• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Iblocklist How to add my IP Lists

Scheduled Pinned Locked Moved pfBlockerNG
14 Posts 6 Posters 4.0k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • A
    anttechs
    last edited by May 30, 2017, 8:13 PM

    Hi everyone I hope im not asking a stupid question but I can't seem to find anything online to show me the updated way on the latest version of PFblocker how to add my IP block lists from www.iblocklist.com?
    I did contact them but they just sent me to a very old post https://forum.pfsense.org/index.php/topic,42543.0.html but PFblocker has changed a lot since then and I am a little lost.

    Do I put the list in IP4 section or DNSBL section?
    Do I still use CIDR format? I see all the other lists are in txt format.

    I sort of tested both of these options in the CIDR format and it didn't seem to get my lists?
    I am a paying subscriber to iblocklist.com so I really want to use these lists especially blocking all Microsoft IP's

    My guess is I am doing it all wrong but any advice would be very much appreciated.

    Many Thanks in advance ;)

    Intel(R) Celeron(R) CPU J1900 @ 1.99GHz
    Current: 1992 MHz, Max: 1993 MHz
    4 CPUs: 1 package(s) x 4 core(s)
    AES-NI CPU Crypto: No
    8 Gig RAM
    250GB SSD

    https://ant-techs.is/ip-blocklists

    1 Reply Last reply Reply Quote 0
    • B
      BBcan177 Moderator
      last edited by May 30, 2017, 8:27 PM

      Yes they are all IP Blocklists, so you would add those to the IPv4 tab. I don't believe that they have any IPv6 feeds… The DNSBL Tab is for Domain based feeds only. However, there are options in DNSBL to collect any IPs that are mixed with Domains but its still recommended to put IP Feeds into the IPv4/6 Tab.

      Leave the Format as "auto" and it will parse the files without issues...

      On another note, IBlock is not the greatest, they don't seem to be actively updating their feeds and seem to have quite a few FPs...

      "Experience is something you don't get until just after you need it."

      Website: http://pfBlockerNG.com
      Twitter: @BBcan177  #pfBlockerNG
      Reddit: https://www.reddit.com/r/pfBlockerNG/new/

      1 Reply Last reply Reply Quote 0
      • A
        anttechs
        last edited by May 30, 2017, 8:44 PM

        Ok I shall have a go at that then thanks at least I know im in the right place now lol ;)

        One of the main reasons I use iblocklist.com is because I can block Microsoft and Apple, Government and so on but I do hope there updating their lists because I am paying a yearly fee.

        Not unless anyone knows of any better site I would love to know of it ;)

        Thanks BBcan177 for your quick reply ;)

        Intel(R) Celeron(R) CPU J1900 @ 1.99GHz
        Current: 1992 MHz, Max: 1993 MHz
        4 CPUs: 1 package(s) x 4 core(s)
        AES-NI CPU Crypto: No
        8 Gig RAM
        250GB SSD

        https://ant-techs.is/ip-blocklists

        1 Reply Last reply Reply Quote 0
        • B
          BBcan177 Moderator
          last edited by May 30, 2017, 8:56 PM

          There are quite a few sites available…. I posted a script that has approx 50 IP feeds.... The next version of the package will have a Feeds Management tab to make this process easier....

          "Experience is something you don't get until just after you need it."

          Website: http://pfBlockerNG.com
          Twitter: @BBcan177  #pfBlockerNG
          Reddit: https://www.reddit.com/r/pfBlockerNG/new/

          1 Reply Last reply Reply Quote 0
          • A
            anttechs
            last edited by Sep 28, 2017, 10:27 AM

            @BBcan177:

            There are quite a few sites available…. I posted a script that has approx 50 IP feeds.... The next version of the package will have a Feeds Management tab to make this process easier....

            Can I see this list of 50 IP feeds?

            When is the new feeds management tab going in? or new version/update coming? I am so looking forward to this ;)

            I had a very good idea about feeds you could put in for pfBlockerNG!
            The ad blocker plugin for google chrome and firefox called uBlock Origin is the best and it has some great feeds to use >>> https://filterlists.com/
            It has some of the best feeds you can get in its options and third party tab.
            I would grab them feeds and put them in for sure and there are so many other lists you can get from uBlock Origin.

            I am still hoping for some anti Government ones and companies like Apple MS and so on. ;) I also found this site good as well >>> https://ransomwaretracker.abuse.ch/blocklist/

            The only thing I sometimes get stuck on is the formats of the lists, IP4 is easy its just IP addresses but for some of the others I get a bit confused on the lists formats but I think I am getting there lol
            It would be great to have in the info icons an image of the list just so you can see the correct format, just for people like me who get a little confused ;)

            I am loving the new Pfsense now and I keep looking for updates from pfblocker as it is one of the best packages out there so many thanks BBcan177 you are a star ;)

            Thanks

            Intel(R) Celeron(R) CPU J1900 @ 1.99GHz
            Current: 1992 MHz, Max: 1993 MHz
            4 CPUs: 1 package(s) x 4 core(s)
            AES-NI CPU Crypto: No
            8 Gig RAM
            250GB SSD

            https://ant-techs.is/ip-blocklists

            1 Reply Last reply Reply Quote 0
            • M
              mtarbox
              last edited by Oct 1, 2017, 12:29 PM

              I believe this is the post.
              https://forum.pfsense.org/index.php?topic=86212.600

              Si vis pacem, para pactum.

              1 Reply Last reply Reply Quote 0
              • A
                anttechs
                last edited by Oct 1, 2017, 11:19 PM

                @mtarbox:

                I believe this is the post.
                https://forum.pfsense.org/index.php?topic=86212.600

                Many thanks ill check it out ;)

                Intel(R) Celeron(R) CPU J1900 @ 1.99GHz
                Current: 1992 MHz, Max: 1993 MHz
                4 CPUs: 1 package(s) x 4 core(s)
                AES-NI CPU Crypto: No
                8 Gig RAM
                250GB SSD

                https://ant-techs.is/ip-blocklists

                1 Reply Last reply Reply Quote 0
                • A
                  anttechs
                  last edited by Oct 2, 2017, 11:49 AM

                  I check every link in that list he made and a lot of them are dead now but great list it still is.

                  these are the ones that are still alive but saying that some of them I could not use because the page had changed to something else.

                  "url"   => "http://cinsscore.com/list/ci-badguys.txt",
                                       "header"=> "CIArmy"),

                  "url"   => "https://zeustracker.abuse.ch/blocklist.php?download=ipblocklist",
                                       "header"=> "Abuse_Zeus"),

                  "url"   => "https://sslbl.abuse.ch/blacklist/sslipblacklist_aggressive.csv",
                                       "header"=> "Abuse_SSLBL"),

                  "url"   => "https://feeds.dshield.org/block.txt",
                                       "header"=> "dShield_Block"),
                                    array ("format"   => "txt",
                                       "state"   => "Disabled",
                                       "url"   => "https://labs.snort.org/feeds/ip-filter.blf",
                                       "header"=> "Snort_BL"),

                  "url"   => "https://reputation.alienvault.com/reputation.snort.gz",
                                       "header"=> "Alienvault"),

                  "url"   => "https://www.projecthoneypot.org/list_of_ips.php?t=d&rss=1",
                                       "header"=> "HoneyPot")),

                  "url"   => "http://www.malwaredomainlist.com/hostslist/ip.txt",
                                       "header"=> "MDL"),

                  "url"   => "http://www.nothink.org/blacklist/blacklist_ssh_week.txt",
                                       "header"=> "Nothink_SSH"),

                  "url"   => "https://danger.rulez.sk/projects/bruteforceblocker/blist.php",
                                       "header"=> "DangerRulez"),

                  "url"   => "https://feodotracker.abuse.ch/blocklist/?download=ipblocklist",
                                       "header"=> "Feodo_Block"),

                  "url"   => "http://blocklist.greensnow.co/greensnow.txt",
                                       "header"=> "Greensnow"),

                  "url"   => "https://lists.blocklist.de/lists/all.txt",
                                       "header"=> "BlocklistDE"),

                  "url"   => "http://www.stopforumspam.com/downloads/toxic_ip_cidr.txt",
                                       "header"=> "SFS_Toxic")),

                  "url"   => "https://malc0de.com/bl/IP_Blacklist.txt",
                                       "header"=> "Malcode"),

                  "url"   => "https://www.badips.com/get/list/any/2",
                                       "header"=> "BadIPs")),

                  I did it the old fashion way, took all the working links out of the code and put them all in by hand in the IP4 tab lol

                  To me block lists are the most important and easy way for everyone to block all sorts of sites and Ips. its good and simple for people who are not into sticking scripts into pfsense and risk messing it all up. Im very interested to see how much more work will be done to Pfblocker on this subject even though its already excellent ;)

                  Intel(R) Celeron(R) CPU J1900 @ 1.99GHz
                  Current: 1992 MHz, Max: 1993 MHz
                  4 CPUs: 1 package(s) x 4 core(s)
                  AES-NI CPU Crypto: No
                  8 Gig RAM
                  250GB SSD

                  https://ant-techs.is/ip-blocklists

                  1 Reply Last reply Reply Quote 0
                  • V
                    Velcro
                    last edited by Oct 4, 2017, 8:54 PM Oct 4, 2017, 6:17 PM

                    @anttechs:

                    ..I could not use because the page had changed to something else.

                    anttechs,
                    Thanks for sending these lists but what do you mean by I could not use these? They broke pfBlockerNG? You got an error?

                    I too am looking forward to the new pfBlockerNG…awsome job so far!  I was curious what the best DNSBL and IPv4 lists, as of today, that people use?

                    Would it be OK to share yours?

                    Update - Here are the lists I have set up in pfBlocker, it is a bit of a "shot-gun" approach...I suspect 1-4 good quality lists is better then many lists?

                    IPv4 Lists:

                    Updated every hour-
                    https://www.binarydefense.com/banlist.txt
                    https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/firehol_level3.netset

                    Updated every 12 hours-
                    https://rules.emergingthreats.net/fwrules/emerging-Block-IPs.txt
                    https://rules.emergingthreats.net/blockrules/compromised-ips.txt

                    Updated every 6 hours-
                    http://cinsscore.com/list/ci-badguys.txt
                    https://isc.sans.edu/block.txt
                    https://zeustracker.abuse.ch/blocklist.php?download=badips

                    DNSBL Lists

                    https://gist.githubusercontent.com/BBcan177/4a8bf37c131be4803cb2/raw/be5fddb116667699c246df97b79e1032ab71bb1c/MS-2
                    https://gist.githubusercontent.com/BBcan177/bf29d47ea04391cb3eb0/raw/b344ebc9475acdea1fae38a12c4ea9332838a184/MS-1
                    http://pgl.yoyo.org/adservers/serverlist.php?hostformat=hosts&mimetype=plaintext
                    http://someonewhocares.org/hosts/hosts
                    https://adaway.org/hosts.txt
                    http://jasonhill.co.uk/pfsense/ad_servers_dnsbl.txt
                    http://sysctl.org/cameleon/hosts
                    http://osint.bambenekconsulting.com/feeds/dga-feed.gz
                    http://osint.bambenekconsulting.com/feeds/c2-dommasterlist.txt

                    1 Reply Last reply Reply Quote 0
                    • A
                      anttechs
                      last edited by Oct 4, 2017, 9:57 PM

                      I totally agree V3lcro it is an awesome package and I cant wait for more to come ;)

                      In that list there was some with 404 errors and the pages had changed into something else, not a ip or url list so I was guessing some of the links had been taken over by other companies so I did it the old fashion way and checked each link and did it all by hand putting them in 1 by 1 in the right place like ip4 list and url lists, it was a long slow process but i got it done and I didn't want to risk using the script on the latest version of PfSense.

                      I shall have to get all my lists and posts them some time no probs im always finding new ways and sites I think I am addicted to it lol

                      So far my favourite one is https://filterlists.com/ but I am a paid member of https://www.iblocklist.com/

                      They are both very popular and I shall post more if they are any good, its a lot of research to make sure its worth using the sites lists if they don't keep them updated.

                      Many thanks for your lists and I think im already using some of them but ill have a good look so thank you for sharing ;)

                      Intel(R) Celeron(R) CPU J1900 @ 1.99GHz
                      Current: 1992 MHz, Max: 1993 MHz
                      4 CPUs: 1 package(s) x 4 core(s)
                      AES-NI CPU Crypto: No
                      8 Gig RAM
                      250GB SSD

                      https://ant-techs.is/ip-blocklists

                      1 Reply Last reply Reply Quote 0
                      • A
                        ASM_COPE
                        last edited by Oct 5, 2017, 10:22 AM

                        I've added configuration for managed lists following the steps clearly outlined here:

                        https://www.linuxincluded.com/using-pfblockerng-on-pfsense

                        That author also mentions in comment feedback that he is review/testing the next version of PFB, with the "much easier" way of managing these options…

                        1 Reply Last reply Reply Quote 0
                        • A
                          anttechs
                          last edited by Oct 5, 2017, 10:51 AM

                          @ASM_COPE:

                          I've added configuration for managed lists following the steps clearly outlined here:

                          https://www.linuxincluded.com/using-pfblockerng-on-pfsense

                          That author also mentions in comment feedback that he is review/testing the next version of PFB, with the "much easier" way of managing these options…

                          Very good thank you for your work ;)

                          Intel(R) Celeron(R) CPU J1900 @ 1.99GHz
                          Current: 1992 MHz, Max: 1993 MHz
                          4 CPUs: 1 package(s) x 4 core(s)
                          AES-NI CPU Crypto: No
                          8 Gig RAM
                          250GB SSD

                          https://ant-techs.is/ip-blocklists

                          1 Reply Last reply Reply Quote 0
                          • A
                            anttechs
                            last edited by Oct 5, 2017, 1:13 PM

                            So Far this is my list but I didn't put them in any order, all I did was scrape the url's from the backup files.
                            Sorry for being lazy but at least you get the links to check out yourself if you already have not got them.

                            These are Ipv4 and DNSBL feeds

                            https://rules.emergingthreats.net/blockrules/compromised-ips.txt
                            https://rules.emergingthreats.net/fwrules/emerging-Block-IPs.txt
                            https://www.spamhaus.org/drop/drop.txt
                            https://ransomwaretracker.abuse.ch/downloads/RW_IPBL.txt
                            http://cinsscore.com/list/ci-badguys.txt
                            https://zeustracker.abuse.ch/blocklist.php
                            https://sslbl.abuse.ch/blacklist/sslipblacklist_aggressive.csv
                            https://feeds.dshield.org/block.txt
                            https://labs.snort.org/feeds/ip-filter.blf
                            https://reputation.alienvault.com/reputation.snort.gz
                            http://www.projecthoneypot.org/list_of_ips.php
                            http://www.malwaredomainlist.com/hostslist/ip.txt
                            http://www.nothink.org/blacklist/blacklist_ssh_week.txt
                            https://feodotracker.abuse.ch/blocklist/?download=ipblocklist
                            http://blocklist.greensnow.co/greensnow.txt
                            https://lists.blocklist.de/lists/all.txt
                            http://www.stopforumspam.com/downloads/toxic_ip_cidr.txt
                            https://malc0de.com/bl/IP_Blacklist.txt
                            https://www.badips.com/get/list/any/2
                            https://www.binarydefense.com/banlist.txt
                            https://rules.emergingthreats.net/fwrules/emerging-Block-IPs.txt
                            https://rules.emergingthreats.net/blockrules/compromised-ips.txt
                            https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/firehol_level3.netset
                            https://isc.sans.edu/block.txt
                            https://zeustracker.abuse.ch/blocklist.php
                            https://easylist-downloads.adblockplus.org/easylist_noelemhide.txt
                            https://easylist-downloads.adblockplus.org/easyprivacy.txt
                            http://pgl.yoyo.org/adservers/serverlist.php
                            http://hosts-file.net/ad_servers.txt
                            https://adaway.org/hosts.txt
                            http://sysctl.org/cameleon/hosts
                            https://ransomwaretracker.abuse.ch/downloads/LY_DS_URLBL.txt
                            https://ransomwaretracker.abuse.ch/downloads/RW_DOMBL.txt
                            http://mirror1.malwaredomains.com/files/immortal_domains.txt
                            https://s3.amazonaws.com/lists.disconnect.me/simple_tracking.txt
                            https://s3.amazonaws.com/lists.disconnect.me/simple_ad.txt
                            https://raw.githubusercontent.com/quidsup/notrack/master/trackers.txt
                            https://gist.githubusercontent.com/BBcan177/4a8bf37c131be4803cb2/raw/be5fddb116667699c246df97b79e1032ab71bb1c/MS-2
                            https://gist.githubusercontent.com/BBcan177/bf29d47ea04391cb3eb0/raw/b344ebc9475acdea1fae38a12c4ea9332838a184/MS-1
                            http://jasonhill.co.uk/pfsense/ad_servers_dnsbl.txt
                            http://osint.bambenekconsulting.com/feeds/c2-dommasterlist.txt

                            Intel(R) Celeron(R) CPU J1900 @ 1.99GHz
                            Current: 1992 MHz, Max: 1993 MHz
                            4 CPUs: 1 package(s) x 4 core(s)
                            AES-NI CPU Crypto: No
                            8 Gig RAM
                            250GB SSD

                            https://ant-techs.is/ip-blocklists

                            1 Reply Last reply Reply Quote 1
                            • B
                              BSA66
                              last edited by BSA66 Dec 13, 2018, 1:11 AM Dec 12, 2018, 3:30 PM

                              That's an awesome List, thank you for sharing it @anttechs
                              I was just surfing all the way up and down to find sth similar, here it is. Just amazing!


                              Edit
                              I really do not know if it should have had been mentioned here but on http://iplists.firehol.org/ there is a comparison of several free accessible Lists.
                              As it surely needs a little "work-in" imo it got the option to provide a good overview over several lists and even how individual lists overlaps one with an other.

                              I just found it shortly. As I see it might provide one with a nice and unique overview though it might even need some time to get even this. Anyway, I guess it might be a good addition for any searches.

                              1 Reply Last reply Reply Quote 0
                              • First post
                                Last post
                              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                                [[user:consent.lead]]
                                [[user:consent.not_received]]