IPv4 Full Bogons Option
-
How about an option to use IPv4 Full Bogons?
-
As an alternative you can create your own 'URL table' alias that is updated regularly and use that in your firewall rules. Current list of full IPv4 bogons is available from Team Cymru [1]
[1] http://www.team-cymru.org/Services/Bogons/fullbogons-ipv4.txt
-
Be aware that list also contains rfc1918 nets. That may be OK for most uses but we filter those out of our bogons file.
-
Here's what I did. Â Going around the bases.
1st
Created a new /etc/rc.Update_Bogons.sh script based on the original. Â This new script though is more parameter driven so that both the IPv4 and IPv6 bogons can be updated independently. Â Also made a few other enhancements such as not running indefinitely when failing to download bogon sources. Â And also able to work with sources which don't provide an md5 hash. Â Such as team-cymru.org.2nd
Modified /etc/crontab and /cf/conf/config.xml cron bogons section to run the new script once a day to update both IPv4 and IPv6 bogons data.3rd
Patched /usr/local/www/diag_tables.php to use the new script as well as add the download lastest bogon data button to the bogonsv6 table.Home
The attached Update_Bogons zip (remove txt extension) contains my crontab, rc.Update_Bogons.sh, config.xml bogons cron section, and patch file for diag_tables.phpPut quite a bit of time into this. Â Hope someone finds it useful.
Update – 11/20/2012 8:30 PM
Refactored the update bogons shell script (/etc/rc.Update_Bogons.sh) into subroutines.
Enhanced table update result logging to prefix each line instead of only the first line.
A few other minor corrections / enhancements. -
Update – 11/21/2012 10:05 PM
-
Better handling of sources which don't provide an md5 hash.
-
A few bug fixes.
-
Lots of code cleanup.
-
Added records count to diagnostics tables listings.
Attached patch file Update_Bogons.patch - 11/22/2012 9:10 PM
To apply patch: patch -F0 -N -p0 -i "./Update_Bogons.patch"Uploaded with a j-peg extension. Â Remove the .jpg extension from downloaded file.
-
-
Both are scrambled and not usable.
-
@ermal:
Both are scrambled and not usable.
Re-uploaded with a j-peg extension (.jpg) instead of text extension (.txt ). That should keep it from being modified (probably lf/cr conversion) by the system.
-
Update - 12/9/2012 12:20 PM PST
Changed to source full bogons lists from http://files.pfSense.org/lists/
A few fixesAttached patch file Update_Bogons.patch - 12/9/2012 12:20 PM PST
To apply patch: patch -F0 -N -p0 -i "./Update_Bogons.patch"Uploaded zip file with a j-peg extension. Â Remove the .jpg extension from downloaded file.
Example System Logs Output:
Dec 9 03:01:01 root: Bogons IPv4 Update: Starting up. Dec 9 03:01:01 root: Bogons IPv4 Update: Sleeping for 34589 seconds to disperse update downloads. . . . Dec 9 12:37:30 root: Bogons IPv4 Update: Beginning the update cycle. Dec 9 12:37:31 root: Bogons IPv4 Update: File downloaded http://files.pfsense.org/lists/fullbogons-ipv4.txt Dec 9 12:37:31 root: Bogons IPv4 Update: File downloaded http://files.pfsense.org/lists/fullbogons-ipv4.txt.md5 Dec 9 12:37:31 root: Bogons IPv4 Update: MD5 Hash Match. Dec 9 12:37:32 root: Bogons IPv4 Update: 9 addresses added. Dec 9 12:37:32 root: Bogons IPv4 Update: 11 addresses deleted. Dec 9 12:37:32 root: Bogons IPv4 Update: Ending the update cycle.
