PfBlocker
-
Crash report begins. Anonymous machine information: amd64 8.3-RELEASE-p7 FreeBSD 8.3-RELEASE-p7 #1: Thu Apr 4 13:16:33 EDT 2013 root@snapshots-8_3-amd64.builders.pfsense.org:/usr/obj.pfSense/usr/pfSensesrc/src/sys/pfSense_SMP.8 Crash report details: PHP Errors: in /usr/local/pkg/pfblocker.inc on line 262 in /usr/local/pkg/pfblocker.inc on line 262 in /usr/local/pkg/pfblocker.inc on line 262 in /usr/local/pkg/pfblocker.inc on line 262 in /usr/local/pkg/pfblocker.inc on line 262I keep getting this error report all the time on 2.1 for the past month or so. Nothing interesting going on in the system log.
I've had the same issue for the past couple of months. I haven't dug deeper to see if it causing any problems
-
New to pfblocker had used country blocker earlier before moving to untangle.
New to software routers although have been running a untangle box for some time, but I wanted the flexibility of routing with pfsense and filtering with Untangle in Bridge mode. Also I wanted squid for web caching as it's paid option in Untangle so I have them working in ESXI and virtual box. The performance is much better in esxi though.
The problem I have with pfblocker is that I can't block on inbound the default without selecting block on both. The rule in the firewall just doesn't appear and the dashboard widget just displays a red down arrow. Which I take as not on.
The only way to get some of the functionality is either block both or permit outbound. Please could someone clarify exactly what "permit outbound" this means.
1/ Does this as I have read, allow user to get to sites on the list, but block incoming traffic by default?
2/ Any ideas why I can't block inbound traffic without selecting both. I have it set on Wan inbound and Lan outbound?
3/ With one of the list an ads one. With block both it actually stops my email service. I can see the IP in the list. Is there a way to whitelist that IP to allow?
Because of my lack of understanding of this package. Should I just resort back to the country block part and forego the lists?
Probably a question to myself the last one, but if it protects then it would be a nice feature to use.
Lists I am using Level1, Level2, Level3 Ads, Edu, Spyware, Hacked and Dshield and top spammers.
Any advice would be appreciated :)
-
pfBlocker doesn't add any inbound rules for interfaces with no allow rules as there's a default deny all rule in place.
-
I meant when selecting pfblocker I cant use block inbound the default as stated on the page without the dashboard widget showing down and the firewall rules showing nothing there also. The only way I can get any thing working is block both inbound and outbound and Permit outbound.
The packets are they attempts? The ad one seems to draw more traffic to the firewall especially in permit outbound. For the minute I have disabled pfblocker until I can understand it's workings.
-
The package simply adds firewall rules based on your settings. That's all. I have no idea how the widget works for the status arrows, but the numbers are blocked connections matching any IP in that particular list. You can enable logging for the pfBlocker rules to see what it does on the System -> Firewall log.
In short, check firewall rules and log instead of the widget for what is actually going on.
-
That's all. I have no idea how the widget works for the status arrows,
It ckecks based on description rules applied to rules, if you have an alias with no rules, it will show as down. If you have rules applied to aliases, then it will show up and get the couter hit from pf.
-
Does it mean it is working applying the deny inbound? As you said it doesn't count. I can only get it working with deny both and permit outbound. I am probably getting confused with the operation being quite new to this so forgive me if I ask a stupid question.
-
Does it mean it is working applying the deny inbound? As you said it doesn't count. I can only get it working with deny both and permit outbound. I am probably getting confused with the operation being quite new to this so forgive me if I ask a stupid question.
Do you have rules on wan interface? If not, then pfblocker does not create a deny rule as pfsense is already blocking all inbound traffic.
-
Hi,
is there the possiblility to make 2 alias rules for the same continent but different countries?
Or do i need to add custom country list ?best regards max
-
is there the possiblility to make 2 alias rules for the same continent but different countries?
Not on current version.Or do i need to add custom country list ?
It will be the best workaround for that.
-
Great package, but I hope someone can answer my question….
pfBlocker is working just fine, but seems to block legit sites such as github.com paypal.com. Not sure why these sites are blocked but I think they might be in some lists or countries I am blocking.
How can I somehow exclude these sites from being blocked by pfblocker? Im NO firewall guru and Im using pfsense's default firewall config.
There is an exclusion list in squidguard and a "whitelist" in snort so what can I do in pfblocker ???
Thanks!! -
@lpallard:
There is an exclusion list in squidguard and a "whitelist" in snort so what can I do in pfblocker ???
You can create an exception list and allow it on blocker.
or
Change pfblocker action to alias only and create you own rules and aliases the way you need.
-
[quote]You can create an exception list and allow it on blocker.[/quote] OK I figured out that you could create an exception list just as it was possible to create custom blocking lists.. But what confuses me is that these choices are the only ones available: [code]Note: 'Deny Both' - Will deny access on Both directions. 'Deny Inbound' - Will deny access from selected lists to your network. 'Deny Outbound' - Will deny access from your users to ip lists you selected to block. 'Permit Inbound' - Will allow access from selected lists to your network. 'Permit Outbound' - Will allow access from your users to ip lists you selected to block. 'Disabled' - Will just keep selection and do nothing to selected Lists. 'Alias Only' - Will create an alias with selected Lists to help custom rule assignments.[/code] Deny Both - I understand this will block the traffic TO & FROM the IP's so this is totally the opposite to what I want to do. Deny Inbound - Unless I dont understand, accessing websites requires both inbound & outbound so if I block incoming traffic, the sites wont work. Deny Outbound - Again unless I dont understand, accessing websites requires both inbound & outbound so if I block outgoing traffic, the sites wont work. Disabled - Useless for my scenario.. Alias Only - I have no clue about this one. Will read some documentation soon, or better maybe buy the pfsense book. So I am left with only these two options but each of them does only half of the job, that is, allow traffic in either direction. So to combine them, do I need to duplicate my list, in one of them I select Permit outbound, and the other one I select permit inbound? Permit Inbound Permit Outbound Shouldnt the choice Permit both be present in the dropdown list?? -
Hi,
traxxus has suggested moving pfblocker old country lists to one free list http://www.ipdeny.com/ipblocks/
I can do it on my free time but if somebody needs it faster, consider donating to speed up new package versions.
att,
Marcello Coutinho -
Hello,
I have had two routers running pfBlocker that, when booted after a power outage, all inside hosts have lost internet access after the router came back up.
I can reproduce this on a test router, so far with the following conditions:
pfSense nanobsd version 2.0.3
pfBlocker version 1.0.2
WAN: Static IP
Gateway monitoring: disabledIf the internet connection to the router is severed before bootup (without losing link light), then no traffic from the inside is allowed to go through the router (even if internet connectivity is restored to the router after bootup). An attempted connection to yahoo.com looks like:
tcp 98.139.183.24:80 <- 192.168.1.100:51349 CLOSED:SYN_SENT
tcp 192.168.1.100:51349 -> 98.139.183.24:80 SYN_SENT:CLOSEDNo traffic from the inside is shown as being blocked in the firewall logs.
The following is logged on bootup:
Jun 3 09:45:37 php: : The command '/usr/bin/fetch -T 5 -q -o '/var/db/aliastables/pfBlockerTopSpammers.txt.tmp' 'https://127.0.0.1:443/pfblocker.php?pfb=pfBlockerTopSpammers'' returned exit code '1', the output was 'fetch: transfer timed out'
Jun 3 09:45:32 php: : The command '/usr/bin/fetch -T 5 -q -o '/var/db/aliastables/pfBlockerSouthAmerica.txt.tmp' 'https://127.0.0.1:443/pfblocker.php?pfb=pfBlockerSouthAmerica'' returned exit code '1', the output was 'fetch: transfer timed out'
Jun 3 09:45:27 php: : The command '/usr/bin/fetch -T 5 -q -o '/var/db/aliastables/pfBlockerAsia.txt.tmp' 'https://127.0.0.1:443/pfblocker.php?pfb=pfBlockerAsia'' returned exit code '1', the output was 'fetch: transfer timed out'
Jun 3 09:45:22 php: : The command '/usr/bin/fetch -T 5 -q -o '/var/db/aliastables/pfBlockerAfrica.txt.tmp' 'https://127.0.0.1:443/pfblocker.php?pfb=pfBlockerAfrica'' returned exit code '1', the output was 'fetch: transfer timed out'
Jun 3 09:49:21 php: : Restarting/Starting all packages.
Jun 3 09:49:21 php: : No pfBlocker action during boot process.
Jun 3 09:49:21 php: : No pfBlocker action during boot process.
Jun 3 09:49:21 php: : No pfBlocker action during boot process.
Jun 3 09:49:21 php: : No pfBlocker action during boot process. -
I can't get pfblocker to load this list doc.emergingthreats.net/pub/Main/RussianBusinessNetwork/RussianBusinessNetworkIPs.txt
Has anyone used this list before?
-
I recently added new lists in pfblocker. Immediately, pfsense started displaying errors in yellow at the top of the window:
[filter_load]There were error(s) loading the rules: /tmp/rules.debug:151: macro pfBlockerpfblockerallowed not defined/tmp/rules.debug:151: syntax error /tmp/rules.debug:159: macro pfBlockeresurveillance not defined/tmp/rules.debug:159: syntax error /tmp/rules.debug:160: macro pfBlockerdropedrop not defined /tmp/rules.debug:162: macro pfBlockerlevel1 not defined/tmp/rules.debug:162: syntax error /tmp/rules.debug:172: macro pfBlockeresurveillance not defined/tmp/rules.debug:172: syntax error /tmp/rules.debug:173: macro pfBlockerdropedrop not defined/tmp/rules.debug:175: macro pfBlockerlevel1 not defined /tmp/rules.debug:175: syntax errorpfctl: Syntax error in config file: pf rules not loaded The line in question reads [151]: pass in log quick on $WAN reply-to ( re0 WAN-IP ) from $pfBlockerpfblockerallowed to any keep state label USER_RULE: pfBlockerpfblockerallowed auto ruleWhat happens?
-
@lpallard:
What happens?
Maybe something with the list that pfblocker code could not detect or get around.
-
@lpallard:
What happens?
Maybe something with the list that pfblocker code could not detect or get around.
Do you need something specific to help debugging? Logs?
I didnt do anything out of the ordinary so I think this shouldnt happen unless the package was in beta stage which is not. -
Did you removed pfblocker lists before deleting custom firewall rules?
pf is complaining about 4 missing aliases.
