Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Shallalist2pfBlockerNG.php - script para importar shallalist a pfBlockerNG

    Scheduled Pinned Locked Moved Español
    10 Posts 3 Posters 4.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J Offline
      javcasta
      last edited by

      Hola.

      shallalist2pfBlockerNG.php – script para importar categorias de shallalist a pfBlockerNG

      Descarga - download: http://www.javcasta.com/?smd_process_download=1&download_id=33336

      shallalist2pfBlockerNG.php es un php cli script para importar las categorias de shallalist a pfBlockerNG y crea un cron para actualizarlas.

      Testeado en pfSense 2.3.2_1 amd64 con pfBlockerNG 2.1.1_4

      Condición necesaria: Tener instalado en pfSense el paquete pfBlockerNG y configurado y operativo su DNSBL.

      El script se aloja en una carpeta, por ejemplo /scripts , y se ejecuta desde shell o consola:

      php /scripts/shallalist2pfBlockerNG.php

      Una vez ejecutado e importadas las categorias de shallalist al DNSBL feed shalllaist2pfBlockerNG, vamos a la GUI de pfSense: Firewall > pfBlockerNG > DNSBL Feeds,

      y editamos el feed shallalist2pfBlockerNG y ponemos a ON (o dejamos a OFF) las categorias que deseemos.

      Solo quedará hacer un Force Update update/reload del DNSBL pfblockerNG

      El código: shallalist2pfBlockerNG.php

      
      /*
      	shallalist2pfBlockerNG.php
      	Copyright (C) 2016 javier@javcasta.com Javier Castañón
              @javcasta - PIyMenta - https://javcasta.com/
      
      	Redistribution and use in source and binary forms, with or without
      	modification, are permitted provided that the following conditions are met:
      
      	1\. Redistributions of source code must retain the above copyright notice,
      	   this list of conditions and the following disclaimer.
      
      	2\. Redistributions in binary form must reproduce the above copyright
      	   notice, this list of conditions and the following disclaimer in the
      	   documentation and/or other materials provided with the distribution.
      
      	THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
      	INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
      	AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
      	AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
      	OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
      	SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
      	INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
      	CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
      	ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
      	POSSIBILITY OF SUCH DAMAGE.
      */
      
      require_once("config.inc");
      require_once("util.inc");
      require_once("functions.inc");
      require_once("pkg-utils.inc");
      require_once("pfsense-utils.inc");
      require_once("globals.inc");
      require_once("services.inc");
      
      global $config;
      $config = parse_config(true);
      
      //bash 
      //Remove directory
      print_r("Remove /tmp/BL dir \n");
      mwexec("/bin/rm -rf /tmp/BL");
      //Create directory
      print_r("Create /tmp/BL dir \n");
      mwexec("/bin/mkdir /tmp/BL");
      //Download list
      print_r("Download shallalist.tar.gz \n");
      mwexec("/usr/bin/fetch -o /tmp/BL http://www.shallalist.de/Downloads/shallalist.tar.gz");
      #Extract and remove archive
      print_r("Extract... \n");
      //mwexec("/usr/bin/cd /tmp/BL");
      mwexec("/usr/bin/tar -xf /tmp/BL/shallalist.tar.gz --strip 1 -C /tmp/BL");
      mwexec("/bin/rm -rf /tmp/BL/shallalist.tar.gz");
      
      function listFolders($dir)
      {
          //ref //http://stackoverflow.com/questions/14358346/how-to-build-a-array-that-contains-a-folder-structure
          $dh = scandir($dir);
          $resultado = array();
          $laruta = '';
      
          foreach ($dh as $folder) {
              if ($folder != '.' && $folder != '..' && $folder != 'COPYRIGHT' &&
                      $folder != 'global_usage' && $folder != 'shallalist.tar.gz') {
                  $laruta = $dir . '/' . $folder;
                  if (is_dir($dir . '/' . $folder)) {                
                      $resultado[] = listFolders($dir . '/' . $folder);               
                  } else {
                      if (strpos($folder, 'domains') !== false) $resultado[] = $laruta;                
                  }
              }
          }
          return $resultado;
      }
      //folders /tmp/BL to array
      $losdiraux = listFolders("/tmp/BL");
      $losdir = iterator_to_array(new RecursiveIteratorIterator(new RecursiveArrayIterator($losdiraux)), 0);
      
      //DNSBL feed shallalist2pfBlockerNG
      $j = 0;
      $existeDNSBLfeed = false;
      while (!empty($config['installedpackages']['pfblockerngdnsbl']['config'][$j]['aliasname'])) {
          $j++;
          if (strpos($config['installedpackages']['pfblockerngdnsbl']['config'][$j]['aliasname'], "shallalist2pfpBlockerNG") !== false) {
              $existeDNSBLfeed = true;
              print_r("Already exists DNSBL feed shallalist2pfpBlockerNG ... \n");
          }
      }
      
      if (!$existeDNSBLfeed) {
          $config['installedpackages']['pfblockerngdnsbl']['config'][$j]['aliasname'] = "shallalist2pfpBlockerNG";
          $config['installedpackages']['pfblockerngdnsbl']['config'][$j]['description'] = "shallalist to pfBlockerNG";
          $config['installedpackages']['pfblockerngdnsbl']['config'][$j]['infolist'] = "";
          //...
          $i = 0;
          foreach ($losdir as $elemento) {
              $config['installedpackages']['pfblockerngdnsbl']['config'][$j]['row'][$i]['format'] = 'auto';
              $config['installedpackages']['pfblockerngdnsbl']['config'][$j]['row'][$i]['state'] = 'Disabled'; //Enabled
              $config['installedpackages']['pfblockerngdnsbl']['config'][$j]['row'][$i]['url'] = "$elemento";
              $config['installedpackages']['pfblockerngdnsbl']['config'][$j]['row'][$i]['header'] = "sh2pfB_$i";
              $i++;
          }
          //...
          $config['installedpackages']['pfblockerngdnsbl']['config'][$j]['action'] = "unbound";
          $config['installedpackages']['pfblockerngdnsbl']['config'][$j]['cron'] = "Weekly";
          $config['installedpackages']['pfblockerngdnsbl']['config'][$j]['filter_alexa'] = "on";
          $config['installedpackages']['pfblockerngdnsbl']['config'][$j]['custom'] = "";
          $config['installedpackages']['pfblockerngdnsbl']['config'][$j]['custom_update'] = "disabled";
          print  "pfBlockerNG DNSBL feed List shallalist2pfpBlockerNG Import Completed...\n\n";
          write_config();
      }
      
      //Cron
      //si no existe /scripts lo creamos - if not exist /scripts create it
      if(!is_dir('/scripts')) {
        mkdir('/scripts');
      }
      //si no existe /scripts/cron-download-shallalist2pfpBlockerNG.sh lo creamos
      if (!file_exists('/scripts/cron-download-shallalist2pfpBlockerNG.sh')) {
       //bash
       $contenido = "#!/bin/sh\n"
              . "/bin/rm -rf /tmp/BL\n"
              . "/bin/mkdir /tmp/BL\n"
              . "/usr/bin/fetch -o /tmp/BL http://www.shallalist.de/Downloads/shallalist.tar.gz\n"
              . "/usr/bin/tar -xf /tmp/BL/shallalist.tar.gz --strip 1 -C /tmp/BL\n"
              . "/bin/rm -rf /tmp/BL/shallalist.tar.gz\n";
       file_put_contents("/scripts/cron-download-shallalist2pfpBlockerNG.sh", $contenido);
       print_r("Create /scripts/cron-download-shallalist2pfpBlockerNG.sh ... \n");
      
      } else print_r("Already exists /scripts/cron-download-shallalist2pfpBlockerNG.sh ... \n");
      //existe Cron?
      $j = 0;
      $existecron = false;
      while (!empty($config['cron']['item'][$j]['command'])) {
          $j++;
          //print_r($config['cron']['item'][$j]['command']."\n");
          if (strpos($config['cron']['item'][$j]['command'], "/bin/sh /scripts/cron-download-shallalist2pfpBlockerNG.sh") !== false) {
              $existecron = true;
              print_r("Already exists cron for /bin/sh /scripts/cron-download-shallalist2pfpBlockerNG.sh \n");
          }
      }
      //si no existe cron lo creamos a ejecutar como root cada domingo a las 06:06
      if (!$existecron) {
          $config['cron']['item'][$j]['minute'] = "6";
          $config['cron']['item'][$j]['hour'] = "6";
          //$config['cron']['item'][$j]['mday'] = "*";
          //$config['cron']['item'][$j]['month'] = "*";
          $config['cron']['item'][$j]['wday'] = "7";
          $config['cron']['item'][$j]['who'] = "root";
          $config['cron']['item'][$j]['command'] = "/bin/sh /scripts/cron-download-shallalist2pfpBlockerNG.sh";
          print_r("Create cron for /bin/sh /scripts/cron-download-shallalist2pfpBlockerNG.sh ... \n\n");
          write_config();
      }
      print_r("You have to go to https://YOUR-IP-PFSENSE/pkg.php?xml=/pfblockerng/pfblockerng_dnsbl_lists.xml \n"
              . " Firewall > pfBlockerNG > DNSBL Feeds: and edit/put ON/OFF the Categories you wish \n"
              . "and Force Update update/reload DNSBL pfblockerNG \n\n");
      print_r("The End :). By javcasta - htpps://javcasta.com \n");
      ?>
      
      

      Salu2

      Referencias:

      Descarga - download: http://www.javcasta.com/?smd_process_download=1&download_id=33336
      https://www.javcasta.com/shallalist2pfblockerng-php-script-para-importar-categorias-shallalist-a-pfblockerng/
      https://forum.pfsense.org/index.php?topic=119851.0

      Javier Castañón
      Técnico de comunicaciones, soporte y sistemas.

      Mi web: https://javcasta.com/

      Soporte scripting/pfSense https://javcasta.com/soporte/

      1 Reply Last reply Reply Quote 0
      • W Offline
        win_bar
        last edited by

        valla pero que aporte, muchas gracias

        1 Reply Last reply Reply Quote 0
        • I Offline
          iplost
          last edited by

          Ok  ;D
          sólo decir que si el pfSense no dispone de mucha ram,  ojo con activar Enable TLD en DNSBL , no poner listas demasiado grandes en pfBlockerNG si así fuese , ( cuando las listas superan 300K elementos hace falta bastante ram, 100K  domains <–> 1GB)

          1 Reply Last reply Reply Quote 0
          • J Offline
            javcasta
            last edited by

            Hola.

            @doktornotor:

            @JasonJoel:

            Ok, I'm about to ask a stupid question. Yes I searched first, but didn't find the answer - or was too stupid to understand it.
            Where is everyone getting the IP block lists to import into pfBNG? I know of a few, but it seems like everyone uses many of the same (based on the screenshots), so thought I would just ask if there is a list somewhere.

            This was provided by BBcan17, stick the under /usr/local/www and run once via your browser. (All the lists are disabled by default.)

            Casi Off topic, pero muy util, un script del desarrollador de pfBlockerNG @BBcan177 pfBlockerNG_import.php , para importar listas IPv4 (poner enabled u disabled las que convengan despues desde el configurador de pfBlockerNG) para el pfBlockerNG:

            Se aloja el fichero del script en /usr/local/www/pfBlockerNG_import.php y se ejecuta desde navegador ( https://la-ip-pfsense/pfBlockerNG_import.php )
            Cuando termine de ejecutarse el script se verá en el navegador

            Checking for Existing pfBlockerNG Alias/Lists Found existing Alias/Lists. Merging Existing Alias/Lists with Imported Version pfBlockerNG Alias List Import Completed.;

            Y en IPv4 lists aparecerán

            IBlock pfBlockerNG IBlock Disabled 04hours enabled

            PRI1 pfBlockerNG PRI1 Disabled 01hour enabled

            PRI2 pfBlockerNG PRI2 Disabled 04hours enabled

            PRI3 pfBlockerNG PRI3 Disabled 04hours enabled

            SEC1 pfBlockerNG SEC1 Disabled 04hours enabled

            TOR pfBlockerNG TOR Disabled 04hours enabled

            MAIL pfBlockerNG MAIL  Disabled 08hours enabled

            El código pfBlockerNG_import.php

            
            /*
                    pfBlockerNG_import.php
            
                    pfBlockerNG
                    Copyright (C) 2014 BBcan177@gmail.com
                    All rights reserved.
            
                    Redistribution and use in source and binary forms, with or without
                    modification, are permitted provided that the following conditions are met:
            
                    1\. Redistributions of source code must retain the above copyright notice,
                             this list of conditions and the following disclaimer.
            
                    2\. Redistributions in binary form must reproduce the above copyright
                             notice, this list of conditions and the following disclaimer in the
                             documentation and/or other materials provided with the distribution.
            
                    THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
                    INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
                    AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
                    AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
                    OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
                    SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
                    INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
                    CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
                    ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
                    POSSIBILITY OF SUCH DAMAGE.
            
            */
            
            require_once("config.inc");
            require_once("util.inc");
            require_once("functions.inc");
            require_once("pkg-utils.inc");
            require_once("pfsense-utils.inc");
            require_once("globals.inc");
            require_once("services.inc");
            
            print "";
            $pfblist_new = array ( array (    "none" => "", 
                        "aliasname" => "IBlock",
                        "description" => "pfBlockerNG IBlock",
                        "infolists" => "",
                        "row" => array (array ("format"   => "gz",
                                 "state"   => "Disabled",
                                 "url"   => "http://list.iblocklist.com/?list=usrcshglbiilevmyfhse&fileformat=p2p&archiveformat=gz",
                                 "header"=> "IBlock_BT_Hijack"),
                              array ("format" => "gz",
                                 "state"   => "Disabled",
                                 "url"   => "http://list.iblocklist.com/?list=ficutxiwawokxlcyoeye&fileformat=p2p&archiveformat=gz",
                                 "header"=> "IBlock_BT_FS"),
                              array ("format" => "gz",
                                 "state"   => "Disabled",
                                 "url"   => "http://list.iblocklist.com/?list=ghlzqtqxnzctvvajwwag&fileformat=p2p&archiveformat=gz",
                                 "header"=> "IBlock_BT_Web"),
                              array ("format" => "gz",
                                 "state"   => "Disabled",
                                 "url"   => "http://list.iblocklist.com/?list=llvtlsjyoyiczbkjsxpf&fileformat=p2p&archiveformat=gz",
                                 "header"=> "IBlock_BT_Spy"),
                              array ("format" => "gz",
                                 "state"   => "Disabled",
                                 "url"   => "http://list.iblocklist.com/?list=cwworuawihqvocglcoss&fileformat=p2p&archiveformat=gz",
                                 "header"=> "IBlock_Badpeer"),
                              array ("format" => "gz",
                                 "state"   => "Disabled",
                                 "url"   => "http://list.iblocklist.com/?list=dgxtneitpuvgqqcpfulq&fileformat=p2p&archiveformat=gz",
                                 "header"=> "IBlock_Ads"),
                              array ("format" => "gz",
                                 "state"   => "Disabled",
                                 "url"   => "http://list.iblocklist.com/?list=xoebmbyexwuiogmbyprb&fileformat=p2p&archiveformat=gz",
                                 "header"=> "IBlock_Proxy")),
                        "action"=> "Disabled",
                        "cron"   => "04hours",
                        "dow"   => "1",
                         "aliaslog" => "enabled",
                        "custom"=> "",
                        "custom_update" => "disabled"),
            
                       array (   "none" => "",
                        "aliasname" => "PRI1",
                        "description" => "pfBlockerNG PRI1",
                        "infolists" => "",
                        "row" => array (array ("format"   => "txt",
                                 "state"   => "Disabled",
                                 "url"   => "https://rules.emergingthreats.net/blockrules/compromised-ips.txt",
                                 "header"=> "ET_Comp"),
                              array ("format"   => "txt",
                                 "state"   => "Disabled",
                                 "url"   => "https://rules.emergingthreats.net/fwrules/emerging-Block-IPs.txt",
                                 "header"=> "ET_Block"),
                              array ("format"   => "txt",
                                 "state"   => "Disabled",
                                 "url"   => "http://www.spamhaus.org/drop/drop.txt",
                                 "header"=> "Spamhaus_drop"),
                              array ("format"   => "txt",
                                 "state"   => "Disabled",
                                 "url"   => "http://www.spamhaus.org/drop/edrop.txt",
                                 "header"=> "Spamhaus_edrop"),
                              array ("format"   => "txt",
                                 "state"   => "Disabled",
                                 "url"   => "http://cinsscore.com/list/ci-badguys.txt",
                                 "header"=> "CIArmy"),
                              array ("format"   => "txt",
                                 "state"   => "Disabled",
                                 "url"   => "https://zeustracker.abuse.ch/blocklist.php?download=ipblocklist",
                                 "header"=> "Abuse_Zeus"),
                              array ("format" => "txt",
                                 "state"   => "Disabled",
                                 "url"   => "https://spyeyetracker.abuse.ch/blocklist.php?download=ipblocklist",
                                 "header"=> "Abuse_Spyeye"),
                              array ("format" => "txt",
                                 "state"   => "Disabled",
                                 "url"   => "https://palevotracker.abuse.ch/blocklists.php?download=ipblocklist",
                                 "header"=> "Abuse_Palevo"),
                              array ("format"   => "html",
                                 "state"   => "Disabled",
                                 "url"   => "https://sslbl.abuse.ch/blacklist/sslipblacklist_aggressive.csv",
                                 "header"=> "Abuse_SSLBL"),
                              array ("format"   => "block",
                                 "state"   => "Disabled",
                                 "url"   => "https://feeds.dshield.org/block.txt",
                                 "header"=> "dShield_Block"),
                              array ("format"   => "txt",
                                 "state"   => "Disabled",
                                 "url"   => "https://labs.snort.org/feeds/ip-filter.blf",
                                 "header"=> "Snort_BL"),
                              array ("format"   => "html",
                                 "state"   => "Disabled",
                                 "url"   => "http://osint.bambenekconsulting.com/feeds/goz-iplist.txt",
                                 "header"=> "BBC_Goz")),
                        "action"=> "Disabled",
                        "cron"   => "01hour",
                        "dow"   => "1",
                        "aliaslog" => "enabled",
                        "custom"=> "",
                        "custom_update" => "disabled"),
            
                       array (    "none" => "",
                        "aliasname" => "PRI2",
                        "description" => "pfBlockerNG PRI2",
                        "infolists" => "",
                        "row" => array (array ("format"   => "gz_2",
                                 "state"   => "Disabled",
                                 "url"   => "https://reputation.alienvault.com/reputation.snort.gz",
                                 "header"=> "Alienvault"),
                              array ("format"   => "html",
                                 "state"   => "Disabled",
                                 "url"   => "https://atlas.arbor.net/summary/attacks.csv",
                                 "header"=> "Atlas_Attacks"),
                              array ("format"   => "html",
                                 "state"   => "Disabled",
                                 "url"   => "https://atlas.arbor.net/summary/botnets.csv",
                                 "header"=> "Atlas_Botnets"),
                              array ("format"   => "html",
                                 "state"   => "Disabled",
                                 "url"   => "https://atlas.arbor.net/summary/fastflux.csv",
                                 "header"=> "Atlas_Fastflux"),
                              array ("format"   => "html",
                                 "state"   => "Disabled",
                                 "url"   => "https://atlas.arbor.net/summary/phishing.csv",
                                 "header"=> "Atlas_Phishing"),
                              array ("format"   => "html",
                                 "state"   => "Disabled",
                                 "url"   => "https://atlas.arbor.net/summary/scans.csv",
                                 "header"=> "Atlas_Scans"),
                              array ("format"   => "txt",
                                 "state"   => "Disabled",
                                 "url"   => "http://www.cyber-ta.org/releases/malware/SOURCES/Attacker.Cumulative.Summary",
                                 "header"=> "SRI_Attackers"),
                              array ("format"   => "txt",
                                 "state"   => "Disabled",
                                 "url"   => "http://www.cyber-ta.org/releases/malware/SOURCES/CandC.Cumulative.Summary",
                                 "header"=> "SRI_CC"),
                              array ("format"   => "html",
                                 "state"   => "Disabled",
                                 "url"   => "https://www.projecthoneypot.org/list_of_ips.php?t=d&rss=1",
                                 "header"=> "HoneyPot")),
                        "action"=> "Disabled",
                        "cron"  => "04hours",
                        "dow"   => "1",
                        "aliaslog" => "enabled",
                        "custom"=> "",
                        "custom_update" => "disabled"),
            
                       array (    "none" => "",
                        "aliasname" => "PRI3",
                        "description" => "pfBlockerNG PRI3",
                        "infolists" => "",
                        "row" => array (array ("format"   => "txt",
                                 "state"   => "Disabled",
                                 "url"   => "http://www.malwaredomainlist.com/hostslist/ip.txt",
                                 "header"=> "MDL"),
                              array ("format"   => "txt",
                                 "state"   => "Disabled",
                                 "url"   => "http://www.nothink.org/blacklist/blacklist_malware_http.txt",
                                 "header"=> "Nothink_BL"),
                              array ("format" => "txt",
                                 "state"   => "Disabled",
                                 "url"   => "http://www.nothink.org/blacklist/blacklist_ssh_week.txt",
                                 "header"=> "Nothink_SSH"),
                              array ("format" => "txt",
                                 "state"   => "Disabled",
                                 "url"   => "http://www.nothink.org/blacklist/blacklist_malware_dns.txt",
                                 "header"=> "Nothink_Malware"),
                              array ("format" => "txt",
                                 "state"   => "Disabled",
                                 "url"   => "https://danger.rulez.sk/projects/bruteforceblocker/blist.php",
                                 "header"=> "DangerRulez"),
                              array ("format" => "html",
                                 "state"   => "Disabled",
                                 "url"   => "https://www.autoshun.org/files/shunlist.csv",
                                 "header"=> "Shunlist"),
                              array ("format" => "txt",
                                 "state"   => "Disabled",
                                 "url"   => "http://www.infiltrated.net/blacklisted",
                                 "header"=> "Infiltrated"),
                              array ("format" => "txt",
                                 "state"   => "Disabled",
                                 "url"   => "https://www.dragonresearchgroup.org/insight/sshpwauth.txt",
                                 "header"=> "DRG_SSH"),
                              array ("format" => "txt",
                                 "state"   => "Disabled",
                                 "url"   => "https://www.dragonresearchgroup.org/insight/vncprobe.txt",
                                 "header"=> "DRG_VNC"),
                              array ("format" => "txt",
                                 "state"   => "Disabled",
                                 "url"   => "https://www.dragonresearchgroup.org/insight/http-report.txt",
                                 "header"=> "DRG_HTTP"),
                              array ("format" => "txt",
                                 "state"   => "Disabled",
                                 "url"   => "https://feodotracker.abuse.ch/blocklist/?download=ipblocklist",
                                 "header"=> "Feodo_Block"),
                              array ("format" => "txt",
                                 "state"   => "Disabled",
                                 "url"   => "https://feodotracker.abuse.ch/blocklist/?download=badips",
                                 "header"=> "Feodo_Bad"),
                              array ("format" => "txt",
                                 "state"   => "Disabled",
                                 "url"   => "http://www.reputationauthority.org/toptens.php",
                                 "header"=> "WatchGuard"),
                              array ("format" => "txt",
                                 "state"   => "Disabled",
                                 "url"   => "https://vmx.yourcmc.ru/BAD_HOSTS.IP4",
                                 "header"=> "VMX"),
                              array ("format" => "html",
                                 "state"   => "Disabled",
                                 "url"   => "http://www.geopsy.org/blacklist.html",
                                 "header"=> "Geopsy"),
                              array ("format" => "html",
                                 "state"   => "Disabled",
                                 "url"   => "https://www.maxmind.com/en/anonymous_proxies",
                                 "header"=> "Maxmind"),
                              array ("format" => "html",
                                 "state"   => "Disabled",
                                 "url"   => "http://www.botscout.com/last_caught_cache.htm",
                                 "header"=> "BotScout"),   
                              array ("format" => "html",
                                 "state"   => "Disabled",
                                 "url"   => "https://www.juniper.net/security/auto/spam",
                                 "header"=> "Juniper"),
                              array ("format" => "txt",
                                 "state"   => "Disabled",
                                 "url"   => "http://blocklist.greensnow.co/greensnow.txt",
                                 "header"=> "Greensnow"),
                              array ("format" => "txt",
                                 "state"   => "Disabled",
                                 "url"   => "https://lists.blocklist.de/lists/all.txt",
                                 "header"=> "BlocklistDE"),
                              array ("format" => "txt",
                                 "state"   => "Disabled",
                                 "url"   => "http://www.stopforumspam.com/downloads/toxic_ip_cidr.txt",
                                 "header"=> "SFS_Toxic")),
                        "action"=> "Disabled",
                        "cron"  => "04hours",
                        "dow"   => "1",
                        "aliaslog" => "enabled",
                        "custom"=> "",
                        "custom_update" => "disabled"),
            
                       array (    "none" => "",
                        "aliasname" => "SEC1",
                        "description" => "pfBlockerNG SEC1",
                        "infolists" => "",
                        "row" => array (array ("format" => "html",
                                 "state"   => "Disabled",
                                 "url"   => "http://www.malwaregroup.com/ipaddresses/malicious",
                                 "header"=> "MalwareGroup"),
                              array ("format" => "gz_2",
                                 "state"   => "Disabled",
                                 "url"   => "https://www.openbl.org/lists/base_90days.txt.gz",
                                 "header"=> "OpenBL"),
                              array ("format" => "txt",
                                 "state"   => "Disabled",
                                 "url"   => "https://malc0de.com/bl/IP_Blacklist.txt",
                                 "header"=> "Malcode"),
                              array ("format" => "txt",
                                 "state"   => "Disabled",
                                 "url"   => "https://www.badips.com/get/list/any/2",
                                 "header"=> "BadIPs")),
                        "action"=> "Disabled",
                        "cron"  => "04hours",
                        "dow"   => "1",
                        "aliaslog" => "enabled",
                        "custom"=> "",
                        "custom_update" => "disabled"),
            
                       array (    "none" => "",
                        "aliasname" => "TOR",
                        "description" => "pfBlockerNG TOR",
                        "infolists" => "",
                        "row" => array (array ("format" => "gz",
                                 "state"   => "Disabled",
                                 "url"   => "http://list.iblocklist.com/?list=togdoptykrlolpddwbvz&fileformat=p2p&archiveformat=gz",
                                 "header"=> "IBlock_Tor"),
                              array ("format" => "txt",
                                 "state"   => "Disabled",
                                 "url"   => "https://torstatus.blutmagie.de/ip_list_exit.php/Tor_ip_list_EXIT.csv",
                                 "header"=> "Blut_Tor"),
                              array ("format" => "html",
                                 "state"   => "Disabled",
                                 "url"   => "https://rules.emergingthreats.net/open/suricata/rules/tor.rules",
                                 "header"=> "ET_Tor")),
                        "action"=> "Disabled",
                        "cron"  => "04hours",
                        "dow"   => "1",
                        "aliaslog" => "enabled",
                        "custom"=> "",
                        "custom_update" => "disabled"),
            
                       array (    "none" => "",
                        "aliasname" => "MAIL",
                                            "description" => "pfBlockerNG MAIL",
                                            "infolists" => "",
                                            "row" => array (array ("format"   => "txt",
                                                      "state"   => "Disabled",
                                                                    "url"   => "https://virbl.bit.nl/download/virbl.dnsbl.bit.nl.txt",
                                                                    "header"=> "VirBL"),
                              array ("format" => "zip",
                                 "state"   => "Disabled",
                                 "url"   => "http://www.stopforumspam.com/downloads/bannedips.zip",
                                 "header"=> "SFS_All"),
                              array ("format" => "txt",
                                 "state"   => "Disabled",
                                 "url"   => "http://antispam.imp.ch/spamlist",
                                 "header"=> "Improware"),
                              array ("format" => "html",
                                 "state"   => "Disabled",
                                 "url"   => "http://toastedspam.com/denylist.cgi",
                                 "header"=> "ToastedSpam"),
                              array ("format" => "html",
                                 "state"   => "Disabled",
                                 "url"   => "http://rss.uribl.com/reports/7d/dns_a.html",
                                 "header"=> "URIBL"),
                              array ("format" => "txt",
                                 "state"   => "Disabled",
                                 "url"   => "http://spamcop.net/w3m?action=map;net=cmaxcnt;mask=65535;sort=spamcnt;format=text",
                                 "header"=> "SpamCop"),
                              array ("format" => "gz_2",
                                 "state"   => "Disabled",
                                 "url"   => "http://www.dnsbl.manitu.net/download/nixspam-ip.dump.gz",
                                 "header" => "Nix_Spam")),
                        "action"=> "Disabled",
                        "cron"  => "08hours",
                        "dow"   => "1",
                        "aliaslog" => "enabled",
                        "custom"=> "",
                        "custom_update" => "disabled")
                  );
            
            print "Checking for Existing pfBlockerNG Alias/Lists\n";
            
            // Check for Existing pfBlockerNG Allias/Lists
            if (is_array($config['installedpackages']['pfblockernglistsv4']['config'])) {
               print "Found existing Alias/Lists. Merging Existing Alias/Lists with Imported Version\n\n"; 
               $pfblist = $config['installedpackages']['pfblockernglistsv4']['config'];
               $pfbfinal = array_merge($pfblist, $pfblist_new);
               $config['installedpackages']['pfblockernglistsv4']['config'] = $pfbfinal;
            } else {
               print "No existing Alias/Lists found. Importing new Version.\n\n";
               $config['installedpackages']['pfblockernglistsv4']['config'] = $pfblist_new;
            }
            
            print  "pfBlockerNG Alias List Import Completed.";
            write_config();
            
            ?>;
            
            

            Salu2

            Javier Castañón
            Técnico de comunicaciones, soporte y sistemas.

            Mi web: https://javcasta.com/

            Soporte scripting/pfSense https://javcasta.com/soporte/

            1 Reply Last reply Reply Quote 0
            • I Offline
              iplost
              last edited by

              @javcasta:

              Hola.

              @doktornotor:

              @JasonJoel:

              Ok, I'm about to ask a stupid question. Yes I searched first, but didn't find the answer - or was too stupid to understand it.
              Where is everyone getting the IP block lists to import into pfBNG? I know of a few, but it seems like everyone uses many of the same (based on the screenshots), so thought I would just ask if there is a list somewhere.

              This was provided by BBcan17, stick the under /usr/local/www and run once via your browser. (All the lists are disabled by default.)

              Casi Off topic, pero muy util, un script del desarrollador de pfBlockerNG @BBcan177 pfBlockerNG_import.php , para importar listas IPv4 (poner enabled u disabled las que convengan despues desde el configurador de pfBlockerNG) para el pfBlockerNG:

              Cómo import_gravity?

              1 Reply Last reply Reply Quote 0
              • J Offline
                javcasta
                last edited by

                Hola

                @iplost:

                Cómo import_gravity?

                Efectivamente, no lo he posteado aquí, pero tengo el script (depurado) pfBlockerNG_import_gravity.php

                Script de creación y update de listas de firehole project para pfBlockerNG – pfBlockerNG_import_gravity.php
                https://www.javcasta.com/script-de-creacion-y-update-de-listas-de-firehole-project-para-pfblockerng-pfblockerng_import_gravity-php/

                Este php script sirve para crear y actualizar listas IPv4 del proyecto FireHole para el paquete pfBlockerNG de pfSense.
                …

                Download pfBlockerNG_import_gravity.php: http://www.javcasta.com/?smd_process_download=1&download_id=33310

                Salu2.

                Javier Castañón
                Técnico de comunicaciones, soporte y sistemas.

                Mi web: https://javcasta.com/

                Soporte scripting/pfSense https://javcasta.com/soporte/

                1 Reply Last reply Reply Quote 0
                • I Offline
                  iplost
                  last edited by

                  Ok  ;D

                  I'll try it

                  1 Reply Last reply Reply Quote 0
                  • J Offline
                    javcasta
                    last edited by

                    Hola

                    Creo que hay ya en "el horno" una nueva versión de pfBlockerNG, que saldrá su release en breve, y creo que también @BBcan177 (el desarrollador de pfBl), está trabajando en añadir listas de categorias de bloqueo a su utilidad (como con shallalist)… Esperando estoy :)

                    https://twitter.com/pfsense/status/788203605950025728

                    https://twitter.com/pfsense/status/789501978158075904

                    Salu2

                    Javier Castañón
                    Técnico de comunicaciones, soporte y sistemas.

                    Mi web: https://javcasta.com/

                    Soporte scripting/pfSense https://javcasta.com/soporte/

                    1 Reply Last reply Reply Quote 0
                    • I Offline
                      iplost
                      last edited by

                      Lleva desde el 21 sin conectarse al foro @BBcan177,  debe de estar programando y depurando a full  ;D

                      1 Reply Last reply Reply Quote 0
                      • J Offline
                        javcasta
                        last edited by

                        Hola

                        @iplost:

                        Lleva desde el 21 sin conectarse al foro @BBcan177,  debe de estar programando y depurando a full  ;D

                        jajaja, eso es señal de trabajo al 200% :)

                        Salu2

                        Javier Castañón
                        Técnico de comunicaciones, soporte y sistemas.

                        Mi web: https://javcasta.com/

                        Soporte scripting/pfSense https://javcasta.com/soporte/

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.