Pfblockerng whitelisting
-
-
Here is a screenshot.
Let me know if this includes the info you are looking for.
I see no picture.
Try it now. I used the IMG tags and it did not work.
But here it is again: https://drive.google.com/open?id=0B_lE49yIpBbnSmkxQ2gyS2ZyX28
You can post images with the + Attachments and other options
Did you ran a Force Reload after enabling suppression ?
Your screen shot is missing the last column that display the range involved in the block.
Also take time to read the
in the General Tab under Suppression. -
Here is a screenshot.
Let me know if this includes the info you are looking for.
I see no picture.
Try it now. I used the IMG tags and it did not work.
But here it is again: https://drive.google.com/open?id=0B_lE49yIpBbnSmkxQ2gyS2ZyX28
You can post images with the + Attachments and other options
Did you ran a Force Reload after enabling suppression ?
Your screen shot is missing the last column that display the range involved in the block.
Also take time to read the in the General Tab under Suppression.Here is an updated with with more pertinent information.
-
Well as they are not /24 or /32 block ranges, you will have to whitelist the IPs
@Suppression:
Alerts can be suppressed using the '+' icon in the Alerts tab and IPs added to the 'pfBlockerNGSuppress' alias. A blocked IP in a CIDR other than /32 or /24 will need a 'Whitelist alias' w/ list action: 'Permit Outbound' Firewall rule
If you are using Iblocklist.com URL, maybe you should read iBlocklist.com is either dead or a scam?
-
Well as they are not /24 or /32 block ranges, you will have to whitelist the IPs
@Suppression:
Alerts can be suppressed using the '+' icon in the Alerts tab and IPs added to the 'pfBlockerNGSuppress' alias. A blocked IP in a CIDR other than /32 or /24 will need a 'Whitelist alias' w/ list action: 'Permit Outbound' Firewall rule
And where do I white list the IP's? I have white listed the domains but that does not seem to be working.
newegg, facebook and amazonses are in that screen shot and those items are not being delivered.
-
And where do I white list the IP's? I have white listed the domains but that does not seem to be working.
newegg, facebook and amazonses are in that screen shot and those items are not being delivered.
Don't mix IP and Domain name, they have different mode of operation. You query a name server with the Domain name (FQDN) of a host to obtain it's IP.
IPV4 and IPV6 are used with Firewall rules to control access.
DNSBL operate on the Name service to give the VIP instead of the "real" IP of a host.
Again, the answer is already given in the infobox ('Whitelist alias'). Take time to read or use Google translate to bring it to your native language.
-
And where do I white list the IP's? I have white listed the domains but that does not seem to be working.
newegg, facebook and amazonses are in that screen shot and those items are not being delivered.
Don't mix IP and Domain name, they have different mode of operation. You query a name server with the Domain name (FQDN) of a host to obtain it's IP.
IPV4 and IPV6 are used with Firewall rules to control access.
DNSBL operate on the Name service to give the VIP instead of the "real" IP of a host.
Again, the answer is already given in the infobox ('Whitelist alias'). Take time to read or use Google translate to bring it to your native language.
So use the IPV4. Create an Alias List. Enter the IP's I want to whitelist on the new IP list?
Where do the IP's get added to the firewall for whilelisting?
Or is it automatically integrated?
I am American and speak English. I just don't speak Firewall Networking so well :)
I want to use pfBlocker but if this is too difficult for me to grasp.
I am also looking at upgrading my zimbra and using spam assassin instead.
But I think I am half way there with pfSense and pfBlocker.
I'm just not getting something.
Also, what "Infobox"?
-
The infobox under Suppression ???
1 ) You might use a pfBlockerNG IPV4 table, put the IPs you want to whitelist in the IPv4 Custom list. pfBlockerNG will generate FW rules.
2 ) Use a pfBlockerNG IPV4 table, specify a local file containing the IPs to whitelist. pfBlockerNG will generate FW rules.
3 ) You could create and Alias with the IPs you want to whitelist and create FW rules to permit access.
For beginners, start with 1) then switch to 3) using similar FW rules as pfBlockerNG created in 1) if you prefer to manage a Firewall Alias.
-
The infobox under Suppression ???
Ah, Infobox is the "I" in a circle. Gotcha. Box and Circle… go figure :P
1 ) You might use a pfBlockerNG IPV4 table, put the IPs you want to whitelist in the IPv4 Custom list. pfBlockerNG will generate FW rules.
2 ) Use a pfBlockerNG IPV4 table, specify a local file containing the IPs to whitelist. pfBlockerNG will generate FW rules.
Why would I use a file as opposed to the Custom List in the gui?
3 ) You could create and Alias with the IPs you want to whitelist and create FW rules to permit access.
For beginners, start with 1) then switch to 3) using similar FW rules as pfBlockerNG created in 1) if you prefer to manage a Firewall Alias.
Right now, I would rather not manage a firewall alias. If pfSense/pfBlocker can create and manage, I am fine with that.
Is there a link with how to configure an IPv4 Custom Address whitelist?
-
Probably the same link you used to create your Deny Tables, change Deny Both for Allow Outbound (or Allow Both depending on your need).
To input IPs, click on the IPv4 Custom list "+" icon.
Also take time to read again my last posts as I refined the answers while we are speaking.
-
Probably the same link you used to create your Deny Tables, change Deny Both for Allow Outbound (or Allow Both depending on your need).
To input IPs, click on the IPv4 Custom list "+" icon.
Also take time to read again my last posts as I refined the answers as we speak.
I meant i'm looking for a tutorial link on how to create these IPv4 Custom IP White lists. This was not included in the initial pfblocker tutorial that I followed (below).
Also, I did not create any Deny Tables. I simply followed the tutorial below. And now integrating this threads information into that setup.
I followed the tutorial below for setting up pfBlocker:
https://forum.pfsense.org/index.php?topic=102470.msg572943#msg572943Any help or links or information you can relay would be greatly appreciated.
-
I meant i'm looking for a tutorial link on how to create these IPv4 Custom IP White lists. This was not included in the initial pfblocker tutorial that I followed (below).
Also, I did not create any Deny Tables. I simply followed the tutorial below. And now integrating this threads information into that setup.
I followed the tutorial below for setting up pfBlocker:
https://forum.pfsense.org/index.php?topic=102470.msg572943#msg572943Any help or links or information you can relay would be greatly appreciated.
That one was for DNSBL (Domain Name).
Start with the first pages of each of these threads:
pfBlockerNG
pfBlockerNG v2.0 w/DNSBL
pfBlockerNG v2.1 w/TLD
And over time ;) why not read all of the pages. -
I meant i'm looking for a tutorial link on how to create these IPv4 Custom IP White lists. This was not included in the initial pfblocker tutorial that I followed (below).
Also, I did not create any Deny Tables. I simply followed the tutorial below. And now integrating this threads information into that setup.
I followed the tutorial below for setting up pfBlocker:
https://forum.pfsense.org/index.php?topic=102470.msg572943#msg572943Any help or links or information you can relay would be greatly appreciated.
That one was for DNSBL (Domain Name).
Start with the first pages of each of these threads:
pfBlockerNG
pfBlockerNG v2.0 w/DNSBL
pfBlockerNG v2.1 w/TLD
And over time ;) why not read all of the pages.Thanks. Worse case scenario, I use Zimbra and Spamassassin.
I've been trying to use pfBlocker for awhile now and there's just too much information out there separated into difference places.
Some people feel a firewall should be used for just that.
While a spam filter (on a mail server) might be better or just as good.
Right now, I am seeing why the latter feels the way they do.
-
I've been trying to use pfBlocker for awhile now and there's just too much information out there separated into difference places.
It's and Open Source package.
BBCan177 spent most of it's time developing it. With time, new features are added and are included in the package. 8)
I contribute by answering in the forum and testing the new versions with other testers.
But no one currently contribute to documenting the package, making tutorials, etc. :(
-
I've been trying to use pfBlocker for awhile now and there's just too much information out there separated into difference places.
It's and Open Source package.
BBCan177 spent most of it's time developing it. With time, new features are added and are included in the package. 8)
I contribute by answering in the forum and testing the new versions.
But no one currently contribute to documenting the package, making tutorials, etc. :(
I completely get that.
I am a huge proponent of open source.
But my email is my life blood.
Various emails have been blocked for a couple days now and I have no idea of knowing, concretely, how to allow or whitelist them.
I thought .domains works.
Then I was told, by you, that IP address whitelisting works but now that requires a whole other learning curve. And this is all hit and miss.
Like I said, I was doing this because pfsense rocks… but pfblocker has been giving me issues since before this version.
It's working but blocking legitimate email servers (newegg, facebook, amazon, etc).
These are not unknown domains.
So I am thinking spamassassin might be a better adept at resolving this issue as it will be just on the mail server. But maybe I am wrong.
-
Hey Reason,
I sent you a PM… I think you're mixing up IP Blocking with Domain Blocking... Its best to start with IP Blocking as that is what will best protect your Mail Server from Inbound Spam. I also sent you a link to add some DNSRBLs to Zimbra as it uses Postfix... I would highly recommend Spamhaus Zen at a minimum to knock down 90% of the Inbound Spam right off the bat...
Once you have the IP Blocking configured and tuned, then you can move to DNSBL Domain blocking... But DNSBl is more for Outbound Malicious Domain and ADvert Blocking for Browsers...
Once you get the package configured, you will see the difference... Security is like an Onion, needs several layers to make it effective...
-
Oups :o I forgot to mention that BBCan177 is also answering in the forum ::)
-
I've been trying to use pfBlocker for awhile now and there's just too much information out there separated into difference places.
It's and Open Source package.
BBCan177 spent most of it's time developing it. With time, new features are added and are included in the package. 8)
I contribute by answering in the forum and testing the new versions with other testers.
But no one currently contribute to documenting the package, making tutorials, etc. :(
There is a pfSense Hangout that I did that provides a decent overview for the package… Its available for all pfSense Gold Subscribers. Check it out if you can!
https://www.pfsense.org/videos/#165034947
-
Hey Reason,
I sent you a PM… I think you're mixing up IP Blocking with Domain Blocking... Its best to start with IP Blocking as that is what will best protect your Mail Server from Inbound Spam. I also sent you a link to add some DNSRBLs to Zimbra as it uses Postfix... I would highly recommend Spamhaus Zen at a minimum to knock down 90% of the Inbound Spam right off the bat...
Once you have the IP Blocking configured and tuned, then you can move to DNSBL Domain blocking... But DNSBl is more for Outbound Malicious Domain and ADvert Blocking for Browsers...
Once you get the package configured, you will see the difference... Security is like an Onion, needs several layers to make it effective...
Hey BBCan,
Just got your message and responded.
Thanks again for reaching out. I will look at implementing those Mailserver tweaks and get back to you!
-
Here are more DNSBL Feeds that can be used in pfBlockerNG.
(Copy and paste URLS as plain text)- Create a new alias for these.
These are not necessarily ADvert domains. So I named mine "Malicious"
hpHosts
http://hosts-file.net/download/hosts.zipSWC
http://someonewhocares.org/hosts/hostsspam404
https://spam404bl.com/blacklist.txt
https://raw.githubusercontent.com/Dawsey21/Lists/master/main-blacklist.txtmalc0de
https://malc0de.com/bl/BOOTMDS (use 'Flex' state)
https://mirror1.malwaredomains.com/files/justdomainsMVPS
http://winhelp2002.mvps.org/hosts.txtMDL
http://www.malwaredomainlist.com/hostslist/hosts.txtGJTech
http://adblock.gjtech.net/?format=unix-hostsdShield_SD (They also have a conservative list available)
https://www.dshield.org/feeds/suspiciousdomains_High.txtZeus
https://zeustracker.abuse.ch/blocklist.php?download=domainblocklist- These two feeds post full URLs, so there can be some more false positives.
Create a new Alias, and use Alexa as a recommendation.
PhishTank
https://data.phishtank.com/data/online-valid.csv.bz2OpenPhish
https://www.openphish.com/feed.txtMPatrol (You need to register - Free or Paid subscription. Use Danguardian feed)
https://lists.malwarepatrol.net-
This is a feed that I manage (as time permits)
MS_2
https://gist.githubusercontent.com/BBcan177/4a8bf37c131be4803cb2/raw -
Use this in its own Alias:
BBC_DGA (This is a large feed of DGA for the likes of Cryptolocker et al…)
http://osint.bambenekconsulting.com/feeds/dga-feed.gzBBC_C2
http://osint.bambenekconsulting.com/feeds/c2-dommasterlist.txt- Use this feed in its own alias as it is updated more frequently.
So you can update it more often than once per day.
hpHosts_partial
http://hosts-file.net/hphosts-partial.aspIf users find other feeds, please post back so that others may benefit also.
Its also important to donate to the feeds provider (IP and/or Domain) as they all need support.BBCan,
When you say "create a new alias…" do you mean under DNSBL Feeds or Firewall Aliases?
- Create a new alias for these.
