Monster pfBlockerNG import script pfBlockerNG_import_gravity.php 224 lists

iplost · Sep 21, 2016, 2:33 PM

Ok, thanks for update in github

One detail, wget is not by default in pfSense 2.3.2, other way to download script:


 curl https://raw.githubusercontent.com/tonymorella/pfsense_scipts/master/pfBlockerNG_import_gravity.php > pfBlockerNG_import_gravity.php

pfcode · Oct 12, 2016, 8:35 PM

Some of the lists blocked other lists. e.g. Malware[ransomware_feed] blocks Spam_Bots_PHP[lashback_ubl], Attacks[gofferje_sip] blocks Attacks[blueliv_crimeserver_online, blueliv_crimeserver_recent]. Totally confusion. Also, can't get access from "https://freeapi.blueliv.com"

tonymorella · Oct 13, 2016, 4:30 AM

@pfcode:

Some of the lists blocked other lists. e.g. Malware[ransomware_feed] blocks Spam_Bots_PHP[lashback_ubl], Attacks[gofferje_sip] blocks Attacks[blueliv_crimeserver_online, blueliv_crimeserver_recent]. Totally confusion. Also, can't get access from "https://freeapi.blueliv.com"

Good point, by default I added all the URLs to a custom allow lists so they can not block each other :) Also you need to create and account to access the blueliv.com API

pfcode · Oct 15, 2016, 2:48 PM

@tonymorella:

@pfcode:

Some of the lists blocked other lists. e.g. Malware[ransomware_feed] blocks Spam_Bots_PHP[lashback_ubl], Attacks[gofferje_sip] blocks Attacks[blueliv_crimeserver_online, blueliv_crimeserver_recent]. Totally confusion. Also, can't get access from "https://freeapi.blueliv.com"

Good point, by default I added all the URLs to a custom allow lists so they can not block each other :) Also you need to create and account to access the blueliv.com API

Added 88.198.202.51 (blueliv.com) into the pfBlockerNG surpress list, but it was still blocked by gofferje, What am I missing?

BBcan177 · Oct 15, 2016, 6:42 PM

@pfcode:

Also, can't get access from "https://freeapi.blueliv.com"

Added 88.198.202.51 (blueliv.com) into the pfBlockerNG surpress list, but it was still blocked by gofferje, What am I missing?

I haven't used blueliv, but your not checking the correct domain name…

ping freeapi.blueliv.com

PING f01.blueliv.com (88.198.51.46): 56 data bytes

pfcode · Oct 15, 2016, 11:47 PM

@BBcan177:

@pfcode:

Also, can't get access from "https://freeapi.blueliv.com"

Added 88.198.202.51 (blueliv.com) into the pfBlockerNG surpress list, but it was still blocked by gofferje, What am I missing?

I haven't used blueliv, but your not checking the correct domain name…

ping freeapi.blueliv.com

PING f01.blueliv.com (88.198.51.46): 56 data bytes

Hi,

if I manually add the ip in the suppress list and apply the changes, Should I do a update or force reload?

johnabbot · Oct 16, 2016, 7:17 AM

I think you should put a warning about false positives on the bots and organisations ones. I had to delete them.

tonymorella · Oct 16, 2016, 6:46 PM

@johnabbot:

I think you should put a warning about false positives on the bots and organisations ones. I had to delete them.

Sure why not :) I used Organisations for allow rules not block, did you notice issues with this one??

johnabbot · Oct 18, 2016, 4:25 AM

blocking emails to/from me.com from a local mail server I think it was.

motific · Jan 5, 2017, 10:27 PM

Thanks for the script, it was quite a timesaver.

A number of the lists ought to end up in the DNSBL section rather than IP4 (Privacy/SomeoneWhoCares is one example) - if you're maintaining the script that's something to check. If I get some time I might take a look.