How to set up Bambenek malicious IP table on pfBlocker
-
I keep trying to set up the Bambenek malicious IP list in pfBlocker, but I constantly get "invalid url or host". I've tried to set it up as an alias, but to no avail. I subscribed (user name and password) to Bambenek, but still doesn't work. Any thoughts on what I'm doing wrong?
-
Maybe this could help you?
I use the Bambenek Feed too and the "@" in the email-adress, has to be replaced by "%40" (without quoting).
-
@fireodo Yes, I have the @ replaced already.
Here's my URL (with email and code removed)
https://myemail%40hotmail.com:MyCode@faf.bambenekconsulting.com/feeds/dga/c2-dommasterlist-high.txt -
@FrankZappa said in How to set up Bambenek malicious IP table on pfBlocker:
@fireodo Yes, I have the @ replaced already.
What happend if you call the Url in a browser?
When I call your feed (with my credentials) I get this (browser call):
-
@fireodo I get the same thing in a browser
-
@FrankZappa said in How to set up Bambenek malicious IP table on pfBlocker:
@fireodo I get the same thing in a browser
That means it has to work - does pfblockerNG shows some errors in the logs?
-
@fireodo No errors, but it doesn't appear to be working on the pfBlocker widget
-
@FrankZappa I see - the last time (in my case) it was updated on 30.11.25:
Here is my URL in pfblockerNG:
https://name%40mail.net:mycode@faf.bambenekconsulting.com/feeds/dga/dga-feed-high.csv.gz
PS. pfblockerNG version: 3.2.8
-
@fireodo Thanks, I tried your URL with my credentials. Still no Joy. Not sure what gives
-
@FrankZappa said in How to set up Bambenek malicious IP table on pfBlocker:
@fireodo Thanks, I tried your URL with my credentials. Still no Joy. Not sure what gives
Hmmmmm ...
-
Could be rate limiting on their feed. Disable the feed for 24hrs and try again. Or send them a support email with your IP.
-
@BBcan177 I requested new credentials from Bambenek. However, it doesn't appear to update. I still have the old white text labeled feed. Not sure if I'm entering the setup correctly. Does anyone know what I'm doing wrong?
-
@FrankZappa said in How to set up Bambenek malicious IP table on pfBlocker:
However, it doesn't appear to update.
For me it looks like it have updated on 20.12.2025 at midnight:
and has 603411 entrys. DNSBL Feeds are white because they are not Aliases in the Firewall.
If you want you can look at "/var/db/pfblockerng/dnsblorig" if the Bambenek Feed is populated and on the file-timestamp you can also see when.my 2 cents,
fireodo -
@fireodo Thanks. I caught the update time after I hit send. So it does appear to update. Thanks for the explanation on feed being in white because they're not aliases. I did check the /var/db/pfblockerng/dnsblorig per your suggestion. However, there's nothing in there.
-
@FrankZappa said in How to set up Bambenek malicious IP table on pfBlocker:
Thanks again.
You're welcome!
-
@FrankZappa said in How to set up Bambenek malicious IP table on pfBlocker:
However, there's nothing in there.
Hummm ... should not be empty ... what you see in:
/var/db/pfblockerng/dnsbl
-
@fireodo also empty.
-
The log file on update shows the following:
Not sure why it says "no domain found" and at the bottom it shows the header file is in "static hold" whatever that means.
-
@FrankZappa I think that feed is an IP based feed
-
@FrankZappa said in How to set up Bambenek malicious IP table on pfBlocker:
The log file on update shows the following:
Maybe you try another domain feed from the Bambenek Site:
https://faf.bambenekconsulting.com/feeds/dga/PS. Whats your pfsense/pfblockerng version?
