PfBlocker
-
Is it possible to currently use host name block lists with PFblocker?
I'd like to include some known malware URL's. Can that be a feature in an upcoming version?
Host names resolve to IP addresses. You can create your own custom list to be used with pfblocker or try to find a list that meets your needs. There are literally hundreds of lists available for free so I would bet your list is already made for you. Start looking at iblocklist.com
-
I have a problem where the inbound block rule does not get created for the included country lists. I have been installing and testing packages so i have installed havp and snort and uninstalled them and then reinstalled them again, due to trying to identify a problem. Outbound rules can still be created and the alias for both inbound and outbound are fine. But when i select inbound rule deny on the country lists pages it does not create the rule. Even if i stop pfblocker and remove all the lists and readd and then enable pfblocker, it creates the alias and the outbound block but not the rules on wan.
edit: Ok I added a random rule with port 123 on wan and then readded then the lists appeared in the rules and when i changed another country list to inbound deny it showed up. So maybe it is just my rules are not refreshing right and is not related to pfblocker.
-
You need at least one rule created to pfBlocker work on selected interface.
-
Running 2.0-RELEASE (i386) built on Tue Sep 13 17:00:00 EDT 2011 Intel(R) Xeon(TM) CPU 3.06GHz w/ 3gb RAM.
Just loaded and reloaded pfBlocker and I'm finding that if I set outbound to be blocked to spamlist I can still get to India or Russia located sites. Any idea what I might need to do. I have my firewall maximum table entries at 500000.
Thanks.
-
Running 2.0-RELEASE (i386) built on Tue Sep 13 17:00:00 EDT 2011 Intel(R) Xeon(TM) CPU 3.06GHz w/ 3gb RAM.
Just loaded and reloaded pfBlocker and I'm finding that if I set outbound to be blocked to spamlist I can still get to India or Russia located sites. Any idea what I might need to do. I have my firewall maximum table entries at 500000.
Thanks.
What are the sites?
-
194.226.127.34 - http://eng.kremlin.ru
203.199.104.241 - http://www.airindia.inand http://www.prodisney.ru/index.php?page=clones.php
-
Running 2.0-RELEASE (i386) built on Tue Sep 13 17:00:00 EDT 2011 Intel(R) Xeon(TM) CPU 3.06GHz w/ 3gb RAM.
Just loaded and reloaded pfBlocker and I'm finding that if I set outbound to be blocked to spamlist I can still get to India or Russia located sites. Any idea what I might need to do. I have my firewall maximum table entries at 500000.
Thanks.
Are you blocking countries India and Russia or applying a spamlist from ipblocklist?
Enable pfblocker widget. there you can see alias package count hit.
-
I have the spamlist all selected; I was assuming that if the country is in there the entire country would be blocked. Am I wrong?
I will take a look at the widget today.
Thanks!
-
The default way to block spam is inbound as you do not want them to send email to you.
You can also change action to alias only and create a block rule only on inbound smtp connections.
-
If i enable the top spammers alias included in pfblocker on outbound those hostnames you specified are not accessible.
-
If i enable the top spammers alias included in pfblocker on outbound those hostnames you specified are not accessible.
Top spammers is just a shortcut for countries that send many spams.
The best way to block this is changing action to alias only and create an inbound rule denying smtp connections.
-
I chose alias only and set outbound and inbound block; I'm still getting to the sites. The one interesting thing is that before I chose the option block outbound this morning I had it set to block inbound yesterday before I went home and when I loaded the widget this morning it had some packets listed. It doesn't have anything listed right now… I may need to reboot the server; I'll try that later on today.
-
There is no need to reboot, all rules are applied when you save config.
try this:
-
select only one country
-
apply
-
got to diagnostics -> table
-
select alias you applied country
-
check if the websites ip is in any of network CIDRS listed
Just to be sure you understand how rules work.
inbound rules -> applied on source side of wan rules
outbound rules -> applied on destination side of lan rules
Floating rules -> apply rules to block pfsense to reach something -
-
I don't know what is happening, but I just put a specific rule in place of the pfBlocker and the Indian site is still not getting blocked; could it be due to squid?
Thanks!
-
I don't know what is happening, but I just put a specific rule in place of the pfBlocker and the Indian site is still not getting blocked; could it be due to squid?
Thanks!Finally an answer. It's squid. :)
Create the same rule on floating rules.
Squid goes to internet using localhost, so lan rules will not match any squid access.
-
Okay, so question… do I need to have both WAN and LAN selected in the floating rule? I had just one and things seemed to still go through; with both the sites were blocked. I guess it could be that it's cached on my pc here, but I am getting things blocked on another pc with just LAN selected.
Thanks for your help marcelloc!
-
Well, it's time for first release.
pfblocker 1.0 is out. No changes from last beta version.
-
Congratulations! Excellent work marcelloc!
-
Another question… am I supposed to see numbers in the packets column? Mine are blank... Thanks.
-
Another question… am I supposed to see numbers in the packets column? Mine are blank... Thanks.
Numbers will appear only when you have applied rules to aliases pfBlocker creates.
Also post pfsense version and hardware used.