pfBlocker source for mining IPv4 usng ASN does not contain all IPv4 entries when compared to

  • I am on 2.4.4. development branch at the moment.

    I am having issues with my Selective Routing rules on pfSense. I use the IP list feature of pfBlockerNG to mine AS numbers for streaming media companies. I then create LAN firewall rules to route the traffic to the appropriate interface. I have to supplement the list with domain names I have harvested. On my Asus router, I wrote a program to obtain the IPv4 addresses from I do not have to supplement the IPv4 list with domain names I harvested. I only have to use the IPv4 lists downloaded from

    It appears that pfBlockerNG is not obtaining the same list of IPv4 addresses when I compare it to It is often a smaller list.

    One example is the IPv4 list for Move Networks (SlingTV) on


    Here is the list generated by pfBlockerNG

    The list created by pfBlockerNG is missing many IPv4 entries. This is also the case for several other ASNs.

    Here is a snip of the config screen in pfBlockerNG


    Can the source for obtaining the IPv4 addresses from AS Numbers be configured?

    Thank you

  • I manually populated my IPv4 lists using as the source. Here is the example of the code used to gather AS13996:

    curl 2>/dev/null | grep -E "a href.*13996\/" | grep -v ":" | sed 's/^.*<a href="\/AS13996\///; s/" >//'

    I am happy to report that my selective routing is working using the AS Numbers from I plan to do a comparison of the list I generated from ipinfo and compare it with what pfBlockerNG obtains using the built in AS Number mining IPv4 feature. I noticed the pfBlocker Update process consolidates the IPv4 lists. So that could explain why I saw some differences.

  • Moderator

    pfBlockerNG uses the for the AS info... Unfortunately its not always the best... I'd like to spend some more time to find some better alternatives.

    This is the command that is used to collect the ASN's currently:

    mwhois -h \!"gAS35873" | tail -n +2 | tr -d '\nC' | tr ' ' '\n'

    Alternatively, you could add this URL in the Source Field (IPv4 tab) and it will pull all IPs on the page automatically:

    Unfortunately it also pulled these IPs that were part of the "Related Networks" table in that ipinfo page. It might not cause any issues for you tho...

  • @bbcan177 Thank you for the reply. When I first got into Selective Routing last year on my Asus router, I also used the entware package whob to mine IPv4 addresses. I also discovered that it did not return the number of IPv4 addresses compared to Here is a snip of example code use to obtain IPv4 for a website.

    #Pull all IPs listed for on
    whob -h -- '-i origin AS16625' | grep -Eo "([0-9.]+){4}/[0-9]+"'

    So, I went with I have since found two other similar sites. I too have been on the lookout for an alternative source. I will let you know if I find any.

Log in to reply