pfBlockerNG-devel v3.1.0_0

BBcan177

A Pull Request has been submitted to the pfSense devs for review and approval.

https://www.patreon.com/posts/55919257

As per the pfSense Devs, it is available to be installed for the following pfSense versions:

• CE 2.6.0 and 2.5.2

• Plus 21.09 and 21.05.1

Note: For Unbound Python mode - Drive space issue:

There are two choices to have the new code take effect -

1. Disable DNSBL, Save, Force Update, Followed by re-enable of DNSBL, Save, Force Update
   or
2. Reboot

Then check drive space with

 df -hm

Cool_Corona

@BBcan177 You are doing a great job for the community. Thank you.

fireodo

@BBcan177
Thank you very much!

keyser

@bbcan177 Thank you so much for your work and dedication to this project and your pfBlockerNG package.

pfBlockerNG is what brings pfSense to the next level in my book :-)

Surreallo

@bbcan177

thanks for the update! your package is the main reason I use pfsense!

longhorn

@bbcan177 I logged in just to say THANK YOU to you and Ronaldo Botelho.

The issue fixed in his pull request was driving me nuts the last 6+ months as I could not figure out why I kept getting IPv6 addr log errors. Any changes I made to config files were wiped out on reboot, and it was a very frustrating experience to get hundreds of notifications every day for a non-issue.

I am very thankful to this community and its members who work tirelessly to improve IT Sec for everyone! Kudos to you both!

https://redmine.pfsense.org/issues/12330

p32spaceblaster

Is anyone else having issues upgrading? I get the following:
Confirmation Required to upgrade package pfSense-pkg-pfBlockerNG-devel from 3.0.0_16 to 3.1.0.

Then this

Upgrading pfSense-pkg-pfBlockerNG-devel...
Updating pfSense-core repository catalogue...
pfSense-core repository is up to date.
Updating pfSense repository catalogue...
pfSense repository is up to date.
All repositories are up to date.
Failed

ltolbert

This post is deleted!

miquim

I can not update the UT1 & ShallaList categories.

my log is allways this:

UPDATE PROCESS START [ v3.1.0 ] [ 10/26/21 16:25:00 ]

===[  DNSBL Process  ]================================================

Clearing all DNSBL Feeds

TLD Analysis not required.
Stopping Unbound Resolver
Unbound stopped in 1 sec.
Additional mounts (DNSBL python):
  No changes required.
Starting Unbound Resolver... completed
Restarting DNSBL Service (DNSBL python)
DNSBL update [ 0 | PASSED  ]... completed [ 10/26/21 16:25:01 ]
------------------------------------------------------------------------

===[  GeoIP Process  ]============================================


===[  Aliastables / Rules  ]==========================================

No changes to Firewall rules, skipping Filter Reload
No Changes to Aliases, Skipping pfctl Update

 UPDATE PROCESS ENDED

any one can help me?

Gertjan

@miquim said in pfBlockerNG-devel v3.1.0_0:

any one can help me?

Looks like this :

isn't checked, right ?

The message "Clearing all DNSBL Feeds" is showed under one condition :

// When DNSBL is enabled and no Aliases are defined, or all Aliases are Disabled

as in that case there is nothing to do.

miquim

@gertjan said in pfBlockerNG-devel v3.1.0_0:

@miquim said in pfBlockerNG-devel v3.1.0_0:

any one can help me?

Looks like this :

isn't checked, right ?

The message "Clearing all DNSBL Feeds" is showed under one condition :

// When DNSBL is enabled and no Aliases are defined, or all Aliases are Disabled

as in that case there is nothing to do.

no, it is enable, I make a fresh install of pfsense pfSense-CE-2.5.2-RELEASE-amd64, than install the pfBlockerNG-devel version 3.1.0.

and get same error

miquim

@miquim said in pfBlockerNG-devel v3.1.0_0:

@gertjan said in pfBlockerNG-devel v3.1.0_0:

@miquim said in pfBlockerNG-devel v3.1.0_0:

any one can help me?

Looks like this :

isn't checked, right ?

The message "Clearing all DNSBL Feeds" is showed under one condition :

// When DNSBL is enabled and no Aliases are defined, or all Aliases are Disabled

as in that case there is nothing to do.

no, it is enable, I make a fresh install of pfsense pfSense-CE-2.5.2-RELEASE-amd64, than install the pfBlockerNG-devel version 3.1.0.

and get same error

i found the problem, I need to create this dnsbl group like this and it worked.

rjamesm

Any word on safe search allowing duckduckgo? It appears it doesn't work.

ksh

Hi
I have some challanges with pfBlockerNG on version 22.05.
I have 2 pfSense were i have a custom IPv4 source defination.
On one of my pfSense it does not update the entire list on my other it does.
They are sync the settings to eachother so it has the same configuration.
Any idea why this might go bad?
It seems that pfSense 1 is just stuck on some cache or some "obsolete" list

pfSense 1 log
Alias table IP Counts

18754 total
16397 /var/db/aliastables/pfB_PRI1_v4.txt
1178 /var/db/aliastables/pfB_Allow_Hosting_Gateway_v4.txt
1178 /var/db/aliastables/pfB_Allow_Hosting_Customers_v4.txt
1 /var/db/aliastables/pfB_3CX_ServerPublic_v4.txt

pfSense 2 log
Alias table IP Counts

19042 total
16635 /var/db/aliastables/pfB_PRI1_v4.txt
1203 /var/db/aliastables/pfB_Allow_Hosting_Gateway_v4.txt
1203 /var/db/aliastables/pfB_Allow_Hosting_Customers_v4.txt
1 /var/db/aliastables/pfB_3CX_ServerPublic_v4.txt

Gertjan

@ksh

Do a Force reload, and look at what the log, at the bottom of the page, produces.
Even when I asked a

the files didn't get reloaded again :

...
====================[ DNSBL Last Updated List Summary ]==============

Oct 3	00:00	DNSBL_174618
Dec 5	00:00	UT1_gambling
Dec 5	00:00	UT1_games
Dec 5	00:00	UT1_phishing
Dec 5	00:00	UT1_warez
Dec 5	00:00	StevenBlack_ADs
===============================================================
...

Note : where I live, its December 7.
So, it might be possible that files on your two pfSense are not 100 % identical.
This behaviour is normal. List don't get reloaded every hours or so as this (xx thousands of pfBlockerng-devel are running out there) would destroy the web servers that hosts these files.

Btw : I've demanded to update my one and only DNSBL list Weekly, as these lists do not get updated massively every hour or day and I don't bother missing one or two.

ksh

@gertjan
My custom list needs to be adjusted more than once an hour :)

Bottom of the log file:
====================[ DNSBL Last Updated List Summary ]==============

Nov 29 00:00 StevenBlack_ADs

Database Sanity check [ PASSED ]

Masterfile/Deny folder uniq check
Deny folder/Masterfile uniq check

Sync check (Pass=No IPs reported)

Alias table IP Counts

18754 total
16397 /var/db/aliastables/pfB_PRI1_v4.txt
1178 /var/db/aliastables/pfB_Allow_Hosting_Gateway_v4.txt
1178 /var/db/aliastables/pfB_Allow_Hosting_Customers_v4.txt
1 /var/db/aliastables/pfB_3CX_ServerPublic_v4.txt

pfSense Table Stats

table-entries hard limit 400000
Table Usage Count 159353

UPDATE PROCESS ENDED [ 12/7/22 13:03:18 ]

Gertjan

@ksh

You didn't show what I've showed you.
The part with the dates and hour.

I've tricked my pfblockerng-devel by forcing it to download the lists again.
I've deleted all the files in /var/db/pfblockerng/dnsblorig/
Then I did a force reload.
It showed :

====================[ DNSBL Last Updated List Summary ]==============

Dec 7	13:37	UT1_gambling
Dec 7	13:37	UT1_games
Dec 7	13:37	UT1_phishing
Dec 7	13:37	UT1_warez
Dec 7	13:37	StevenBlack_ADs
===============================================================

Done ;)

ksh

@gertjan
So this one?
====================[ IPv4/6 Last Updated List Summary ]==============

Nov 10 03:53 Spamhaus_eDrop_v4
Nov 29 05:18 Spamhaus_Drop_v4
Nov 29 06:30 ET_Block_v4
Nov 29 23:16 ET_Comp_v4
Nov 30 06:00 Talos_BL_v4
Nov 30 12:50 ISC_Block_v4
Nov 30 13:18 CINS_army_v4
Nov 30 14:00 Abuse_SSLBL_v4
Nov 30 14:00 Abuse_Feodo_C2_v4
Nov 30 14:00 CompusoftCustomers_v4
Dec 7 13:03 3CX_ServerPublic_custom_v4

Gertjan

@ksh

Yep.
Rookie mode : Delete them all - and sync pfblocker
Better be safe then sorry : copy them on a safe place and then delete them all, and sync pfblocker

Btw : Dec 7 13:03 3CX_ServerPublic_custom_v4 (your own list ?) seems recent enough.

Other lists : if they didn't changed, they won't get downloaded (I guess ?!)

ksh

@gertjan
I removed the list. And added it again. This works.
But if i go and add an IP to the list an run the job it doesn't get updated :/

There should be 1278 and 1276 in /var/db/aliastables/pfB_Allow_Hosting_Customers_v4.txt

I can also see that it seems like it doesn't get updated from when i create it to i update it.
But my 3CX_ServerPublic_custom_v4 seems to be updated everytime. This is an Alias Native. and not a list.

====================[ IPv4/6 Last Updated List Summary ]==============

Nov 10 03:53 Spamhaus_eDrop_v4
Nov 29 05:18 Spamhaus_Drop_v4
Nov 29 06:30 ET_Block_v4
Nov 29 23:16 ET_Comp_v4
Nov 30 06:00 Talos_BL_v4
Nov 30 12:50 ISC_Block_v4
Nov 30 13:18 CINS_army_v4
Nov 30 14:00 Abuse_SSLBL_v4
Nov 30 14:00 Abuse_Feodo_C2_v4
Dec 7 21:21 CustomersGateway_v4
Dec 7 21:23 CompusoftCustomers_v4
Dec 7 21:35 3CX_ServerPublic_custom_v4

====================[ DNSBL Last Updated List Summary ]==============

Nov 29 00:00 StevenBlack_ADs

Database Sanity check [ PASSED ]

Masterfile/Deny folder uniq check
Deny folder/Masterfile uniq check

Sync check (Pass=No IPs reported)

Alias table IP Counts

20550 total
17997 /var/db/aliastables/pfB_PRI1_v4.txt
1276 /var/db/aliastables/pfB_Allow_Hosting_Gateway_v4.txt
1276 /var/db/aliastables/pfB_Allow_Hosting_Customers_v4.txt
1 /var/db/aliastables/pfB_3CX_ServerPublic_v4.txt

pfSense Table Stats

table-entries hard limit 400000
Table Usage Count 161000

UPDATE PROCESS ENDED [ 12/7/22 21:35:30 ]