IP-Blocklist

RonpfS

Update on my setup


$ setenv PACKAGESITE "ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-8-stable/Latest/"

$ pkg_add -r p5-Net-CIDR
Fetching ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-8-stable/Latest/p5-Net-CIDR.tbz... Done.
pkg_add: warning: package 'p5-Net-CIDR-0.14' requires 'perl-5.12.4_2', but 'perl-5.12.3' is installed

$ pkg_add -r perl
Fetching ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-8-stable/Latest/perl.tbz... Done.
pkg_add: package 'perl-5.12.4_2' or its older version already installed

$ pkg_info
GeoIP-1.4.8_1       Find the country that any IP address or hostname originates
bsdinstaller-2.0.2011.0913 BSD Installer mega-package
expat-2.0.1_1       XML 1.0 parser written in C
font-util-1.2.0     Create an index of X font files in a directory
fontconfig-2.8.0,1  An XML-based font configuration API for X Windows
fontconfig-2.8.0_1,1 An XML-based font configuration API for X Windows
freetype2-2.4.3     A free and portable TrueType font rendering engine
freetype2-2.4.4     A free and portable TrueType font rendering engine
gd-2.0.35_7,1       A graphics library for fast creation of images
gdbm-1.8.3_3        The GNU database manager
gettext-0.18.1.1    GNU gettext package
graphviz-2.28.0     Graph Visualization Software from AT&T and Bell Labs
grub-0.97_4         GRand Unified Bootloader
jpeg-8_3            IJG's jpeg compression utilities
libart_lgpl-2.3.21,1 Library for high-performance 2D graphics
libevent-1.4.14b_2  Provides an API to execute callback functions on certain ev
libiconv-1.13.1_1   A character set conversion library
libltdl-2.4         System independent dlopen wrapper
libpcap-1.1.1_1     Ubiquitous network traffic capture library
libxml2-2.7.8_1     XML parser library for GNOME
ntop-4.0.1_1        Network monitoring tool with command line and web interface
p5-Net-CIDR-0.14    Perl module to manipulate IPv4/IPv6 netblocks in CIDR notat
perl-5.12.3         Practical Extraction and Report Language
pkg-config-0.25_1   A utility to retrieve information about installed libraries
png-1.4.4           Library for manipulating PNG images
png-1.4.5_1         Library for manipulating PNG images
python27-2.7.2_1    An interpreted object-oriented programming language
rrdtool-1.2.26_1    Round Robin Database Tools
urwfonts-1.0_3      Another font package for X
webfonts-0.30_6     TrueType core fonts for the Web

So I reverted back again
removed p5-Net-CIDR-0.14, IP-blocklist, ntop

installed perl, p5-Net-CIDR


$ pkg_info
bsdinstaller-2.0.2011.0913 BSD Installer mega-package
gettext-0.18.1.1    GNU gettext package
grub-0.97_4         GRand Unified Bootloader
jpeg-8_3            IJG's jpeg compression utilities
libiconv-1.13.1_1   A character set conversion library

$ pkg_add -r perl
Fetching ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-8-stable/Latest/perl.tbz... Done.
Removing stale symlinks from /usr/bin...
    Skipping /usr/bin/perl
    Skipping /usr/bin/perl5
Done.
Creating various symlinks in /usr/bin...
    Symlinking /usr/local/bin/perl5.12.4 to /usr/bin/perl
    Symlinking /usr/local/bin/perl5.12.4 to /usr/bin/perl5
Done.
cd: can't cd to /usr/include
Cleaning up /etc/make.conf... Done.
Spamming /etc/make.conf... Done.

$ pkg_info
bsdinstaller-2.0.2011.0913 BSD Installer mega-package
gettext-0.18.1.1    GNU gettext package
grub-0.97_4         GRand Unified Bootloader
jpeg-8_3            IJG's jpeg compression utilities
libiconv-1.13.1_1   A character set conversion library
perl-5.12.4_2       Practical Extraction and Report Language

$ pkg_add -r p5-Net-CIDR
Fetching ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-8-stable/Latest/p5-Net-CIDR.tbz... Done.

$ pkg_info
bsdinstaller-2.0.2011.0913 BSD Installer mega-package
gettext-0.18.1.1    GNU gettext package
grub-0.97_4         GRand Unified Bootloader
jpeg-8_3            IJG's jpeg compression utilities
libiconv-1.13.1_1   A character set conversion library
p5-Net-CIDR-0.14    Perl module to manipulate IPv4/IPv6 netblocks in CIDR notat
perl-5.12.4_2       Practical Extraction and Report Language

install ntop than IP-Blocklist

everything works fine now


$ pkg_info                             
GeoIP-1.4.8_1       Find the country that any IP address or hostname originates
bsdinstaller-2.0.2011.0913 BSD Installer mega-package
expat-2.0.1_1       XML 1.0 parser written in C
font-util-1.2.0     Create an index of X font files in a directory
fontconfig-2.8.0,1  An XML-based font configuration API for X Windows
fontconfig-2.8.0_1,1 An XML-based font configuration API for X Windows
freetype2-2.4.3     A free and portable TrueType font rendering engine
freetype2-2.4.4     A free and portable TrueType font rendering engine
gd-2.0.35_7,1       A graphics library for fast creation of images
gdbm-1.8.3_3        The GNU database manager
gettext-0.18.1.1    GNU gettext package
graphviz-2.28.0     Graph Visualization Software from AT&T and Bell Labs
grub-0.97_4         GRand Unified Bootloader
jpeg-8_3            IJG's jpeg compression utilities
libart_lgpl-2.3.21,1 Library for high-performance 2D graphics
libevent-1.4.14b_2  Provides an API to execute callback functions on certain ev
libiconv-1.13.1_1   A character set conversion library
libltdl-2.4         System independent dlopen wrapper
libpcap-1.1.1_1     Ubiquitous network traffic capture library
libxml2-2.7.8_1     XML parser library for GNOME
ntop-4.0.1_1        Network monitoring tool with command line and web interface
p5-Net-CIDR-0.14    Perl module to manipulate IPv4/IPv6 netblocks in CIDR notat
perl-5.12.3         Practical Extraction and Report Language
perl-5.12.4_2       Practical Extraction and Report Language
pkg-config-0.25_1   A utility to retrieve information about installed libraries
png-1.4.4           Library for manipulating PNG images
png-1.4.5_1         Library for manipulating PNG images
python27-2.7.2_1    An interpreted object-oriented programming language
rrdtool-1.2.26_1    Round Robin Database Tools
urwfonts-1.0_3      Another font package for X
webfonts-0.30_6     TrueType core fonts for the Web

tommyboy180

Ntop and IPblocklist have a package conflict. Package users beware.

RonpfS

I updated from 0.3.3 to 0.3.4

$ pkg_info
GeoIP-1.4.8_1       Find the country that any IP address or hostname originates
bsdinstaller-2.0.2011.0913 BSD Installer mega-package
expat-2.0.1_1       XML 1.0 parser written in C
font-util-1.2.0     Create an index of X font files in a directory
fontconfig-2.8.0,1  An XML-based font configuration API for X Windows
fontconfig-2.8.0_1,1 An XML-based font configuration API for X Windows
freetype2-2.4.3     A free and portable TrueType font rendering engine
freetype2-2.4.4     A free and portable TrueType font rendering engine
gd-2.0.35_7,1       A graphics library for fast creation of images
gdbm-1.8.3_3        The GNU database manager
gettext-0.18.1.1    GNU gettext package
graphviz-2.28.0     Graph Visualization Software from AT&T and Bell Labs
grub-0.97_4         GRand Unified Bootloader
jpeg-8_3            IJG's jpeg compression utilities
libart_lgpl-2.3.21,1 Library for high-performance 2D graphics
libevent-1.4.14b_2  Provides an API to execute callback functions on certain ev
libiconv-1.13.1_1   A character set conversion library
libltdl-2.4         System independent dlopen wrapper
libpcap-1.1.1_1     Ubiquitous network traffic capture library
libxml2-2.7.8_1     XML parser library for GNOME
ntop-4.0.1_1        Network monitoring tool with command line and web interface
p5-Net-CIDR-0.14    Perl module to manipulate IPv4/IPv6 netblocks in CIDR notat
perl-5.12.3         Practical Extraction and Report Language
perl-5.12.4_2       Practical Extraction and Report Language
pkg-config-0.25_1   A utility to retrieve information about installed libraries
png-1.4.4           Library for manipulating PNG images
png-1.4.5_1         Library for manipulating PNG images
python27-2.7.2_1    An interpreted object-oriented programming language
rrdtool-1.2.26_1    Round Robin Database Tools
urwfonts-1.0_3      Another font package for X
webfonts-0.30_6     TrueType core fonts for the Web

I get the following on save, but it is working

Oct 2 20:16:24 	check_reload_status: Syncing firewall
Oct 2 20:16:24 	php: /packages/ipblocklist/ipblocklist.php: The command 'cp /usr/local/www/packages/ipblocklist/lists.txt /usr/local/www/packages/ipblocklist_bkup/lists.txt' returned exit code '1', the output was 'cp: /usr/local/www/packages/ipblocklist_bkup/lists.txt: No such file or directory'

the ipblocklist_bkup directory is not present

once created the is no error on save IP-Blocklist
and it is still Blocking IP

tommyboy180

IP-Blocklist Version 3.5 released!

blocklists are saved on system to ease updates
Corrected issues with uninstall
Widget is now available for pfsense 2.0

RonpfS

Updated to 3.5
On the Webgui IP-Blocklist

You are blocking 0 Networks/IPs

I had to save to see

You are blocking 3615 Networks/IPs

Block list are restored after reinstall ::)

Saved setting / Enable logging are not restored .

serialdie

@tommyboy180:

IP-Blocklist Version 3.5 released!

blocklists are saved on system to ease updates

Corrected issues with uninstall

Widget is now available for pfsense 2.0

Thank You for the update! :)
Any chance the widget would be available soon?

Thanks! :)

tommyboy180

@serialdie:

Any chance the widget would be available soon?

???
The widget is included in the newest version.

RonpfS

The widget is not available in Dashboard. ???

tommyboy180

When in doubt uninstall and re-install.

RonpfS

I uninstalled and re-installed 3.5

now I see the CountryBlock IPBlocklist widget ::)

serialdie

Thanks tommyboy180!

firbc

Hi,

is there any why to allow connection to blocked IP's on port 80? And if there is any way to manualy add my own IP's to whitelist? Let says that I like to unlock only one specific IP which is in blocklist.

tommyboy180

That will be in a future release.

firbc

Hi again,

Will it be possible to enable blocking only for some IP's on local network? Let say that you want to allow or denied different blocklists for different IP's on network. So one IP on local network can access everything and another would be blocked according to blocklist.

tommyboy180

@firbc:

Hi again,

Will it be possible to enable blocking only for some IP's on local network? Let say that you want to allow or denied different blocklists for different IP's on network. So one IP on local network can access everything and another would be blocked according to blocklist.

It's possible now. Take a loot at the interface options. If you create another network then you can allow/deny lists to a specific network.

firbc

So if I understand you correctly, blocklists will work for specific computer on local network?

example:

tommyboy180

Yes, if that computer is on a separate interface.

lhchia

use browser GC or MF to reinstall.

IP-Blocklist Version 3.5 released!

blocklists are saved on system to ease updates
Corrected issues with uninstall
available for pfsense 2.0

lhchia

i need to unblock facebook.com from iblock list.

i vi to usr/local/www/pakages/iblocklist/list/bt_level2.gz

del favebook inc: <ip address="">save / update

but squid still show block.

please guide.

many thanks</ip>

tommyboy180

@lhchia:

i need to unblock facebook.com from iblock list.

i vi to usr/local/www/pakages/iblocklist/list/bt_level2.gz

del favebook inc: <ip address="">save / update

but squid still show block.

please guide.

many thanks</ip>

Why not just create a whitelist with all Facebook IP's.