Block List Sticky?
-
Hello,
Would it be possible to have a sticky thread of current recommended block list sources? I thought something like this might help others searching. I read through a lot of the threads a while back and cobbled a list together, but coming back now, I shudder at reading 100+ pages again.
Thanks!
look at:
https://forum.pfsense.org/index.php?topic=118424.0But an update is coming that fixes all of this if you can wait :)
-
Hi.
While we are waiting for update. :)
Maybe this scripts help you.
And one source for get ipblocklists:
Regards
-
Thanks tonymorella & javcasta!
-
FireHOL is a great source. You can use their lists which is an aggregate, or you can click on each feed to get a description and a link to the source.
http://iplists.firehol.org/ -
Hi,
After importing firehol and following the first post here, the netflix stops working. Does anybody know how to get it working again or how to bypass the pfblockerng for specific ip address,
thanks,
molykule -
Hi.
the netflix stops working. Does anybody know how to get it working again or how to bypass the pfblockerng for specific ip address,
One way: Create an Aliases, named NyWhiteList, with the IPs/Nets your wish allow. And after create a firewall floating rule at top allowing like dst this aliases
Regards
-
FireHOL is a great source. You can use their lists which is an aggregate, or you can click on each feed to get a description and a link to the source.
http://iplists.firehol.org/when i try firehol from github - https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/firehol_level1.netset
i get this:
Remote timestamp missing
No Domains Found -
when i try firehol from github - https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/firehol_level1.netset
i get this:
Remote timestamp missing
No Domains FoundWell some lists are for IPs and others are for Domain names. ;)
-
when i try firehol from github - https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/firehol_level1.netset
i get this:
Remote timestamp missing
No Domains FoundWell some lists are for IPs and others are for Domain names. ;)
heh my bad, instead of adding it to ipv4 list i was adding to DNSBL list. works now
-
Hi.
the netflix stops working. Does anybody know how to get it working again or how to bypass the pfblockerng for specific ip address,
One way: Create an Aliases, named NyWhiteList, with the IPs/Nets your wish allow. And after create a firewall floating rule at top allowing like dst this aliases
Regards
thanks, that worked well. I created an alias of all the IP's that media players have and put them in floating firewall rules and open the ports. thanks for helping me,
molykule -
Hi.
I'm glad it works. :)
Regards.
-
Hello,
Would it be possible to have a sticky thread of current recommended block list sources? I thought something like this might help others searching. I read through a lot of the threads a while back and cobbled a list together, but coming back now, I shudder at reading 100+ pages again.
Thanks!
look at:
https://forum.pfsense.org/index.php?topic=118424.0But an update is coming that fixes all of this if you can wait :)
What update is coming? Is there anywhere I can read about it?
Any idea when it is expected to arrive? -
Always looking for active beta testers… :) PM if interested...
-
Google.com was blocked this afternoon by some DNSBL feed gone rogue. Any possibility of maintaining a sticky list, or an update on the fix mentioned above? Many thanks.
-
Google.com was blocked this afternoon by some DNSBL feed gone rogue. Any possibility of maintaining a sticky list, or an update on the fix mentioned above? Many thanks.
I assume this was due to Phishtank, MPatrol or Openphish. Those feeds post the full url, so there can be some FPs. Whitelist or use the TOP1M whitelist. Keep in mind that the TOP1M can also have malicious domains. So use with caution.
-
Thanks. I turned off all my custom lists and just have EasyLists running … good/bad?
-
Instead of disabling a whole Feed, you can either suppress/whitelist the FP, or for IP blocking, create a Permit Whitelist to allow access to the blocked IP(s).
-
Thanks. Could you possibly post what lists you're currently using (both IPv4 and DNSBL)? I would really appreciate it!
-
+1 on a block list sticky. I'd also like to see different sample blocklist sources for those of use hosting services vs those of us consuming services.
As a host (hosting lots of web sites, so for example all my WordPress sites are constantly scanned, and all http/ftp/ssh etc ports are under constant attack), this is what I'm using as an IPv4 block list:
-
https://isc.sans.edu/block.txt (DShield Top 20 bad guys)
-
http://feeds.dshield.org/top10-2.txt (DShield Port Scanners)
-
https://zeustracker.abuse.ch/blocklist.php?download=badips (ZeuS bad ips - not the most restrictive list but won't have false positives)
-
https://rules.emergingthreats.net/fwrules/emerging-Block-IPs.txt possibly overlaps the DShield lists? I don't host email so not sure if I need this.
-
http://cinsscore.com/list/ci-badguys.txt CIArmy active threats. This gets by far the most blocks.
This is by no means an endorsement of a proper hosting block list, though it does seem to block quite a bit of bad traffic. In fact, I'd appreciate any suggested changes for a hosting provider that wants to block the worst of the worst while avoiding false positives. Thanks!
EDIT: I found a very good resource of blocklists: http://iplists.firehol.org/ has several. For my use, their Level 3 block list seems to be exactly what I need.
-
