shalla list off

emanuelgaio

Good Morning.
Apparently the shallist went off the air for good.
Does anyone have any other suggestions besides the French list?
Thanks.

jdeloach

@emanuelgaio said in shalla list off:

Good Morning.
Apparently the shallist went off the air for good.
Does anyone have any other suggestions besides the French list?
Thanks.

What kind of error are you getting? I use that feed and it appears to be working for me. I don't see any errors, even added a new group and it downloaded without any errors.

johnpoz

@jdeloach maybe you guys are talking about different things?

But this came up in another thread

So not sure what your downloading or from where, or when it was last downloaded/updated? But yeah they went offline a while back..

Right on the site
"Due to personal reasons and the political situation in this country the company Shalla Secure Services has been closed and in consequence the blacklist service has been stopped. "

Gertjan

@johnpoz said in shalla list off:

political situation in this country

edit : not you, but what is shown on the site.

Wait. It look like this is 'some site' hosted in Germany.
"Political situation" issue in Germany ??

I know for a fact that I'm not German, so I do not pretend to know or understand political 'stuff' going on there. But most of my family is. So I asked :
"Merkel is gone. There is a new guy now. Did something change " ?
The short answer was : no. ( It was 'nein' meaning the same thing ).

I do fully understand the "Due to personal reasons ...." - that's always ok.

johnpoz

@gertjan Maybe the political stuff talking about is new laws or something with related to IT stuff?

I have a few friends in DE I could check with, and some friends here that are German and in the IT arena..

I knew they got a new chancellor a few months back, Olaf Scholz replaced Merkel, what that that means for DE overall, I not sure - something to do with 3 way coalition.. I heard they going to legalize weed ;) hehehe

While I personally think I pay more attention to world events and news than many Americans, I have to admit I am a bit behind on what has been going on in Germany.. Before covid I would of been talking with my German colleagues and after work beers and discussing all sorts of topics pretty much on a daily basis..

emanuelgaio

@jdeloach informs that the list no longer exists. On their website it says that it went offline. I wanted an alternative that was good.

Gertjan

@emanuelgaio

I know some one who could help you : Google : alternative for shallalist

I didn't test any of them myself, and I wasn't use the lalalist neither.

emanuelgaio

@gertjan I asked for support for fear of putting up a bad list. In case anyone had used another one and could give an opinion. I'll try a test environment to see which one suits me. Thanks.

ENC

@emanuelgaio
I'm researching a good quality "blacklist" too, if you find any good alternatives, share if you can. I'm from Brazil, excuse the bad english.

JonathanLee

@emanuelgaio I would also like to know if there is a replacement list.

https://forum.netgate.com/topic/169408/shalla-urlblacklist-for-squidguard-service-has-been-stopped/2

emanuelgaio

@enc Good afternoon my friend.
I found this site in it has several lists, I tested the "blacklists_for_pfsense.tar.gz"
Full download link: http://dsi.ut-capitole.fr/blacklists/download/blacklists_for_pfsense.tar.gz
Hope this helps.

netblues

How do we add a new category feed then?

emanuelgaio

@netblues I don't know how to insert new category. This other list has some similar to shallist. I'm testing too.
http://dsi.ut-capitole.fr/blacklists/download/blacklists_for_dansguardian.tar.gz

ENC

@netblues In Squid: Services/Squidguard proxy filter/Target Categories/Add. Then choose a name and place the domains or links.

netblues

I was looking for the pfblockerng entry :)

sebden

Anyone else have the Squidguard running wild since using the capitole list?

After one update of the new list, the squidguard starts around 20-24 processes and the UI runs slow to almost unusable. I have 3 Boxes testet and 2 are unable to use the list. Happens with pf 2.5.2 and after update to 2.6.0 too.

Are there other trustfull lists out there for testing?

JonathanLee

@sebden someone just recommended this list

http://dsi.ut-capitole.fr/blacklists/download/blacklists_for_pfsense_reducted.tar.gz

Waqar.UK

@jonathanlee

Anyone tried this link?

JonathanLee

@waqar-uk Not me want to test it out first???? Please??? I do not want to reimage the firmware if it fails again.

Waqar.UK

@jonathanlee

I understand. Reinstalled ver 2.60 - to get a ZFS file system. Took about 10 minutes. Suricata and PfgBlocker next. So far so good.

Tried that link: got this message

Hmm. We’re having trouble finding that site.

We can’t connect to the server at dsi.ut-capitole.fr.

JonathanLee

@waqar-uk Dang The original version I used I had to reimage after it installed it broke my system. I got this link from someone else I have not tested it yet because its exam week

stephenw10

@jonathanlee said in shalla list off:

http://dsi.ut-capitole.fr/blacklists/download/blacklists_for_pfsense_reducted.tar.gz

The file downloads fine for me. I haven't tried it in Squid.

Waqar.UK

@stephenw10 said in shalla list off:

http://dsi.ut-capitole.fr/blacklists/download/blacklists_for_pfsense_reducted.tar.gz

Now it works for me. I wonder why before it did not?

Does it work in Suricata?

JonathanLee

@waqar-uk

This works!!!
I just tested this after the summer semester has been completed!!

(Image: Blacklist loading)

(Image: Blacklist Loaded)

(Image: SquidGuard Catagories restored

nimrod

@jonathanlee said in shalla list off:

@waqar-uk

This works!!!
I just tested this after the summer semester has been completed!!

(Image: Blacklist loading)

(Image: Blacklist Loaded)

(Image: SquidGuard Catagories restored

UT1 is not working in pfBlockerNG because its using this link:

 ftp://ftp.ut-capitole.fr/pub/reseau/cache/squidguard_contrib/blacklists.tar.gz

First i thought its the issue with pfBlockerNG, but if i try to manually download this file from my desktop machine by using wget, this is what i get:

 wget ftp://ftp.ut-capitole.fr/pub/reseau/cache/squidguard_contrib/blacklists.tar.gz
--2022-08-03 20:27:53--  ftp://ftp.ut-capitole.fr/pub/reseau/cache/squidguard_contrib/blacklists.tar.gz
           => ‘blacklists.tar.gz’
Resolving ftp.ut-capitole.fr (ftp.ut-capitole.fr)... 193.49.48.249
Connecting to ftp.ut-capitole.fr (ftp.ut-capitole.fr)|193.49.48.249|:21... connected.
Logging in as anonymous ... Logged in!
==> SYST ... done.    ==> PWD ... done.
==> TYPE I ... done.  ==> CWD (1) /pub/reseau/cache/squidguard_contrib ... done.
==> SIZE blacklists.tar.gz ... 30615325
==> PASV ...

And thats where its stuck. I edited /usr/local/pkg/pfblockerng/ut1_global_usage and changed the link to point to

https://dsi.ut-capitole.fr/blacklists/download/blacklists.tar.gz

It gets downloaded without any issues, but it fails to install. I downloaded blacklists.tar.gz manually and unpacked it with tar, and there is another tar archive inside. pfBlockerNG extracts the content of the archive and expects folders containing category lists, but instead, its just another archive and thats where it fails.

I can extract the initial archive, and upload extracted tar file somewhere else, and update the link in ut1_global_usage file, and that works. But that needs to be done very time there is a update.

Is it safe to say that both Shallalist and UT1 are dead on pfBlockerNG ?

JonathanLee

@nimrod http://dsi.ut-capitole.fr/blacklists/download/blacklists_for_pfsense_reducted.tar.gz

Try this it works for me and I have lists again inside of squid guard. The website has support I have emailed to have URLs added and they add them also.

This was the same issue I had it would download and not install, this list works it ends with reducted. Yes shalla list is gone, I wanted to save the last list that was available but I didn't get to in time.

Squidguard is different than PfblockerNG

nimrod

@jonathanlee said in shalla list off:

@nimrod http://dsi.ut-capitole.fr/blacklists/download/blacklists_for_pfsense_reducted.tar.gz

Try this it works for me and I have lists again inside of squid guard. The website has support I have emailed to have URLs added and they add them also.

This was the same issue I had it would download and not install, this list works it ends with reducted. Yes shalla list is gone, I wanted to save the last list that was available but I didn't get to in time.

Squidguard is different than PfblockerNG

I know.

But i dont use Squidguard. I use pfBlockerNG. And these lists are not working in pfBlockerNG. That was the whole pont of my post.

JonathanLee

@nimrod this list states PfSense

nimrod

@jonathanlee said in shalla list off:

@nimrod this list states PfSense

Yes. And that can be anything from pfBlocker, to Snort, Suricata or Squidguard.

JonathanLee

@nimrod

Hello, this list is different, and does in fact work for Squidguard inside of a Netgate 2100 Max running PfSense software version 22.05. I just tested URL shorteners and it shows blacklist blocked. I understand that you are only using PfBlockNG. However I noticed the items your testing show a different blacklist URL over the URL that I have provided. Please note, "Squidguard in Pfsense has a problem with the size of the database. pfblockerNG (a specific package or pfsense) might be the solution: an explanation" (Per BlackList Website).

I am sorry I thought this URL would also work for the other package as it is not branded as a specific package, only branded as PfSense and marked as reduced for home firewalls to provide a fix for the size of the database issue.

URLs that you showed for your post are that do not work for me also:
https://dsi.ut-capitole.fr/blacklists/download/blacklists.tar.gz

ftp://ftp.ut-capitole.fr/pub/reseau/cache/squidguard_contrib/blacklists.tar.gz

The above URLs also did not work on my Pfsense with Squidguard, they would not load because of the database size issue.

URL that works for my Pfsense:

http://dsi.ut-capitole.fr/blacklists/download/blacklists_for_pfsense_reducted.tar.gz

I thought it was worth posting this URL as it might work for your package PfBlockNG. This is a different URL.

(Image: URL Blacklist running successful blocks for websites by category blocks provided by the URL above)

nimrod

@jonathanlee said in shalla list off:

@nimrod

Hello, this list is different, and does in fact work for Squidguard inside of a Netgate 2100 Max running PfSense software version 22.05. I just tested URL shorteners and it shows blacklist blocked. I understand that you are only using PfBlockNG. However I noticed the items your testing show a different blacklist URL over the URL that I have provided. Please note, "Squidguard in Pfsense has a problem with the size of the database. pfblockerNG (a specific package or pfsense) might be the solution: an explanation" (Per BlackList Website).

I am sorry I thought this URL would also work for the other package as it is not branded as a specific package, only branded as PfSense and marked as reduced for home firewalls to provide a fix for the size of the database issue.

URLs that you showed for your post are that do not work for me also:
https://dsi.ut-capitole.fr/blacklists/download/blacklists.tar.gz

ftp://ftp.ut-capitole.fr/pub/reseau/cache/squidguard_contrib/blacklists.tar.gz

The above URLs also did not work on my Pfsense with Squidguard, they would not load because of the database size issue.

URL that works for my Pfsense:

http://dsi.ut-capitole.fr/blacklists/download/blacklists_for_pfsense_reducted.tar.gz

I thought it was worth posting this URL as it might work for your package PfBlockNG. This is a different URL.

(Image: URL Blacklist running successful blocks for websites by category blocks provided by the URL above)

None of those files in that web folder will will work with pfBlockerNG because they are all tar archives inside the tar archive. Such format is not supported.

dauhee

@nimrod said in shalla list off:

http://dsi.ut-capitole.fr/blacklists/download/blacklists_for_pfsense_reducted.tar.gz

http://dsi.ut-capitole.fr does not appear to be alive any more

JonathanLee

@dauhee It seems to be working still for me in California

(Image: Testing blacklist)

(Image: Download complete)

Email: fabrice.prigent@ut-capitole.fr
he manages this blacklist if you are having issues, I recently emailed a update for DoH addresses to add to the blacklist he is returning to check emails Jan 3rd I think the auto response said.

JonathanLee

@dauhee said in shalla list off:

http://dsi.ut-capitole.fr

It seems to be working email that email address if you want to add URL items.

I recently emailed to add DoH

JonathanLee

@dauhee

https://forum.netgate.com/topic/176693/dns-over-443/6?_=1672707245355

I was having major issues with DoH bypassing my DNS and just doing whatever it wanted port hopping to DNS on HTTPS. If you want, I can send you that blacklist and you just have to use an Apache server to download it on pfSense.

Link to a working url blacklist for pfsense squidguard package:

Squidguard Package: I saved the download of the open-source software just in case zip of tar gz file
squidGuard-1.3.tar.zip

Google Drive Link to a working URL blacklist for Pfsense Squidguard package that I use for a 2100 Max:
https://drive.google.com/file/d/1KsE8H5Q_wa7cT2knU0iQynCQ_A_xPIVc/view?usp=share_link

The official source of the blacklist listed above:
http://dsi.ut-capitole.fr/blacklists/index_en.php

Keep in mind the list above is the pfsense reducted version for lower memory firewalls:
http://dsi.ut-capitole.fr/blacklists/download/blacklists_for_pfsense_reducted.tar.gz

Loading this, you could load this blacklist on the Linux box. Just type at a prompt:

service apache2 start

make sure you copy the blacklist over to /var/www/foldernamehere
store that blacklist inside that folder.

now use the ip address of the linux box with http://192.168.1.10/foldernamehere/blacklistfile

Now download it into the firewall box with your custom apache server.

jdeloach

@jonathanlee

Just an FYI, I know this is not a popular option, but myself I have updates turned off for Shallalist and UT1 but still have the list enabled. All the files are stored on your computer unless you deleted them.

It is outdated but it still catches several hundred hits for the categories that I have selected. I think it is given that there is probably not a replacement for this list so you either use the outdated list as is or you just disable it and move on. Folks have been complaining about this for a year now so it is time to let it die. The world is not going to end if this list does not get resurrected.

If we, the users, can't find a replacement for this list, I think it is unfair to expect the pfBlockerNG maintainer to pull a replacement for it out of his ass.

JonathanLee

@jdeloach Do you possibly still have the shalla list in .tar.gz? I want to save it. We should make a github with the lists for use with both squidguard and pfblocking.

jdeloach

@jonathanlee said in shalla list off:

@jdeloach Do you possibly still have the shalla list in .tar.gz? I want to save it. We should make a github with the lists for use with both squidguard and pfblocking.

You probably already have these files on your pfsense computer. Check the following directories for the compressed files:
/var/db/pfblockerng/shallalist.tar.gz
/var/db/pfblockerng/ut1.tar.gz

The uncompressed files in following directories:
/var/db/pfblockeng/shallalist/(uncompressed category files)
/var/pfblockerng/ut1/(uncompressed category files)

The above files should be on anyone's computer that has ever had shallalist and ut1 enabled in pfBlockerNG. Keep in mind these files will be outdated.

JonathanLee

@jdeloach I had to format my system shortly after shalla went down :(

dauhee

@jonathanlee oh wow, thank you very much. yes http://dsi.ut-capitole.fr/blacklists/download/blacklists_for_pfsense_reducted.tar.gz is working for me now. it was late at night and maybe I didn't check the link properly or in the middle of me setting up squid proxy I did something wrong

really appreciated for the information