-execute.sh
no errors just a list of numbers 0 to 283everything was working good for months then
You are blocking 0 Networks/IPs
all .gz files did download and listed in the dir
haven't installed anything new or did any updatesuninstall and reinstall about 6 times with no luck
-
I just installed a fresh copy of pfsense 1.2.3 and installed the latest IP-Blocklist. Added the bt_ads.gz URL and everything worked.
I'm surprised you didn't get any errors from running the executable.Does that packages at least tell you that it's running?
On command line run "pfctl -s rules | grep ipblocklist". Paste output.
Also see if "pfctl -T show -t ipblocklist" has any output but don't paste.If you want you can email me your config file and I will be able to figure out the issue much faster.
EDIT: My output from convert-execute.sh looks like this:
./convert-execute.sh
1 table deleted.
1 table deleted.
rm: /usr/local/www/packages/ipblocklist/lists/ipfw.ipfwTEMP: No such file or directory
rm: Wlists/whitelistTEMP: No such file or directory
rm: /tmp/rules.debug.tmp: No such file or directory
rm: /tmp/rules.debug.tmp: No such file or directory
0
1
2
3
…
....
145 -
$ pfctl -s rules | grep ipblocklist
pass quick from <ipblocklistw>to any flags S/SA keep state label "IP-Blocklist"
pass quick inet from 192.168.1.100 to <ipblocklistw>flags S/SA keep state label "IP-Blocklist"
pass quick on em1 inet6 from fe00::3e3:5yff:fgx44:8c84 to <ipblocklistw>flags S/SA keep state label "IP-Blocklist"
block drop quick inet from <ipblocklist>to 192.168.1.100 label "IP-Blocklist"
block drop quick on em1 inet6 from <ipblocklist>to fe00::3e3:5yff:fgx44:8c84 label "IP-Blocklist"
block drop quick inet from 192.168.1.100 to <ipblocklist>label "IP-Blocklist"
block drop quick on em1 inet6 from fe00::3e3:5yff:fgx44:8c84 to <ipblocklist>label "IP-Blocklist"
pass quick from <ipblocklistw>to any flags S/SA keep state label "IP-Blocklist"
pass quick on em0 inet6 from fe93::6k04:hh:fhg0:5783 to <ipblocklistw>flags S/SA keep state label "IP-Blocklist"
pass quick inet from 42.200.59.16 to <ipblocklistw>flags S/SA keep state label "IP-Blocklist"
block drop quick on em0 inet6 from <ipblocklist>to fe93::6k04:hh:fhg0:5783 label "IP-Blocklist"
block drop quick inet from <ipblocklist>to 192.168.1.100 label "IP-Blocklist"
block drop quick on em0 inet6 from fe93::6k04:hh:fhg0:5783 to <ipblocklist>label "IP-Blocklist"
block drop quick inet from 42.200.59.16 to <ipblocklist>label "IP-Blocklist"pfctl -T show -t ipblocklist
has no output$ /usr/local/www/packages/ipblocklist/convert-execute.sh
0
1
2
3
4
5
269
270
271
272
273
274</ipblocklist></ipblocklist></ipblocklist></ipblocklist></ipblocklistw></ipblocklistw></ipblocklistw></ipblocklist></ipblocklist></ipblocklist></ipblocklist></ipblocklistw></ipblocklistw></ipblocklistw> -
Kill that table and start over. Uncheck the enable checkbox and click save but before you re-enable it make sure that it's gone by running "pfctl -s rules | grep ipblocklist" again to make sure it's all gone.
Reload the firewall filter too to regenerate your rules.debug. Then enable the package and try again. (rebooting is easiest or edit a firewall rule without making changes and save, doing Status->Filter Reload does not work for this)
Also edit /usr/local/www/packages/ipblocklist/interfaces.txt and replace everything in there with "any" on the first line and save the file. I have had some problems by specifying the interface for IP-Blocklist to use and there really is no advantage to it. Only specify interfaces if you absolutely need it and even then it still might work correctly.
I'm not sure why your output from /usr/local/www/packages/ipblocklist/convert-execute.sh didn't include the errors and warnings that mine had. You should see that two tables got deleted and it should produce an error on deleting those TEMP files that don't exist.
I'm not sure how comfortable you are with strangers looking at your system but if you give me SSH access I can figure out what's going on faster or make a snapshot of the box. I know that's a little extreme to troubleshoot a package but I'm really curious why it's not working for you.
Are you running countryblock by any chance, and if so is that working?
-
Hi tommyboy!
I am VERY happy to report that I am no longer seeing any issues between IPBlockList, CountryBlock and HAVP! THANK YOU!
Quick Q: will the URLs from iblocklist work in their regular format (http://list.iblocklist.com/?list=ynkdjqsjyfmilsgbogqf), or do we have to point to the .gz file directly? I ask because I had a bunch of direct links to the gz files, and IPBL showed 103000 blocked networks… I replaced them all with the /?listname links, and now I am showing only 1978 blocked IPs/Networks.
Also, how can I set up IPBL so it will automatically update the lists every night?
Thanks!
-
Hi tommyboy!
I am VERY happy to report that I am no longer seeing any issues between IPBlockList, CountryBlock and HAVP! THANK YOU!
Quick Q: will the URLs from iblocklist work in their regular format (http://list.iblocklist.com/?list=ynkdjqsjyfmilsgbogqf), or do we have to point to the .gz file directly? I ask because I had a bunch of direct links to the gz files, and IPBL showed 103000 blocked networks… I replaced them all with the /?listname links, and now I am showing only 1978 blocked IPs/Networks.
Also, how can I set up IPBL so it will automatically update the lists every night?
Thanks!
Glad to hear it!
You do have to directly link to the lists. Perhaps in the future I may find a way around this.
To have the package update your lists every night you can edit the cron executable which is located at /usr/local/etc/rc.d/IP-Blocklist.shJust comment out lines 3-14 and it should be good. Setup a cron job to run this executable whenever you like. Use the cron job package for that.
-
Thanks for the quick reply!
What is the best repository to get at the gz files directly? is it this? http://list11.iblocklist.com/files/
Do you have a preferred source, and also what are your favorite lists?
Glad to hear it!
You do have to directly link to the lists. Perhaps in the future I may find a way around this.
To have the package update your lists every night you can edit the cron executable which is located at /usr/local/etc/rc.d/IP-Blocklist.shJust comment out lines 3-14 and it should be good. Setup a cron job to run this executable whenever you like. Use the cron job package for that.
-
Thanks for the quick reply!
What is the best repository to get at the gz files directly? is it this? http://list11.iblocklist.com/files/
Do you have a preferred source, and also what are your favorite lists?
Glad to hear it!
You do have to directly link to the lists. Perhaps in the future I may find a way around this.
To have the package update your lists every night you can edit the cron executable which is located at /usr/local/etc/rc.d/IP-Blocklist.shJust comment out lines 3-14 and it should be good. Setup a cron job to run this executable whenever you like. Use the cron job package for that.
I didn't know that there was a directory listing! I usually download the list and go back to my download history and copy the address. I am working on a way to upload lists but I won't have that out for some time. I usually use iblocklist.com for most of my lists.
My favorite lists include the following:
-
http://iblocklist.dbnservers.net/files/bt_spyware.gz
-
http://withhorns.com/files/ficutxiwawokxlcyoeye.gz
-
http://iblocklist.dchubad.com/files/ghlzqtqxnzctvvajwwag.gz
-
http://list.iblocklist.com/files/sh_drop.gz
-
http://www.tomschaefer.org/temp/pfsense/IP-Blocklist-ForumSpam.txt
-
http://iblocklist.dchubad.com/files/bt_ads.gz
-
http://www.tomschaefer.org/temp/pfsense/MISC-Block.txt
The TomSchaefer.org ones are my custom lists that I made.
-
-
Whoa… check this out:
[12-31-10 16:12:19]root@/usr/local/www/packages/ipblocklist/lists# lh total 32776 -rw-r--r-- 1 root wheel 88K Dec 31 16:06 ?list=tor -rw-r--r-- 1 root wheel 131K Dec 30 17:00 bt_ads -rw-r--r-- 1 root wheel 969K Dec 30 17:00 bt_badpeers -rw-r--r-- 1 root wheel 6.8K Dec 30 17:00 bt_dshield -rw-r--r-- 1 root wheel 12M Dec 30 17:00 bt_level1 -rw-r--r-- 1 root wheel 19K Mar 21 2010 bt_webexploit-forumspam -rw-r--r-- 1 root wheel 1.7K Dec 30 17:00 dcha_faker -rw-r--r-- 1 root wheel 5.4K Dec 30 17:00 dcha_hacker -rw-r--r-- 1 root wheel 111K Dec 30 17:00 dcha_pedophiles -rw-r--r-- 1 root wheel 6.9K Dec 30 17:00 dcha_spammer -rw-r--r-- 1 root wheel 3.8M Dec 31 16:09 ipfw.ipfw -rw-r--r-- 1 root wheel 11K Dec 28 17:00 sh_drop -rw-r--r-- 1 root wheel 11K Dec 19 17:00 tbg_hijacked -rw-r--r-- 1 root wheel 15M Dec 28 17:00 tbg_primarythreats -rw-r--r-- 1 root wheel 6.6K Dec 30 17:00 ynkdjqsjyfmilsgbogqf [12-31-10 16:12:30]root@/usr/local/www/packages/ipblocklist/lists# cat ?list=tor # List distributed by iblocklist.com The Onion Router:2.36.33.51-2.36.33.51 The Onion Router:8.17.81.25-8.17.81.25 The Onion Router:8.24.61.246-8.24.61.246 ...Looks like the /?list= links DO somewhat work… weird, huh?
-
Whoa… check this out:
[12-31-10 16:12:19]root@/usr/local/www/packages/ipblocklist/lists# lh total 32776 -rw-r--r-- 1 root wheel 88K Dec 31 16:06 ?list=tor -rw-r--r-- 1 root wheel 131K Dec 30 17:00 bt_ads -rw-r--r-- 1 root wheel 969K Dec 30 17:00 bt_badpeers -rw-r--r-- 1 root wheel 6.8K Dec 30 17:00 bt_dshield -rw-r--r-- 1 root wheel 12M Dec 30 17:00 bt_level1 -rw-r--r-- 1 root wheel 19K Mar 21 2010 bt_webexploit-forumspam -rw-r--r-- 1 root wheel 1.7K Dec 30 17:00 dcha_faker -rw-r--r-- 1 root wheel 5.4K Dec 30 17:00 dcha_hacker -rw-r--r-- 1 root wheel 111K Dec 30 17:00 dcha_pedophiles -rw-r--r-- 1 root wheel 6.9K Dec 30 17:00 dcha_spammer -rw-r--r-- 1 root wheel 3.8M Dec 31 16:09 ipfw.ipfw -rw-r--r-- 1 root wheel 11K Dec 28 17:00 sh_drop -rw-r--r-- 1 root wheel 11K Dec 19 17:00 tbg_hijacked -rw-r--r-- 1 root wheel 15M Dec 28 17:00 tbg_primarythreats -rw-r--r-- 1 root wheel 6.6K Dec 30 17:00 ynkdjqsjyfmilsgbogqf [12-31-10 16:12:30]root@/usr/local/www/packages/ipblocklist/lists# cat ?list=tor # List distributed by iblocklist.com The Onion Router:2.36.33.51-2.36.33.51 The Onion Router:8.17.81.25-8.17.81.25 The Onion Router:8.24.61.246-8.24.61.246 ...Looks like the /?list= links DO somewhat work… weird, huh?
Yeah but inspect the file. Make sure they are real lists with IPs.
EDIT. I see you ran cat on one, so I guess you're right. I have found that it doesn't work on some links so just be careful. It's probably a good idea to go direct just to ensure you really are getting the right content. -
About the CRON job… are these the lines I have to comment out?
#check if ipblocklist running export resultr=`pfctl -s rules | grep -c ipblocklist` #echo $resultr if [ "$resultr" -gt "0" ]; then echo running exit 1 else echo not running /usr/bin/logger -s "IP-Blocklist was found not running" echo "IP-Blocklist not running" | /usr/local/bin/php /usr/local/www/packages/ipblocklist/email_send.php fiAfter they get commented, I make a copy of the script and schedule that one? (I am kinda UNIX n00b :P)
So, my script now looks like so:
#!/bin/sh ####check if ipblocklist running #export resultr=`pfctl -s rules | grep -c ipblocklist` ####echo $resultr #if [ "$resultr" -gt "0" ]; then # echo running # exit 1 #else # echo not running # /usr/bin/logger -s "IP-Blocklist was found not running" # echo "IP-Blocklist not running" | /usr/local/bin/php /usr/local/www/packages/ipblocklist/email_send.php #fi ...and I saved that one with a different name, (I don't know if commenting those line on the original script will break the package, so I made a copy and set it to executable)
[12-31-10 16:28:13]root@/usr/local/etc/rc.d# lh | grep IP -rwxr-xr-x 1 root wheel 4.6K Dec 31 09:27 IP-Blocklist.sh -rwxr-xr-x 1 root wheel 4.6K Dec 31 16:25 IP-Blocklist_cron.sh -
Yeah. Make a copy, remove each of the lines you quoted and schedule your copy.
What lists change every day? I'm curious.
-
One last question:
The CRONTAB format, if I want the lists to be updated every day @ 3:30 AM:
30 */03 * * * root /usr/local/etc/rc.d/IP-Blocklist_cron.shDoes this look OK to you, sir?