IP Blocker / IP Blocklists

energy · Oct 2, 2006, 12:35 PM

Can someone create a IP Blocker package like Peerguardian http://phoenixlabs.org/ so that u can insert multiple and custom blocklists from o.a http://www.bluetack.co.uk with manual/auto update function and allso that u can choose between block http or not, so that u can still visit website's when the ip is in located in the blocklist.

It just a idea, maybe someone have interests :-*

hoba · Oct 2, 2006, 1:31 PM

No need for that. We already have this feature in the upcoming aliassystem for version 2.0: http://pfsense.com/~sullrich/pics/SampleAlias.PNG

You then can use these aliases to apply to your custom firewallrules which gives you a lot of flexibility wether to only bloc http, smtp or whatever.

energy · Oct 2, 2006, 1:53 PM

Very nice, cant wait.

Keep up the good work, u guys rox 8)

unforeseen · Oct 17, 2006, 5:43 PM

Wow this is really exciting.. I know this thread is a few weeks old but in my book this is one of the top 3 features I would build into my "ideal" firewall! (also portscan detection/ auto blackhole 'ing) I just had to show my support!! Any chance that this will be in the beta stage of the 2.0 branch or will it first be introduced in 2.0 for the first time?

Either way, whoever thought of adding it, thanx alot. I think it will add an extra layer of protection to any network. (I tried to do this this in m0n0wall but didn't really workout for me) :P

hoba · Oct 17, 2006, 7:24 PM

This feature already is in the next alpharelease (or when you build your own headrelease from the developers iso).

Btw, portscandetection and auto blackholing can be done with the snortpackage already. Just install it ;-)

teck9 · Nov 22, 2006, 11:00 AM

is this in feature 1.0.1?

hoba · Nov 22, 2006, 12:14 PM

Snort is available as package like I said already.

teck9 · Nov 24, 2006, 6:04 AM

sorry, i meant the new aliases feature.

hoba · Nov 24, 2006, 7:42 AM

This feature is not yet available. No timeframe for a release yet. The next major version just is in alpha stage.

anomaly65 · Dec 29, 2006, 9:31 PM

That'll definitely be a sweet addition to have. Heck, if for nothing else, just to block trojan sites and so on.

I tried linblock.pl (will process same said files into iptables on your linux machine. By the time there are a few thousand entries my dual proc athlon w/ 4Gigs of ram and u320 hard drives just slows to a crawl) Surreal to say the least. It's an old beast, overclocked to hell, intel server gig nic, but even with system loads at 15+ is 100% responsive. Not so with anything large in iptables.

Now the sad part is that in vmware on same said machine, peerguardian, protowall, and other similar programs run just fine and dandy with the exact same lists.

Yeah, I've been a pf fan for a long time. never did like that other brand of cola :-)

In any case, as always, keep up the excellent work, and look forward to continuing releases.
thanks,
andy

Mikhail · Dec 31, 2006, 11:34 AM

@hoba:

No need for that. We already have this feature in the upcoming aliassystem for version 2.0: http://pfsense.com/~sullrich/pics/SampleAlias.PNG

You then can use these aliases to apply to your custom firewallrules which gives you a lot of flexibility wether to only bloc http, smtp or whatever.

Hoba, why are you using description like "Bad hosts like Russian"? I am from Russia. What do you mean? That all russian hosts are bad? There are much more hackers is EU and US than is Russia, remember this!

hoba · Dec 31, 2006, 1:15 PM

1. This screenshot is not done by me, I just linked it
2. it reads "known bad hosts …" so it doesn't include ALL russian hosts, china is referenced there btw too
3. it's just an example
4. I don't have any hard feelings against russians or any other nation

;D

Mikhail · Dec 31, 2006, 2:06 PM

@hoba:

1. This screenshot is not done by me, I just linked it
2. it reads "known bad hosts …" so it doesn't include ALL russian hosts, china is referenced there btw too
3. it's just an example
4. I don't have any hard feelings against russians or any other nation

;D

;D
Ok. We are from the same dough, as other people ;)
Happy new year!

baldmonkey · Feb 2, 2007, 2:11 AM

Sorry to resurrect an old thread but does anyone know of any integrated router/firewall/ proxy solution without high mardware requirements which will currently do this?
Or any way to hack m0n0/pfsense to do it?
I am guessing from the comment above that linblock.pl may work on pfsense but maybe i am wrong.

Thanks.

Tuckie · May 1, 2007, 5:00 PM

Just wondering if anything has come of this. I've been getting one too many letters from my ISP and would like to impliment a peerguardian-like solution.