Monster pfBlockerNG import script pfBlockerNG_import_gravity.php 224 lists

djjerdog

@n3by:

Parse error: syntax error, unexpected 'infolists' (T_STRING), expecting ')' in /usr/local/www/pfBlockerNG_import_gravity.php on line 563

… and more

Same error here :/

tonymorella

@djjerdog:

@n3by:

Parse error: syntax error, unexpected 'infolists' (T_STRING), expecting ')' in /usr/local/www/pfBlockerNG_import_gravity.php on line 563

… and more

Same error here :/

Crud sorry about that typo on line 563

"description"    => "Malware Expect false positives white lists will need to be created",",

Change to

"description"    => "Malware Expect false positives white lists will need to be created",

Also update file on Github

n3by

also change this:

line 680

                    "header"     => "trustedsec_atif"),

->

                    "header"     => "trustedsec_atif")),

and
line 1020

            "custom_update"      => "disabled")

->

            "custom_update"      => "disabled"),

javcasta

Hello.

Very good tool for pfBlockerNG :)

this is my debugged script that works for me, (zip file attached. or in my web: http://www.javcasta.com/?smd_process_download=1&download_id=33310 )

Regads.

pfBlockerNG_import_gravity.php.zip

tonymorella

@n3by:

also change this:

line 680

                    "header"     => "trustedsec_atif"),

->

                    "header"     => "trustedsec_atif")),

and
line 1020

            "custom_update"      => "disabled")

->

            "custom_update"      => "disabled"),

Thanks for the review, changes updated on github.  This is what happens when your up 24 hours straight :)

iplost

Ok, thanks for update in github

One detail,  wget is not by default in pfSense 2.3.2, other way to download script:

 curl https://raw.githubusercontent.com/tonymorella/pfsense_scipts/master/pfBlockerNG_import_gravity.php > pfBlockerNG_import_gravity.php

pfcode

Some of the lists blocked other lists. e.g. Malware[ransomware_feed] blocks Spam_Bots_PHP[lashback_ubl], Attacks[gofferje_sip] blocks Attacks[blueliv_crimeserver_online, blueliv_crimeserver_recent]. Totally confusion. Also, can't get access from "https://freeapi.blueliv.com"

tonymorella

@pfcode:

Some of the lists blocked other lists. e.g. Malware[ransomware_feed] blocks Spam_Bots_PHP[lashback_ubl], Attacks[gofferje_sip] blocks Attacks[blueliv_crimeserver_online, blueliv_crimeserver_recent]. Totally confusion. Also, can't get access from "https://freeapi.blueliv.com"

Good point,  by default I added all the URLs to a custom allow lists so they can not block each other :) Also you need to create and account to access the blueliv.com API

pfcode

@tonymorella:

@pfcode:

Some of the lists blocked other lists. e.g. Malware[ransomware_feed] blocks Spam_Bots_PHP[lashback_ubl], Attacks[gofferje_sip] blocks Attacks[blueliv_crimeserver_online, blueliv_crimeserver_recent]. Totally confusion. Also, can't get access from "https://freeapi.blueliv.com"

Good point,  by default I added all the URLs to a custom allow lists so they can not block each other :) Also you need to create and account to access the blueliv.com API

Added 88.198.202.51 (blueliv.com) into the pfBlockerNG surpress list, but it was still blocked by gofferje,  What am I missing?

BBcan177

@pfcode:

Also, can't get access from "https://freeapi.blueliv.com"

Added 88.198.202.51 (blueliv.com) into the pfBlockerNG surpress list, but it was still blocked by gofferje,  What am I missing?

I haven't used blueliv, but your not checking the correct domain name…

ping freeapi.blueliv.com

PING f01.blueliv.com (88.198.51.46): 56 data bytes

pfcode

@BBcan177:

@pfcode:

Also, can't get access from "https://freeapi.blueliv.com"

Added 88.198.202.51 (blueliv.com) into the pfBlockerNG surpress list, but it was still blocked by gofferje,  What am I missing?

I haven't used blueliv, but your not checking the correct domain name…

ping freeapi.blueliv.com

PING f01.blueliv.com (88.198.51.46): 56 data bytes

Hi,

if I manually add the ip in the suppress list and apply the changes,  Should I do a update or force reload?

johnabbot

I think you should put a warning about false positives on the bots and organisations ones. I had to delete them.

tonymorella

@johnabbot:

I think you should put a warning about false positives on the bots and organisations ones. I had to delete them.

Sure why not :)  I used Organisations for allow rules not block, did you notice issues with this one??

johnabbot

blocking emails to/from me.com from a local mail server I think it was.

motific

Thanks for the script, it was quite a timesaver.

A number of the lists ought to end up in the DNSBL section rather than IP4 (Privacy/SomeoneWhoCares is one example) - if you're maintaining the script that's something to check.  If I get some time I might take a look.