PfBlockerNG v2.1 w/TLD
-
Hi BBcan177,
Is there any good install/setup/configure instruction (video or guide) for the last version op pfblockerNG, that you could/would recommend?
Thanks for your advice, cheers Qinn
-
I was expecting it to contain a pure list of TLDs which pfblockerng can then use to work out whether any given domain is a second level domain or higher. But it seems itself to contain some second level domains?
Hi Andrew453,
If I only used the TLD, it would be a simple process of looking at any listed Domain and seeing if it had only a second-level Domain (SLD) then block the entire Domain. However, there are suffixes like "uk.com" which is what I would call the TLD that is used to determine if there is one more level. So all of the TLDs (suffixes) in that file are known TLDs which is used in the determination process. Most of the file was taken from the "Public Suffix Registry".
-
Hi BBcan177,
Is there any good install/setup/configure instruction (video or guide) for the last version op pfblockerNG, that you could/would recommend?
Thanks for your advice, cheers Qinn
There is a pfSense Hangout that I did which can be used for an overview of the pkg functionality. However, apart from the three main pfBlockerNG threads in this forum, there isn't any other documentation.
-
Thanks for the quick reply. Darn :( I found this one can you can agree to this one?
https://www.youtube.com/watch?v=YLhDOaH0q5U
-
I was expecting it to contain a pure list of TLDs which pfblockerng can then use to work out whether any given domain is a second level domain or higher. But it seems itself to contain some second level domains?
Hi Andrew453,
If I only used the TLD, it would be a simple process of looking at any listed Domain and seeing if it had only a second-level Domain (SLD) then block the entire Domain. However, there are suffixes like "uk.com" which is what I would call the TLD that is used to determine if there is one more level. So all of the TLDs (suffixes) in that file are known TLDs which is used in the determination process. Most of the file was taken from the "Public Suffix Registry".
Yes ok. That's exactly what I thought the file was for. (i.e. some eTLDs are longer than others, so you need a list e.g. .com vs .co.uk to work out what to treat as an eTLD)
The thing that was confusing me was there were some domains in the list that looked a bit odd, e.g.
myactivedirectory.com
mydrobo.com
mysecuritycamera.com
myshopblocks.com
myvnc.comI think all you're saying is that pfblockerng will treat those as eTLDs even though, strictly speaking, they aren't … which is fine.
p.s. a big thank you for implementing this. It was on my wish-list as I recall - https://forum.pfsense.org/index.php?topic=106534
-
Hi BBcan177,
I can't update h3x feed from available feeds list in pfBlockerNG v2.1.
It show below.
[ h3x ] Downloading update .. 200 OK Remote timestamp missing No Domains FoundSame here
And I can't let TLD Exclusion List working. Can you give a example or check it works?
Did you do a Force Reload after changing the list ?
I'm on 2.1.1_2, the h3x fix is included, but I get the same error as above.
I tried with Update, Cron , Reload.
[ malw_corpus ] Downloading update .. 200 OK
Remote timestamp missing
No Domains Found -
Hi,
Thank you for your hard work on this package :)After updating to 2.1.1_2 i can't "clear DNSBL Packets" from the pfBlockerNG widge
The DNSBL_EasyList won't delete the packets
[Video 31-07-2016 16.54.57.zip](/public/imported_attachments/1/Video 31-07-2016 16.54.57.zip) -
I'm on 2.1.1_2, the h3x fix is included, but I get the same error as above.
I tried with Update, Cron , Reload.
[ malw_corpus ] Downloading update .. 200 OK
Remote timestamp missing
No Domains FoundEach URL contains sites that were active in the last period (month, week, day or hour).
If you look at the 1hour or the 1day csv file, they only have one comment. The 1week and 1month have entries.
You should only choose one of the feeds according to your need. I guess most will pick the 1month URL.
-
Not sure if this is related to pfblockerNG (2.1 w/ TLD) but I went to the package manager to install a package, and saw that my copy of pfblockerNG was outdated, so I clicked the yellow round arrow to update the package. It went well, but immediately after I returned to the package manager I was greeted with a red ribbon saying "Unable to retrieve package information". This happens for the "Installed Packages as well as "Available Packages" tabs!
On the main page, I see "Obtaining update status ", then it turns to "Unable to check for updates".
Tried disabling both pfblockerNG and DNSBL to no avail. Snort is disabled and the blocked hosts list is empty.
Now I cannot update, install or uninstall packages…. How do I remedy to this?
-
I've had that trouble before too. It happened when I was trying to change from the development thread for updates to the stable thread. I couldn't update anything. I eventually found some instructions to reinstall the main pfsense components from the command line. I ended up still on the development thread and didn't venture to try to change it back after that.
-
I've had that trouble before too. It happened when I was trying to change from the development thread for updates to the stable thread. I couldn't update anything. I eventually found some instructions to reinstall the main pfsense components from the command line. I ended up still on the development thread and didn't venture to try to change it back after that.
Not sure I understand that. I am not playing with development stuff, nor that I am configured to retrieve packages from development repos.. Just a vanilla pfsense install with pfblockerNG, snort and thats it. Not normal all of a sudden I lose connection to repos..
Also after a reboot I see these warnings in the main page:
There were error(s) loading the rules: /tmp/rules.debug:37: cannot define table pfB_Europe_v6: Cannot allocate memory - The line in question reads [37]: table <pfB_Europe_v6> persist file "/var/db/aliastables/pfB_Europe_v6.txt" @ 2016-07-31 14:55:00 There were error(s) loading the rules: /tmp/rules.debug:37: cannot define table pfB_Europe_v6: Cannot allocate memory - The line in question reads [37]: table <pfB_Europe_v6> persist file "/var/db/aliastables/pfB_Europe_v6.txt" @ 2016-07-31 14:55:11 There were error(s) loading the rules: /tmp/rules.debug:37: cannot define table pfB_Europe_v6: Cannot allocate memory - The line in question reads [37]: table <pfB_Europe_v6> persist file "/var/db/aliastables/pfB_Europe_v6.txt" @ 2016-07-31 14:55:20 -
@lpallard:
There were error(s) loading the rules: /tmp/rules.debug:37: cannot define table pfB_Europe_v6: Cannot allocate memory - The line in question reads [37]: table <pfB_Europe_v6> persist file "/var/db/aliastables/pfB_Europe_v6.txt" @ 2016-07-31 14:55:00 There were error(s) loading the rules: /tmp/rules.debug:37: cannot define table pfB_Europe_v6: Cannot allocate memory - The line in question reads [37]: table <pfB_Europe_v6> persist file "/var/db/aliastables/pfB_Europe_v6.txt" @ 2016-07-31 14:55:11 There were error(s) loading the rules: /tap/rules.debug:37: cannot define table pfB_Europe_v6: Cannot allocate memory - The line in question reads [37]: table <pfB_Europe_v6> persist file "/var/db/aliastables/pfB_Europe_v6.txt" @ 2016-07-31 14:55:20These all seem to be related to the MaxMind IPv6 database. Looks like you will need to bump the pfSense max aliastable entries limit from 2M to 4M. If you enable aggregation in the general tab, it should condense the CIDRs and reduce the overall IP count. This changed due to using the new MaxMind Geolite2 database which seems to have smaller subsets of the data listed causing more IP entries to be added.
-
@CiscoX:
After updating to 2.1.1_2 i can't "clear DNSBL Packets" from the pfBlockerNG widge
The DNSBL_EasyList won't delete the packetsI am away for a few weeks but will check that out. Seems like some regression somewhere. Thanks for reporting.
-
@lpallard:
Not sure if this is related to pfblockerNG (2.1 w/ TLD) but I went to the package manager to install a package, and saw that my copy of pfblockerNG was outdated, so I clicked the yellow round arrow to update the package. It went well, but immediately after I returned to the package manager I was greeted with a red ribbon saying "Unable to retrieve package information". This happens for the "Installed Packages as well as "Available Packages" tabs!
On the main page, I see "Obtaining update status ", then it turns to "Unable to check for updates".
Tried disabling both pfblockerNG and DNSBL to no avail. Snort is disabled and the blocked hosts list is empty.
Now I cannot update, install or uninstall packages…. How do I remedy to this?
From the following thread:
https://forum.pfsense.org/index.php?topic=116019.0
I followed the ssh command line execution steps:
pkg update -f
pkg upgrade -fand the same problem was resolved.
-
@CiscoX:
After updating to 2.1.1_2 i can't "clear DNSBL Packets" from the pfBlockerNG widge
The DNSBL_EasyList won't delete the packetsI am away for a few weeks but will check that out. Seems like some regression somewhere. Thanks for reporting.
Hi, No problem. Have a nice Holiday :)
-
Hi there I followed this guide, http://fredmerc.com/2016/07/15/pfsense-adblock-using-pfblockerng-guide/ a rather short setup, there is only DNSBL and no IP4 is that new or is this guide missing it? Thanks for any help.
-
Hi there I followed this guide, http://fredmerc.com/2016/07/15/pfsense-adblock-using-pfblockerng-guide/ a rather short setup, there is only DNSBL and no IP4 is that new or is this guide missing it? Thanks for any help.
Here are the original pfBlockerNG thread https://forum.pfsense.org/index.php?topic=86212.0
and the pfBlockerNG v2.0 w/DNSBL thread https://forum.pfsense.org/index.php?topic=102470 -
I am getting this error when I try to use the Spamhaus list in this tread.
===[ DNSBL Process ]================================================
[ EasywoElements ] exists.
[ SpamHouse_TLDS ] Downloading update .. 200 OK
Remote timestamp missing .
–--------------------------------------------------------------------
Orig. Unique # Dups # White # Alexa Final
----------------------------------------------------------------------
3 3 0 0 0 3
----------------------------------------------------------------------[ DNSBL FAIL ] [ Skipping : SpamHouse_TLDS ]
[1470071701] unbound-checkconf[87654:0] error: error parsing local-data at 38 '(xmlhttp.readystate 60 IN A 10.10.10.1': Syntax error, could not parse the RR
[1470071701] unbound-checkconf[87654:0] error: Bad local-data RR (xmlhttp.readystate 60 IN A 10.10.10.1
[1470071701] unbound-checkconf[87654:0] fatal error: failed local-zone, local-data configuration
[ Malware_1month ] Downloading update [ 08/01/16 12:15:01 ] .. 200 OK
Remote timestamp missing .
–--------------------------------------------------------------------
Orig. Unique # Dups # White # Alexa Final
----------------------------------------------------------------------
1221 956 0 0 0 956
----------------------------------------------------------------------[ Malware_1week ] Downloading update [ 08/01/16 12:15:04 ] .. 200 OK
Remote timestamp missing .
–--------------------------------------------------------------------
Orig. Unique # Dups # White # Alexa Final
----------------------------------------------------------------------
526 487 487 0 0 0
----------------------------------------------------------------------[ Malware_1day ] Downloading update [ 08/01/16 12:15:05 ] .. 200 OK
Remote timestamp missing .
–--------------------------------------------------------------------
Orig. Unique # Dups # White # Alexa Final
----------------------------------------------------------------------
48 47 47 0 0 0
----------------------------------------------------------------------[ Malware_1hour ] Downloading update .. 200 OK
Remote timestamp missing
No Domains Found–----------------------------------------
Assembling database... completed
Executing TLD
TLD analysis. completed
Finalizing TLD... completedOriginal Matches Removed Final
6062 5530 1 6061
Validating database... completed [ 08/01/16 12:15:08 ]
Reloading Unbound…. completed
DNSBL update [ 6061 | PASSED ]… completed -
Which Spamhaus URL are you using ?
this https://www.spamhaus.org/statistics/tlds/ is just a web page, not a feed DNSBL can use.as for the H3X, only one is needed
https://forum.pfsense.org/index.php?topic=115357.msg643896#msg643896And do a Force Reload after making the modifications.
-
Which Spamhouse URL are you using ?
this https://www.spamhaus.org/statistics/tlds/ is just a web page, not a feed DNSBL can use.as for the H3X, only one is needed
https://forum.pfsense.org/index.php?topic=115357.msg643896#msg643896And do a Force Reload after making the modifications.
Thank you.
i see my mistake now.
I was certain I had 2 feeds that contained data but I must have misplaced it?
