PfBlocker

marcelloc

Can you please explain. Does this mean if one is using Squid and pfBlocker. A floating rule for Squid is need in order for Squid to use the lists used in pfBlocker?

Yes, read this topic.

http://forum.pfsense.org/index.php/topic,44479.0.html

taryezveb

@marcelloc:

Yes, read this topic.

http://forum.pfsense.org/index.php/topic,44479.0.html

Thanks, just read it but do not fully understand. Maybe once I add the floating rule(s), I will.

marcelloc

pfSense is a statefull firewall, so all rules are applied where connections begin.

Squid does not use LAN or WAN rules but localhost rules as it starts communications to web servers locally.

The only way to apply rules on localhost, is using floating rules.

This way squid wil not be able to connect to any China web site if firewall is blocking access to China's ips.

taryezveb

Thanks for that explanation, I understand it better :) But I'm still not sure how the floating rule(s) show be properly created.

Like this?:

Action: Reject
Interface: WAN
Direction: any
Protocol: any
Source: any
Destination: pfBlockerAliasname
Description: pfBlockerAliasname-Squid

Sorry if these are obvious questions.

marcelloc

Change interface to any and direction to out.

taryezveb

Ok, Thanks a lot for your help! :)

fsavoir

Hi,
I'm new to this list…. But great work on pfSense and all packages.
On my french install system pfBlocker never and any rules to firewall any tips? to track this down?
pfSense 2.0.1 and pfBlock 1.0.1

Thanks.

Fred

marcelloc

You need at least one firewall rule on interface you want to configure pfBlocker.

fsavoir

Hi,

Thanks for your reply… I did have the default rules...... Isn't enough ?
"

RFC 1918 networks * * * * * Block private networks
Reserved/not assigned by IANA * * * * * * Block bogon networks
"

Thanks.

Fred

marcelloc

Default rules are not saved on interface rules config XML.

Create a rule and then apply pfBlocker config.

fsavoir

Thanks again for your reply,

Could we be more specific? I need to add a rule in Firewall -> Rules then Lan or Wan ?

Such a dummy rules?

Thanks again.

Fred

marcelloc

Lan has a default rule, you will see pfBlocker rules there if you apply deny outbound action on your lists.

If you have no wan rules, you do not need deny inbound action on pfblocker lists as you are already blocking everything.

fsavoir

ok may be I don't explain well enough… But pfblocker never add any rules in any tabs (lan, wan, floating) of the firewall.
So even If I had one in floating ... then select turn on pfblocker and add top country spammers... always a red down arrow :( and no rules anywear.

So I think I'm missing something here :(

I even added a rules to myself in the Lan... Still Red arrow.

Again thanks.

Fred

fsavoir

OK fixed…
I had to add by adding a floating rules to myself.... then all top spammers list.... Then active the pfblocker package.
then it works .... Thanks again for your great support and SUPER COOL package.
Cheers,

Fred

fsavoir

Hi,

I'm wondering if you know how to make pfBlocker XMLRPC with Denyhost site ?
http://xmlrpc.denyhosts.net:9911

Thanks.

Fred

fsavoir

What is list format that pfBlocker could handle ? Like : P2P, DAT or CIDR ? in .gz, zip or txt ?

Thanks one more for your support.

Fred

marcelloc

address list could be in

p2p
cidr (recommended)
ipaddress

one per line

The web site that host this list could send list in txt(plain) format or compressed with gz

fsavoir

Thanks :)

Any info about : pfBlocker XMLRPC ?

Cheers,

F.

marcelloc

@fsavoir:

Thanks :)

Any info about : pfBlocker XMLRPC ?

Cheers,

F.

No integration with http://xmlrpc.denyhosts.net:9911 for now.

LinuxTracker

I'd like to offer up a copy of the Spam List I've been compiling for over a year.
I began compiling it for use in IPBlocklist (used with Country IP Blocks). It's now optimized for pfBlocker.

Here's the details/disclaimer:

505 CIDRs as of today.
Based on spams received at the mail servers I care for.
It's focused on US Spammers but includes CIDRs from some countries I couldn't block outright. Non-US CIDRs are noted.
3a) A few countries I eventually gave up on and just country blocked outright (ie Poland, Peru); so there may be some inconsistency.
I converted it to CIDR format 2 weeks ago. That took a long time (orig PG ranges were 1-254).
For each spam IP, I carefully examined it's host to determine the appropriate range.
5a) Criteria includes bot spams, dynIP ranges and scummy hosting companies.
5b) For a single IP, it may take 15+ minutes of careful research before I can decide what range to block.
I generally do 2-4 update sessions every month.
Use At Your Own Risk. I'd review it first for possible editing, if I were you.

I've broken the list up into 3 because it became unwieldy.
I've recently broken off corporate spam (ie: Linkedin, Constant Contact, exacttarget) into a fourth list. I prob still need to shift some IPs into it.

I thought Pastebin (Private link - 1 Month expiration) would be the most transparent option for publishing this.

SpamIPs_0-69 http://pastebin.com/MTds2fik
SpamIPs_70-179 http://pastebin.com/w0ZDtMym
SpamIPs_180-255 http://pastebin.com/QPi4PtMN
CorporateSpam http://pastebin.com/95xvHnk9

MODS: If this violates forum protocol, please delete the post and forgive me.
If a mod wants the constantly updated live url (.gz format), please PM me.
The update URL is under my personal domain so I can't otherwise distribute it. Sorry.

Thanks.

edit: added screencap - 8 Hours of spam hits - domain w/ ~10 email accounts.

pfCustomSpamList = 3 SpamIP lists above.