PfBlockerNG
-
However I cannot use it since the countrylists IPv4 are empty. What am I missing? :-)
Can you provide some more details? Screenshots etc…
-
Ok thank you.
Using clean install of pfSense-memstick-2.2-RELEASE and Pfblocker 1.02. Have been using the old Pfblocker without problems before.
I find nothing wrong in logs although I´m not sure where to find everything.
The countrylists top-20 spammers (jpeg5) are filled but not the other ones under tab Europe eg.Jonna
-
The countrylists top-20 spammers (jpeg5) are filled but not the other ones under tab Europe eg.
Thanks jonna99,
It seems that the Maxmind Files did not download? Thats why you see in the Continent pages
"Warning: Invalid Argument Supplied"
I can send you the command to update the MaxMind Database, but I would like to see if I can understand the circumstances that led to this issue for you? There is a log file called "geoip.log" in the Log Browser, can you PM me with those details.
-
(Edit: 2.2-RELEASE (amd64) pfBlockerNG 1.02)
I found a minor bug on the Alerts tab where the displayed rule is sometimes incorrect.
I've seen this a few times since yesterday (2 diff machines) and it seems to be displaying the rule from the previous entry.
If I get several entries in from the same list in-a-row and the 1st one is wrong, the subsequent ones are wrong too.
-
Hi LinuxTracker,
There seems to be a big spread of time between those Alerts. Could it be that you added the Asia Continent after Spamhaus was already downloaded?
Do you have enable "De-duplication" checked in the General tab?
I would suggest to clear the Firewall Log and execute a "Force Reload", this will refresh all of the databases and then see how it goes from there.
-
Make sure you dont have a rule like this on WAN
WEB-CLIENT csv file download request"; flow:to_server,established; content:"GET"; nocase; http_method; content:".csv"; nocase; http_uri;
Had one active and it prevented the download of maxmind country list in my first install…
F.
-
Sidebar: Doing a spotcheck, I found a popular SSL cert reseller is on a widely used blocklist.
As of this writing, the website for StartSSL is on SpamHaus's Don't Route Or Peer blocklist http://www.spamhaus.org/drop/.
www.startssl.com = 192.116.242.20 https://www.whatsmydns.net/#A/www.startssl.com
192.112.112.0/20 blocked by http://www.spamhaus.org/drop/drop.txt
Edit: I should clarify that this isn't an issue with pfBlockerNG.
It's just a reminder that reputable lists get conflicting data and there's no replacement for monitoring logs.and yes, I'm aware of Spamhause's heavy handed history.
-
Hi LinuxTracker,
There seems to be a big spread of time between those Alerts. Could it be that you added the Asia Continent after Spamhaus was already downloaded?
Do you have enable "De-duplication" checked in the General tab?
I would suggest to clear the Firewall Log and execute a "Force Reload", this will refresh all of the databases and then see how it goes from there.
I had some better examples where they all seemed to happen in a short time but I didn't screenshot them.
I'll follow up on your recommendations and post back if I see it happening again.
Thanks!
-
I recommend to everyone to enable "De-Duplication".
Scenario -
-
Country/Continents are Downloaded first. (No De-dup is needed as MaxMind reports Ranges per Country, so no overlap.)
-
As each subsequent Alias/List is downloaded, it will not add any IPs that are already being blocked by an existing Continent List.
When changes are made like "De-Dup or Reputation, or the removal of a Continent/Country or any Lists", I recommend that a "Force Reload" is executed. This will refresh the Database to the current settings.
-
-
NA country list is blocking my HE ipv6 tunnel. Tried suppression and changing order. Also tried de-selecting North America from the NA list. I have kept all countries to deny inbound.
Only way it works is by disabling NA country list entirely. Suggestions??
-
-
So I've downloaded pfblockerNG but cant find a tab to block the United States or North America which is only in response to the US announcing yesterday they will keep all non-US traffic for 5 years. I value my privacy so I'd rather not have anything to do with US sites after this announcement which will probably make surfing interesting to say the least.
So considering the number of CIDR's for the the US, would it be best to add them to Aliases and block via a firewall rule or use pfblockerng.
Do have to say it looks comprehensive which is good and certainly an improvement over earlier attempts to block IP's en mass.
-
So I've downloaded pfblockerNG but cant find a tab to block the United States or North America
Eeeeh?!
-
As a side note.., and a question..
Upgrading from version 1.01 to version 1.02 removed all my newly added pfBlockerNG rules from version 1.01.
Had to create them all again after the package update. Seeing that update 1.03 is available.. Will this also remove all my current pfBlockerNG rules?
Lots of manual labor..Anyway the new package is great!
-
Upgrading from version 1.01 to version 1.02 removed all my newly added pfBlockerNG rules from version 1.01.
Had to create them all again after the package update. Seeing that update 1.03 is available.. Will this also remove all my current pfBlockerNG rules?
Lots of manual labor.. -
Just to be clear: This post is not a personal attack at anybody.
Most of the problems as far as I can see where with user configuration errors. This isn't a fruity company's product. You DO actually need to configure it in order to run.
Choosing every single list on the planet without first understanding the basics is wrong.
Blocking by countries is wrong. Most web hosting "companies" (trust me, I know my competition better than they know themselves) are renting space in a "cheap-from-a-provider's POV" country (eg. US). Yes I do agree that the NSA is being run by criminals, and yes I do agree that most (all?) of them should be locked in cells with the door welded shut. Weigh in what you lose with what you get. Not arguing the "if you have nothing to hide, you have nothing to be afraid of" meme. I'm saying that by cutting off entire countries, you risk cutting off significant portion of the "good" part of the Internet as well. For a single user, who cares. For a provider, you will, trust me.
Spend 5 minutes (time it) going through the package's options before complaining that something doesn't work. There are cases where it is a genuine bug (eg PS tab not getting synced) and other times it's a specific issue to you (eg sync not working because of special characters in the password).Take care, and wait for the configuration guides before letting the beast out of the cage ;)
-
So I've downloaded pfblockerNG but cant find a tab to block the United States or North America
Eeeeh?!
So I've downloaded pfblockerNG but cant find a tab to block the United States or North America which is only in response to the US announcing yesterday they will keep all non-US traffic for 5 years. I value my privacy so I'd rather not have anything to do with US sites after this announcement which will probably make surfing interesting to say the least.
So considering the number of CIDR's for the the US, would it be best to add them to Aliases and block via a firewall rule or use pfblockerng.
Do have to say it looks comprehensive which is good and certainly an improvement over earlier attempts to block IP's en mass.
-
NA country list is blocking my HE ipv6 tunnel. Tried suppression and changing order. Also tried de-selecting North America from the NA list. I have kept all countries to deny inbound.
Only way it works is by disabling NA country list entirely. Suggestions??
Anyone?
-
So I've downloaded pfblockerNG but cant find a tab to block the United States or North America which is only in response to the US announcing yesterday they will keep all non-US traffic for 5 years. I value my privacy so I'd rather not have anything to do with US sites after this announcement which will probably make surfing interesting to say the least.
So considering the number of CIDR's for the the US, would it be best to add them to Aliases and block via a firewall rule or use pfblockerng.
Do have to say it looks comprehensive which is good and certainly an improvement over earlier attempts to block IP's en mass.
hmmm, so does this mean you wont be accessing the forum anymore?
-
If its hosted in the US, then yes that will be the case, is it as I've not looked yet, I thought this was Canadian a business?