PfBlockerNG
-
They are not standard like CIDR or IP lists. That would be amazing.
Yes DNSBL is already designed to handle domain names. Take a look at the Link in the post above. I have the most common formats already working, I have played with AdBlock plus list about a month ago, but put it aside for now, as it's in a non-standard format. I want to get the key parts of the code working first before spending more time on this AdBlock feature.. But it is on to todo list. So this will be released in v2.0 of pfBNG.
Wonder if there could be history little long in the widget on home page so you can refresh screen and not zero out all the hits blocked? Maybe option for how long you want to keep or clear each time refresh for those that like that.
The widget counts are "0" when the filter_reload is executed. So the design pfBNG is to only clear the widget when there are rules changes. So if the rules remain static, the widget counts will continue to increase without being cleared… This is the design of pfctl as that is where the counts are queried from.
The Alerts page also maybe could have some range of days you would like to see. Maybe the widget has direct link to that page with the logs link you have
The Alerts tab is not the place to handle queries of that nature. The best would be to send the logs to a remote syslog server for further analysis and correlation. The Alerts Tab references the pfSense Firewall log, which in itself doesn't hold data for very long.
-
So I expect that I will release DNSBL in v2.0. I also expect to have easylist AdBlock plus integrated into the pkg. It won't have all of those features, but it will pull all of the AdBlock domains for blocking.
::drool…
Your teaser screenshots with DNSBL look pretty darn perfect! Go ahead and roll it into v1.0 and we can deal with any reported bugs later :)
Or, can you release the DNSBL version - in its current state - as a beta package?
-
BBcan177, when time allows, consider adding MaxMind's Anonymous Proxy and Satellite "countries".
I'm not sure where in the GUI to shoehorn them in.
Anonymous Proxy might be worth replacing someone in the top 20. Satellite - not a good fit there.It'd be sort of cool to have an option to auto-generate a couple of lists in the IPv4 section.
That's just a serving suggestion. I know you have plenty of code to manage already.and
I can't thank you enough for NG.
and
I hope marcelloc already knows how much he is appreciated. -
I believe the Satelite and Anonymous Proxy lists are included in the lists BB sent out to the testers. Here is Anonymous Proxy's, set it to HTML.
https://www.maxmind.com/en/anonymous_proxies
BBcan177, when time allows, consider adding MaxMind's Anonymous Proxy and Satellite "countries".
I'm not sure where in the GUI to shoehorn them in.
Anonymous Proxy might be worth replacing someone in the top 20. Satellite - not a good fit there.It'd be sort of cool to have an option to auto-generate a couple of lists in the IPv4 section.
That's just a serving suggestion. I know you have plenty of code to manage already.and
I can't thank you enough for NG.
and
I hope marcelloc already knows how much he is appreciated. -
BBcan177, when time allows, consider adding MaxMind's Anonymous Proxy and Satellite "countries".
Thanks _LinuxTracke_r… I had this on my todo list.. But got sidetracked ;)
Here is a screenshot of the new "Proxy and Satellite" Tab. Once I get it tested, I will submit a PR for the changes.
In the meantime, the URL that wcrowder sent will suffice for the Maxmind Proxy List.On another note, You can create custom Aliases for Country/Continents. All of the Countries/Continent Files are in /var/db/pfblockerng/cc folder. These can be individually used as "Localfiles" in the URL field.
-
Amazing what this is becoming. If ever package had this support and dedication Pfsense would jump new levels in users I am sure
-
And it was Tom Schaefer that did the first countryblock package ;)
Marcello turned it into pfblocker and BBcan17 evolved it into what we see today and we love it!
-
I'm using them since the beginning and in several installs. Big thanks to all that helped especially Tom Schaefer, Marcello and BBcan17.
-
I have the package installed and configured but it doesn't seemto be working. I have PFblocker installed but the I checked the box to disable checking, any suggestions?
-
I have the package installed and configured but it doesn't seemto be working. I have PFblocker installed but the I checked the box to disable checking, any suggestions?
Looks like you have no list enabled or no hint on rules???
-
I have the package installed and configured but it doesn't seemto be working. I have PFblocker installed but the I checked the box to disable checking, any suggestions?
Looks like you have no list enabled ???
Or downloaded (?). I believe the new package doesn't download lists every time you click save on the edit/add list page.
-
Did you applied(force update) after selecting countries for example?
-
many thanks marcelloc that did it.
-
is this available to the public yet?
-
I believe the new package doesn't download lists every time you click save on the edit/add list page.
Yes this is 'by Design'. The process is single threaded, to ensure that only one process at a time updates the files. Allowing the possibility of pressing "Save" at the same time as "Cron" is running or expected to run, can cause data corruption. So when you press "save" it will just save the settings.
The "Update" tab has a "Force Update" icon which will disable the Cron event and execute the download process. If Cron is active, it will not let you bypass that event, until its completed. You are able to see the complete Download process in the Update Window.
Any errors will be recorded there, so debugging is fairly straight forward.
You are also able to view the pfblockerng.log and error.log in the Log Browser Tab.
-
-
For those of you that followed the bypass to install the Package, please follow these suggestions:
- Enable "Keep Settings" in the pfBlockerNG General Tab. On a Re-install, the first step is a De-Install of the package. So without enabling this setting, you will lose all configured settings on a "Re-Install".
So please ensure that this is "Checked". You will need to hit "Save" to have it apply!!
- There is a v1.0 of pfBlockerNG Posted with a minor revision for an IBlock issue. I believe you will need to ensure that the bypass method used on the first Install, is activated before proceeding with the Update or the Re-Install will FAIL.
Please ensure you Backup as always before proceeding with any Updates.
-
I don't see the package listed yet!!!
-
I don't see the package listed yet!!!
Its not Official Yet.. I was referring to those Users who followed the Bypass methods in this thread to get it Installed.
-
marcelloc sent a pull request, I'm assuming it should be official shortly
