Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Iblocklist How to add my IP Lists

    Scheduled Pinned Locked Moved pfBlockerNG
    14 Posts 6 Posters 4.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      anttechs
      last edited by

      Hi everyone I hope im not asking a stupid question but I can't seem to find anything online to show me the updated way on the latest version of PFblocker how to add my IP block lists from www.iblocklist.com?
      I did contact them but they just sent me to a very old post https://forum.pfsense.org/index.php/topic,42543.0.html but PFblocker has changed a lot since then and I am a little lost.

      Do I put the list in IP4 section or DNSBL section?
      Do I still use CIDR format? I see all the other lists are in txt format.

      I sort of tested both of these options in the CIDR format and it didn't seem to get my lists?
      I am a paying subscriber to iblocklist.com so I really want to use these lists especially blocking all Microsoft IP's

      My guess is I am doing it all wrong but any advice would be very much appreciated.

      Many Thanks in advance ;)

      Intel(R) Celeron(R) CPU J1900 @ 1.99GHz
      Current: 1992 MHz, Max: 1993 MHz
      4 CPUs: 1 package(s) x 4 core(s)
      AES-NI CPU Crypto: No
      8 Gig RAM
      250GB SSD

      https://ant-techs.is/ip-blocklists

      1 Reply Last reply Reply Quote 0
      • BBcan177B
        BBcan177 Moderator
        last edited by

        Yes they are all IP Blocklists, so you would add those to the IPv4 tab. I don't believe that they have any IPv6 feeds… The DNSBL Tab is for Domain based feeds only. However, there are options in DNSBL to collect any IPs that are mixed with Domains but its still recommended to put IP Feeds into the IPv4/6 Tab.

        Leave the Format as "auto" and it will parse the files without issues...

        On another note, IBlock is not the greatest, they don't seem to be actively updating their feeds and seem to have quite a few FPs...

        "Experience is something you don't get until just after you need it."

        Website: http://pfBlockerNG.com
        Twitter: @BBcan177  #pfBlockerNG
        Reddit: https://www.reddit.com/r/pfBlockerNG/new/

        1 Reply Last reply Reply Quote 0
        • A
          anttechs
          last edited by

          Ok I shall have a go at that then thanks at least I know im in the right place now lol ;)

          One of the main reasons I use iblocklist.com is because I can block Microsoft and Apple, Government and so on but I do hope there updating their lists because I am paying a yearly fee.

          Not unless anyone knows of any better site I would love to know of it ;)

          Thanks BBcan177 for your quick reply ;)

          Intel(R) Celeron(R) CPU J1900 @ 1.99GHz
          Current: 1992 MHz, Max: 1993 MHz
          4 CPUs: 1 package(s) x 4 core(s)
          AES-NI CPU Crypto: No
          8 Gig RAM
          250GB SSD

          https://ant-techs.is/ip-blocklists

          1 Reply Last reply Reply Quote 0
          • BBcan177B
            BBcan177 Moderator
            last edited by

            There are quite a few sites available…. I posted a script that has approx 50 IP feeds.... The next version of the package will have a Feeds Management tab to make this process easier....

            "Experience is something you don't get until just after you need it."

            Website: http://pfBlockerNG.com
            Twitter: @BBcan177  #pfBlockerNG
            Reddit: https://www.reddit.com/r/pfBlockerNG/new/

            1 Reply Last reply Reply Quote 0
            • A
              anttechs
              last edited by

              @BBcan177:

              There are quite a few sites available…. I posted a script that has approx 50 IP feeds.... The next version of the package will have a Feeds Management tab to make this process easier....

              Can I see this list of 50 IP feeds?

              When is the new feeds management tab going in? or new version/update coming? I am so looking forward to this ;)

              I had a very good idea about feeds you could put in for pfBlockerNG!
              The ad blocker plugin for google chrome and firefox called uBlock Origin is the best and it has some great feeds to use >>> https://filterlists.com/
              It has some of the best feeds you can get in its options and third party tab.
              I would grab them feeds and put them in for sure and there are so many other lists you can get from uBlock Origin.

              I am still hoping for some anti Government ones and companies like Apple MS and so on. ;) I also found this site good as well >>> https://ransomwaretracker.abuse.ch/blocklist/

              The only thing I sometimes get stuck on is the formats of the lists, IP4 is easy its just IP addresses but for some of the others I get a bit confused on the lists formats but I think I am getting there lol
              It would be great to have in the info icons an image of the list just so you can see the correct format, just for people like me who get a little confused ;)

              I am loving the new Pfsense now and I keep looking for updates from pfblocker as it is one of the best packages out there so many thanks BBcan177 you are a star ;)

              Thanks

              Intel(R) Celeron(R) CPU J1900 @ 1.99GHz
              Current: 1992 MHz, Max: 1993 MHz
              4 CPUs: 1 package(s) x 4 core(s)
              AES-NI CPU Crypto: No
              8 Gig RAM
              250GB SSD

              https://ant-techs.is/ip-blocklists

              1 Reply Last reply Reply Quote 0
              • mtarboxM
                mtarbox
                last edited by

                I believe this is the post.
                https://forum.pfsense.org/index.php?topic=86212.600

                Si vis pacem, para pactum.

                1 Reply Last reply Reply Quote 0
                • A
                  anttechs
                  last edited by

                  @mtarbox:

                  I believe this is the post.
                  https://forum.pfsense.org/index.php?topic=86212.600

                  Many thanks ill check it out ;)

                  Intel(R) Celeron(R) CPU J1900 @ 1.99GHz
                  Current: 1992 MHz, Max: 1993 MHz
                  4 CPUs: 1 package(s) x 4 core(s)
                  AES-NI CPU Crypto: No
                  8 Gig RAM
                  250GB SSD

                  https://ant-techs.is/ip-blocklists

                  1 Reply Last reply Reply Quote 0
                  • A
                    anttechs
                    last edited by

                    I check every link in that list he made and a lot of them are dead now but great list it still is.

                    these are the ones that are still alive but saying that some of them I could not use because the page had changed to something else.

                    "url"   => "http://cinsscore.com/list/ci-badguys.txt",
                                         "header"=> "CIArmy"),

                    "url"   => "https://zeustracker.abuse.ch/blocklist.php?download=ipblocklist",
                                         "header"=> "Abuse_Zeus"),

                    "url"   => "https://sslbl.abuse.ch/blacklist/sslipblacklist_aggressive.csv",
                                         "header"=> "Abuse_SSLBL"),

                    "url"   => "https://feeds.dshield.org/block.txt",
                                         "header"=> "dShield_Block"),
                                      array ("format"   => "txt",
                                         "state"   => "Disabled",
                                         "url"   => "https://labs.snort.org/feeds/ip-filter.blf",
                                         "header"=> "Snort_BL"),

                    "url"   => "https://reputation.alienvault.com/reputation.snort.gz",
                                         "header"=> "Alienvault"),

                    "url"   => "https://www.projecthoneypot.org/list_of_ips.php?t=d&rss=1",
                                         "header"=> "HoneyPot")),

                    "url"   => "http://www.malwaredomainlist.com/hostslist/ip.txt",
                                         "header"=> "MDL"),

                    "url"   => "http://www.nothink.org/blacklist/blacklist_ssh_week.txt",
                                         "header"=> "Nothink_SSH"),

                    "url"   => "https://danger.rulez.sk/projects/bruteforceblocker/blist.php",
                                         "header"=> "DangerRulez"),

                    "url"   => "https://feodotracker.abuse.ch/blocklist/?download=ipblocklist",
                                         "header"=> "Feodo_Block"),

                    "url"   => "http://blocklist.greensnow.co/greensnow.txt",
                                         "header"=> "Greensnow"),

                    "url"   => "https://lists.blocklist.de/lists/all.txt",
                                         "header"=> "BlocklistDE"),

                    "url"   => "http://www.stopforumspam.com/downloads/toxic_ip_cidr.txt",
                                         "header"=> "SFS_Toxic")),

                    "url"   => "https://malc0de.com/bl/IP_Blacklist.txt",
                                         "header"=> "Malcode"),

                    "url"   => "https://www.badips.com/get/list/any/2",
                                         "header"=> "BadIPs")),

                    I did it the old fashion way, took all the working links out of the code and put them all in by hand in the IP4 tab lol

                    To me block lists are the most important and easy way for everyone to block all sorts of sites and Ips. its good and simple for people who are not into sticking scripts into pfsense and risk messing it all up. Im very interested to see how much more work will be done to Pfblocker on this subject even though its already excellent ;)

                    Intel(R) Celeron(R) CPU J1900 @ 1.99GHz
                    Current: 1992 MHz, Max: 1993 MHz
                    4 CPUs: 1 package(s) x 4 core(s)
                    AES-NI CPU Crypto: No
                    8 Gig RAM
                    250GB SSD

                    https://ant-techs.is/ip-blocklists

                    1 Reply Last reply Reply Quote 0
                    • V
                      Velcro
                      last edited by

                      @anttechs:

                      ..I could not use because the page had changed to something else.

                      anttechs,
                      Thanks for sending these lists but what do you mean by I could not use these? They broke pfBlockerNG? You got an error?

                      I too am looking forward to the new pfBlockerNG…awsome job so far!  I was curious what the best DNSBL and IPv4 lists, as of today, that people use?

                      Would it be OK to share yours?

                      Update - Here are the lists I have set up in pfBlocker, it is a bit of a "shot-gun" approach...I suspect 1-4 good quality lists is better then many lists?

                      IPv4 Lists:

                      Updated every hour-
                      https://www.binarydefense.com/banlist.txt
                      https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/firehol_level3.netset

                      Updated every 12 hours-
                      https://rules.emergingthreats.net/fwrules/emerging-Block-IPs.txt
                      https://rules.emergingthreats.net/blockrules/compromised-ips.txt

                      Updated every 6 hours-
                      http://cinsscore.com/list/ci-badguys.txt
                      https://isc.sans.edu/block.txt
                      https://zeustracker.abuse.ch/blocklist.php?download=badips

                      DNSBL Lists

                      https://gist.githubusercontent.com/BBcan177/4a8bf37c131be4803cb2/raw/be5fddb116667699c246df97b79e1032ab71bb1c/MS-2
                      https://gist.githubusercontent.com/BBcan177/bf29d47ea04391cb3eb0/raw/b344ebc9475acdea1fae38a12c4ea9332838a184/MS-1
                      http://pgl.yoyo.org/adservers/serverlist.php?hostformat=hosts&mimetype=plaintext
                      http://someonewhocares.org/hosts/hosts
                      https://adaway.org/hosts.txt
                      http://jasonhill.co.uk/pfsense/ad_servers_dnsbl.txt
                      http://sysctl.org/cameleon/hosts
                      http://osint.bambenekconsulting.com/feeds/dga-feed.gz
                      http://osint.bambenekconsulting.com/feeds/c2-dommasterlist.txt

                      1 Reply Last reply Reply Quote 0
                      • A
                        anttechs
                        last edited by

                        I totally agree V3lcro it is an awesome package and I cant wait for more to come ;)

                        In that list there was some with 404 errors and the pages had changed into something else, not a ip or url list so I was guessing some of the links had been taken over by other companies so I did it the old fashion way and checked each link and did it all by hand putting them in 1 by 1 in the right place like ip4 list and url lists, it was a long slow process but i got it done and I didn't want to risk using the script on the latest version of PfSense.

                        I shall have to get all my lists and posts them some time no probs im always finding new ways and sites I think I am addicted to it lol

                        So far my favourite one is https://filterlists.com/ but I am a paid member of https://www.iblocklist.com/

                        They are both very popular and I shall post more if they are any good, its a lot of research to make sure its worth using the sites lists if they don't keep them updated.

                        Many thanks for your lists and I think im already using some of them but ill have a good look so thank you for sharing ;)

                        Intel(R) Celeron(R) CPU J1900 @ 1.99GHz
                        Current: 1992 MHz, Max: 1993 MHz
                        4 CPUs: 1 package(s) x 4 core(s)
                        AES-NI CPU Crypto: No
                        8 Gig RAM
                        250GB SSD

                        https://ant-techs.is/ip-blocklists

                        1 Reply Last reply Reply Quote 0
                        • A
                          ASM_COPE
                          last edited by

                          I've added configuration for managed lists following the steps clearly outlined here:

                          https://www.linuxincluded.com/using-pfblockerng-on-pfsense

                          That author also mentions in comment feedback that he is review/testing the next version of PFB, with the "much easier" way of managing these options…

                          1 Reply Last reply Reply Quote 0
                          • A
                            anttechs
                            last edited by

                            @ASM_COPE:

                            I've added configuration for managed lists following the steps clearly outlined here:

                            https://www.linuxincluded.com/using-pfblockerng-on-pfsense

                            That author also mentions in comment feedback that he is review/testing the next version of PFB, with the "much easier" way of managing these options…

                            Very good thank you for your work ;)

                            Intel(R) Celeron(R) CPU J1900 @ 1.99GHz
                            Current: 1992 MHz, Max: 1993 MHz
                            4 CPUs: 1 package(s) x 4 core(s)
                            AES-NI CPU Crypto: No
                            8 Gig RAM
                            250GB SSD

                            https://ant-techs.is/ip-blocklists

                            1 Reply Last reply Reply Quote 0
                            • A
                              anttechs
                              last edited by

                              So Far this is my list but I didn't put them in any order, all I did was scrape the url's from the backup files.
                              Sorry for being lazy but at least you get the links to check out yourself if you already have not got them.

                              These are Ipv4 and DNSBL feeds

                              https://rules.emergingthreats.net/blockrules/compromised-ips.txt
                              https://rules.emergingthreats.net/fwrules/emerging-Block-IPs.txt
                              https://www.spamhaus.org/drop/drop.txt
                              https://ransomwaretracker.abuse.ch/downloads/RW_IPBL.txt
                              http://cinsscore.com/list/ci-badguys.txt
                              https://zeustracker.abuse.ch/blocklist.php
                              https://sslbl.abuse.ch/blacklist/sslipblacklist_aggressive.csv
                              https://feeds.dshield.org/block.txt
                              https://labs.snort.org/feeds/ip-filter.blf
                              https://reputation.alienvault.com/reputation.snort.gz
                              http://www.projecthoneypot.org/list_of_ips.php
                              http://www.malwaredomainlist.com/hostslist/ip.txt
                              http://www.nothink.org/blacklist/blacklist_ssh_week.txt
                              https://feodotracker.abuse.ch/blocklist/?download=ipblocklist
                              http://blocklist.greensnow.co/greensnow.txt
                              https://lists.blocklist.de/lists/all.txt
                              http://www.stopforumspam.com/downloads/toxic_ip_cidr.txt
                              https://malc0de.com/bl/IP_Blacklist.txt
                              https://www.badips.com/get/list/any/2
                              https://www.binarydefense.com/banlist.txt
                              https://rules.emergingthreats.net/fwrules/emerging-Block-IPs.txt
                              https://rules.emergingthreats.net/blockrules/compromised-ips.txt
                              https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/firehol_level3.netset
                              https://isc.sans.edu/block.txt
                              https://zeustracker.abuse.ch/blocklist.php
                              https://easylist-downloads.adblockplus.org/easylist_noelemhide.txt
                              https://easylist-downloads.adblockplus.org/easyprivacy.txt
                              http://pgl.yoyo.org/adservers/serverlist.php
                              http://hosts-file.net/ad_servers.txt
                              https://adaway.org/hosts.txt
                              http://sysctl.org/cameleon/hosts
                              https://ransomwaretracker.abuse.ch/downloads/LY_DS_URLBL.txt
                              https://ransomwaretracker.abuse.ch/downloads/RW_DOMBL.txt
                              http://mirror1.malwaredomains.com/files/immortal_domains.txt
                              https://s3.amazonaws.com/lists.disconnect.me/simple_tracking.txt
                              https://s3.amazonaws.com/lists.disconnect.me/simple_ad.txt
                              https://raw.githubusercontent.com/quidsup/notrack/master/trackers.txt
                              https://gist.githubusercontent.com/BBcan177/4a8bf37c131be4803cb2/raw/be5fddb116667699c246df97b79e1032ab71bb1c/MS-2
                              https://gist.githubusercontent.com/BBcan177/bf29d47ea04391cb3eb0/raw/b344ebc9475acdea1fae38a12c4ea9332838a184/MS-1
                              http://jasonhill.co.uk/pfsense/ad_servers_dnsbl.txt
                              http://osint.bambenekconsulting.com/feeds/c2-dommasterlist.txt

                              Intel(R) Celeron(R) CPU J1900 @ 1.99GHz
                              Current: 1992 MHz, Max: 1993 MHz
                              4 CPUs: 1 package(s) x 4 core(s)
                              AES-NI CPU Crypto: No
                              8 Gig RAM
                              250GB SSD

                              https://ant-techs.is/ip-blocklists

                              1 Reply Last reply Reply Quote 1
                              • B
                                BSA66
                                last edited by BSA66

                                That's an awesome List, thank you for sharing it @anttechs
                                I was just surfing all the way up and down to find sth similar, here it is. Just amazing!


                                Edit
                                I really do not know if it should have had been mentioned here but on http://iplists.firehol.org/ there is a comparison of several free accessible Lists.
                                As it surely needs a little "work-in" imo it got the option to provide a good overview over several lists and even how individual lists overlaps one with an other.

                                I just found it shortly. As I see it might provide one with a nice and unique overview though it might even need some time to get even this. Anyway, I guess it might be a good addition for any searches.

                                1 Reply Last reply Reply Quote 0
                                • First post
                                  Last post
                                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.