Monster pfBlockerNG import script pfBlockerNG_import_gravity.php 224 lists

tonymorella

@pfcode:

@tonymorella:

It includes the ones from the original, but under different alias and header names so it will not overwrite

Tony

Thanks, is it possible to just import the firehol ones?

Could just do the import and turn off the ones you don't want, the Alias are disabled so they will not run until you set them to. Or modify the script before doing the import, delete the ones you don't need.

n3by

Parse error: syntax error, unexpected 'infolists' (T_STRING), expecting ')' in /usr/local/www/pfBlockerNG_import_gravity.php on line 563

… and more

djjerdog

@n3by:

Parse error: syntax error, unexpected 'infolists' (T_STRING), expecting ')' in /usr/local/www/pfBlockerNG_import_gravity.php on line 563

… and more

Same error here :/

tonymorella

@djjerdog:

@n3by:

Parse error: syntax error, unexpected 'infolists' (T_STRING), expecting ')' in /usr/local/www/pfBlockerNG_import_gravity.php on line 563

… and more

Same error here :/

Crud sorry about that typo on line 563

"description"    => "Malware Expect false positives white lists will need to be created",",

Change to

"description"    => "Malware Expect false positives white lists will need to be created",

Also update file on Github

n3by

also change this:

line 680

                    "header"     => "trustedsec_atif"),

->

                    "header"     => "trustedsec_atif")),

and
line 1020

            "custom_update"      => "disabled")

->

            "custom_update"      => "disabled"),

javcasta

Hello.

Very good tool for pfBlockerNG :)

this is my debugged script that works for me, (zip file attached. or in my web: http://www.javcasta.com/?smd_process_download=1&download_id=33310 )

Regads.

pfBlockerNG_import_gravity.php.zip

tonymorella

@n3by:

also change this:

line 680

                    "header"     => "trustedsec_atif"),

->

                    "header"     => "trustedsec_atif")),

and
line 1020

            "custom_update"      => "disabled")

->

            "custom_update"      => "disabled"),

Thanks for the review, changes updated on github.  This is what happens when your up 24 hours straight :)

iplost

Ok, thanks for update in github

One detail,  wget is not by default in pfSense 2.3.2, other way to download script:

 curl https://raw.githubusercontent.com/tonymorella/pfsense_scipts/master/pfBlockerNG_import_gravity.php > pfBlockerNG_import_gravity.php

pfcode

Some of the lists blocked other lists. e.g. Malware[ransomware_feed] blocks Spam_Bots_PHP[lashback_ubl], Attacks[gofferje_sip] blocks Attacks[blueliv_crimeserver_online, blueliv_crimeserver_recent]. Totally confusion. Also, can't get access from "https://freeapi.blueliv.com"

tonymorella

@pfcode:

Some of the lists blocked other lists. e.g. Malware[ransomware_feed] blocks Spam_Bots_PHP[lashback_ubl], Attacks[gofferje_sip] blocks Attacks[blueliv_crimeserver_online, blueliv_crimeserver_recent]. Totally confusion. Also, can't get access from "https://freeapi.blueliv.com"

Good point,  by default I added all the URLs to a custom allow lists so they can not block each other :) Also you need to create and account to access the blueliv.com API

pfcode

@tonymorella:

@pfcode:

Some of the lists blocked other lists. e.g. Malware[ransomware_feed] blocks Spam_Bots_PHP[lashback_ubl], Attacks[gofferje_sip] blocks Attacks[blueliv_crimeserver_online, blueliv_crimeserver_recent]. Totally confusion. Also, can't get access from "https://freeapi.blueliv.com"

Good point,  by default I added all the URLs to a custom allow lists so they can not block each other :) Also you need to create and account to access the blueliv.com API

Added 88.198.202.51 (blueliv.com) into the pfBlockerNG surpress list, but it was still blocked by gofferje,  What am I missing?

BBcan177

@pfcode:

Also, can't get access from "https://freeapi.blueliv.com"

Added 88.198.202.51 (blueliv.com) into the pfBlockerNG surpress list, but it was still blocked by gofferje,  What am I missing?

I haven't used blueliv, but your not checking the correct domain name…

ping freeapi.blueliv.com

PING f01.blueliv.com (88.198.51.46): 56 data bytes

pfcode

@BBcan177:

@pfcode:

Also, can't get access from "https://freeapi.blueliv.com"

Added 88.198.202.51 (blueliv.com) into the pfBlockerNG surpress list, but it was still blocked by gofferje,  What am I missing?

I haven't used blueliv, but your not checking the correct domain name…

ping freeapi.blueliv.com

PING f01.blueliv.com (88.198.51.46): 56 data bytes

Hi,

if I manually add the ip in the suppress list and apply the changes,  Should I do a update or force reload?

johnabbot

I think you should put a warning about false positives on the bots and organisations ones. I had to delete them.

tonymorella

@johnabbot:

I think you should put a warning about false positives on the bots and organisations ones. I had to delete them.

Sure why not :)  I used Organisations for allow rules not block, did you notice issues with this one??

johnabbot

blocking emails to/from me.com from a local mail server I think it was.

motific

Thanks for the script, it was quite a timesaver.

A number of the lists ought to end up in the DNSBL section rather than IP4 (Privacy/SomeoneWhoCares is one example) - if you're maintaining the script that's something to check.  If I get some time I might take a look.