Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Block List Sticky?

    Scheduled Pinned Locked Moved pfBlockerNG
    20 Posts 10 Posters 4.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • RonpfSR
      RonpfS
      last edited by

      @someuser123:

      when i try firehol from github - https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/firehol_level1.netset
      i get this:
      Remote timestamp missing
      No Domains Found

      Well some lists are for IPs and others are for Domain names.  ;)

      2.4.5-RELEASE-p1 (amd64)
      Intel Core2 Quad CPU Q8400 @ 2.66GHz 8GB
      Backup 0.5_5, Bandwidthd 0.7.4_4, Cron 0.3.7_5, pfBlockerNG-devel 3.0.0_16, Status_Traffic_Totals 2.3.1_1, System_Patches 1.2_5

      1 Reply Last reply Reply Quote 0
      • S
        someuser123
        last edited by

        @RonpfS:

        @someuser123:

        when i try firehol from github - https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/firehol_level1.netset
        i get this:
        Remote timestamp missing
        No Domains Found

        Well some lists are for IPs and others are for Domain names.  ;)

        heh my bad, instead of adding it to ipv4 list i was adding to DNSBL list. works now

        1 Reply Last reply Reply Quote 0
        • M
          molykule
          last edited by

          @javcasta:

          Hi.

          the netflix stops working. Does anybody know how to get it working again or how to bypass the pfblockerng for specific ip address,

          One way: Create an Aliases, named NyWhiteList, with the IPs/Nets your wish allow. And after create a firewall floating rule at top allowing like dst this aliases

          Regards

          thanks, that worked well. I created an alias of all the IP's that media players have and put them in floating firewall rules and open the ports. thanks for helping me,
          molykule

          1 Reply Last reply Reply Quote 0
          • J
            javcasta
            last edited by

            Hi.

            I'm glad it works. :)

            Regards.

            Javier Castañón
            Técnico de comunicaciones, soporte y sistemas.

            Mi web: https://javcasta.com/

            Soporte scripting/pfSense https://javcasta.com/soporte/

            1 Reply Last reply Reply Quote 0
            • O
              oddworld19
              last edited by

              @tonymorella:

              @Aelver:

              Hello,

              Would it be possible to have a sticky thread of current recommended block list sources? I thought something like this might help others searching. I read through a lot of the threads a while back and cobbled a list together, but coming back now, I shudder at reading 100+ pages again.

              Thanks!

              look at:

              https://forum.pfsense.org/index.php?topic=118424.0
              

              But an update is coming that fixes all of this if you can wait :)

              What update is coming? Is there anywhere I can read about it?
              Any idea when it is expected to arrive?

              Supermicro SYS-5018A-FTN4 (Atom c2758)
              pfSense 2.3.2

              1 Reply Last reply Reply Quote 0
              • BBcan177B
                BBcan177 Moderator
                last edited by

                Always looking for active beta testers…  :)  PM if interested...

                "Experience is something you don't get until just after you need it."

                Website: http://pfBlockerNG.com
                Twitter: @BBcan177  #pfBlockerNG
                Reddit: https://www.reddit.com/r/pfBlockerNG/new/

                1 Reply Last reply Reply Quote 0
                • A
                  Aelver
                  last edited by

                  Google.com was blocked this afternoon by some DNSBL feed gone rogue. Any possibility of maintaining a sticky list, or an update on the fix mentioned above? Many thanks.

                  1 Reply Last reply Reply Quote 0
                  • BBcan177B
                    BBcan177 Moderator
                    last edited by

                    @Aelver:

                    Google.com was blocked this afternoon by some DNSBL feed gone rogue. Any possibility of maintaining a sticky list, or an update on the fix mentioned above? Many thanks.

                    I assume this was due to Phishtank, MPatrol or Openphish. Those feeds post the full url, so there can be some FPs. Whitelist or use the TOP1M whitelist. Keep in mind that the TOP1M can also have malicious domains. So use with caution.

                    "Experience is something you don't get until just after you need it."

                    Website: http://pfBlockerNG.com
                    Twitter: @BBcan177  #pfBlockerNG
                    Reddit: https://www.reddit.com/r/pfBlockerNG/new/

                    1 Reply Last reply Reply Quote 0
                    • A
                      Aelver
                      last edited by

                      Thanks. I turned off all my custom lists and just have EasyLists running … good/bad?

                      1 Reply Last reply Reply Quote 0
                      • BBcan177B
                        BBcan177 Moderator
                        last edited by

                        Instead of disabling a whole Feed, you can either suppress/whitelist the FP, or for IP blocking, create a Permit Whitelist to allow access to the blocked IP(s).

                        "Experience is something you don't get until just after you need it."

                        Website: http://pfBlockerNG.com
                        Twitter: @BBcan177  #pfBlockerNG
                        Reddit: https://www.reddit.com/r/pfBlockerNG/new/

                        1 Reply Last reply Reply Quote 0
                        • A
                          Aelver
                          last edited by

                          Thanks. Could you possibly post what lists you're currently using (both IPv4 and DNSBL)? I would really appreciate it!

                          1 Reply Last reply Reply Quote 0
                          • C
                            Crispix
                            last edited by

                            +1 on a block list sticky. I'd also like to see different sample blocklist sources for those of use hosting services vs those of us consuming services.

                            As a host (hosting lots of web sites, so for example all my WordPress sites are constantly scanned, and all http/ftp/ssh etc ports are under constant attack), this is what I'm using as an IPv4 block list:

                            • https://isc.sans.edu/block.txt  (DShield Top 20 bad guys)

                            • http://feeds.dshield.org/top10-2.txt (DShield Port Scanners)

                            • https://zeustracker.abuse.ch/blocklist.php?download=badips  (ZeuS bad ips - not the most restrictive list but won't have false positives)

                            • https://rules.emergingthreats.net/fwrules/emerging-Block-IPs.txt possibly overlaps the DShield lists? I don't host email so not sure if I need this.

                            • http://cinsscore.com/list/ci-badguys.txt CIArmy active threats. This gets by far the most blocks.

                            This is by no means an endorsement of a proper hosting block list, though it does seem to block quite a bit of bad traffic. In fact, I'd appreciate any suggested changes for a hosting provider that wants to block the worst of the worst while avoiding false positives. Thanks!

                            EDIT: I found a very good resource of blocklists: http://iplists.firehol.org/ has several. For my use, their Level 3 block list seems to be exactly what I need.

                            1 Reply Last reply Reply Quote 0
                            • First post
                              Last post
                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.