PfBlockerNG v2.1.1_7

BBcan177

pfBlockerNG v2.1.1_7 has been posted for review by the devs.

https://github.com/pfsense/FreeBSD-ports/pull/331

Changelog:

• Some feeds are now using the HTTP Status code '304 not-modified'. The download function now reports this as a successful download.

• DNSBL uses the Lighttpd conditional error_log to collect HTTPS alert details. A previous Lighttpd update changed the syntax of the log which stopped HTTPS logging. The code has been patched to address the change in log format syntax.

• Typically when IPv4 feeds are downloaded, it uses string functions to parse the lines, however, a regex parser is used when the line is not in a standard format. The previous regex could incorrectly parse certain IPs:

  1.2.3.4/8fdhy[.]net/index.php

  Previous regex = 1.2.3.4/8
        New regex      = 1.2.3.4

• Log Browser tab - check if file exists before attempting to view it.

• Threat Source Lookups:

  Changed some feeds from http to https.
  Removed C-SIRT "Incidents-on-demand" as its doesn't seem to be online.
  Added new lookups to:  Shodan.io, urlscan.io, viewdns.info, VirusTotal (for DNSBL) and OTX Alienvault.

garyd9

BBcan177, I didn't see it in the list of changes…  does this update include the fix for IPv6 block lists being configured as IPv4?

BBcan177

@garyd9:

BBcan177, I didn't see it in the list of changes…  does this update include the fix for IPv6 block lists being configured as IPv4?

This PR doesn't have the IPv6 fix. That fix will be in the next release… Still working on some loose ends...

BBcan177

@BBcan177:

pfBlockerNG v2.1.1_7 has been posted for review by the devs.

https://github.com/pfsense/FreeBSD-ports/pull/331

Changelog:

• Some feeds are now using the HTTP Status code '304 not-modified'. The download function now reports this as a successful download.

• DNSBL uses the Lighttpd conditional error_log to collect HTTPS alert details. A previous Lighttpd update changed the syntax of the log which stopped HTTPS logging. The code has been patched to address the change in log format syntax.

• Typically when IPv4 feeds are downloaded, it uses string functions to parse the lines, however, a regex parser is used when the line is not in a standard format. The previous regex could incorrectly parse certain IPs:

  1.2.3.4/8fdhy[.]net/index.php

  Previous regex = 1.2.3.4/8
        New regex      = 1.2.3.4

• Log Browser tab - check if file exists before attempting to view it.

• Threat Source Lookups:

  Changed some feeds from http to https.
  Removed C-SIRT "Incidents-on-demand" as its doesn't seem to be online.
  Added new lookups to:  Shodan.io, urlscan.io, viewdns.info, VirusTotal (for DNSBL) and OTX Alienvault.

This has now been merged and is available for download.

Wolf666

I don't see it available on 2.4 repository.

BBcan177

@Wolf666:

I don't see it available on 2.4 repository.

Thanks, I sent the devs a message!