Block lists - Supported formats
-
I might want to do my own block list but I cannot find out what formats are supported. I can go through ones that are present in pfBlockerNG and make an educated guess but it would be nice to have an official list of them.
If anyone can point me in the right direction.
thanks
-
@shoulders See whether these help: https://www.sunnyvalley.io/docs/network-security-tutorials/pfblockerng
https://docs.netgate.com/pfsense/en/latest/packages/pfblocker.html
-
these are of no use.
I need the programmatic syntax that pfBlockerNG supports
thanks anyway
-
I can tell you for a fact apart from just the IP addresses in plain text it also supports XML files as I use the following to block Shodan:-
https://isc.sans.edu/api/threatlist/shodan/?xml
-
@nogbadthebad said in Block lists - Supported formats:
https://isc.sans.edu/api/threatlist/shodan/?xml
Thanks interesting. I suspect the feed parser is very powerful.
-
I found and read the parser code. He is a quick over view.
IP Block Lists
There is are no defined supported formats. All files are treated as text files and then an IPv4 and IPv6 regex is applied and all of the IPs are extracted allowing all formats and more (json, csv, xml, text)DNSBL
- CSV can only be used if they match one of the internally coded formats which are feed specific.
- each line is processed as a single record
- if a valid (non 0.0.0.0 / 127.0.0.1) address is found on the same as a domain, then the domain is ignored.
- domains are extracted (via various clean ups) from the record and then processed as you expect.
Hope this helps
