Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    PfBlockerNG

    Scheduled Pinned Locked Moved pfBlockerNG
    1.2k Posts 210 Posters 1.8m Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • BBcan177B
      BBcan177 Moderator
      last edited by

      I will be submitting a Pull Request for the following :

      1. MaxMind files will be saved to the PBI folder which will make them persist after reboot. (for Nano / Ramdisk installs)

      2. MaxMind archive files in /var/db will be purged after installation to free up some memory.

      3. Add MaxMind "Anonymous Proxy and Satellite Providers".

      I think Digdug is suggesting to have the option of not installing the MaxMind database to free up some more space. I have an option in the General tab to skip downloading future MaxMind updates, but it doesn't delete the existing installed Files. I could create a function to clear them out but I also need to re-install the files if the user Un-checks this option.

      Also note that "Reputation" and the Alerts tab require the use of the GeoIP.dat and GeoIPv6.dat to function.

      "Experience is something you don't get until just after you need it."

      Website: http://pfBlockerNG.com
      Twitter: @BBcan177  #pfBlockerNG
      Reddit: https://www.reddit.com/r/pfBlockerNG/new/

      1 Reply Last reply Reply Quote 0
      • J
        JasonJoel
        last edited by

        @wcrowder:

        See:
        https://forum.pfsense.org/index.php?topic=86212.msg481358#msg481358

        Make sure you read this entire thread.

        In that thread it mentions 'look at the screenshot' a number of times, but I don't see a screenshot in the thread anywhere. I make the patch, it says it can be applied, but not reverted, so was going to double check settings to make sure I didn't do something stupid ion the patch definition…

        1 Reply Last reply Reply Quote 0
        • D
          doktornotor Banned
          last edited by

          1/ The screenshot shows just fine, fix your browser.
          2/ You obviously cannot revert patches that have not been applied.

          1 Reply Last reply Reply Quote 0
          • J
            JasonJoel
            last edited by

            Thanks. You are right, the screenshot was there. For some reason it took a LONG time to load though (I was on that page for >3 minutes before the screenshot actually appeared…).

            And, yeah, I should have realized it couldn't revert.

            I have it all installed, configured, and working now. Thanks all for the guidance.

            Thanks!

            1 Reply Last reply Reply Quote 0
            • R
              reggie14
              last edited by

              @marcelloc:

              The pull request needs to be merged by pfsense team before you can use it without any hacks.

              Mostly out of curiosity, what does this mean for where this package is in the release process?  That is, does the pfsense team do some testing before they merge it?  Or do they just do some sort of minimal sanity check through the code?

              1 Reply Last reply Reply Quote 0
              • W
                wcrowder
                last edited by

                If I understand correctly, they do an in-depth review of the code.  This being a "New" package with a large code base it can take a while. I believe it is in that process now. It is in the pfSense package repository but is waiting for this process to be completed. The "patch", I hate the word "Hack", just allows you to bypass the "compatibility check" to download the package from the pfSense repository before it has gone through this process. It is "Use at your own risk" at the moment. The review process is a good thing. We just have to be patient.

                @reggie14:

                @marcelloc:

                The pull request needs to be merged by pfsense team before you can use it without any hacks.

                Mostly out of curiosity, what does this mean for where this package is in the release process?  That is, does the pfsense team do some testing before they merge it?  Or do they just do some sort of minimal sanity check through the code?

                1 Reply Last reply Reply Quote 0
                • BBcan177B
                  BBcan177 Moderator
                  last edited by

                  @BBcan177:

                  I will be submitting a Pull Request for the following :

                  1. MaxMind files will be saved to the PBI folder which will make them persist after reboot. (for Nano / Ramdisk installs)

                  2. MaxMind archive files in /var/db will be purged after installation to free up some space.

                  3. Add MaxMind "Anonymous Proxy and Satellite Providers".

                  https://github.com/pfsense/pfsense-packages/pull/801

                  "Experience is something you don't get until just after you need it."

                  Website: http://pfBlockerNG.com
                  Twitter: @BBcan177  #pfBlockerNG
                  Reddit: https://www.reddit.com/r/pfBlockerNG/new/

                  1 Reply Last reply Reply Quote 0
                  • F
                    fragged
                    last edited by

                    Why do I occasionally see items on the "Permit" part of the Alerts tab when I have 0 permit rules?

                    
                    Permit   -   Last 5 Alert Entries.							
                    Date		IF	Rule			Proto		Source			Destination		CC	List
                    Feb 2 14:32:59	WAN	pfB_iBlockHijacked (98)	UDP	  	119.186.197.255: 16001	192.168.YY.X: 64284	CN	No Match
                    
                    

                    When I search my firewall log for the source, nothing pops up. I have logging enabled for all my pass/block/deny rules.

                    1 Reply Last reply Reply Quote 0
                    • swinnS
                      swinn
                      last edited by

                      When pfBlockerNG is enabled, any clients trying to sync with ntpd will fail 99% of the time. When disabled, the sync happens instantaneous. Using the old pfBlocker package, it works normally as well. I have eight IPv4 lists configured for deny inbound. I have the top 20 configured to be an alias which has a rule to block inbound on port 25. Then I have several countries configured for deny inbound. Inbound is set for my WAN. There is no blocking of outbound.

                      Is anyone else experiencing this?

                      1 Reply Last reply Reply Quote 0
                      • D
                        doktornotor Banned
                        last edited by

                        @fragged:

                        When I search my firewall log for the source, nothing pops up.

                        This is not logged to general firewall logs unless configured so (Global Enable Logging).

                        @swinn:

                        When pfBlockerNG is enabled, any clients trying to sync with ntpd will fail 99% of the time.
                        Is anyone else experiencing this?

                        No. Stop blocking your NTP servers.

                        1 Reply Last reply Reply Quote 0
                        • F
                          fragged
                          last edited by

                          @doktornotor:

                          @fragged:

                          When I search my firewall log for the source, nothing pops up.

                          This is not logged to general firewall logs unless configured so (Global Enable Logging).

                          Is also enabled.

                          1 Reply Last reply Reply Quote 0
                          • BBcan177B
                            BBcan177 Moderator
                            last edited by

                            @swinn:

                            When pfBlockerNG is enabled, any clients trying to sync with ntpd will fail 99% of the time

                            MaxMind Country Database is accurate now!  :) The old package had two years old Country Data.
                            I assume that the NTP server is in one of those Countries that you selected.

                            Look at the "Alerts" Tab, and find the IP that is being blocked. Then create a new "Permit Outbound" alias. You can add the IP to the Custom Text Box at the bottom of this new Alias. This is the recommended method to overcome blocking when "Country Blocking" is occuring.

                            For all other False Positives, use the Suppression method instead.

                            "Experience is something you don't get until just after you need it."

                            Website: http://pfBlockerNG.com
                            Twitter: @BBcan177  #pfBlockerNG
                            Reddit: https://www.reddit.com/r/pfBlockerNG/new/

                            1 Reply Last reply Reply Quote 0
                            • BBcan177B
                              BBcan177 Moderator
                              last edited by

                              @fragged:

                              Why do I occasionally see items on the "Permit" part of the Alerts tab when I have 0 permit rules?
                              When I search my firewall log for the source, nothing pops up. I have logging enabled for all my pass/block/deny rules.

                              I haven't seen this before. But let me know if its repeating…

                              "Experience is something you don't get until just after you need it."

                              Website: http://pfBlockerNG.com
                              Twitter: @BBcan177  #pfBlockerNG
                              Reddit: https://www.reddit.com/r/pfBlockerNG/new/

                              1 Reply Last reply Reply Quote 0
                              • D
                                doktornotor Banned
                                last edited by

                                @BBcan177:

                                Look at the "Alerts" Tab, and find the IP that is being blocked. Then create a new "Permit Outbound" alias. You can add the IP to the Custom Text Box at the bottom of this new Alias. This is the recommended method to overcome blocking when "Country Blocking" is occuring.

                                If you are using any of those *.pool.ntp.org things or whatever similar for NTP, you really need some alias with FQDNs for those, otherwise you'll be hunting IPs for quite some time.

                                1 Reply Last reply Reply Quote 0
                                • L
                                  LinuxTracker
                                  last edited by

                                  A couple of notes about my upgrade 1.0 -> 1.01 upgrade. (Xeon amd64 4GB RAM)

                                  My /var/db/aliastables/ were all wiped out.
                                  I followed the steps given by BBcan177 to set it right again -> https://forum.pfsense.org/index.php?topic=86212.msg484133#msg484133

                                  also - A curiosity
                                  The Maxmind AnonProxy A1 list in pfBlockerNG seems more accurate than the one on Maxmind's website.

                                  Example: This IP  63.141.198.54 is A1 (and is in pfBlockerNG).
                                  re: http://www.ip-tracker.org/locator/ip-lookup.php?ip=63.141.198.54
                                  re: https://www.iptomaps.com/country_block/12245

                                  but it isn't on Maxmind's web-list of A1 IPs
                                  https://www.maxmind.com/en/anonymous_proxies

                                  Just an oddity and a welcome one at that.

                                  1 Reply Last reply Reply Quote 0
                                  • marcellocM
                                    marcelloc
                                    last edited by

                                    The pull request is merged. Package is available on list.

                                    Treinamentos de Elite: http://sys-squad.com

                                    Help a community developer! ;D

                                    1 Reply Last reply Reply Quote 0
                                    • D
                                      doktornotor Banned
                                      last edited by

                                      @marcelloc:

                                      The pull request is merged. Package is available on list.

                                      1 Reply Last reply Reply Quote 0
                                      • BBcan177B
                                        BBcan177 Moderator
                                        last edited by

                                        @LinuxTracker:

                                        A curiosity
                                        The Maxmind AnonProxy A1 list in pfBlockerNG seems more accurate than the one on Maxmind's website.

                                        Example: This IP  63.141.198.54 is A1 (and is in pfBlockerNG)
                                        but it isn't on Maxmind's web-list of A1 IPs
                                        https://www.maxmind.com/en/anonymous_proxies

                                        I think as this is a "Free" service, that they don't update the Web Site so frequently. The Database is updated the First Tuesday of each month, but I have noticed that it can change before that time.

                                        I checked the Maxmind Database file and it is listed there.

                                        GeoIPCountryWhois.csv:"63.141.198.0","63.141.199.255","1066255872","1066256383","A1","Anonymous Proxy"

                                        "Experience is something you don't get until just after you need it."

                                        Website: http://pfBlockerNG.com
                                        Twitter: @BBcan177  #pfBlockerNG
                                        Reddit: https://www.reddit.com/r/pfBlockerNG/new/

                                        1 Reply Last reply Reply Quote 0
                                        • BBcan177B
                                          BBcan177 Moderator
                                          last edited by

                                          @doktornotor:

                                          @marcelloc:

                                          The pull request is merged. Package is available on list.

                                          Yes this pic is worth repeating as I am buying the next Round! Just don't expect me to be in any position to fix any bugs tomorrow!  ;D

                                          I have hammered at this package with my troop of loyal Beta Testers (just over 25 of them)… A really big Thanks to those Guys for really helping put the package thru real world testing. Any bugs you guys do find, let me know and I"m sure we can get them resolved. You Beta Testers are the Salt of the Earth kinda guys... Just what Open Source is all about. Hope you guys like the package. Its been fun!

                                          "Experience is something you don't get until just after you need it."

                                          Website: http://pfBlockerNG.com
                                          Twitter: @BBcan177  #pfBlockerNG
                                          Reddit: https://www.reddit.com/r/pfBlockerNG/new/

                                          1 Reply Last reply Reply Quote 0
                                          • S
                                            samham
                                            last edited by

                                            great news!!! thank you BBcan177 and everyone else who worked on this great package.

                                            1 Reply Last reply Reply Quote 0
                                            • First post
                                              Last post
                                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.