PfBlocker
-
Yeah I just noticed some of these lists run into the hundreds of thousands of tables. I am running an old clunky dell laptop from 2003-ish. With only 768 MB of RAM, and when I enabled more states into the 2 million range, RAM usage shot up and it started swapping.
I'm also running SNORT on top of this, so I'm going to need a gateway with more RAM.
It seems to be working without errors now, I've disabled and re-enabled PFblocker… after deleting all the large block lists.
I can now see the pFblocker "tables" under Diagnostics > Tables.
I also think some of these "debug" errors were due to logging being enabled, so if anybody else is still having issues, try disabling that. Where does this even log to anyways? I couldn't find where it was logging to in the console unless it was going directly to system logs.
Thank you very much!
-
FYI,
I'm running Level1, Level2, and Level3 on a system with only 256MB RAM. You don't need more RAM, just increase your Firewall Maximum Table Entries.
marcelloc,
Level1, Level2, and Level3 lists do have 'good' guys in the list but it's an Anti-P2P list. All the IPs have been involved in anti-P2P behavior. That's why I always run Level1 lists at a min. It's actually one of the main reasons why I made IP-Blocklist. -
I use dshield, drop, hijacked etc on Pfsense Box.
I use the level 1, badpeers, etc on Seed Box with PeerBlock.
-
I know it's quite off topic but 'Companies which anti-p2p activity has been seen from' for me means:
Companies that try to detect p2p users, so if you block it, they cant' find your p2p activity.Isn't better using this list to block torrent search like pirate bay?
-
I know it's quite off topic but 'Companies which anti-p2p activity has been seen from' for me means:
Companies that try to detect p2p users, so if you block it, they cant' find your p2p activity.Isn't better using this list to block torrent search like pirate bay?
We're talking about two different things here. This is a bit off topic so I won't go into much detail but basically…
-
If you don't want to get sued for downloading copyrighted material then you block Anti-P2P groups using Level1 among using many other protection techniques
-
If you want to prevent network users from using P2P then you implement Layer7 filtering
Blocking sites like TPB do nothing to prevent P2P traffic from using TPB's trackers. It's moot. That's why Level1 lists has all bad IPs.
I hope this clears it up. -
-
Is it possible to currently use host name block lists with PFblocker?
I'd like to include some known malware URL's. Can that be a feature in an upcoming version?
-
Is it possible to currently use host name block lists with PFblocker?
I'd like to include some known malware URL's. Can that be a feature in an upcoming version?
Host names resolve to IP addresses. You can create your own custom list to be used with pfblocker or try to find a list that meets your needs. There are literally hundreds of lists available for free so I would bet your list is already made for you. Start looking at iblocklist.com
-
I have a problem where the inbound block rule does not get created for the included country lists. I have been installing and testing packages so i have installed havp and snort and uninstalled them and then reinstalled them again, due to trying to identify a problem. Outbound rules can still be created and the alias for both inbound and outbound are fine. But when i select inbound rule deny on the country lists pages it does not create the rule. Even if i stop pfblocker and remove all the lists and readd and then enable pfblocker, it creates the alias and the outbound block but not the rules on wan.
edit: Ok I added a random rule with port 123 on wan and then readded then the lists appeared in the rules and when i changed another country list to inbound deny it showed up. So maybe it is just my rules are not refreshing right and is not related to pfblocker.
-
You need at least one rule created to pfBlocker work on selected interface.
-
Running 2.0-RELEASE (i386) built on Tue Sep 13 17:00:00 EDT 2011 Intel(R) Xeon(TM) CPU 3.06GHz w/ 3gb RAM.
Just loaded and reloaded pfBlocker and I'm finding that if I set outbound to be blocked to spamlist I can still get to India or Russia located sites. Any idea what I might need to do. I have my firewall maximum table entries at 500000.
Thanks.
-
Running 2.0-RELEASE (i386) built on Tue Sep 13 17:00:00 EDT 2011 Intel(R) Xeon(TM) CPU 3.06GHz w/ 3gb RAM.
Just loaded and reloaded pfBlocker and I'm finding that if I set outbound to be blocked to spamlist I can still get to India or Russia located sites. Any idea what I might need to do. I have my firewall maximum table entries at 500000.
Thanks.
What are the sites?
-
194.226.127.34 - http://eng.kremlin.ru
203.199.104.241 - http://www.airindia.inand http://www.prodisney.ru/index.php?page=clones.php
-
Running 2.0-RELEASE (i386) built on Tue Sep 13 17:00:00 EDT 2011 Intel(R) Xeon(TM) CPU 3.06GHz w/ 3gb RAM.
Just loaded and reloaded pfBlocker and I'm finding that if I set outbound to be blocked to spamlist I can still get to India or Russia located sites. Any idea what I might need to do. I have my firewall maximum table entries at 500000.
Thanks.
Are you blocking countries India and Russia or applying a spamlist from ipblocklist?
Enable pfblocker widget. there you can see alias package count hit.
-
I have the spamlist all selected; I was assuming that if the country is in there the entire country would be blocked. Am I wrong?
I will take a look at the widget today.
Thanks!
-
The default way to block spam is inbound as you do not want them to send email to you.
You can also change action to alias only and create a block rule only on inbound smtp connections.
-
If i enable the top spammers alias included in pfblocker on outbound those hostnames you specified are not accessible.
-
If i enable the top spammers alias included in pfblocker on outbound those hostnames you specified are not accessible.
Top spammers is just a shortcut for countries that send many spams.
The best way to block this is changing action to alias only and create an inbound rule denying smtp connections.
-
I chose alias only and set outbound and inbound block; I'm still getting to the sites. The one interesting thing is that before I chose the option block outbound this morning I had it set to block inbound yesterday before I went home and when I loaded the widget this morning it had some packets listed. It doesn't have anything listed right now… I may need to reboot the server; I'll try that later on today.
-
There is no need to reboot, all rules are applied when you save config.
try this:
-
select only one country
-
apply
-
got to diagnostics -> table
-
select alias you applied country
-
check if the websites ip is in any of network CIDRS listed
Just to be sure you understand how rules work.
inbound rules -> applied on source side of wan rules
outbound rules -> applied on destination side of lan rules
Floating rules -> apply rules to block pfsense to reach something -
-
I don't know what is happening, but I just put a specific rule in place of the pfBlocker and the Indian site is still not getting blocked; could it be due to squid?
Thanks!