Shallalist2pfBlockerNG.php - script para importar shallalist a pfBlockerNG



  • Hola.

    shallalist2pfBlockerNG.php – script para importar categorias de shallalist a pfBlockerNG

    Descarga - download: http://www.javcasta.com/?smd_process_download=1&download_id=33336

    shallalist2pfBlockerNG.php es un php cli script para importar las categorias de shallalist a pfBlockerNG y crea un cron para actualizarlas.

    Testeado en pfSense 2.3.2_1 amd64 con pfBlockerNG 2.1.1_4

    Condición necesaria: Tener instalado en pfSense el paquete pfBlockerNG y configurado y operativo su DNSBL.

    El script se aloja en una carpeta, por ejemplo /scripts , y se ejecuta desde shell o consola:

    php /scripts/shallalist2pfBlockerNG.php

    Una vez ejecutado e importadas las categorias de shallalist al DNSBL feed shalllaist2pfBlockerNG, vamos a la GUI de pfSense: Firewall > pfBlockerNG > DNSBL Feeds,

    y editamos el feed shallalist2pfBlockerNG y ponemos a ON (o dejamos a OFF) las categorias que deseemos.

    Solo quedará hacer un Force Update update/reload del DNSBL pfblockerNG

    El código: shallalist2pfBlockerNG.php

    
    /*
    	shallalist2pfBlockerNG.php
    	Copyright (C) 2016 javier@javcasta.com Javier Castañón
            @javcasta - PIyMenta - https://javcasta.com/
    
    	Redistribution and use in source and binary forms, with or without
    	modification, are permitted provided that the following conditions are met:
    
    	1\. Redistributions of source code must retain the above copyright notice,
    	   this list of conditions and the following disclaimer.
    
    	2\. Redistributions in binary form must reproduce the above copyright
    	   notice, this list of conditions and the following disclaimer in the
    	   documentation and/or other materials provided with the distribution.
    
    	THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
    	INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
    	AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
    	AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
    	OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
    	SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
    	INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
    	CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
    	ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
    	POSSIBILITY OF SUCH DAMAGE.
    */
    
    require_once("config.inc");
    require_once("util.inc");
    require_once("functions.inc");
    require_once("pkg-utils.inc");
    require_once("pfsense-utils.inc");
    require_once("globals.inc");
    require_once("services.inc");
    
    global $config;
    $config = parse_config(true);
    
    //bash 
    //Remove directory
    print_r("Remove /tmp/BL dir \n");
    mwexec("/bin/rm -rf /tmp/BL");
    //Create directory
    print_r("Create /tmp/BL dir \n");
    mwexec("/bin/mkdir /tmp/BL");
    //Download list
    print_r("Download shallalist.tar.gz \n");
    mwexec("/usr/bin/fetch -o /tmp/BL http://www.shallalist.de/Downloads/shallalist.tar.gz");
    #Extract and remove archive
    print_r("Extract... \n");
    //mwexec("/usr/bin/cd /tmp/BL");
    mwexec("/usr/bin/tar -xf /tmp/BL/shallalist.tar.gz --strip 1 -C /tmp/BL");
    mwexec("/bin/rm -rf /tmp/BL/shallalist.tar.gz");
    
    function listFolders($dir)
    {
        //ref //http://stackoverflow.com/questions/14358346/how-to-build-a-array-that-contains-a-folder-structure
        $dh = scandir($dir);
        $resultado = array();
        $laruta = '';
    
        foreach ($dh as $folder) {
            if ($folder != '.' && $folder != '..' && $folder != 'COPYRIGHT' &&
                    $folder != 'global_usage' && $folder != 'shallalist.tar.gz') {
                $laruta = $dir . '/' . $folder;
                if (is_dir($dir . '/' . $folder)) {                
                    $resultado[] = listFolders($dir . '/' . $folder);               
                } else {
                    if (strpos($folder, 'domains') !== false) $resultado[] = $laruta;                
                }
            }
        }
        return $resultado;
    }
    //folders /tmp/BL to array
    $losdiraux = listFolders("/tmp/BL");
    $losdir = iterator_to_array(new RecursiveIteratorIterator(new RecursiveArrayIterator($losdiraux)), 0);
    
    //DNSBL feed shallalist2pfBlockerNG
    $j = 0;
    $existeDNSBLfeed = false;
    while (!empty($config['installedpackages']['pfblockerngdnsbl']['config'][$j]['aliasname'])) {
        $j++;
        if (strpos($config['installedpackages']['pfblockerngdnsbl']['config'][$j]['aliasname'], "shallalist2pfpBlockerNG") !== false) {
            $existeDNSBLfeed = true;
            print_r("Already exists DNSBL feed shallalist2pfpBlockerNG ... \n");
        }
    }
    
    if (!$existeDNSBLfeed) {
        $config['installedpackages']['pfblockerngdnsbl']['config'][$j]['aliasname'] = "shallalist2pfpBlockerNG";
        $config['installedpackages']['pfblockerngdnsbl']['config'][$j]['description'] = "shallalist to pfBlockerNG";
        $config['installedpackages']['pfblockerngdnsbl']['config'][$j]['infolist'] = "";
        //...
        $i = 0;
        foreach ($losdir as $elemento) {
            $config['installedpackages']['pfblockerngdnsbl']['config'][$j]['row'][$i]['format'] = 'auto';
            $config['installedpackages']['pfblockerngdnsbl']['config'][$j]['row'][$i]['state'] = 'Disabled'; //Enabled
            $config['installedpackages']['pfblockerngdnsbl']['config'][$j]['row'][$i]['url'] = "$elemento";
            $config['installedpackages']['pfblockerngdnsbl']['config'][$j]['row'][$i]['header'] = "sh2pfB_$i";
            $i++;
        }
        //...
        $config['installedpackages']['pfblockerngdnsbl']['config'][$j]['action'] = "unbound";
        $config['installedpackages']['pfblockerngdnsbl']['config'][$j]['cron'] = "Weekly";
        $config['installedpackages']['pfblockerngdnsbl']['config'][$j]['filter_alexa'] = "on";
        $config['installedpackages']['pfblockerngdnsbl']['config'][$j]['custom'] = "";
        $config['installedpackages']['pfblockerngdnsbl']['config'][$j]['custom_update'] = "disabled";
        print  "pfBlockerNG DNSBL feed List shallalist2pfpBlockerNG Import Completed...\n\n";
        write_config();
    }
    
    //Cron
    //si no existe /scripts lo creamos - if not exist /scripts create it
    if(!is_dir('/scripts')) {
      mkdir('/scripts');
    }
    //si no existe /scripts/cron-download-shallalist2pfpBlockerNG.sh lo creamos
    if (!file_exists('/scripts/cron-download-shallalist2pfpBlockerNG.sh')) {
     //bash
     $contenido = "#!/bin/sh\n"
            . "/bin/rm -rf /tmp/BL\n"
            . "/bin/mkdir /tmp/BL\n"
            . "/usr/bin/fetch -o /tmp/BL http://www.shallalist.de/Downloads/shallalist.tar.gz\n"
            . "/usr/bin/tar -xf /tmp/BL/shallalist.tar.gz --strip 1 -C /tmp/BL\n"
            . "/bin/rm -rf /tmp/BL/shallalist.tar.gz\n";
     file_put_contents("/scripts/cron-download-shallalist2pfpBlockerNG.sh", $contenido);
     print_r("Create /scripts/cron-download-shallalist2pfpBlockerNG.sh ... \n");
    
    } else print_r("Already exists /scripts/cron-download-shallalist2pfpBlockerNG.sh ... \n");
    //existe Cron?
    $j = 0;
    $existecron = false;
    while (!empty($config['cron']['item'][$j]['command'])) {
        $j++;
        //print_r($config['cron']['item'][$j]['command']."\n");
        if (strpos($config['cron']['item'][$j]['command'], "/bin/sh /scripts/cron-download-shallalist2pfpBlockerNG.sh") !== false) {
            $existecron = true;
            print_r("Already exists cron for /bin/sh /scripts/cron-download-shallalist2pfpBlockerNG.sh \n");
        }
    }
    //si no existe cron lo creamos a ejecutar como root cada domingo a las 06:06
    if (!$existecron) {
        $config['cron']['item'][$j]['minute'] = "6";
        $config['cron']['item'][$j]['hour'] = "6";
        //$config['cron']['item'][$j]['mday'] = "*";
        //$config['cron']['item'][$j]['month'] = "*";
        $config['cron']['item'][$j]['wday'] = "7";
        $config['cron']['item'][$j]['who'] = "root";
        $config['cron']['item'][$j]['command'] = "/bin/sh /scripts/cron-download-shallalist2pfpBlockerNG.sh";
        print_r("Create cron for /bin/sh /scripts/cron-download-shallalist2pfpBlockerNG.sh ... \n\n");
        write_config();
    }
    print_r("You have to go to https://YOUR-IP-PFSENSE/pkg.php?xml=/pfblockerng/pfblockerng_dnsbl_lists.xml \n"
            . " Firewall > pfBlockerNG > DNSBL Feeds: and edit/put ON/OFF the Categories you wish \n"
            . "and Force Update update/reload DNSBL pfblockerNG \n\n");
    print_r("The End :). By javcasta - htpps://javcasta.com \n");
    ?>
    
    

    Salu2

    Referencias:

    Descarga - download: http://www.javcasta.com/?smd_process_download=1&download_id=33336
    https://www.javcasta.com/shallalist2pfblockerng-php-script-para-importar-categorias-shallalist-a-pfblockerng/
    https://forum.pfsense.org/index.php?topic=119851.0



  • valla pero que aporte, muchas gracias



  • Ok  ;D
    sólo decir que si el pfSense no dispone de mucha ram,  ojo con activar Enable TLD en DNSBL , no poner listas demasiado grandes en pfBlockerNG si así fuese , ( cuando las listas superan 300K elementos hace falta bastante ram, 100K  domains <–> 1GB)



  • Hola.

    @doktornotor:

    @JasonJoel:

    Ok, I'm about to ask a stupid question. Yes I searched first, but didn't find the answer - or was too stupid to understand it.
    Where is everyone getting the IP block lists to import into pfBNG? I know of a few, but it seems like everyone uses many of the same (based on the screenshots), so thought I would just ask if there is a list somewhere.

    This was provided by BBcan17, stick the under /usr/local/www and run once via your browser. (All the lists are disabled by default.)

    Casi Off topic, pero muy util, un script del desarrollador de pfBlockerNG @BBcan177 pfBlockerNG_import.php , para importar listas IPv4 (poner enabled u disabled las que convengan despues desde el configurador de pfBlockerNG) para el pfBlockerNG:

    Se aloja el fichero del script en /usr/local/www/pfBlockerNG_import.php y se ejecuta desde navegador ( https://la-ip-pfsense/pfBlockerNG_import.php )
    Cuando termine de ejecutarse el script se verá en el navegador

    Checking for Existing pfBlockerNG Alias/Lists Found existing Alias/Lists. Merging Existing Alias/Lists with Imported Version pfBlockerNG Alias List Import Completed.;

    Y en IPv4 lists aparecerán

    IBlock pfBlockerNG IBlock Disabled 04hours enabled

    PRI1 pfBlockerNG PRI1 Disabled 01hour enabled

    PRI2 pfBlockerNG PRI2 Disabled 04hours enabled

    PRI3 pfBlockerNG PRI3 Disabled 04hours enabled

    SEC1 pfBlockerNG SEC1 Disabled 04hours enabled

    TOR pfBlockerNG TOR Disabled 04hours enabled

    MAIL pfBlockerNG MAIL  Disabled 08hours enabled

    El código pfBlockerNG_import.php

    
    /*
            pfBlockerNG_import.php
    
            pfBlockerNG
            Copyright (C) 2014 BBcan177@gmail.com
            All rights reserved.
    
            Redistribution and use in source and binary forms, with or without
            modification, are permitted provided that the following conditions are met:
    
            1\. Redistributions of source code must retain the above copyright notice,
                     this list of conditions and the following disclaimer.
    
            2\. Redistributions in binary form must reproduce the above copyright
                     notice, this list of conditions and the following disclaimer in the
                     documentation and/or other materials provided with the distribution.
    
            THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
            INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
            AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
            AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
            OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
            SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
            INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
            CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
            ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
            POSSIBILITY OF SUCH DAMAGE.
    
    */
    
    require_once("config.inc");
    require_once("util.inc");
    require_once("functions.inc");
    require_once("pkg-utils.inc");
    require_once("pfsense-utils.inc");
    require_once("globals.inc");
    require_once("services.inc");
    
    print "";
    $pfblist_new = array ( array (    "none" => "", 
                "aliasname" => "IBlock",
                "description" => "pfBlockerNG IBlock",
                "infolists" => "",
                "row" => array (array ("format"   => "gz",
                         "state"   => "Disabled",
                         "url"   => "http://list.iblocklist.com/?list=usrcshglbiilevmyfhse&fileformat=p2p&archiveformat=gz",
                         "header"=> "IBlock_BT_Hijack"),
                      array ("format" => "gz",
                         "state"   => "Disabled",
                         "url"   => "http://list.iblocklist.com/?list=ficutxiwawokxlcyoeye&fileformat=p2p&archiveformat=gz",
                         "header"=> "IBlock_BT_FS"),
                      array ("format" => "gz",
                         "state"   => "Disabled",
                         "url"   => "http://list.iblocklist.com/?list=ghlzqtqxnzctvvajwwag&fileformat=p2p&archiveformat=gz",
                         "header"=> "IBlock_BT_Web"),
                      array ("format" => "gz",
                         "state"   => "Disabled",
                         "url"   => "http://list.iblocklist.com/?list=llvtlsjyoyiczbkjsxpf&fileformat=p2p&archiveformat=gz",
                         "header"=> "IBlock_BT_Spy"),
                      array ("format" => "gz",
                         "state"   => "Disabled",
                         "url"   => "http://list.iblocklist.com/?list=cwworuawihqvocglcoss&fileformat=p2p&archiveformat=gz",
                         "header"=> "IBlock_Badpeer"),
                      array ("format" => "gz",
                         "state"   => "Disabled",
                         "url"   => "http://list.iblocklist.com/?list=dgxtneitpuvgqqcpfulq&fileformat=p2p&archiveformat=gz",
                         "header"=> "IBlock_Ads"),
                      array ("format" => "gz",
                         "state"   => "Disabled",
                         "url"   => "http://list.iblocklist.com/?list=xoebmbyexwuiogmbyprb&fileformat=p2p&archiveformat=gz",
                         "header"=> "IBlock_Proxy")),
                "action"=> "Disabled",
                "cron"   => "04hours",
                "dow"   => "1",
                 "aliaslog" => "enabled",
                "custom"=> "",
                "custom_update" => "disabled"),
    
               array (   "none" => "",
                "aliasname" => "PRI1",
                "description" => "pfBlockerNG PRI1",
                "infolists" => "",
                "row" => array (array ("format"   => "txt",
                         "state"   => "Disabled",
                         "url"   => "https://rules.emergingthreats.net/blockrules/compromised-ips.txt",
                         "header"=> "ET_Comp"),
                      array ("format"   => "txt",
                         "state"   => "Disabled",
                         "url"   => "https://rules.emergingthreats.net/fwrules/emerging-Block-IPs.txt",
                         "header"=> "ET_Block"),
                      array ("format"   => "txt",
                         "state"   => "Disabled",
                         "url"   => "http://www.spamhaus.org/drop/drop.txt",
                         "header"=> "Spamhaus_drop"),
                      array ("format"   => "txt",
                         "state"   => "Disabled",
                         "url"   => "http://www.spamhaus.org/drop/edrop.txt",
                         "header"=> "Spamhaus_edrop"),
                      array ("format"   => "txt",
                         "state"   => "Disabled",
                         "url"   => "http://cinsscore.com/list/ci-badguys.txt",
                         "header"=> "CIArmy"),
                      array ("format"   => "txt",
                         "state"   => "Disabled",
                         "url"   => "https://zeustracker.abuse.ch/blocklist.php?download=ipblocklist",
                         "header"=> "Abuse_Zeus"),
                      array ("format" => "txt",
                         "state"   => "Disabled",
                         "url"   => "https://spyeyetracker.abuse.ch/blocklist.php?download=ipblocklist",
                         "header"=> "Abuse_Spyeye"),
                      array ("format" => "txt",
                         "state"   => "Disabled",
                         "url"   => "https://palevotracker.abuse.ch/blocklists.php?download=ipblocklist",
                         "header"=> "Abuse_Palevo"),
                      array ("format"   => "html",
                         "state"   => "Disabled",
                         "url"   => "https://sslbl.abuse.ch/blacklist/sslipblacklist_aggressive.csv",
                         "header"=> "Abuse_SSLBL"),
                      array ("format"   => "block",
                         "state"   => "Disabled",
                         "url"   => "https://feeds.dshield.org/block.txt",
                         "header"=> "dShield_Block"),
                      array ("format"   => "txt",
                         "state"   => "Disabled",
                         "url"   => "https://labs.snort.org/feeds/ip-filter.blf",
                         "header"=> "Snort_BL"),
                      array ("format"   => "html",
                         "state"   => "Disabled",
                         "url"   => "http://osint.bambenekconsulting.com/feeds/goz-iplist.txt",
                         "header"=> "BBC_Goz")),
                "action"=> "Disabled",
                "cron"   => "01hour",
                "dow"   => "1",
                "aliaslog" => "enabled",
                "custom"=> "",
                "custom_update" => "disabled"),
    
               array (    "none" => "",
                "aliasname" => "PRI2",
                "description" => "pfBlockerNG PRI2",
                "infolists" => "",
                "row" => array (array ("format"   => "gz_2",
                         "state"   => "Disabled",
                         "url"   => "https://reputation.alienvault.com/reputation.snort.gz",
                         "header"=> "Alienvault"),
                      array ("format"   => "html",
                         "state"   => "Disabled",
                         "url"   => "https://atlas.arbor.net/summary/attacks.csv",
                         "header"=> "Atlas_Attacks"),
                      array ("format"   => "html",
                         "state"   => "Disabled",
                         "url"   => "https://atlas.arbor.net/summary/botnets.csv",
                         "header"=> "Atlas_Botnets"),
                      array ("format"   => "html",
                         "state"   => "Disabled",
                         "url"   => "https://atlas.arbor.net/summary/fastflux.csv",
                         "header"=> "Atlas_Fastflux"),
                      array ("format"   => "html",
                         "state"   => "Disabled",
                         "url"   => "https://atlas.arbor.net/summary/phishing.csv",
                         "header"=> "Atlas_Phishing"),
                      array ("format"   => "html",
                         "state"   => "Disabled",
                         "url"   => "https://atlas.arbor.net/summary/scans.csv",
                         "header"=> "Atlas_Scans"),
                      array ("format"   => "txt",
                         "state"   => "Disabled",
                         "url"   => "http://www.cyber-ta.org/releases/malware/SOURCES/Attacker.Cumulative.Summary",
                         "header"=> "SRI_Attackers"),
                      array ("format"   => "txt",
                         "state"   => "Disabled",
                         "url"   => "http://www.cyber-ta.org/releases/malware/SOURCES/CandC.Cumulative.Summary",
                         "header"=> "SRI_CC"),
                      array ("format"   => "html",
                         "state"   => "Disabled",
                         "url"   => "https://www.projecthoneypot.org/list_of_ips.php?t=d&rss=1",
                         "header"=> "HoneyPot")),
                "action"=> "Disabled",
                "cron"  => "04hours",
                "dow"   => "1",
                "aliaslog" => "enabled",
                "custom"=> "",
                "custom_update" => "disabled"),
    
               array (    "none" => "",
                "aliasname" => "PRI3",
                "description" => "pfBlockerNG PRI3",
                "infolists" => "",
                "row" => array (array ("format"   => "txt",
                         "state"   => "Disabled",
                         "url"   => "http://www.malwaredomainlist.com/hostslist/ip.txt",
                         "header"=> "MDL"),
                      array ("format"   => "txt",
                         "state"   => "Disabled",
                         "url"   => "http://www.nothink.org/blacklist/blacklist_malware_http.txt",
                         "header"=> "Nothink_BL"),
                      array ("format" => "txt",
                         "state"   => "Disabled",
                         "url"   => "http://www.nothink.org/blacklist/blacklist_ssh_week.txt",
                         "header"=> "Nothink_SSH"),
                      array ("format" => "txt",
                         "state"   => "Disabled",
                         "url"   => "http://www.nothink.org/blacklist/blacklist_malware_dns.txt",
                         "header"=> "Nothink_Malware"),
                      array ("format" => "txt",
                         "state"   => "Disabled",
                         "url"   => "https://danger.rulez.sk/projects/bruteforceblocker/blist.php",
                         "header"=> "DangerRulez"),
                      array ("format" => "html",
                         "state"   => "Disabled",
                         "url"   => "https://www.autoshun.org/files/shunlist.csv",
                         "header"=> "Shunlist"),
                      array ("format" => "txt",
                         "state"   => "Disabled",
                         "url"   => "http://www.infiltrated.net/blacklisted",
                         "header"=> "Infiltrated"),
                      array ("format" => "txt",
                         "state"   => "Disabled",
                         "url"   => "https://www.dragonresearchgroup.org/insight/sshpwauth.txt",
                         "header"=> "DRG_SSH"),
                      array ("format" => "txt",
                         "state"   => "Disabled",
                         "url"   => "https://www.dragonresearchgroup.org/insight/vncprobe.txt",
                         "header"=> "DRG_VNC"),
                      array ("format" => "txt",
                         "state"   => "Disabled",
                         "url"   => "https://www.dragonresearchgroup.org/insight/http-report.txt",
                         "header"=> "DRG_HTTP"),
                      array ("format" => "txt",
                         "state"   => "Disabled",
                         "url"   => "https://feodotracker.abuse.ch/blocklist/?download=ipblocklist",
                         "header"=> "Feodo_Block"),
                      array ("format" => "txt",
                         "state"   => "Disabled",
                         "url"   => "https://feodotracker.abuse.ch/blocklist/?download=badips",
                         "header"=> "Feodo_Bad"),
                      array ("format" => "txt",
                         "state"   => "Disabled",
                         "url"   => "http://www.reputationauthority.org/toptens.php",
                         "header"=> "WatchGuard"),
                      array ("format" => "txt",
                         "state"   => "Disabled",
                         "url"   => "https://vmx.yourcmc.ru/BAD_HOSTS.IP4",
                         "header"=> "VMX"),
                      array ("format" => "html",
                         "state"   => "Disabled",
                         "url"   => "http://www.geopsy.org/blacklist.html",
                         "header"=> "Geopsy"),
                      array ("format" => "html",
                         "state"   => "Disabled",
                         "url"   => "https://www.maxmind.com/en/anonymous_proxies",
                         "header"=> "Maxmind"),
                      array ("format" => "html",
                         "state"   => "Disabled",
                         "url"   => "http://www.botscout.com/last_caught_cache.htm",
                         "header"=> "BotScout"),   
                      array ("format" => "html",
                         "state"   => "Disabled",
                         "url"   => "https://www.juniper.net/security/auto/spam",
                         "header"=> "Juniper"),
                      array ("format" => "txt",
                         "state"   => "Disabled",
                         "url"   => "http://blocklist.greensnow.co/greensnow.txt",
                         "header"=> "Greensnow"),
                      array ("format" => "txt",
                         "state"   => "Disabled",
                         "url"   => "https://lists.blocklist.de/lists/all.txt",
                         "header"=> "BlocklistDE"),
                      array ("format" => "txt",
                         "state"   => "Disabled",
                         "url"   => "http://www.stopforumspam.com/downloads/toxic_ip_cidr.txt",
                         "header"=> "SFS_Toxic")),
                "action"=> "Disabled",
                "cron"  => "04hours",
                "dow"   => "1",
                "aliaslog" => "enabled",
                "custom"=> "",
                "custom_update" => "disabled"),
    
               array (    "none" => "",
                "aliasname" => "SEC1",
                "description" => "pfBlockerNG SEC1",
                "infolists" => "",
                "row" => array (array ("format" => "html",
                         "state"   => "Disabled",
                         "url"   => "http://www.malwaregroup.com/ipaddresses/malicious",
                         "header"=> "MalwareGroup"),
                      array ("format" => "gz_2",
                         "state"   => "Disabled",
                         "url"   => "https://www.openbl.org/lists/base_90days.txt.gz",
                         "header"=> "OpenBL"),
                      array ("format" => "txt",
                         "state"   => "Disabled",
                         "url"   => "https://malc0de.com/bl/IP_Blacklist.txt",
                         "header"=> "Malcode"),
                      array ("format" => "txt",
                         "state"   => "Disabled",
                         "url"   => "https://www.badips.com/get/list/any/2",
                         "header"=> "BadIPs")),
                "action"=> "Disabled",
                "cron"  => "04hours",
                "dow"   => "1",
                "aliaslog" => "enabled",
                "custom"=> "",
                "custom_update" => "disabled"),
    
               array (    "none" => "",
                "aliasname" => "TOR",
                "description" => "pfBlockerNG TOR",
                "infolists" => "",
                "row" => array (array ("format" => "gz",
                         "state"   => "Disabled",
                         "url"   => "http://list.iblocklist.com/?list=togdoptykrlolpddwbvz&fileformat=p2p&archiveformat=gz",
                         "header"=> "IBlock_Tor"),
                      array ("format" => "txt",
                         "state"   => "Disabled",
                         "url"   => "https://torstatus.blutmagie.de/ip_list_exit.php/Tor_ip_list_EXIT.csv",
                         "header"=> "Blut_Tor"),
                      array ("format" => "html",
                         "state"   => "Disabled",
                         "url"   => "https://rules.emergingthreats.net/open/suricata/rules/tor.rules",
                         "header"=> "ET_Tor")),
                "action"=> "Disabled",
                "cron"  => "04hours",
                "dow"   => "1",
                "aliaslog" => "enabled",
                "custom"=> "",
                "custom_update" => "disabled"),
    
               array (    "none" => "",
                "aliasname" => "MAIL",
                                    "description" => "pfBlockerNG MAIL",
                                    "infolists" => "",
                                    "row" => array (array ("format"   => "txt",
                                              "state"   => "Disabled",
                                                            "url"   => "https://virbl.bit.nl/download/virbl.dnsbl.bit.nl.txt",
                                                            "header"=> "VirBL"),
                      array ("format" => "zip",
                         "state"   => "Disabled",
                         "url"   => "http://www.stopforumspam.com/downloads/bannedips.zip",
                         "header"=> "SFS_All"),
                      array ("format" => "txt",
                         "state"   => "Disabled",
                         "url"   => "http://antispam.imp.ch/spamlist",
                         "header"=> "Improware"),
                      array ("format" => "html",
                         "state"   => "Disabled",
                         "url"   => "http://toastedspam.com/denylist.cgi",
                         "header"=> "ToastedSpam"),
                      array ("format" => "html",
                         "state"   => "Disabled",
                         "url"   => "http://rss.uribl.com/reports/7d/dns_a.html",
                         "header"=> "URIBL"),
                      array ("format" => "txt",
                         "state"   => "Disabled",
                         "url"   => "http://spamcop.net/w3m?action=map;net=cmaxcnt;mask=65535;sort=spamcnt;format=text",
                         "header"=> "SpamCop"),
                      array ("format" => "gz_2",
                         "state"   => "Disabled",
                         "url"   => "http://www.dnsbl.manitu.net/download/nixspam-ip.dump.gz",
                         "header" => "Nix_Spam")),
                "action"=> "Disabled",
                "cron"  => "08hours",
                "dow"   => "1",
                "aliaslog" => "enabled",
                "custom"=> "",
                "custom_update" => "disabled")
          );
    
    print "Checking for Existing pfBlockerNG Alias/Lists\n";
    
    // Check for Existing pfBlockerNG Allias/Lists
    if (is_array($config['installedpackages']['pfblockernglistsv4']['config'])) {
       print "Found existing Alias/Lists. Merging Existing Alias/Lists with Imported Version\n\n"; 
       $pfblist = $config['installedpackages']['pfblockernglistsv4']['config'];
       $pfbfinal = array_merge($pfblist, $pfblist_new);
       $config['installedpackages']['pfblockernglistsv4']['config'] = $pfbfinal;
    } else {
       print "No existing Alias/Lists found. Importing new Version.\n\n";
       $config['installedpackages']['pfblockernglistsv4']['config'] = $pfblist_new;
    }
    
    print  "pfBlockerNG Alias List Import Completed.";
    write_config();
    
    ?>;
    
    

    Salu2



  • @javcasta:

    Hola.

    @doktornotor:

    @JasonJoel:

    Ok, I'm about to ask a stupid question. Yes I searched first, but didn't find the answer - or was too stupid to understand it.
    Where is everyone getting the IP block lists to import into pfBNG? I know of a few, but it seems like everyone uses many of the same (based on the screenshots), so thought I would just ask if there is a list somewhere.

    This was provided by BBcan17, stick the under /usr/local/www and run once via your browser. (All the lists are disabled by default.)

    Casi Off topic, pero muy util, un script del desarrollador de pfBlockerNG @BBcan177 pfBlockerNG_import.php , para importar listas IPv4 (poner enabled u disabled las que convengan despues desde el configurador de pfBlockerNG) para el pfBlockerNG:

    Cómo import_gravity?



  • Hola

    @iplost:

    Cómo import_gravity?

    Efectivamente, no lo he posteado aquí, pero tengo el script (depurado) pfBlockerNG_import_gravity.php

    Script de creación y update de listas de firehole project para pfBlockerNG – pfBlockerNG_import_gravity.php
    https://www.javcasta.com/script-de-creacion-y-update-de-listas-de-firehole-project-para-pfblockerng-pfblockerng_import_gravity-php/

    Este php script sirve para crear y actualizar listas IPv4 del proyecto FireHole para el paquete pfBlockerNG de pfSense.

    Download pfBlockerNG_import_gravity.php: http://www.javcasta.com/?smd_process_download=1&download_id=33310

    Salu2.



  • Ok  ;D

    I'll try it



  • Hola

    Creo que hay ya en "el horno" una nueva versión de pfBlockerNG, que saldrá su release en breve, y creo que también @BBcan177 (el desarrollador de pfBl), está trabajando en añadir listas de categorias de bloqueo a su utilidad (como con shallalist)… Esperando estoy :)

    https://twitter.com/pfsense/status/788203605950025728

    https://twitter.com/pfsense/status/789501978158075904

    Salu2



  • Lleva desde el 21 sin conectarse al foro @BBcan177,  debe de estar programando y depurando a full  ;D



  • Hola

    @iplost:

    Lleva desde el 21 sin conectarse al foro @BBcan177,  debe de estar programando y depurando a full  ;D

    jajaja, eso es señal de trabajo al 200% :)

    Salu2


Log in to reply