PfBlockerNG v2.1 w/TLD
-
I setup a personal IPv4 list that shows up on the widget as pfB_myIPv4:
When I check the "Original IP Files", the correct list is actually on the box:
But when I check the "Deny Files", there's only a single bogus entry that is also reported by the widget:Sounds like you have a personal collection of duplicates covered by other lists. ::)
-
I "grepped" some patterns inside the /var/db/pfblockerng/original directory, but didn't find any duplicates.
-
I "grepped" some patterns inside the /var/db/pfblockerng/original directory, but didn't find any duplicates.
It could be in a larger CIDR:
grep "1.2.3.4" /var/db/pfblockerng/deny/* grep "^1\.2\.3\." /var/db/pfblockerng/deny/* grep "^1\.2\." /var/db/pfblockerng/deny/* grep "^1\." /var/db/pfblockerng/deny/* -
Yes, I know. I checked 16 and 24 bit patterns, but didn't study it thoroughly. I have another machine with pretty much the same lists and my own IP list loads completetely. When I have enough time, I'll check whether there are any differences. It can't be larger CIDRs, because my list contains IPs from normal VM hosters, where some customers think it is funny to attack PBXs. Usually the neigbhoring IPs are unobstrusive.
-
If you have "Aggregation" enabled, that can also optimize the lists along with deduplication.
-
Yes, that was it. By accident all countries were blocked, after deselecting a certain country, everything is fine again.
Thanks.
-
This is just a question. Would it make any sense to add fail2ban functionality to pfBlockerNG?
This could be ssh-logins or other stuff. I like to add Asterisk to my pfSense boxes, so unsolicited registration attempts are a pain in the neck, though I get rid most of them by blocking most countries. Compared to the more static GeoIP lists, here one would release the IPs typically after a couple of hours, but block them immediately once a certain threshold gets exceeded.
An alternative would be to call pftcl from within Asterisk as needed.
-
In regards to TLD blocking, I have it setup and although it appears in the alerts, the packets are still delivered. Do I need to create a rule to actually block a TLD from arriving at its destination, which in my case is an email server.
-
Hello friends, i love this package but i have one question or one suggestion to add
I see in the queues of my mail server, mails in queue because can not connect to ip x.x.x.x , i not view this ip in country list ipv4 denegated, but maybe is in my personal ipv4 lists (dshield, etc..) and the question is:
How can i check if one ip is denegated in pfblockerng ??? there's no search ip engine ??? i want know what list ip is denegated this ip
-
I'm having problems with iOS 11.3 BETA. It seems that safari can't go to 0.0.0.0 and pages can't load. Solution was to reinstall package and use the VIP address, as I was using the certificate hack and 0.0.0.0.
-
Hi
Thanks for this wonderful package and it helps me a lot.
Do you have an updated list of torrent sites or movie downloading sites like yts? I can't block the whole YTS sites after enabling TLD and adding this to Blacklist. Anyone please.. Thank you -
It would be really cool if it could automatically update the blocked TLDs based on the spamhaus statistics (https://www.spamhaus.org/statistics/tlds/) on a regular schedule. I realize that this may be more difficult than it sounds as I cant seem to find a spamhaus TLD feed, just a website. But if we dont dream then it will never happen!
