Iblocklist How to add my IP Lists

anttechs

Hi everyone I hope im not asking a stupid question but I can't seem to find anything online to show me the updated way on the latest version of PFblocker how to add my IP block lists from www.iblocklist.com?
I did contact them but they just sent me to a very old post https://forum.pfsense.org/index.php/topic,42543.0.html but PFblocker has changed a lot since then and I am a little lost.

Do I put the list in IP4 section or DNSBL section?
Do I still use CIDR format? I see all the other lists are in txt format.

I sort of tested both of these options in the CIDR format and it didn't seem to get my lists?
I am a paying subscriber to iblocklist.com so I really want to use these lists especially blocking all Microsoft IP's

My guess is I am doing it all wrong but any advice would be very much appreciated.

Many Thanks in advance ;)

BBcan177

Yes they are all IP Blocklists, so you would add those to the IPv4 tab. I don't believe that they have any IPv6 feeds… The DNSBL Tab is for Domain based feeds only. However, there are options in DNSBL to collect any IPs that are mixed with Domains but its still recommended to put IP Feeds into the IPv4/6 Tab.

Leave the Format as "auto" and it will parse the files without issues...

On another note, IBlock is not the greatest, they don't seem to be actively updating their feeds and seem to have quite a few FPs...

anttechs

Ok I shall have a go at that then thanks at least I know im in the right place now lol ;)

One of the main reasons I use iblocklist.com is because I can block Microsoft and Apple, Government and so on but I do hope there updating their lists because I am paying a yearly fee.

Not unless anyone knows of any better site I would love to know of it ;)

Thanks BBcan177 for your quick reply ;)

BBcan177

There are quite a few sites available…. I posted a script that has approx 50 IP feeds.... The next version of the package will have a Feeds Management tab to make this process easier....

anttechs

@BBcan177:

There are quite a few sites available…. I posted a script that has approx 50 IP feeds.... The next version of the package will have a Feeds Management tab to make this process easier....

Can I see this list of 50 IP feeds?

When is the new feeds management tab going in? or new version/update coming? I am so looking forward to this ;)

I had a very good idea about feeds you could put in for pfBlockerNG!
The ad blocker plugin for google chrome and firefox called uBlock Origin is the best and it has some great feeds to use >>> https://filterlists.com/
It has some of the best feeds you can get in its options and third party tab.
I would grab them feeds and put them in for sure and there are so many other lists you can get from uBlock Origin.

I am still hoping for some anti Government ones and companies like Apple MS and so on. ;) I also found this site good as well >>> https://ransomwaretracker.abuse.ch/blocklist/

The only thing I sometimes get stuck on is the formats of the lists, IP4 is easy its just IP addresses but for some of the others I get a bit confused on the lists formats but I think I am getting there lol
It would be great to have in the info icons an image of the list just so you can see the correct format, just for people like me who get a little confused ;)

I am loving the new Pfsense now and I keep looking for updates from pfblocker as it is one of the best packages out there so many thanks BBcan177 you are a star ;)

Thanks

mtarbox

I believe this is the post.
https://forum.pfsense.org/index.php?topic=86212.600

anttechs

@mtarbox:

I believe this is the post.
https://forum.pfsense.org/index.php?topic=86212.600

Many thanks ill check it out ;)

anttechs

I check every link in that list he made and a lot of them are dead now but great list it still is.

these are the ones that are still alive but saying that some of them I could not use because the page had changed to something else.

"url"   => "http://cinsscore.com/list/ci-badguys.txt",
                     "header"=> "CIArmy"),

"url"   => "https://zeustracker.abuse.ch/blocklist.php?download=ipblocklist",
                     "header"=> "Abuse_Zeus"),

"url"   => "https://sslbl.abuse.ch/blacklist/sslipblacklist_aggressive.csv",
                     "header"=> "Abuse_SSLBL"),

"url"   => "https://feeds.dshield.org/block.txt",
                     "header"=> "dShield_Block"),
                  array ("format"   => "txt",
                     "state"   => "Disabled",
                     "url"   => "https://labs.snort.org/feeds/ip-filter.blf",
                     "header"=> "Snort_BL"),

"url"   => "https://reputation.alienvault.com/reputation.snort.gz",
                     "header"=> "Alienvault"),

"url"   => "https://www.projecthoneypot.org/list_of_ips.php?t=d&rss=1",
                     "header"=> "HoneyPot")),

"url"   => "http://www.malwaredomainlist.com/hostslist/ip.txt",
                     "header"=> "MDL"),

"url"   => "http://www.nothink.org/blacklist/blacklist_ssh_week.txt",
                     "header"=> "Nothink_SSH"),

"url"   => "https://danger.rulez.sk/projects/bruteforceblocker/blist.php",
                     "header"=> "DangerRulez"),

"url"   => "https://feodotracker.abuse.ch/blocklist/?download=ipblocklist",
                     "header"=> "Feodo_Block"),

"url"   => "http://blocklist.greensnow.co/greensnow.txt",
                     "header"=> "Greensnow"),

"url"   => "https://lists.blocklist.de/lists/all.txt",
                     "header"=> "BlocklistDE"),

"url"   => "http://www.stopforumspam.com/downloads/toxic_ip_cidr.txt",
                     "header"=> "SFS_Toxic")),

"url"   => "https://malc0de.com/bl/IP_Blacklist.txt",
                     "header"=> "Malcode"),

"url"   => "https://www.badips.com/get/list/any/2",
                     "header"=> "BadIPs")),

I did it the old fashion way, took all the working links out of the code and put them all in by hand in the IP4 tab lol

To me block lists are the most important and easy way for everyone to block all sorts of sites and Ips. its good and simple for people who are not into sticking scripts into pfsense and risk messing it all up. Im very interested to see how much more work will be done to Pfblocker on this subject even though its already excellent ;)

Velcro

@anttechs:

..I could not use because the page had changed to something else.

anttechs,
Thanks for sending these lists but what do you mean by I could not use these? They broke pfBlockerNG? You got an error?

I too am looking forward to the new pfBlockerNG…awsome job so far!  I was curious what the best DNSBL and IPv4 lists, as of today, that people use?

Would it be OK to share yours?

Update - Here are the lists I have set up in pfBlocker, it is a bit of a "shot-gun" approach...I suspect 1-4 good quality lists is better then many lists?

IPv4 Lists:

Updated every hour-
https://www.binarydefense.com/banlist.txt
https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/firehol_level3.netset

Updated every 12 hours-
https://rules.emergingthreats.net/fwrules/emerging-Block-IPs.txt
https://rules.emergingthreats.net/blockrules/compromised-ips.txt

Updated every 6 hours-
http://cinsscore.com/list/ci-badguys.txt
https://isc.sans.edu/block.txt
https://zeustracker.abuse.ch/blocklist.php?download=badips

DNSBL Lists

https://gist.githubusercontent.com/BBcan177/4a8bf37c131be4803cb2/raw/be5fddb116667699c246df97b79e1032ab71bb1c/MS-2
https://gist.githubusercontent.com/BBcan177/bf29d47ea04391cb3eb0/raw/b344ebc9475acdea1fae38a12c4ea9332838a184/MS-1
http://pgl.yoyo.org/adservers/serverlist.php?hostformat=hosts&mimetype=plaintext
http://someonewhocares.org/hosts/hosts
https://adaway.org/hosts.txt
http://jasonhill.co.uk/pfsense/ad_servers_dnsbl.txt
http://sysctl.org/cameleon/hosts
http://osint.bambenekconsulting.com/feeds/dga-feed.gz
http://osint.bambenekconsulting.com/feeds/c2-dommasterlist.txt

anttechs

I totally agree V3lcro it is an awesome package and I cant wait for more to come ;)

In that list there was some with 404 errors and the pages had changed into something else, not a ip or url list so I was guessing some of the links had been taken over by other companies so I did it the old fashion way and checked each link and did it all by hand putting them in 1 by 1 in the right place like ip4 list and url lists, it was a long slow process but i got it done and I didn't want to risk using the script on the latest version of PfSense.

I shall have to get all my lists and posts them some time no probs im always finding new ways and sites I think I am addicted to it lol

So far my favourite one is https://filterlists.com/ but I am a paid member of https://www.iblocklist.com/

They are both very popular and I shall post more if they are any good, its a lot of research to make sure its worth using the sites lists if they don't keep them updated.

Many thanks for your lists and I think im already using some of them but ill have a good look so thank you for sharing ;)

ASM_COPE

I've added configuration for managed lists following the steps clearly outlined here:

https://www.linuxincluded.com/using-pfblockerng-on-pfsense

That author also mentions in comment feedback that he is review/testing the next version of PFB, with the "much easier" way of managing these options…

anttechs

@ASM_COPE:

I've added configuration for managed lists following the steps clearly outlined here:

https://www.linuxincluded.com/using-pfblockerng-on-pfsense

That author also mentions in comment feedback that he is review/testing the next version of PFB, with the "much easier" way of managing these options…

Very good thank you for your work ;)

anttechs

So Far this is my list but I didn't put them in any order, all I did was scrape the url's from the backup files.
Sorry for being lazy but at least you get the links to check out yourself if you already have not got them.

These are Ipv4 and DNSBL feeds

https://rules.emergingthreats.net/blockrules/compromised-ips.txt
https://rules.emergingthreats.net/fwrules/emerging-Block-IPs.txt
https://www.spamhaus.org/drop/drop.txt
https://ransomwaretracker.abuse.ch/downloads/RW_IPBL.txt
http://cinsscore.com/list/ci-badguys.txt
https://zeustracker.abuse.ch/blocklist.php
https://sslbl.abuse.ch/blacklist/sslipblacklist_aggressive.csv
https://feeds.dshield.org/block.txt
https://labs.snort.org/feeds/ip-filter.blf
https://reputation.alienvault.com/reputation.snort.gz
http://www.projecthoneypot.org/list_of_ips.php
http://www.malwaredomainlist.com/hostslist/ip.txt
http://www.nothink.org/blacklist/blacklist_ssh_week.txt
https://feodotracker.abuse.ch/blocklist/?download=ipblocklist
http://blocklist.greensnow.co/greensnow.txt
https://lists.blocklist.de/lists/all.txt
http://www.stopforumspam.com/downloads/toxic_ip_cidr.txt
https://malc0de.com/bl/IP_Blacklist.txt
https://www.badips.com/get/list/any/2
https://www.binarydefense.com/banlist.txt
https://rules.emergingthreats.net/fwrules/emerging-Block-IPs.txt
https://rules.emergingthreats.net/blockrules/compromised-ips.txt
https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/firehol_level3.netset
https://isc.sans.edu/block.txt
https://zeustracker.abuse.ch/blocklist.php
https://easylist-downloads.adblockplus.org/easylist_noelemhide.txt
https://easylist-downloads.adblockplus.org/easyprivacy.txt
http://pgl.yoyo.org/adservers/serverlist.php
http://hosts-file.net/ad_servers.txt
https://adaway.org/hosts.txt
http://sysctl.org/cameleon/hosts
https://ransomwaretracker.abuse.ch/downloads/LY_DS_URLBL.txt
https://ransomwaretracker.abuse.ch/downloads/RW_DOMBL.txt
http://mirror1.malwaredomains.com/files/immortal_domains.txt
https://s3.amazonaws.com/lists.disconnect.me/simple_tracking.txt
https://s3.amazonaws.com/lists.disconnect.me/simple_ad.txt
https://raw.githubusercontent.com/quidsup/notrack/master/trackers.txt
https://gist.githubusercontent.com/BBcan177/4a8bf37c131be4803cb2/raw/be5fddb116667699c246df97b79e1032ab71bb1c/MS-2
https://gist.githubusercontent.com/BBcan177/bf29d47ea04391cb3eb0/raw/b344ebc9475acdea1fae38a12c4ea9332838a184/MS-1
http://jasonhill.co.uk/pfsense/ad_servers_dnsbl.txt
http://osint.bambenekconsulting.com/feeds/c2-dommasterlist.txt

BSA66

That's an awesome List, thank you for sharing it @anttechs
I was just surfing all the way up and down to find sth similar, here it is. Just amazing!

---

Edit
I really do not know if it should have had been mentioned here but on http://iplists.firehol.org/ there is a comparison of several free accessible Lists.
As it surely needs a little "work-in" imo it got the option to provide a good overview over several lists and even how individual lists overlaps one with an other.

I just found it shortly. As I see it might provide one with a nice and unique overview though it might even need some time to get even this. Anyway, I guess it might be a good addition for any searches.