PfBlockerNG

Topper727

Ok just to let everyone know that I tried his lists and found that same error. There is something wrong with fetching of list.  I can download gz lists if I use browser to get it.  It looks legit inside

Example from file
1.0.128.0/17
1.0.192.0/18
1.1.128.0/17
1.2.128.0/17
1.9.0.0/16
1.20.128.0/17
1.27.1.231/32
1.27.100.88/32
1.34.0.0/16
1.36.71.108/32
1.36.79.146/32
1.48.0.0/16
1.50.0.0/16
1.54.224.0/20
1.56.44.42/32
1.56.122.145/32
1.56.145.114/32

I do not get his Header problem he sees but I get

[ Sigantiinfringement ] Downloading New File

[ pfB_sigmaprojects Sigantiinfringement ] Download FAIL [ 02/06/15 22:00:47 ]

[ Sigwebexploit ] Downloading New File

[ pfB_sigmaprojects Sigwebexploit ] Download FAIL [ 02/06/15 22:00:48 ]

[ Sigdshield ] Downloading New File

[ pfB_sigmaprojects Sigdshield ] Download FAIL [ 02/06/15 22:00:49 ]

I took the link and had Free Download manager try to get it and that worked.  FDM got the file no problem.

.png)
.png_thumb)

BBcan177

If the lists are gz format and in CIDR format, you need to select "gz_2".

However, these are not the best lists to use. It's best to use lists from the original provider.

Topper727

BBcan you the man.  That fixes them thanks.  GZ_2 format.  Maybe next update it can be smarter and know what to choose :p

McFuzz

Hi all,

So I got around to mimicking the setup i had in pfBlocker; I added all the lists and configured everything based on the way things used to be. However, my status widget just looks like this after a few hours:

With the old setup, I'd be able to see all the blocked packets. In pfBlocker, I had it set as deny inbound and WAN as both inbound/outbound interface…

Obviously the lists have loaded fine and firewall rules have been made as well but... what am I missing here?

Thanks!

Topper727

go to the update tab and view log .. send it here

Oh and send your list links here also please so I can try and see if that is problem too

McFuzz

My lists actually require a subscription… but nevertheless, here they are; username and password redacted:

http://list.iblocklist.com/?list=rynxmrknfjysesjtjlxy&fileformat=p2p&archiveformat=gz&username=yyyyyy&pin=xxxxxxx
http://list.iblocklist.com/?list=fruzekpkpzlmzozmuuhx&fileformat=p2p&archiveformat=gz&username=yyyyyy&pin=xxxxxxx
http://list.iblocklist.com/?list=ydxerpxkpcfqjaybcssw&fileformat=p2p&archiveformat=gz&username=yyyyyy&pin=xxxxxxx
http://list.iblocklist.com/?list=ijfqtofzixtwayqovmxn&fileformat=p2p&archiveformat=gz&username=yyyyyy&pin=xxxxxxx
http://list.iblocklist.com/?list=llvtlsjyoyiczbkjsxpf&fileformat=p2p&archiveformat=gz&username=yyyyyy&pin=xxxxxxx
http://list.iblocklist.com/?list=usrcshglbiilevmyfhse&fileformat=p2p&archiveformat=gz&username=yyyyyy&pin=xxxxxxx
http://list.iblocklist.com/?list=zbdlwrqkabxbcppvrnos&fileformat=p2p&archiveformat=gz&username=yyyyyy&pin=xxxxxxx
http://list.iblocklist.com/?list=lujdnbasfaaixitgmxpp&fileformat=p2p&archiveformat=gz&username=yyyyyy&pin=xxxxxxx
http://list.iblocklist.com/?list=cwworuawihqvocglcoss&fileformat=p2p&archiveformat=gz&username=yyyyyy&pin=xxxxxxx
http://list.iblocklist.com/?list=mcvxsnihddgutbjfbghy&fileformat=p2p&archiveformat=gz&username=yyyyyy&pin=xxxxxxx
http://list.iblocklist.com/?list=czvaehmjpsnwwttrdoyl&fileformat=p2p&archiveformat=gz&username=yyyyyy&pin=xxxxxxx

Full log can be found here:

http://pastebin.com/raw.php?i=xR3DD8Br

I just noticed this interesting tidbit in the log:

===[  Aliastables / Rules  ]================================

No Changes to Firewall Rules, Skipping Filter Reload 

 Updating: pfB_TopSpammers 
1 table created.312 addresses added.
 Updating: pfB_Ads 
no IP address found for /32pfctl: cannot load /var/db/aliastables/pfB_Ads.txt: No error: 0
 Updating: pfB_Hijacked 
1 table created.536 addresses added.
 Updating: pfB_DROP 
1 table created.651 addresses added.
 Updating: pfB_BOGON 
no IP address found for /8pfctl: cannot load /var/db/aliastables/pfB_BOGON.txt: No error: 0
 Updating: pfB_BadPeers 
1 table created.48783 addresses added.
 Updating: pfB_Spider 
1 table created.859 addresses added.
 Updating: pfB_CruzitWebAttacks 
1 table created.4251 addresses added.
===[ FINAL Processing ]=============================================

Is the above an issue at all?

Thanks!

Topper727

I seen failed download in the beginning of your log. You can fix that by putting type of url in list to gz_2

and I had similar issue that was fixed by reinstalling the package

force a reload before doing that though

McFuzz

I changed them to gz_2 and forced an update; I'll give it some time and see what happens. Thanks!

Topper727

Hit the thanks button for me please.  Hope that works for you

McFuzz

Just out of curiosity - there shouldn't be anything related to configuration other than the lists that could affect the behavior, could there?

For what its worth - this is how mine is configured:

doktornotor

@McFuzz:

For what its worth - this is how mine is configured:

On an unrelated note: WAN is not an outbound interface.

Topper727

@McFuzz:

Just out of curiosity - there shouldn't be anything related to configuration other than the lists that could affect the behavior, could there?

For what its worth - this is how mine is configured:

Except the LAN should be the outbound normally

Looks ok to me, maybe tomorrow about 11pm EST I can help with teamviewer if you don't have right by then

McFuzz

Whoops - I must have accidentally toggled it. Fixed right now; will monitor.

BBcan177

Hi McFuzz,

These are IBlock lists. And they are in a range format. You need to select "gz" format. There is a chart below the URL entry section to indicate what each "Format" is for.

I think the issue is with the "Ads" list. I will be doing some debugging today but try to toggle that list "off" and change all IBlock to "gz" then run a "Force Reload".

If you see a "-" in the widget there are issues with pfctl and it's not going to block anything.

BBcan177

I would also recommend removing the Bogon list and using pfSense built-in Bogon settings in the "Advanced Tab" of the GUI.

mzarrugh

Is it possible to use easy list (https://easylist-downloads.adblockplus.org/easylist.txt) to block ads? I tried putting it in IPv4 Format: Text, List action Deny Inbound, but it doesn't seem to work. Also, When I do Force update it says Download FAIL.

BBcan177

@McFuzz:

Obviously the lists have loaded fine and firewall rules have been made as well but… what am I missing here?

Hi McFuzz,

Seems the issue is with IBlock posting the following IP for Blocking

# List distributed by iblocklist.com

doclix.com:0.0.0.0-0.0.0.0

I have code to remove "0.0.0.0", but as this was in a range format, it was being converted to "0.0.0.0**/32**", so the existing code was removing the "0.0.0.0" but leaving behind  "/32". This would cause pfctl to not load properly.

I see that IBlock has removed that entry in their Ads List. It should never have been there in the first place.  >:(

I will post a fix to resolve this potential Issue.

You can manually delete the old Ads Files.

rm /var/db/pfblockerng/original/Ads*.* 

then Re-enable the "Ads" List and then run a "Force Reload".

BBcan177

@mzarrugh:

Is it possible to use easy list

Not currently. That is a Domain Blocklist. pfBlockerNG is an IP Based Blocking solution. pfBNG v2.0 will have this functionality.

samham

I have configured iBlock list under IPv4 to block in both directions I see the logs showing blocking however no updates for the widget, please see attached

BBcan177

@samham:

I have configured iBlock list under IPv4 to block in both directions I see the logs showing blocking however no updates for the widget, please see attached

When you look at the System Logs: Firewall Logs in the GUI. Do these alerts have pfB_ in the Rule Column?