IP-Blocklist
-
okay, found the solution
I edited the file ipblocklist_list.php
- added : require_once('config.inc');
- added : conf_mount_rw(); and conf_mount_ro(); around the block line 69
edited the file convert-execute.sh
- changed "usr/bin/perl" to "/usr/local/bin/perl"
edited convert.pl
- changed "usr/bin/perl" to "/usr/local/bin/perl"
It's now running and blocking the addresses I added in my list
EDIT : how can I verify if it's really working ?
EDIT 2 : I did not edit the whitelist.php file as I'm not using it… -
okay, found the solution
I edited the file ipblocklist_list.php
- added : require_once('config.inc');
- added : conf_mount_rw(); and conf_mount_ro(); around the block line 69
edited the file convert-execute.sh
- changed "usr/bin/perl" to "/usr/local/bin/perl"
edited convert.pl
- changed "usr/bin/perl" to "/usr/local/bin/perl"
It's now running and blocking the addresses I added in my list
EDIT : how can I verify if it's really working ?
EDIT 2 : I did not edit the whitelist.php file as I'm not using it…To verify you can look at the pfctl table. Just look at the php code that counts how many IP networks are being counted.
I'm glad you got it working! Since your running embedded I will just link to this post for other embedded users to view. Nice work! -
cool, all looks okay.
And btw, thanks for your package ;D
And for ppl with the embedded version, here is the detailed operation:
via SSH :
Login your system and go in the ip-blocklist folder : /usr/local/www/packages/ipblocklist
mount your CF card in RW mode with this command : /etc/rc.conf_mount_rw
edit the file ipblocklist_list.php- add this in the 3rd line of the file (the blank one…) : require_once('config.inc');
- line 66 add this line: conf_mount_rw();, it's just before this : $myFile = "lists.txt";
- line 75 add this line: conf_mount_ro();, it's just after this : fclose($fh);
save your file
check where is perl on your system with this command : find / -type f -name perl
if the result is not : /usr/bin/perl
edit files :- convert-execute.php
- convert.pl
and replace all the "/usr/bin/perl" instances with the path returned by the "find" command
then put your system back in RO mode with : /etc/rc.conf_mount_ro
If you don't like SSH, you can do everything from the admin page, using the Edit File function located in the Diagnostic menu. From there, you don't need to mount your system in RW mode, the admin page will do it for you
*/!\ this fix worked on my system but I'm not responsible if your crash yours… so be careful ;) /!*
-
Haven't used this package in a while.. Giving it a shot on my 2.0Beta5 build. When i disable IP-Blocklist, I see this error in my log:
Feb 4 16:21:54 php: /packages/ipblocklist/ipblocklist.php: The command 'ipfw -f flush' returned exit code '69', the output was 'ipfw: setsockopt(IP_FW_FLUSH): Protocol not available'
BTW great work!! this package is coming out real nice!
-
Haven't used this package in a while.. Giving it a shot on my 2.0Beta5 build. When i disable IP-Blocklist, I see this error in my log:
Feb 4 16:21:54 php: /packages/ipblocklist/ipblocklist.php: The command 'ipfw -f flush' returned exit code '69', the output was 'ipfw: setsockopt(IP_FW_FLUSH): Protocol not available'
BTW great work!! this package is coming out real nice!
That's some old code that I need to remove. Ignore it until its removed.
-
thanks tommyboy180!
-
I'm on an embedded pfsense 1.2.3. I had some errors under the "whitelist" tab on IP-blocklist.
"Warning: fopen(wlists.txt): failed to open stream: Read-only file system in /usr/local/www/packages/ipblocklist/whitelist.php on line 86 Warning: fwrite(): supplied argument is not a valid stream resource in /usr/local/www/packages/ipblocklist/whitelist.php on line 87 Warning: fclose(): supplied argument is not a valid stream resource in /usr/local/www/packages/ipblocklist/whitelist.php on line 92"
-I also have a slave 160GB sata drive mounted to /store. (Kind of cheating for an embedded, might not apply to most)
-I searched for "wlists.txt" in whitelist.php, while in command mode in vi, typed /wlists.txt
-changed wlists.txt entry to /store/ipblocklist/wlists.txt.
-made sure permissions were the same on the original wlists.txt and the new /store/ipblocklist/wlists.txt (they were, didn't have to modify)whitelist tab has no errors now.
Also, thanks a lot guys for the modifications to the files to get it working on embedded!
Hey Tommyboy.. any updates on making Internet Explorer/IE functional with ipblocklist?
I grabbed countryipblocks.net's full pg2 list and removed the US_pg2.txt from the group. Then did a: cat * > pg2_beast.txt
wget –no-check-certificate -r -U Mozilla -A "*pg2.txt" www.countryipblocks.net/e_country_data/
I had to stop the wget once it started to go recursively outside e_country_data, but I got it all.
Thx so much countryipblocks.net!
-
quick question, is it logged somewhere when somebody is blocked ?
-
Wow i did this whole write up on squid and forgot I am in the IP-blocklist thread. ::) Think I forget because when IP-blocklist is successful, access denied gets shoved into a squid page.
quick question, is it logged somewhere when somebody is blocked ?
-
Wow i did this whole write up on squid and forgot I am in the IP-blocklist thread. ::) Think I forget because when IP-blocklist is successful, access denied gets shoved into a squid page.
quick question, is it logged somewhere when somebody is blocked ?
lol :)
To answer the question, it goes into the firewall logs if you checked logging.
-
Sorry, I just saw it after I asked my question
-
Hey Tommyboy, any luck on getting IE to function with this? I personally use chrome but I want to implement some IP block stuff in a work environment where all they use is IE.
-
Hey Tommyboy, any luck on getting IE to function with this? I personally use chrome but I want to implement some IP block stuff in a work environment where all they use is IE.
I've tried to work with IE and it just wont work with me. I kicked it to the curb. If you absolutely need IE then see if the new IE BETA will work.
-
Some of the popular blacklists on the internet change very often. Is it possible to add a setting for IP-Blocklist to reload the blacklists automatically at a period specified by the user?
-
Some of the popular blacklists on the internet change very often. Is it possible to add a setting for IP-Blocklist to reload the blacklists automatically at a period specified by the user?
This has already been answered within this Topic. Please search the topic for the answer you are looking for.
-
I was thinking more along the line of user-friendly web-based GUI setting. With that said, setting up a cron job will works for me.
Thanks
-
I was thinking more along the line of user-friendly web-based GUI setting. With that said, setting up a cron job will works for me.
Thanks
I could build a GUI for it but the work is already done for me by the Cron Job package. Perhaps I could integrate. Not sure where I want to go with that. We'll see.
-
I'm running an embedded install of 2.0Beta5 and tried to make the changes listed in this thread in order to get it to work. However, I accidentally forgot a semicolon after the first line I added (require_once('config.inc')) and when I went to refresh the IP-Blocklist page I got the following error in the textbox:
Parse error: syntax error, unexpected T_ECHO in /usr/local/www/packages/ipblocklist/ipblocklist_list.php on line 5
Since then, I've tried everything I can to get back to a cleanly-installed state: I've undone the edits I made to that file, and I've even uninstalled and reinstalled the IP-Blacklist package, but whatever I do, I now always get that error. How can I get back to a clean slate without completely reinstalling pfsense?
-
I'm running an embedded install of 2.0Beta5 and tried to make the changes listed in this thread in order to get it to work. However, I accidentally forgot a semicolon after the first line I added (require_once('config.inc')) and when I went to refresh the IP-Blocklist page I got the following error in the textbox:
Parse error: syntax error, unexpected T_ECHO in /usr/local/www/packages/ipblocklist/ipblocklist_list.php on line 5
Since then, I've tried everything I can to get back to a cleanly-installed state: I've undone the edits I made to that file, and I've even uninstalled and reinstalled the IP-Blacklist package, but whatever I do, I now always get that error. How can I get back to a clean slate without completely reinstalling pfsense?
My best advice is to uninstall the package, check the file system (/usr/local/www/ipblocklist) and delete it, and then reboot. That should help you start from a clean slate.
-
I'm running an embedded install of 2.0Beta5 and tried to make the changes listed in this thread in order to get it to work. However, I accidentally forgot a semicolon after the first line I added (require_once('config.inc')) and when I went to refresh the IP-Blocklist page I got the following error in the textbox:
Parse error: syntax error, unexpected T_ECHO in /usr/local/www/packages/ipblocklist/ipblocklist_list.php on line 5
Since then, I've tried everything I can to get back to a cleanly-installed state: I've undone the edits I made to that file, and I've even uninstalled and reinstalled the IP-Blacklist package, but whatever I do, I now always get that error. How can I get back to a clean slate without completely reinstalling pfsense?
My best advice is to uninstall the package, check the file system (/usr/local/www/ipblocklist) and delete it, and then reboot. That should help you start from a clean slate.
Hmm, after uninstalling I looked in /usr/local/www/ and there was no file or directory ipblocklist. I then rebooted, and reinstalled the package. Same exact error as before. The strange thing, is that if I look at the file /usr/local/www/packages/ipblocklist/ipblocklist_list.php, it's the stock, unmodified form (i.e., correct syntax)!? I'm very confused as to what's going on.