Problem with pfBlockerNG List - How can I fix it? [SOLVED]


  • There appears to be an issue with these two lists:

    http://hosts-file.net/exp.txt
    http://hosts-file.net/hjk.txt

    that appear on firehol_level1 that are causing problems:

    **[ hphosts_exp ] Downloading update .. 200 OK. completed ..
    [ pfB_Level_1 hphosts_exp ] List Error ]

    [ hphosts_hjk ] Downloading update [ 01/19/17 13:08:31 ] .. 200 OK. completed ..
    [ pfB_Level_1 hphosts_hjk ] List Error ]**

    I am assuming that the "converted lists" should be stored in /var/db/pfblockerng/deny , and there is no file corresponding to hphosts exp/hjk.

    How do I find out what is causing the problem, and more importantly fix it/remove the offending line so that I can use the rest of the list.

    In case anyone wants to see it, the full log is below:

    UPDATE PROCESS START [ 01/19/17 13:08:26 ]
    
    Clearing all DNSBL Feeds... 
    ** DNSBL Disabled **
    
    ===[  Continent Process  ]============================================
    
    ===[  IPv4 Process  ]=================================================
    
    [ hphosts_psh ]		 exists. [ 01/19/17 13:08:27 ]
    [ badips ]		 exists.
    [ openbl_90d ]		 exists.
    [ stopforumspam_toxic ]	 exists.
    [ botscout ]		 exists.
    [ malc0de ]		 exists.
    [ cleanmx_phishing ]	 exists.
    [ greensnow ]		 exists.
    [ maxmind_proxy_fraud ]	 exists.
    [ hphosts_emd ]		 exists.
    
    [ hphosts_exp ]		 Downloading update .. 200 OK. completed ..
    [ pfB_Level_1 hphosts_exp ] List Error ]
    
    [ hphosts_hjk ]		 Downloading update [ 01/19/17 13:08:31 ] .. 200 OK. completed ..
    [ pfB_Level_1 hphosts_hjk ] List Error ]
    
    [ iblocklist_spyware ]	 exists. [ 01/19/17 13:08:32 ]
    [ dshield ]		 exists.
    [ zeus_badips ]		 exists.
    [ feodo_badips ]	 exists.
    [ ransomware_rw ]	 exists.
    [ et_compromised ]	 exists.
    [ et_block ]		 exists.
    [ spamhaus_drop ]	 exists.
    [ spamhaus_edrop ]	 exists.
    [ sslbl ]		 exists.
    [ snort_ipfilter ]	 exists.
    [ bambenek_c2 ]		 exists.
    [ alienvault_reputation ] exists.
    [ malwaredomainlist ]	 exists.
    [ nt_malware_http ]	 exists.
    [ nt_malware_dns ]	 exists.
    [ nt_ssh_7d ]		 exists.
    [ bruteforceblocker ]	 exists.
    [ blocklist_de ]	 exists.
    [ ciarmy ]		 exists.
    [ feodo ]		 exists.
    [ zeus ]		 exists.
    
    ===[  IPv6 Process  ]=================================================
    
    ===[  Aliastables / Rules  ]==========================================
    
    No changes to Firewall rules, skipping Filter Reload
    No Changes to Aliases, Skipping pfctl Update
    
    ===[  Kill States  ]==================================================
    
     No matching states found
    ======================================================================
    
     UPDATE PROCESS ENDED [ 01/19/17 13:08:34 ]
    
    

  • These 2 lists are to be used with DNSBL.

  • Moderator

    And there is also a combined DNSBL feed from hpHosts:

    http://hosts-file.net/download/hosts.zip


  • OK, I get it now.  I thought that pfB was doing a reverse DNS on those names, but now that you tell me that…

    So is it correct to assume that I can import any "hosts" file into the DNSBL?

  • Moderator

    Firehol is converting those Domain based lists into an IP format… I'd not recommend that...  The pfBlockerNG package has an IP and a Domain section.... so best to use the applicable format (IP or DNSBL)...

    Yes hpHosts has individual Feeds, or the combined feed linked above... Take a look at their website for further details.