Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    HOW CAN I PREVENT MY IP ADDRESS FROM BEING BLACKLISTED USING PFSENSE

    Scheduled Pinned Locked Moved Firewalling
    23 Posts 9 Posters 2.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • johnpozJ
      johnpoz LAYER 8 Global Moderator
      last edited by

      I just looked up the IP you talked to the forum with.. And yeah its on some blacklists

      black.jpg

      But this system didn't give exact details... But there are many reasons why might get on it.. Is your IP an open relay?

      An intelligent man is sometimes forced to be drunk to spend time with his fools
      If you get confused: Listen to the Music Play
      Please don't Chat/PM me for help, unless mod related
      SG-4860 24.11 | Lab VMs 2.8, 24.11

      1 Reply Last reply Reply Quote 0
      • GertjanG
        Gertjan
        last edited by Gertjan

        I understand that the 'right' payload can provoke such a situation.
        Upload several times some illegal video on Youtube, and as you can imagine, they won't like that.
        As a mater of fact, when you share your connection with users, there is a need to protect also your LA(s), far more then your WAN's.

        What might help : enforce your user identification : use a portal - and only give out access when you have copy of the user ID (extreme example) - credit card etc . Apply a common rule : you should know who you invite (to use your stuff) .... Anonymous access can really backfire on you.
        Right now, some jackass is playing tricks on you. He/she who is provoking this does probably know very well what she/he is doing.

        No "help me" PM's please. Use the forum, the community will thank you.
        Edit : and where are the logs ??

        1 Reply Last reply Reply Quote 0
        • johnpozJ
          johnpoz LAYER 8 Global Moderator
          last edited by

          The 2 lists I see his current IP he used to talk to the forum point to him sending spam... I don't see why those would be blocking him from viewing youtube - but I guess this IP is new one, and already show it on couple of lists..

          An intelligent man is sometimes forced to be drunk to spend time with his fools
          If you get confused: Listen to the Music Play
          Please don't Chat/PM me for help, unless mod related
          SG-4860 24.11 | Lab VMs 2.8, 24.11

          1 Reply Last reply Reply Quote 0
          • johnpozJ
            johnpoz LAYER 8 Global Moderator @rsohaya
            last edited by

            @rsohaya said in HOW CAN I PREVENT MY IP ADDRESS FROM BEING BLACKLISTED USING PFSENSE:

            yes i have a thousand users on my network

            Are these your users, I a private network - or are you running some sort of open network, net cafe or something where one can use if they pay sort of network? Or just get on free?

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 24.11 | Lab VMs 2.8, 24.11

            1 Reply Last reply Reply Quote 0
            • R
              rsohaya
              last edited by

              The users are in an open network. They are all connected the same switch and the router that has the Blacklisted IP Address.I assume that PFsense has a package you can use to filter out bad traffic going out to the internet. any ideas how i can achieve this in pfsense?
              .

              Bob.DigB 1 Reply Last reply Reply Quote 0
              • Bob.DigB
                Bob.Dig LAYER 8 @rsohaya
                last edited by

                @rsohaya This is not possible. pfSense can protect you from spam but not the other way around I would say.

                1 Reply Last reply Reply Quote 0
                • A
                  akuma1x
                  last edited by akuma1x

                  @rsohaya You need to figure out what "bad traffic" means - bit torrent, spam email, other stuff using some uncommon ports, then log your outbound traffic to the internet for these users. Analyze the log data, find the offending machine(s), then work from there.

                  However, with a thousand users on an open network, you're in quite a pickle. Do these users come and go, on and off the network?

                  Jeff

                  1 Reply Last reply Reply Quote 0
                  • johnpozJ
                    johnpoz LAYER 8 Global Moderator
                    last edited by johnpoz

                    @rsohaya said in HOW CAN I PREVENT MY IP ADDRESS FROM BEING BLACKLISTED USING PFSENSE:

                    can use to filter out bad traffic

                    So you have a magic package ;) that says this is bad? You have some open network - why and the F would you allow 25 out.. .Block that shit... Really the only ports you should allow out your "open" network is 80/443 - and say the other common sending email ports 465, 587 - I would block everything else outbound..

                    F them for ftp, and ssh, this is some open network... To be honest you could say only 80/443 is open... Do you other business on your own network.

                    If you block 25 outbound - you will stop getting on spammer lists that is for sure.

                    An intelligent man is sometimes forced to be drunk to spend time with his fools
                    If you get confused: Listen to the Music Play
                    Please don't Chat/PM me for help, unless mod related
                    SG-4860 24.11 | Lab VMs 2.8, 24.11

                    M 1 Reply Last reply Reply Quote 0
                    • R
                      rsohaya
                      last edited by

                      Thanks for your inputs guys.Let me try to block some ports on my network and monitor it for a while to see if the same will happen again.

                      1 Reply Last reply Reply Quote 0
                      • M
                        Mats @johnpoz
                        last edited by

                        @johnpoz

                        simple fix, just implement https://www.ietf.org/rfc/rfc3514.txt :D

                        bmeeksB 1 Reply Last reply Reply Quote 0
                        • johnpozJ
                          johnpoz LAYER 8 Global Moderator
                          last edited by

                          Haha the evil bit being set - that is a good one... But yeah blocking packets with that bit set would for sure solve all his issues. A feature request should be put in ;)

                          An intelligent man is sometimes forced to be drunk to spend time with his fools
                          If you get confused: Listen to the Music Play
                          Please don't Chat/PM me for help, unless mod related
                          SG-4860 24.11 | Lab VMs 2.8, 24.11

                          1 Reply Last reply Reply Quote 0
                          • bmeeksB
                            bmeeks @Mats
                            last edited by bmeeks

                            @Mats said in HOW CAN I PREVENT MY IP ADDRESS FROM BEING BLACKLISTED USING PFSENSE:

                            @johnpoz

                            simple fix, just implement https://www.ietf.org/rfc/rfc3514.txt :D

                            Wow! This rates right up there with the invention of the wheel and sliced bread ... 😁. Now thousands of Snort/Suricata rules and millions of IP addresses on pfBlocker IP lists can all be replaced with a single firewall rule looking for and dropping packets with the evil bit set. So simple even a child can do it.

                            1 Reply Last reply Reply Quote 0
                            • First post
                              Last post
                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.