Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    PfBlockerNG v2.1 w/TLD

    Scheduled Pinned Locked Moved pfBlockerNG
    124 Posts 42 Posters 265.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      pftdm007
      last edited by

      Cant wait for this update to roll out!!!!!

      1 Reply Last reply Reply Quote 0
      • Z
        zerodamage
        last edited by

        Is this available to install now?  I am only showing version 2.0.17 for update.  I uninstalled hoping maybe I would then see the updated version but it's still not there.

        As a matter of fact, it says "Not Ready" in the update window when trying to install or update it now.  I now do not have it installed and am not able to install it but my system says it is installed.

        It actually did install but only to version 2.0.17.  Is that right?

        1 Reply Last reply Reply Quote 0
        • BBcan177B
          BBcan177 Moderator
          last edited by

          https://twitter.com/pfsense/status/755227123187449856

          "Experience is something you don't get until just after you need it."

          Website: http://pfBlockerNG.com
          Twitter: @BBcan177  #pfBlockerNG
          Reddit: https://www.reddit.com/r/pfBlockerNG/new/

          1 Reply Last reply Reply Quote 0
          • BBcan177B
            BBcan177 Moderator
            last edited by

            The latest version of pfBlockerNG  v2.1.1_1  has been reviewed and merged into pfSense 2.3.3 Dev. If your on the 2.3.3 Snapshots, its available to be installed now.

            I believe that the Devs will merge it for pfSense 2.3.2 shortly, so stay tuned for the update.

            If you have any questions or Feedback, please let me know….

            Please Read the instructions in the DNSBL tab for the new TLD feature before enabling it.
            Once enabled, follow that with a "Force Reload - DNSBL".

            Review any MaxMind GeoIP settings, since there have been significant changes with the upgrade to GeoLite2.

            Note: If you have less than 5GB of RAM and you have added the Bambenek DGA DNSBL Feed, please move that to the last entry in the DNSBL Feeds. Since that feed is quite large (700k+ Domains), its best to allow TLD to process the other Feeds first before hitting the max TLD Domain limit.  (http://osint.bambenekconsulting.com/feeds/dga-feed.gz).

            "Experience is something you don't get until just after you need it."

            Website: http://pfBlockerNG.com
            Twitter: @BBcan177  #pfBlockerNG
            Reddit: https://www.reddit.com/r/pfBlockerNG/new/

            1 Reply Last reply Reply Quote 0
            • F
              f34rinc
              last edited by

              Nice work BBcan177  :D  setup blocking of .ru as a test and it works.

              1 Reply Last reply Reply Quote 0
              • D
                DownloadDeviant
                last edited by

                THANKS! Can't wait! Good stuff….great work...and thanks for helping us dumb dumbs  :P here and over at Reddit!

                PS - is there a quick n dirty way to test PFBNG to be sure you've generally set it up correctly? Like going to a website and not seeing ads, etc.?

                System: pfSense 2.4.3p1 - ZFS CPU: AMD Athlon 5350 (Kabini) MOBO: ASRock AM1H-ITX HD: 60GB SSD Patriot Inferno RAM: G.SKILL 8GB DDR3 2133 NIC: Intel I350-T2 PS: Lite-On 75W AC PACKAGES: Cron, NUT

                1 Reply Last reply Reply Quote 0
                • M
                  mauroman33
                  last edited by

                  Thank you so much for this fantastic work!!!

                  1 Reply Last reply Reply Quote 0
                  • BBcan177B
                    BBcan177 Moderator
                    last edited by

                    @DownloadDeviant:

                    THANKS! Can't wait! Good stuff….great work...and thanks for helping us dumb dumbs  :P here and over at Reddit!

                    PS - is there a quick n dirty way to test PFBNG to be sure you've generally set it up correctly? Like going to a website and not seeing ads, etc.?

                    Thanks… Are you on the latest 2.1.1_1 version?  Haven't heard much feedback yet, so not sure if many have installed it yet...

                    Not sure what sites are the worst for ADs... but yahoo is probably up there....

                    @mauroman33:

                    Thank you so much for this fantastic work!!!

                    Thanks!

                    "Experience is something you don't get until just after you need it."

                    Website: http://pfBlockerNG.com
                    Twitter: @BBcan177  #pfBlockerNG
                    Reddit: https://www.reddit.com/r/pfBlockerNG/new/

                    1 Reply Last reply Reply Quote 0
                    • D
                      DownloadDeviant
                      last edited by

                      @BBcan177:

                      Thanks… Are you on the latest 2.1.1_1 version?  Haven't heard much feedback yet, so not sure if many have installed it yet...

                      Not sure what sites are the worst for ADs... but yahoo is probably up there....

                      I'm still on 2.0.17. I've slowed down my updating a bit since I've had some snags and had to rebuild 3 times in the past 7 weeks. Two were my fault…lol I thought I had router plugged into the battery port on the UPS but didn't...storm hit...lost power...pf went corrupt. Sooooooooo, I'm a bit worn out on tampering right now. lol That said, I'll probably upgrade it this weekend.

                      Yahoo it is then. I'm very new to pfBNG so I need to learn it and get comfortable. I don't want to get  too aggressive. I just want it to serve as a companion for my Firefox plugins and to help keep my girlfriend protected.

                      System: pfSense 2.4.3p1 - ZFS CPU: AMD Athlon 5350 (Kabini) MOBO: ASRock AM1H-ITX HD: 60GB SSD Patriot Inferno RAM: G.SKILL 8GB DDR3 2133 NIC: Intel I350-T2 PS: Lite-On 75W AC PACKAGES: Cron, NUT

                      1 Reply Last reply Reply Quote 0
                      • S
                        someuser123
                        last edited by

                        pfBlockerNG-2.1.1_1 is working like charm, On 2.3.3-DEVELOPMENT (amd64) no issues.

                        TLD Blacklist is really handy, Thanks BBcan177

                        1 Reply Last reply Reply Quote 0
                        • BBcan177B
                          BBcan177 Moderator
                          last edited by

                          Here are the links for Malware Corpus Tracker which can be used w/ pfBlockerNG DNSBL:

                          Site:
                          http://track.h3x.eu/about/400

                          Available Feeds:
                          https://tracker.h3x.eu/api/sites_1month.php
                          https://tracker.h3x.eu/api/sites_1week.php
                          https://tracker.h3x.eu/api/sites_1day.php
                          https://tracker.h3x.eu/api/sites_1hour.php

                          DO NOT Select all of these Feeds. You should pick only one Feed. For example: the "1Month" will include the "1Week/1Day/1Hour".

                          [ Edit - change to https ]

                          Twitter:
                          https://twitter.com/h3x2b

                          "Experience is something you don't get until just after you need it."

                          Website: http://pfBlockerNG.com
                          Twitter: @BBcan177  #pfBlockerNG
                          Reddit: https://www.reddit.com/r/pfBlockerNG/new/

                          1 Reply Last reply Reply Quote 0
                          • N
                            ntct
                            last edited by

                            Hi BBcan177,

                            I can't update h3x feed from available feeds list in pfBlockerNG v2.1.

                            It show below.

                            [ h3x ]			 Downloading update .. 200 OK
                             Remote timestamp missing 
                             No Domains Found
                            

                            And I can't let TLD Exclusion List working. Can you give a example or check it works?

                            1 Reply Last reply Reply Quote 0
                            • RonpfSR
                              RonpfS
                              last edited by

                              @ntct:

                              Hi BBcan177,

                              I can't update h3x feed from available feeds list in pfBlockerNG v2.1.

                              It show below.

                              [ h3x ]			 Downloading update .. 200 OK
                               Remote timestamp missing 
                               No Domains Found
                              

                              Same here

                              @ntct:

                              And I can't let TLD Exclusion List working. Can you give a example or check it works?

                              Did you do a Force Reload after changing the list ?

                              2.4.5-RELEASE-p1 (amd64)
                              Intel Core2 Quad CPU Q8400 @ 2.66GHz 8GB
                              Backup 0.5_5, Bandwidthd 0.7.4_4, Cron 0.3.7_5, pfBlockerNG-devel 3.0.0_16, Status_Traffic_Totals 2.3.1_1, System_Patches 1.2_5

                              1 Reply Last reply Reply Quote 0
                              • H
                                hulleyrob
                                last edited by

                                [ 1month ]		 Downloading update .. 200 OK
                                  Remote timestamp missing 
                                 No Domains Found
                                
                                [ 1week ]		 Downloading update [ 07/30/16 12:31:20 ] .. 200 OK
                                  Remote timestamp missing 
                                 No Domains Found
                                
                                [ 1day ]		 Downloading update .. 200 OK
                                  Remote timestamp missing 
                                 No Domains Found
                                
                                [ 1hour ]		 Downloading update .. 200 OK
                                  Remote timestamp missing 
                                 No Domains Found
                                

                                Me three, anyone post how exactly you get these list working?

                                1 Reply Last reply Reply Quote 0
                                • BBcan177B
                                  BBcan177 Moderator
                                  last edited by

                                  Here is a patch to fix the H3X Feed…  Sorry about that  ...

                                  @BBcan177:

                                  Here are the links for Malware Corpus Tracker which can be used w/ pfBlockerNG DNSBL:

                                  UPDATE:

                                  Guess the internal QA testing didn't work too well when I tested this Feed.
                                  Please follow these instructions below to patch the code to get the following feed to parse:

                                  Edit     /usr/local/pkg/pfblockerng/pfblockerng.inc

                                  Goto Line 3368 which contains the following:

                                  $h3x_feed = TRUE;
                                  

                                  Reference:
                                  https://github.com/pfsense/FreeBSD-ports/blob/devel/net/pfSense-pkg-pfBlockerNG/files/usr/local/pkg/pfblockerng/pfblockerng.inc#L3368

                                  and add the following line after line 3368:

                                  $liteparser = TRUE;
                                  

                                  Then follow that with a    "Force Update"

                                  "Experience is something you don't get until just after you need it."

                                  Website: http://pfBlockerNG.com
                                  Twitter: @BBcan177  #pfBlockerNG
                                  Reddit: https://www.reddit.com/r/pfBlockerNG/new/

                                  1 Reply Last reply Reply Quote 0
                                  • BBcan177B
                                    BBcan177 Moderator
                                    last edited by

                                    @ntct:

                                    And I can't let TLD Exclusion List working. Can you give a example or check it works?

                                    Can you provide more detail about what you're trying to accomplish?

                                    "Experience is something you don't get until just after you need it."

                                    Website: http://pfBlockerNG.com
                                    Twitter: @BBcan177  #pfBlockerNG
                                    Reddit: https://www.reddit.com/r/pfBlockerNG/new/

                                    1 Reply Last reply Reply Quote 0
                                    • H
                                      hulleyrob
                                      last edited by

                                      Works for me.

                                      For the lazy:

                                      vi +3368 /usr/local/pkg/pfblockerng/pfblockerng.inc
                                      

                                      to go straight to the line.

                                      Thanks BBcan

                                      1 Reply Last reply Reply Quote 0
                                      • BBcan177B
                                        BBcan177 Moderator
                                        last edited by

                                        I have posted a PR #164 to fix the H3x parser issue noted above.
                                        ‎https://github.com/pfsense/FreeBSD-ports/pull/164‎

                                        Once this is merged the pkg will be at version 2.1.1_2.

                                        If you manually edited the file noted above, or not, you do not need to make any further changes with this version.

                                        "Experience is something you don't get until just after you need it."

                                        Website: http://pfBlockerNG.com
                                        Twitter: @BBcan177  #pfBlockerNG
                                        Reddit: https://www.reddit.com/r/pfBlockerNG/new/

                                        1 Reply Last reply Reply Quote 0
                                        • O
                                          oddworld19
                                          last edited by

                                          …...and I'm buying another 8 gigs RAM tonight (from 8G to 16G) now that unbound is VIRT 12.3G and I've swapped 6G.

                                          Worth it though.

                                          Supermicro SYS-5018A-FTN4 (Atom c2758)
                                          pfSense 2.3.2

                                          1 Reply Last reply Reply Quote 0
                                          • A
                                            Andrew453
                                            last edited by

                                            Hi BBcan177

                                            Thanks for implementing this.  Would you be able to explain a bit more what the role of the /usr/local/pkg/pfblockerng/dnsbl_tld file is please?

                                            I was expecting it to contain a pure list of TLDs which pfblockerng can then use to work out whether any given domain is a second level domain or higher.  But it seems itself to contain some second level domains?

                                            That said, when I've looked that the /var/unbound/pfb_dnsbl.conf on my set up that pfblockerng has created, it does contain exactly what I would expect to see (i.e. full blocking of the entire domain for second level domains, but only specific blocking for higher level domains).  So it does seem to be doing exactly what I'd like it to, but I'm not sure how the dnsbl_tld file is working to do that.

                                            Thanks.

                                            1 Reply Last reply Reply Quote 0
                                            • First post
                                              Last post
                                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.