PfBlocker

RonpfS

So I should have

on the LAN
Reject and log * * * pfBlockerWAN * * none pfBlockerWAN LAN - Outbound
on the
WAN Block and log * pfBlockerWAN * * * * none pfBlockerWAN WAN - Inbound

I see the widget Packet number changes ;o)

How do you block the pfsense box from accessing these aliases?

marcelloc

On floating rules, but it may not show in widget.

Floating rules are not impelmented in this version but you can apply pfBlocker alias on it.

RonpfS

I just created a rule on the Floating tab…. and the Packets blocked are updated in the widget ;D

However the rule

Reject and log * * * pfBlockerWAN * * none pfBlockerWAN Floating Outbound

disappeared in the Floating tab after a save in pfBlocker …..!!!

same thing with

pfBlockerWAN Floating
pf BlockerWAN Whatever

bummer :(

marcelloc

As I told you, floating rules are not implemented but i'll try the same test here and see what happens.

ghm

Hi,

ok, reinstalled on nanobsd and boot is much better. Got a new problem though: While the genaral and top spammers pages look good, I get the below instead of country lists for the others. Example below. Country.txt seems to load at install though, have also reinstalled package and rebooted - no change. Hence the drop down lists are missing.

Thanks!

![2011-11-11 15:00:45.png](/public/imported_attachments/1/2011-11-11 15:00:45.png)
![2011-11-11 15:00:45.png_thumb](/public/imported_attachments/1/2011-11-11 15:00:45.png_thumb)

marcelloc

The countryipblocks.net removed the lists :-[
I will point it to files.pfsense.

[b]EDIT

Just did it.

wait 15 minutes and reinstall package.

jimp

Probably should not have users directly pull those lists anyhow, but keep them local and update them periodically. I have a feeling that too many people accessing their systems automatically may have been part of their decision to shut the service down.

marcelloc

Yeah, I'm doing it now.

marcelloc

Just released version 0.1.4.6 with fixes in float rules check and about section in gui.

chpalmer

From Countryblocks site…

We have temporarily suspended certain services as our donation stream has suffered a significant decrease here in the fourth quarter. We are pursuing some other financing options to help us focus on providing you with our services. This temporary suspension may last a few hours or a few days. If you would like to help us expedite the process please consider making a donation to Country IP Blocks through the PayPal link (on their site)

tommyboy180

If you can, please donate to Country IP Blocks

Site: http://www.countryipblocks.net/

We need to support this site.

RonpfS

@marcelloc:

Just released version 0.1.4.6 with fixes in float rules check and about section in gui.

Reinstalled, Floating rules are still there after a pfBlocker save, great ::)
Counter updates when pinging from pfsense box.
Counter is reseted on firewall rule changes.

When I select loopback interface, where does it put the rules?

marcelloc

@RonpfS:

When I select loopback interface, where does it put the rules?

Nothing :)

As we only use pfsense's framework components, interface selection includes loopback.

If you select just loopback, pfBlocker send you a warning.

RonpfS

On reinstall we always get the Reload status missing alias error: php: : New alert found: # unresolvable dest aliases
This is because pfBlocker is disabled by default on install.

if you click ACKNOWLEDGE ALL in the Package Installer window, you ended up with:

Installation of  FAILED!
-------------------------
Installation halted.

Everything is fine and working after you enable pfBlocker.

marcelloc

@RonpfS:

On reinstall we always get the Reload status missing alias error: php: : New alert found: # unresolvable dest aliases

Please, remove custom alias before removing package.
pfBlocker is just doing what you asked him to do (do not touch my rules).

@RonpfS:

if you click ACKNOWLEDGE ALL in the Package Installer window, you ended up with:
Installation of  FAILED!
-------------------------
Installation halted.

when you click ACKNOWLEDGE ALL you reload the page, and then get a 'reinstallation' error.

This is not related to pfBlocker.

marcelloc

I've pushed a fix in cron call to check if pfBlocker is enabled or not.

if you have installed pfBlocker before now + 15 min, reinstall package.

RonpfS

Done.
Everything is running fine.

marcelloc

Great news, thanks for your feedback.

kilko

I'm running on Alix 2D13.
Installed pfSense-1.2.3-RELEASE-2g-nanobsd.img.gz on a 2GB card.
Version 2.0-RELEASE (i386) built on Tue Sep 13 18:02:53 EDT 2011
Platform nanobsd (2g)
CPU Type Geode(TM) Integrated Processor by AMD PCS
Uptime 31 days +

I'm running Peerblocker on a local windows xp machine.
Is is possible to have a stripped down pfsense server - to do the same job as peerblocker (http://www.peerblock.com/) ?
(it now has 2.301.808.963 IPs and counting..)

Or should I look else where ?

eri--

It seems that peerblocker is another thing and meant for windows.

Unless you convince a unix knowledgable to port it to unix i do not think you will have much success in that way.