• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

PfBlockerNG

pfBlockerNG
210
1.2k
1.8m
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • H
    Hakim
    last edited by Apr 19, 2015, 2:32 PM

    Thanks for your answer

    Are you using the latest version of pfBlockerNG? (v1.06)

    Yes I am on this version

    Can you post the url of this list?

    http://list.iblocklist.com/?n=malicious&list=ffxgwdvcgelinvypvhuz&fileformat=p2p&archiveformat=gz

    There are username and pin parts at the end of the URL that I removed

    The file is 2 Mb I may send it to you by emails if it may help.

    1 Reply Last reply Reply Quote 0
    • N
      n3by
      last edited by Apr 19, 2015, 2:34 PM

      I try to use the free lists from:
      https://www.iblocklist.com/lists.php

      but looks like nothing can be downloaded from there in pfBlockerNG, any idea ?
      [ IBads ] Downloading New File

      [ pfB_IBlist IBads ] Download FAIL
      …

      I use:
      2.2.2-RELEASE (amd64) built on Mon Apr 13 20:10:22 CDT 2015
      pfBlockerNG 1.06

      for example first link, can be saved ok in browser:

      [ IBads ]
      http://list.iblocklist.com/?list=dgxtneitpuvgqqcpfulq&fileformat=p2p&archiveformat=gz

      inside gz-txt:

      
      # List distributed by iblocklist.com
      
      Vitalij Martinov fastreadnew.com:1.36.202.60-1.36.202.60
      ads.herald-sun.com ads:4.18.162.102-4.18.162.102
      BURSTNETWORK ads:4.36.44.3-4.36.44.3
      spammer ATBP:4.38.98.140-4.38.98.140
      JKS Media, LLC:4.53.2.12-4.53.2.15
      yahoo scammer:4.65.105.109-4.65.105.109
      Quantcast:4.71.209.0-4.71.209.63
      Doubleclick:4.79.208.56-4.79.208.59
      comScore, Inc:4.79.208.224-4.79.208.255
      ...
      
      

      log:

      
       UPDATE PROCESS START [ 04/19/15 17:22:14 ]
      
      [ pfB_Top_v4 ] 		 exists, Reloading File 
      
      [ ET_Comp ] 		 exists, Reloading File 
      
      [ ET_Block ] 		 exists, Reloading File 
      
      [ CIArmy ] 		 exists, Reloading File 
      
      [ Abuse_Zeus ] 		 exists, Reloading File 
      
      [ Abuse_Spyeye ] 	 exists, Reloading File 
      
      [ Abuse_Palevo ] 	 Downloading New File 
      
       [ pfB_PRI1 Abuse_Palevo ] Download FAIL [ 04/19/15 17:22:15 ]
      
      [ Abuse_SSLBL ] 	 exists, Reloading File 
      
      [ dShield_Block ] 	 exists, Reloading File 
      
      [ Snort_BL ] 		 exists, Reloading File 
      
      [ BBC_Goz ] 		 exists, Reloading File 
      
      [ Alienvault ] 		 exists, Reloading File 
      
      [ Atlas_Attacks ] 	 exists, Reloading File 
      
      [ Atlas_Botnets ] 	 exists, Reloading File 
      
      [ Atlas_Fastflux ] 	 exists, Reloading File 
      
      [ Atlas_Phishing ] 	 exists, Reloading File 
      
      [ Atlas_Scans ] 	 exists, Reloading File 
      
      [ SRI_Attackers ] 	 exists, Reloading File 
      
      [ SRI_CC ] 		 exists, Reloading File 
      
      [ HoneyPot ] 		 exists, Reloading File 
      
      [ MDL ] 		 exists, Reloading File 
      
      [ Nothink_BL ] 		 exists, Reloading File 
      
      [ Nothink_SSH ] 	 exists, Reloading File 
      
      [ Nothink_Malware ] 	 exists, Reloading File 
      
      [ DangerRulez ] 	 exists, Reloading File 
      
      [ Shunlist ] 		 exists, Reloading File 
      
      [ Infiltrated ] 	 exists, Reloading File 
      
      [ DRG_SSH ] 		 exists, Reloading File 
      
      [ DRG_VNC ] 		 exists, Reloading File 
      
      [ DRG_HTTP ] 		 exists, Reloading File 
      
      [ Feodo_Block ] 	 exists, Reloading File 
      
      [ Feodo_Bad ] 		 exists, Reloading File 
      
      [ WatchGuard ] 		 Downloading New File 
      ----------------------------------------------------------
      Original   Masterfile Outfile     [ Post Duplication count ]   
      ----------------------------------------------------------
      2322       23         23          [ Passed ]                   
      ----------------------------------------------------------
      
      [ VMX ] 		 Downloading New File [ 04/19/15 17:22:19 ]
      ----------------------------------------------------------
      Original   Masterfile Outfile     [ Post Duplication count ]   
      ----------------------------------------------------------
      5445       1876       1876        [ Passed ]                   
      ----------------------------------------------------------
      
      [ Geopsy ] 		 exists, Reloading File [ 04/19/15 17:22:20 ]
      
      [ Maxmind ] 		 exists, Reloading File 
      
      [ BotScout ] 		 exists, Reloading File 
      
      [ Juniper ] 		 Downloading New File 
      
       [ pfB_PRI3 Juniper ] Download FAIL [ 04/19/15 17:22:21 ]
      
      [ Greensnow ] 		 exists, Reloading File 
      
      [ BlocklistDE ] 	 exists, Reloading File 
      
      [ SFS_Toxic ] 		 exists, Reloading File 
      
      [ MalwareGroup ] 	 exists, Reloading File 
      
      [ OpenBL ] 		 exists, Reloading File 
      
      [ Malcode ] 		 exists, Reloading File 
      
      [ BadIPs ] 		 exists, Reloading File 
      
      [ IBlock_Tor ] 		 Downloading New File 
      
       [ pfB_TOR IBlock_Tor ] Download FAIL [ 04/19/15 17:22:22 ]
      
      [ Blut_Tor ] 		 exists, Reloading File 
      
      [ ET_Tor ] 		 exists, Reloading File 
      
      [ IBads ] 		 Downloading New File 
      
       [ pfB_IBlist IBads ] Download FAIL 
      
      [ IBspyware ] 		 Downloading New File 
      
       [ pfB_IBlist IBspyware ] Download FAIL 
      
      [ IBproxy ] 		 Downloading New File 
      
       [ pfB_IBlist IBproxy ] Download FAIL 
      
      [ IBbadpeers ] 		 Downloading New File 
      
       [ pfB_IBlist IBbadpeers ] Download FAIL [ 04/19/15 17:22:23 ]
      
      [ IBhijacked ] 		 Downloading New File 
      
       [ pfB_IBlist IBhijacked ] Download FAIL 
      
      [ IBdshield ] 		 Downloading New File 
      
       [ pfB_IBlist IBdshield ] Download FAIL 
      
      [ IBforumspam ] 	 Downloading New File 
      
       [ pfB_IBlist IBforumspam ] Download FAIL [ 04/19/15 17:22:24 ]
      
      [ IBwebexploit ] 	 Downloading New File 
      
       [ pfB_IBlist IBwebexploit ] Download FAIL 
      
      [ IBDROP ] 		 Downloading New File 
      
       [ pfB_IBlist IBDROP ] Download FAIL 
      
      [ IBZeuS ] 		 Downloading New File 
      
       [ pfB_IBlist IBZeuS ] Download FAIL [ 04/19/15 17:22:25 ]
      
      [ IBSpyEye ] 		 Downloading New File 
      
       [ pfB_IBlist IBSpyEye ] Download FAIL 
      
      [ IBPalevo ] 		 Downloading New File 
      
       [ pfB_IBlist IBPalevo ] Download FAIL 
      
      [ IBMalicious ] 	 Downloading New File 
      
       [ pfB_IBlist IBMalicious ] Download FAIL [ 04/19/15 17:22:26 ]
      
      [ IBmalc0de ] 		 Downloading New File 
      
       [ pfB_IBlist IBmalc0de ] Download FAIL 
      
      [ Bambenek_C2IPFeed ] 	 Downloading New File 
      
       [ pfB_Bambenek Bambenek_C2IPFeed ] Download FAIL 
      
      ===[ Suppression Stats ]========================================
      
      List                 Pre        RFC1918    Suppress   Masterfile
      ----------------------------------------------------------------
      MDL                  666        666        666        100994    
      Nothink_BL           20         20         20         100994    
      Nothink_SSH          4          4          4          100994    
      Nothink_Malware      129        129        129        100994    
      DangerRulez          66         66         66         100994    
      Shunlist             38         38         38         100994    
      Infiltrated          2134       2134       2134       100994    
      DRG_SSH              218        218        218        100994    
      DRG_VNC              59         59         59         100994    
      DRG_HTTP             829        829        829        100994    
      Feodo_Block          2          2          2          100994    
      Feodo_Bad            1          1          1          100994    
      WatchGuard           23         23         23         100994    
      VMX                  1876       1874       1874       100992    
      Geopsy               2793       2793       2793       100992    
      Maxmind              177        177        177        100992    
      BotScout             15         15         15         100992    
      Greensnow            1812       1812       1812       100992    
      BlocklistDE          6107       6107       6107       100992    
      SFS_Toxic            15         15         15         100992    
      
      ===[  Aliastables / Rules  ]================================
      
      No Changes to Firewall Rules, Skipping Filter Reload 
      
       Updating: pfB_PRI3 
      1897 addresses added.
      
      ===[ FINAL Processing ]=====================================
      
         [ Original count   ]  [ 378397 ]
      
         [ Processed Count  ]  [ 100992 ]
      
      ===[ Deny List IP Counts ]===========================
      
        100994 total
         63463 /var/db/pfblockerng/deny/pfB_Top_v4.txt
          6959 /var/db/pfblockerng/deny/BadIPs.txt
          6607 /var/db/pfblockerng/deny/Alienvault.txt
          6107 /var/db/pfblockerng/deny/BlocklistDE.txt
          2793 /var/db/pfblockerng/deny/Geopsy.txt
          2789 /var/db/pfblockerng/deny/SRI_Attackers.txt
          2134 /var/db/pfblockerng/deny/Infiltrated.txt
          1874 /var/db/pfblockerng/deny/VMX.txt
          1812 /var/db/pfblockerng/deny/Greensnow.txt
          1571 /var/db/pfblockerng/deny/Snort_BL.txt
           829 /var/db/pfblockerng/deny/DRG_HTTP.txt
           783 /var/db/pfblockerng/deny/ET_Block.txt
           666 /var/db/pfblockerng/deny/MDL.txt
           565 /var/db/pfblockerng/deny/Malcode.txt
           426 /var/db/pfblockerng/deny/ET_Comp.txt
           274 /var/db/pfblockerng/deny/ET_Tor.txt
           218 /var/db/pfblockerng/deny/DRG_SSH.txt
           200 /var/db/pfblockerng/deny/CIArmy.txt
           190 /var/db/pfblockerng/deny/Abuse_SSLBL.txt
           177 /var/db/pfblockerng/deny/Maxmind.txt
           129 /var/db/pfblockerng/deny/Nothink_Malware.txt
            68 /var/db/pfblockerng/deny/OpenBL.txt
            66 /var/db/pfblockerng/deny/DangerRulez.txt
            59 /var/db/pfblockerng/deny/DRG_VNC.txt
            46 /var/db/pfblockerng/deny/Blut_Tor.txt
            38 /var/db/pfblockerng/deny/Shunlist.txt
            27 /var/db/pfblockerng/deny/MalwareGroup.txt
            23 /var/db/pfblockerng/deny/WatchGuard.txt
            20 /var/db/pfblockerng/deny/Nothink_BL.txt
            15 /var/db/pfblockerng/deny/SFS_Toxic.txt
            15 /var/db/pfblockerng/deny/BotScout.txt
            10 /var/db/pfblockerng/deny/Atlas_Fastflux.txt
             8 /var/db/pfblockerng/deny/SRI_CC.txt
             5 /var/db/pfblockerng/deny/Atlas_Botnets.txt
             4 /var/db/pfblockerng/deny/dShield_Block.txt
             4 /var/db/pfblockerng/deny/Nothink_SSH.txt
             4 /var/db/pfblockerng/deny/Atlas_Phishing.txt
             4 /var/db/pfblockerng/deny/Atlas_Attacks.txt
             3 /var/db/pfblockerng/deny/HoneyPot.txt
             2 /var/db/pfblockerng/deny/Feodo_Block.txt
             2 /var/db/pfblockerng/deny/Atlas_Scans.txt
             2 /var/db/pfblockerng/deny/Abuse_Zeus.txt
             1 /var/db/pfblockerng/deny/Feodo_Bad.txt
             1 /var/db/pfblockerng/deny/BBC_Goz.txt
             1 /var/db/pfblockerng/deny/Abuse_Spyeye.txt
      
      ====================[ Empty Lists w/1.1.1.1 ]==================
      
      Abuse_Spyeye
      BBC_Goz
      Feodo_Bad
      
      ====================[ Last Updated List Summary ]==============
      
      Jul 5	2012	VMX
      May 2	2013	SFS_Toxic
      Oct 7	2013	IBwebexploit.gz
      Oct 7	2013	IBspyware.zip
      Oct 7	2013	IBspyware.gz
      Oct 7	2013	IBproxy.gz
      Oct 7	2013	IBmalc0de.gz
      Oct 7	2013	IBlocklist_webexploit
      Oct 7	2013	IBlocklist_webexploit.gz
      Oct 7	2013	IBlocklist_spyware.gz
      Oct 7	2013	IBlocklist_proxy
      Oct 7	2013	IBlocklist_proxy.gz
      Oct 7	2013	IBlocklist_malc0de
      Oct 7	2013	IBlocklist_malc0de.gz
      Oct 7	2013	IBlocklist_hijacked
      Oct 7	2013	IBlocklist_hijacked.gz
      Oct 7	2013	IBlocklist_forumspam
      Oct 7	2013	IBlocklist_forumspam.gz
      Oct 7	2013	IBlocklist_dshield
      Oct 7	2013	IBlocklist_dshield.gz
      Oct 7	2013	IBlocklist_badpeers
      Oct 7	2013	IBlocklist_badpeers.gz
      Oct 7	2013	IBlocklist_ads
      Oct 7	2013	IBlocklist_ads.gz
      Oct 7	2013	IBlocklist_ZeuS
      Oct 7	2013	IBlocklist_ZeuS.gz
      Oct 7	2013	IBlocklist_SpyEye
      Oct 7	2013	IBlocklist_SpyEye.gz
      Oct 7	2013	IBlocklist_Palevo
      Oct 7	2013	IBlocklist_Palevo.gz
      Oct 7	2013	IBlocklist_Malicious
      Oct 7	2013	IBlocklist_Malicious.gz
      Oct 7	2013	IBlocklist_DROP
      Oct 7	2013	IBlocklist_DROP.gz
      Oct 7	2013	IBlock_malc0de.gz
      Oct 7	2013	IBlock_dshield.gz
      Oct 7	2013	IBlock_adserversYoyo.gz
      Oct 7	2013	IBlock_ZeuS.gz
      Oct 7	2013	IBlock_Web.gz
      Oct 7	2013	IBlock_Tor.gz
      Oct 7	2013	IBlock_Spyware.gz
      Oct 7	2013	IBlock_SpyEye.gz
      Oct 7	2013	IBlock_Proxy.gz
      Oct 7	2013	IBlock_Palevo.gz
      Oct 7	2013	IBlock_Malicious.gz
      Oct 7	2013	IBlock_Hijack.gz
      Oct 7	2013	IBlock_FS.gz
      Oct 7	2013	IBlock_DROP.gz
      Oct 7	2013	IBlock_Badpeer.gz
      Oct 7	2013	IBlock_BT_Web.gz
      Oct 7	2013	IBlock_BT_Spy.gz
      Oct 7	2013	IBlock_BT_Hijack.gz
      Oct 7	2013	IBlock_BT_FS.gz
      Oct 7	2013	IBlock_Ads.gz
      Oct 7	2013	IBlock2_Tor2.gz
      Oct 7	2013	IBloc_Proxy.gz
      Oct 7	2013	IBloc_BT_Web.gz
      Oct 7	2013	IBloc_BT_Spy.gz
      Oct 7	2013	IBloc_BT_Hijack.gz
      Oct 7	2013	IBloc_BT_FS.gz
      Oct 7	2013	IBloc_Ads.gz
      Oct 7	2013	IBhijacked.gz
      Oct 7	2013	IBforumspam.gz
      Oct 7	2013	IBdshield.gz
      Oct 7	2013	IBbadpeers.gz
      Oct 7	2013	IBads.zip
      Oct 7	2013	IBads.gz
      Oct 7	2013	IBZeuS.gz
      Oct 7	2013	IBSpyEye.gz
      Oct 7	2013	IBPalevo.gz
      Oct 7	2013	IBMalicious.gz
      Oct 7	2013	IBDROP.gz
      Oct 7	2013	Abuse_Spyeye
      Oct 7	2013	Abuse_Palevo
      Oct 7	2014	SRI_Attackers
      Oct 7	2014	SRI_CC
      Jan 19	12:36	Geopsy.raw
      Apr 11	17:51	MDL
      Apr 17	07:30	ET_Block
      Apr 17	07:30	ET_Comp
      Apr 18	06:12	ET_Tor.raw
      Apr 18	16:17	Malcode
      Apr 19	01:05	Nothink_Malware
      Apr 19	01:05	Nothink_BL
      Apr 19	01:05	Nothink_SSH
      Apr 19	03:06	Atlas_Attacks.raw
      Apr 19	03:11	Atlas_Botnets.raw
      Apr 19	03:16	Atlas_Phishing.raw
      Apr 19	03:19	Atlas_Scans.raw
      Apr 19	03:21	Atlas_Fastflux.raw
      Apr 19	05:00	DRG_HTTP
      Apr 19	14:49	Atlas_Attacks
      Apr 19	14:49	Atlas_Botnets
      Apr 19	14:49	Atlas_Fastflux
      Apr 19	14:49	Atlas_Phishing
      Apr 19	14:49	Atlas_Scans
      Apr 19	14:50	Geopsy
      Apr 19	14:51	Blut_Tor
      Apr 19	14:51	ET_Tor
      Apr 19	15:00	pfB_Top_v4
      Apr 19	15:04	DRG_VNC
      Apr 19	15:04	DRG_SSH
      Apr 19	15:10	Infiltrated
      Apr 19	15:30	Shunlist.raw
      Apr 19	15:42	BlocklistDE
      Apr 19	16:01	Alienvault.gz
      Apr 19	16:01	Alienvault
      Apr 19	16:01	HoneyPot.raw
      Apr 19	16:01	HoneyPot
      Apr 19	16:01	DangerRulez
      Apr 19	16:01	Shunlist
      Apr 19	16:01	Feodo_Block
      Apr 19	16:01	Feodo_Bad
      Apr 19	16:01	Maxmind.raw
      Apr 19	16:01	Maxmind
      Apr 19	16:01	BotScout.raw
      Apr 19	16:01	BotScout
      Apr 19	16:01	Greensnow
      Apr 19	16:02	OpenBL.gz
      Apr 19	16:03	MalwareGroup.raw
      Apr 19	16:03	MalwareGroup
      Apr 19	16:03	OpenBL
      Apr 19	16:03	BadIPs
      Apr 19	16:15	CIArmy
      Apr 19	16:34	Abuse_Zeus
      Apr 19	16:53	BBC_Goz.raw
      Apr 19	16:56	dShield_Block.raw
      Apr 19	17:00	Snort_BL
      Apr 19	17:00	Abuse_SSLBL.raw
      Apr 19	17:00	Abuse_SSLBL
      Apr 19	17:00	dShield_Block
      Apr 19	17:00	BBC_Goz
      Apr 19	17:00	IBspyware
      Apr 19	17:00	IBads
      Apr 19	17:00	IBproxy
      Apr 19	17:00	IBhijacked
      Apr 19	17:00	IBbadpeers
      Apr 19	17:00	IBwebexploit
      Apr 19	17:00	IBforumspam
      Apr 19	17:00	IBdshield
      Apr 19	17:00	IBZeuS
      Apr 19	17:00	IBSpyEye
      Apr 19	17:00	IBDROP
      Apr 19	17:00	IBmalc0de
      Apr 19	17:00	IBPalevo
      Apr 19	17:00	IBMalicious
      Apr 19	17:16	Bambenek_C2IPFeed
      Apr 19	17:22	WatchGuard
      ===============================================================
      
      Sanity Check (Not Including IPv6)  ** These two Counts should Match! **
      ------------
      Masterfile Count    [ 100991 ]
      Deny folder Count   [ 100991 ]
      
      Duplication Sanity Check (Pass=No IPs reported)
      ------------------------
      Masterfile/Deny Folder Uniq check
      Deny Folder/Masterfile Uniq check
      
      Sync Check (Pass=No IPs reported)
      ----------
      
      IPv4 Alias Table IP Total
      -----------------------------
      100993
      
      IPv6 Alias Table IP Total
      -----------------------------
      0
      
      Alias Table IP Counts
      -----------------------------
        100993 total
         63463 /var/db/aliastables/pfB_Top_v4.txt
         16982 /var/db/aliastables/pfB_PRI3.txt
          9432 /var/db/aliastables/pfB_PRI2.txt
          7619 /var/db/aliastables/pfB_SEC1.txt
          3177 /var/db/aliastables/pfB_PRI1.txt
           320 /var/db/aliastables/pfB_TOR.txt
      
      pfSense Table Stats
      -------------------
      table-entries hard limit  2000000
      Table Usage Count        101003
      
       UPDATE PROCESS ENDED [ 04/19/15 17:22:34 ]
      
      

      Untitled.jpg
      Untitled.jpg_thumb

      1 Reply Last reply Reply Quote 0
      • B
        BBcan177 Moderator
        last edited by Apr 19, 2015, 3:10 PM

        Hi n3by,

        I would suggest that you uncheck "Keep Settings" and Disable pfBNG, and click "Save"… This will clear out all of the previously downloaded files... then enable "Keep" and pfBNG and execute a "Force Update".

        I tried to download the URL you sent to me and it downloaded ok in my test box.

        "Experience is something you don't get until just after you need it."

        Website: http://pfBlockerNG.com
        Twitter: @BBcan177  #pfBlockerNG
        Reddit: https://www.reddit.com/r/pfBlockerNG/new/

        1 Reply Last reply Reply Quote 0
        • N
          n3by
          last edited by Apr 19, 2015, 3:37 PM Apr 19, 2015, 3:26 PM

          Hi,

          Thank you for answer.

          I did as suggested ….

          EDIT:

          It was my fault sorry:

          I succeed to solve it;
          It was the proxy guard from real pfSense router 2.1.5 that filtered direct IP access, I am testing 2.2.2 in VirtualBox.

          Best Regards.

          1 Reply Last reply Reply Quote 0
          • B
            BBcan177 Moderator
            last edited by Apr 19, 2015, 3:42 PM

            @n3by:

            Hi,

            Thank you for answer.

            I did as suggested ….

            EDIT:

            It was my fault sorry:

            I succeed to solve it;
            It was the proxy guard from real pfSense router 2.1.5 that filtered direct IP access, I am testing 2.2.2 in VirtualBox.

            Best Regards.

            Thanks n3by for reporting back…  I also see some other lists have failed... Disable "Abuse Palevo" as that list has been discontinued. Also some of the lists are being blocked by Snort from what I can tell from the log you sent.

            "Experience is something you don't get until just after you need it."

            Website: http://pfBlockerNG.com
            Twitter: @BBcan177  #pfBlockerNG
            Reddit: https://www.reddit.com/r/pfBlockerNG/new/

            1 Reply Last reply Reply Quote 0
            • B
              BBcan177 Moderator
              last edited by Apr 19, 2015, 3:47 PM

              @doktornotor:

              Yes. Because when the updated firewall rules are broken, they fail to load. Flush your pfBNG configuration by unchecking the Keep configuration box, reinstall the package and start from scratch, enabling only ONE list at a time, until you figure this out.

              Just for clarity, when you disable "Keep" and Disable pfBNG and click "Save" it will only clear the previously downloaded files and leave all of the Configuration Settings intact.

              Its not necessary to re-install. If you re-install with "keep" unchecked, it will wipe all of the configuration settings and set the package back to a "Fresh" install state.

              "Experience is something you don't get until just after you need it."

              Website: http://pfBlockerNG.com
              Twitter: @BBcan177  #pfBlockerNG
              Reddit: https://www.reddit.com/r/pfBlockerNG/new/

              1 Reply Last reply Reply Quote 0
              • N
                n3by
                last edited by Apr 19, 2015, 4:04 PM

                Hi,

                is this list usable at you ( I set is as txt but still no downloading; I Hope I disabled all restriction this time  :-[ ) ?

                http://osint.bambenekconsulting.com/feeds/c2-ipmasterlist.txt

                from:
                http://osint.bambenekconsulting.com/feeds/

                1 Reply Last reply Reply Quote 0
                • M
                  Mr. Jingles
                  last edited by Apr 19, 2015, 5:58 PM

                  Changing to http worked, BB; Juniper updated  :-*

                  Weird that Firefox does not complain about it, but pfBlockerNG does(?)

                  6 and a half billion people know that they are stupid, agressive, lower life forms.

                  1 Reply Last reply Reply Quote 0
                  • B
                    BBcan177 Moderator
                    last edited by Apr 19, 2015, 6:20 PM

                    @Mr.:

                    Changing to http worked, BB; Juniper updated  :-*

                    Weird that Firefox does not complain about it, but pfBlockerNG does(?)

                    The difference is that the browser handles the Certs a little different then the "fetch" shell FreeBSD command. Here is a link… Maybe one of the pfSense Devs will chime in on this issue?

                    http://smyck.net/2014/01/22/freebsd-authentication-error/

                    "Experience is something you don't get until just after you need it."

                    Website: http://pfBlockerNG.com
                    Twitter: @BBcan177  #pfBlockerNG
                    Reddit: https://www.reddit.com/r/pfBlockerNG/new/

                    1 Reply Last reply Reply Quote 0
                    • M
                      Mr. Jingles
                      last edited by Apr 20, 2015, 10:06 AM

                      Some weird stuff  ???

                      Problem 1:

                      • The pfb_PASS rule is an automatic rule in floating;

                      • I added to that pfb_NGSuppress right below it (still don't understand why this has to be done manually, btw).

                      • After a Cron update, that second rule is gone, and there is a second pfb_Pass rule. Observed this for a couple of days.

                      Problem 2:

                      • I try to whitelist an IP/block in pfb_PASS (top of the rules list in floating)

                      • I tell it to log hits (so I can see it works) but it doesn't log anything in System/Firewall logs, AND:

                      • The IP/block is still blocked, but now by pfb_PRI2, although deduplication is active.

                      Question 1:

                      • How do I whitelist sitenames? Archive.org is kept blocked. I can't add it to pfb_PASS since this is IP only, and NGSuppress is too. Do I need a different pass alias in floating for this?

                      Thanks BB  :-*

                      6 and a half billion people know that they are stupid, agressive, lower life forms.

                      1 Reply Last reply Reply Quote 0
                      • M
                        Mr. Jingles
                        last edited by Apr 20, 2015, 10:07 AM

                        @BBcan177:

                        @Mr.:

                        Changing to http worked, BB; Juniper updated  :-*

                        Weird that Firefox does not complain about it, but pfBlockerNG does(?)

                        The difference is that the browser handles the Certs a little different then the "fetch" shell FreeBSD command. Here is a link… Maybe one of the pfSense Devs will chime in on this issue?

                        http://smyck.net/2014/01/22/freebsd-authentication-error/

                        Thanks BB. That links says it'll be fixed by updating OpenSSL. Such a thing is 'core maintenance', not a bug that needs to be fixed, no(?)

                        6 and a half billion people know that they are stupid, agressive, lower life forms.

                        1 Reply Last reply Reply Quote 0
                        • B
                          BBcan177 Moderator
                          last edited by Apr 20, 2015, 6:24 PM Apr 20, 2015, 6:13 PM

                          @Mr.:

                          Some weird stuff  ???

                          Hey Mr. J.

                          You are mixing some things up here  :)

                          The pfBlockerNGSuppress alias does not need to be referenced to any Firewall Rules.

                          Suppression -

                          Suppression process occurs when Lists are downloaded from the Threat Sources.

                          When a List is downloaded, if the list contains 1.2.3.4/32 and the Suppress Alias has 1.2.3.4/32, then this IP is suppressed from the Blocklist.

                          If a list has 1.2.3.4/32 and the Suppress Alias has 1.2.3.0/24, then this IP is suppressed from the Blocklist.

                          If a list has 1.2.3.4/24 and the Suppress Alias has 1.2.3.4/32, then the Single 1.2.3.4/32 is suppressed, and all of the other IPs in this Range are added to the Blocklist.

                          When you click on the "+" icon in the Alerts tab, it will add the IP to the Suppress Alias, and also removes the IP from the Aliastable. However, the Suppressed IP is still in the Blocklist, and will be removed from the List at the Next Cron Update for the particular List. This will prevent these Suppressed IPs from being blocked.

                          Whitelisting -

                          When you whitelist, you are creating a new pfBNG alias and typically set it for "Permit Outbound". You can enter the Whitelisted IPs in the custom Box in the alias.

                          The best method is to suppress the IP above. But if you have a Block occuring from a CIDR under a /24, you can't suppress that (ie /20 etc…) To overcome that, you need to allow the IP "Permit Outbound" which will create a state in the pfSense State table that allows the return of that IP without being Blocked by the pfBNG Block/Reject rules. In the Alerts Tab, you can see the List that Blocked the IP, if no IP is shown below the List, then the Block occurred by a /32 Blocklist entry. If its blocked by a CIDR, it will show the IP and CIDR below the List. You then can decide if its a /24 to use Suppression, or use the Whitelist for other CIDR ranges.

                          Other questions -

                          The Permit Rules need to be above the Block/Reject rules. Ensure that in the Alias, you set "Logging" or enable Global logging in the General Tab which will enable Logging for all Aliases globally.

                          When you add a manual Rule, it can't have "pfB_" in the description, these will be removed by the Cron task each hour. To create "Alias" type rules, you need to enter the Description starting with "pfb_" (Lowercase)… This is explained in detail in the Alias "List Action" Section.

                          You cannot Use Domain names with pfBlockerNG currently. You will need to convert the domain into an IP and add that to a Custom list. In v2.0 I will also have Domain Name Blocking (DNSBL).

                          You can use a service like Hurricane Electric to collect IPs for Domain names that are changing more frequently and collect the list with the "html" format.

                          http://bgp.he.net/search?search%5Bsearch%5D=twitter&commit=Search
                              http://bgp.he.net/search?search%5Bsearch%5D=facebook&commit=Search
                              http://bgp.he.net/search?search%5Bsearch%5D=spotify&commit=Search
                              http://bgp.he.net/search?search%5Bsearch%5D=dropbox&commit=Search

                          "Experience is something you don't get until just after you need it."

                          Website: http://pfBlockerNG.com
                          Twitter: @BBcan177  #pfBlockerNG
                          Reddit: https://www.reddit.com/r/pfBlockerNG/new/

                          1 Reply Last reply Reply Quote 0
                          • B
                            BBcan177 Moderator
                            last edited by Apr 20, 2015, 6:15 PM

                            @Mr.:

                            @BBcan177:

                            @Mr.:

                            Changing to http worked, BB; Juniper updated  :-*

                            Weird that Firefox does not complain about it, but pfBlockerNG does(?)

                            The difference is that the browser handles the Certs a little different then the "fetch" shell FreeBSD command. Here is a link… Maybe one of the pfSense Devs will chime in on this issue?

                            http://smyck.net/2014/01/22/freebsd-authentication-error/

                            Thanks BB. That links says it'll be fixed by updating OpenSSL. Such a thing is 'core maintenance', not a bug that needs to be fixed, no(?)

                            yes that what I was saying… The fetch command uses OpenSSL as part of pfSense. So that issue is a core pfSense issue and not from pfBlockerNG.

                            "Experience is something you don't get until just after you need it."

                            Website: http://pfBlockerNG.com
                            Twitter: @BBcan177  #pfBlockerNG
                            Reddit: https://www.reddit.com/r/pfBlockerNG/new/

                            1 Reply Last reply Reply Quote 0
                            • M
                              mzarrugh
                              last edited by Apr 21, 2015, 11:58 AM

                              Is there a comprehensive guide that covers the main features of the current version? I want to use it mainly to block ads

                              1 Reply Last reply Reply Quote 0
                              • P
                                pf3000
                                last edited by Apr 23, 2015, 2:19 PM

                                @BBcan177:

                                You can use a service like Hurricane Electric to collect IPs for Domain names that are changing more frequently and collect the list with the "html" format.

                                http://bgp.he.net/search?search%5Bsearch%5D=twitter&commit=Search
                                    http://bgp.he.net/search?search%5Bsearch%5D=facebook&commit=Search
                                    http://bgp.he.net/search?search%5Bsearch%5D=spotify&commit=Search
                                    http://bgp.he.net/search?search%5Bsearch%5D=dropbox&commit=Search

                                Fantastic… these hidden features/hacks that should be in a pfBNG FAQ or OP or something.

                                1 Reply Last reply Reply Quote 0
                                • A
                                  azurata
                                  last edited by Apr 23, 2015, 9:59 PM

                                  I was waiting the pfBlockerNG new version to do adblock using the unbound, but until it's released I add a VIRTUAL IP to the Lan interface, made a script to convert http://pgl.yoyo.org/adservers/serverlist.php?hostformat=hosts&mimetype=plaintext to unbound advanced rules to redirect to the VIRTUAL IP and setup a nginx to listen to both 80 and 443 on the VIRTUAL IP and respond to all with "204 No Content". For my surprise is working better that I was expecting.

                                  1 Reply Last reply Reply Quote 0
                                  • M
                                    marcus556
                                    last edited by Apr 24, 2015, 1:31 AM

                                    Is there anyway to EXclude an ip from the pfblocker?  I have a PS4 and when I have the top 20 countries selected it affects game play online and when i disable it doesn't block some of the ads. So is there anyway to exclude an IP address?

                                    1 Reply Last reply Reply Quote 0
                                    • B
                                      BBcan177 Moderator
                                      last edited by Apr 24, 2015, 3:36 AM

                                      @marcus556:

                                      Is there anyway to EXclude an ip from the pfblocker?  I have a PS4 and when I have the top 20 countries selected it affects game play online and when i disable it doesn't block some of the ads. So is there anyway to exclude an IP address?

                                      There is a post about this five posts before this one!  And also in several places in this thread… Either Suppress the IP (/32 or /24 Ranges only) or Create a Permit Outbound Alias with the IP listed in the Custom Input Entry. Ensure the Permit Rule is before the Block/Reject Rules.

                                      "Experience is something you don't get until just after you need it."

                                      Website: http://pfBlockerNG.com
                                      Twitter: @BBcan177  #pfBlockerNG
                                      Reddit: https://www.reddit.com/r/pfBlockerNG/new/

                                      1 Reply Last reply Reply Quote 0
                                      • M
                                        marcus556
                                        last edited by Apr 24, 2015, 4:04 AM

                                        @BBcan177:

                                        @marcus556:

                                        Is there anyway to EXclude an ip from the pfblocker?  I have a PS4 and when I have the top 20 countries selected it affects game play online and when i disable it doesn't block some of the ads. So is there anyway to exclude an IP address?

                                        There is a post about this five posts before this one!  And also in several places in this thread… Either Suppress the IP (/32 or /24 Ranges only) or Create a Permit Outbound Alias with the IP listed in the Custom Input Entry. Ensure the Permit Rule is before the Block/Reject Rules.

                                        Woah… sorry to push a button there. I actually tried setting it up with the permit rules before the block/reject but then it wouldnt block anything.  Just thought there might be an easier solution.... Ill try the suppressing... thanks!

                                        1 Reply Last reply Reply Quote 0
                                        • B
                                          BBcan177 Moderator
                                          last edited by Apr 24, 2015, 4:34 AM

                                          If it's a Top20 Block, then you have to use the "Permit Outbound" method, as suppression will only work on /32 or /24 ranges. In the alias enter just the IP range required and set it to "permit outbound". It shouldn't interfere with other block/reject rules.

                                          "Experience is something you don't get until just after you need it."

                                          Website: http://pfBlockerNG.com
                                          Twitter: @BBcan177  #pfBlockerNG
                                          Reddit: https://www.reddit.com/r/pfBlockerNG/new/

                                          1 Reply Last reply Reply Quote 0
                                          640 out of 1196
                                          • First post
                                            640/1196
                                            Last post
                                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.