PfBlockerNG
-
@The:
What to do ?
Create some floating rules (as i read in the Wiki)
create some alias as you replied ?In v1.10 I added some additional text to the TOP20 tab to help with this issue. (See Note:)
Instead of blocking the world, you can change all of the "Deny" rule(s) to be a single "Permit Inbound" Rule…
For example: It seems like you want to allow South America only to hit your Zimbra mail server, follow the instructions below: ( BTW: Big fan of Zimbra!! )
-
Remove all of your existing Country Blocking Rules.
-
Remove all of your existing "Pass" Firewall rules for Zimbra.
You could also just disable these pass rules and keep them there as a backup, if pfBNG is disabled for any reason. -
Goto "South America" Country Tab.
-
Select the IPv4/6 Countries that you want to allow access.
-
List Action: "Permit Inbound"
-
In "Advanced Inbound Firewall Rule Settings":
-
Enable the Custom Port checkbox
Click the link "Click here to add/edit Aliases" and add a new pfSense Alias called "Mail_Ports" (Change the alias name to what ever you wish), and enter all of the Mail ports in the alias.
-
Enable Custom Destination checkbox
Click the link "Click here to add/edit Aliases" and add a new pfSense Alias called "Mail_IPs"
(Change the alias name to what ever you wish), and enter all of the Mail Destination IPs (ie: the 192.x.x.x address from your screenshot above) -
Custom Protocol: Select "TCP/UDP" (Or as required)
-
Hope that helps!
Big thnx for this ! I'll changed the configuration exactly as above.
What should be the list action for the rest of the clean selected country's : deny inbound ?Btw the only reason why i need N.A enabled is to recieve mail from gmail users who mail me at the Zimbra server
-
-
@The:
What should be the list action for the rest of the clean selected country's : deny inbound ?
ZOMG. What's not allowed is already denied by default… You need no other action.
-
Hello, I was using pfBlocker and had a list that was built for just VZW Ip's. Here is the list as it is still in the firewall.
https://127.0.0.1:443/pfblocker.php?pfb=pfBlockerVZW_Custom
Is this still be updated? If not how do I find the source of that list to rebuild it in NG under the IPV4 Ailias tab
Thanks for the pointers.
-
Hello, I was using pfBlocker and had a list that was built for just VZW Ip's. Here is the list as it is still in the firewall.
https://127.0.0.1:443/pfblocker.php?pfb=pfBlockerVZW_Custom
Is this still be updated? If not how do I find the source of that list to rebuild it in NG under the IPV4 Ailias tab
Thanks for the pointers.
Hi apbirch67,
The old pfBlocker files are located in the following folder:
ls /usr/local/pkg/pfblockerThe files are a longfile name like:
a5535b15c63d449c51574971f9ab6098.txtThese files are an md5 hash of the URL used for each List. View each file to determine which file is the one you are looking for.
-
@The:
What should be the list action for the rest of the clean selected country's : deny inbound ?
ZOMG. What's not allowed is already denied by default… You need no other action.
Excuse me for beeing an newbee user . But i'll try to learn everyday and want to have the network as save as possible (like all the other people here i thing ;) )
The question is not that bad i think, because when you look at the rule action it's disabled . -
Unfortunately BGP has blocked access to "non-humans".
In the interim, I have posted some of these [ Domain -> IPs ] lists. I will try to keep them updated as time permits.
Please use the "html" format:
Facebook https://gist.githubusercontent.com/BBcan177/fb389885e4fb39508bcc/raw Twitter https://gist.githubusercontent.com/BBcan177/0caa6ae9badee2206660/raw Spotify https://gist.githubusercontent.com/BBcan177/58ae5e02838cea68de25/raw Netflix https://gist.githubusercontent.com/BBcan177/419897fb723a24323f1f/raw Dropbox https://gist.githubusercontent.com/BBcan177/3ddcf1ef916f70b9bc26/raw Also posted are two feeds which I have collected from recent Security Blogs etc: MS_1 https://gist.githubusercontent.com/BBcan177/bf29d47ea04391cb3eb0/raw MS_3 https://gist.githubusercontent.com/BBcan177/4a8bf37c131be4803cb2/raw -
Hi
First very thanks to BBcan177 for the package.
These IP list are a strange world
The list: http://list.iblocklist.com/?list=llvtlsjyoyiczbkjsxpf&fileformat=p2p&archiveformat=gz
are blocking that: http://www.reputationauthority.org/toptens.php
Cheers.
-
Hi
First very thanks to BBcan177 for the package.
These IP list are a strange world
The list: http://list.iblocklist.com/?list=llvtlsjyoyiczbkjsxpf&fileformat=p2p&archiveformat=gz
are blocking that: http://www.reputationauthority.org/toptens.php
Cheers.
I am not a big fan of IBlock lists… They tend to have a lot of False positives... You can always send them a FP report.
-
Hi,
Are there some way to backup/restore pfbloquerNG settings (or IPV4/IPV6 lists) from one pfsense to another?
I use "pfBlockerNG_import.php" and made some changes, on a lab box. Will be nice to export that to the production one.
Thanks.
-
You mean, like… the invisible Sync tab?
-
Hi
I'm new around here(with pfSense and pfBlockerNG), so please be gentle ;)
First of all. What a great package. You did a awesome job.Back to my question. I was wondering if there are any plans to support this AmazonAWS json IP list https://ip-ranges.amazonaws.com/ip-ranges.json ?
Some extra info: http://docs.aws.amazon.com/general/latest/gr/aws-ip-ranges.html
Thank you. -
You mean, like… the invisible Sync tab?
Hi,
My lab are at home one WAN one LAN, production at work, two WANs one LAN.
May I sync anyway?Thanks.
-
May I copy the from xml backup file from one box to another?
Thanks.
-
I was wondering if there are any plans to support this AmazonAWS json IP list https://ip-ranges.amazonaws.com/ip-ranges.json ?
Some extra info: http://docs.aws.amazon.com/general/latest/gr/aws-ip-ranges.html
You can scrape the IPs from that URL or any other URL using the "html" format. However, it won't be able to distinguish the different Amazon subsets. So it will pool them all together which you could use to "Permit, Match or Block/Reject"
-
My lab are at home one WAN one LAN, production at work, two WANs one LAN.
May I sync anyway?You can sync any pfSense Boxes whether remote or local.
And yes you can copy / paste with the config.xml but please ensure you backup as you can crash it with an improperly formatted file.
If you do modify a config.xml from the shell, you can delete the cache file to get those changes to take effect
rm /tmp/config.cache
-
I have a comprehension question. Is pfBlockerNG supposed to block any traffic? I added a single IP to my IPv4 list and I can still access the web site with this particular IP. Maybe I should say that Squid is also running.
-
I have a comprehension question. Is pfBlockerNG supposed to block any traffic? I added a single IP to my IPv4 list and I can still access the web site with this particular IP. Maybe I should say that Squid is also running.
Well its kind of what the name of the package implies :)
So to answer your question, yes the package can create firewall rules to "Block/Reject/Permit/Match"…Need more info on how you have configured it to help you further.
-
I'm using Alienvault List and blocking outside traffic to Russia, China and North Korea.
Access to www.tcpiputils.com (148.251.153.34 - Germany (DE) - not listed on AlienVault) are blocked, but not on alerts or firewall logs.
If I reset states, it opens for a few seconds and blocks again, disabling pfBlockerNG resolve that issue.
Any idea?
Thanks.
-
I'm using Allienvault List and blocking outside traffic to Russia, China and North Korea.
Access to www.tcpiputils.com (148.251.153.34 - Germany (DE) - not listed on AllienVault) are blocked, but not on alerts or firewall logs.
If I reset states, it opens for a few seconds and blocks again, disabling pfBlockerNG resolve that issue.
Any idea?
Thanks.
Alienvault doesn't have that IP listed.. But run this command below to see if any other list has that included…
grep -h "^148.251." /var/db/pfblockerng/deny/ | grep '/'*
Alienvault.txt:148.251.195.0/24
Alienvault.txt:148.251.88.0/24edit: added the -h flag to skip the filename/path
-
Hi, thanks for your quick answer,
The command gets the same of yours:
grep -h "^148.251." /var/db/pfblockerng/deny/* | grep '/'
148.251.195.0/24
148.251.88.0/24
