Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    PfBlockerNG

    Scheduled Pinned Locked Moved pfBlockerNG
    1.2k Posts 210 Posters 1.8m Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • BBcan177B
      BBcan177 Moderator
      last edited by

      @Topper727:

      They are not standard like CIDR or IP lists.  That would be amazing.

      Yes DNSBL is already designed to handle domain names. Take a look at the Link in the post above. I have the most common formats already working, I have played with AdBlock plus list about a month ago, but put it aside for now, as it's in a non-standard format. I want to get the key parts of the code working first before spending more time on this AdBlock feature.. But it is on to todo list. So this will be released in v2.0 of pfBNG.

      Wonder if there could be history little long in the widget on home page so you can refresh screen and not zero out all the hits blocked? Maybe option for how long you want to keep or clear each time refresh for those that like that.

      The widget counts are "0" when the filter_reload is executed. So the design pfBNG is to only clear the widget when there are rules changes. So if the rules remain static, the widget counts will continue to increase without being cleared… This is the design of pfctl as that is where the counts are queried from.

      The Alerts page also maybe could have some range of days you would like to see. Maybe the widget has direct link to that page with the logs link you have

      The Alerts tab is not the place to handle queries of that nature. The best would be to send the logs to a remote syslog server for further analysis and correlation.  The Alerts Tab references the pfSense Firewall log, which in itself doesn't hold data for very long.

      "Experience is something you don't get until just after you need it."

      Website: http://pfBlockerNG.com
      Twitter: @BBcan177  #pfBlockerNG
      Reddit: https://www.reddit.com/r/pfBlockerNG/new/

      1 Reply Last reply Reply Quote 0
      • M
        MediocreFred
        last edited by

        @BBcan177:

        So I expect that I will release DNSBL in v2.0. I also expect to have easylist AdBlock plus integrated into the pkg. It won't have all of those features, but it will pull all of the AdBlock domains for blocking.

        ::drool…

        Your teaser screenshots with DNSBL look pretty darn perfect! Go ahead and roll it into v1.0 and we can deal with any reported bugs later :)

        Or, can you release the DNSBL version - in its current state - as a beta package?

        1 Reply Last reply Reply Quote 0
        • L
          LinuxTracker
          last edited by

          BBcan177, when time allows, consider adding MaxMind's Anonymous Proxy and Satellite "countries".

          I'm not sure where in the GUI to shoehorn them in.
          Anonymous Proxy might be worth replacing someone in the top 20.  Satellite - not a good fit there.

          It'd be sort of cool to have an option to auto-generate a couple of lists in the IPv4 section.
          That's just a serving suggestion. I know you have plenty of code to manage already.

          and
          I can't thank you enough for NG.
          and
          I hope marcelloc already knows how much he is appreciated.

          1 Reply Last reply Reply Quote 0
          • W
            wcrowder
            last edited by

            I believe the Satelite and Anonymous Proxy lists are included in the lists BB sent out to the testers. Here is Anonymous Proxy's, set it to HTML.

            https://www.maxmind.com/en/anonymous_proxies

            @LinuxTracker:

            BBcan177, when time allows, consider adding MaxMind's Anonymous Proxy and Satellite "countries".

            I'm not sure where in the GUI to shoehorn them in.
            Anonymous Proxy might be worth replacing someone in the top 20.  Satellite - not a good fit there.

            It'd be sort of cool to have an option to auto-generate a couple of lists in the IPv4 section.
            That's just a serving suggestion. I know you have plenty of code to manage already.

            and
            I can't thank you enough for NG.
            and
            I hope marcelloc already knows how much he is appreciated.

            1 Reply Last reply Reply Quote 0
            • BBcan177B
              BBcan177 Moderator
              last edited by

              @LinuxTracker:

              BBcan177, when time allows, consider adding MaxMind's Anonymous Proxy and Satellite "countries".

              Thanks _LinuxTracke_r… I had this on my todo list.. But got sidetracked  ;)

              Here is a screenshot of the new "Proxy and Satellite" Tab. Once I get it tested, I will submit a PR for the changes.
              In the meantime, the URL that wcrowder sent will suffice for the Maxmind Proxy List.

              On another note, You can create custom Aliases for Country/Continents. All of the Countries/Continent Files are in /var/db/pfblockerng/cc folder. These can be individually used as "Localfiles" in the URL field.

              "Experience is something you don't get until just after you need it."

              Website: http://pfBlockerNG.com
              Twitter: @BBcan177  #pfBlockerNG
              Reddit: https://www.reddit.com/r/pfBlockerNG/new/

              1 Reply Last reply Reply Quote 0
              • T
                Topper727
                last edited by

                Amazing what this is becoming.  If ever package had this support and dedication Pfsense would jump new levels in users I am sure

                Dell 2950 g3 server
                Intel(R) Xeon(R) CPU E5430 @ 2.66GHz
                Current: 2000 MHz, Max: 2667 MHz
                8 CPUs: 2 package(s) x 4 core(s)
                8152 MiB and 600meg 10k drive
                Pfsense 2.4 .. Hoping to get the phpvirtualbox going again.

                1 Reply Last reply Reply Quote 0
                • S
                  Supermule Banned
                  last edited by

                  And it was Tom Schaefer that did the first countryblock package ;)

                  Marcello turned it into pfblocker and BBcan17 evolved it into what we see today and we love it!

                  1 Reply Last reply Reply Quote 0
                  • H
                    Hugovsky
                    last edited by

                    I'm using them since the beginning and in several installs. Big thanks to all that helped especially Tom Schaefer, Marcello and BBcan17.

                    1 Reply Last reply Reply Quote 0
                    • S
                      samham
                      last edited by

                      I have the package installed and configured but it doesn't seemto be working. I have PFblocker installed but the I checked the box to disable checking, any suggestions?

                      pfNG.PNG
                      pfNG.PNG_thumb

                      1 Reply Last reply Reply Quote 0
                      • marcellocM
                        marcelloc
                        last edited by

                        @samham:

                        I have the package installed and configured but it doesn't seemto be working. I have PFblocker installed but the I checked the box to disable checking, any suggestions?

                        Looks like you have no list enabled or no hint on rules???

                        Treinamentos de Elite: http://sys-squad.com

                        Help a community developer! ;D

                        1 Reply Last reply Reply Quote 0
                        • F
                          fragged
                          last edited by

                          @marcelloc:

                          @samham:

                          I have the package installed and configured but it doesn't seemto be working. I have PFblocker installed but the I checked the box to disable checking, any suggestions?

                          Looks like you have no list enabled ???

                          Or downloaded (?). I believe the new package doesn't download lists every time you click save on the edit/add list page.

                          1 Reply Last reply Reply Quote 0
                          • marcellocM
                            marcelloc
                            last edited by

                            Did you applied(force update) after selecting countries for example?

                            Treinamentos de Elite: http://sys-squad.com

                            Help a community developer! ;D

                            1 Reply Last reply Reply Quote 0
                            • S
                              samham
                              last edited by

                              many thanks marcelloc that did it.

                              1 Reply Last reply Reply Quote 0
                              • M
                                messerchmidt
                                last edited by

                                is this available to the public yet?

                                1 Reply Last reply Reply Quote 0
                                • BBcan177B
                                  BBcan177 Moderator
                                  last edited by

                                  @fragged:

                                  I believe the new package doesn't download lists every time you click save on the edit/add list page.

                                  Yes this is  'by Design'.  The process is single threaded, to ensure that only one process at a time updates the files. Allowing the possibility of pressing "Save" at the same time as "Cron" is running or expected to run, can cause data corruption. So when you press "save" it will just save the settings.

                                  The "Update" tab has a "Force Update" icon which will disable the Cron event and execute the download process. If Cron is active, it will not let you bypass that event, until its completed. You are able to see the complete Download process in the Update Window.

                                  Any errors will be recorded there, so debugging is fairly straight forward.

                                  You are also able to view the  pfblockerng.log  and  error.log  in the Log Browser Tab.

                                  "Experience is something you don't get until just after you need it."

                                  Website: http://pfBlockerNG.com
                                  Twitter: @BBcan177  #pfBlockerNG
                                  Reddit: https://www.reddit.com/r/pfBlockerNG/new/

                                  1 Reply Last reply Reply Quote 0
                                  • marcellocM
                                    marcelloc
                                    last edited by

                                    Pull request sent  :)

                                    Treinamentos de Elite: http://sys-squad.com

                                    Help a community developer! ;D

                                    1 Reply Last reply Reply Quote 0
                                    • BBcan177B
                                      BBcan177 Moderator
                                      last edited by

                                      For those of you that followed the bypass to install the Package, please follow these suggestions:

                                      1. Enable "Keep Settings" in the pfBlockerNG General Tab. On a Re-install, the first step is a De-Install of the package. So without enabling this setting, you will lose all configured settings on a "Re-Install".

                                      So please ensure that this is "Checked". You will need to hit "Save" to have it apply!!

                                      1. There is a v1.0 of pfBlockerNG Posted with a minor revision for an IBlock issue. I believe you will need to ensure that the bypass method used on the first Install, is activated before proceeding with the Update or the Re-Install will FAIL.

                                      Please ensure you Backup as always before proceeding with any Updates.

                                      "Experience is something you don't get until just after you need it."

                                      Website: http://pfBlockerNG.com
                                      Twitter: @BBcan177  #pfBlockerNG
                                      Reddit: https://www.reddit.com/r/pfBlockerNG/new/

                                      1 Reply Last reply Reply Quote 0
                                      • S
                                        samham
                                        last edited by

                                        I don't see the package listed yet!!!

                                        1 Reply Last reply Reply Quote 0
                                        • BBcan177B
                                          BBcan177 Moderator
                                          last edited by

                                          @samham:

                                          I don't see the package listed yet!!!

                                          Its not Official Yet.. I was referring to those Users who followed the Bypass methods in this thread to get it Installed.

                                          "Experience is something you don't get until just after you need it."

                                          Website: http://pfBlockerNG.com
                                          Twitter: @BBcan177  #pfBlockerNG
                                          Reddit: https://www.reddit.com/r/pfBlockerNG/new/

                                          1 Reply Last reply Reply Quote 0
                                          • S
                                            samham
                                            last edited by

                                            marcelloc sent a pull request, I'm assuming it should be official shortly

                                            1 Reply Last reply Reply Quote 0
                                            • First post
                                              Last post
                                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.