• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

IP Blocker / IP Blocklists

Scheduled Pinned Locked Moved pfSense Packages
15 Posts 8 Posters 8.4k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • E
    energy
    last edited by Oct 2, 2006, 12:35 PM

    Can someone create a IP Blocker package like Peerguardian http://phoenixlabs.org/ so that u can insert multiple  and custom blocklists from o.a http://www.bluetack.co.uk with manual/auto update function and allso that u can choose between block http or not, so that u can still visit website's when the ip is in located in the blocklist.

    It just a idea, maybe someone have interests :-*

    1 Reply Last reply Reply Quote 0
    • H
      hoba
      last edited by Oct 2, 2006, 1:31 PM

      No need for that. We already have this feature in the upcoming aliassystem for version 2.0: http://pfsense.com/~sullrich/pics/SampleAlias.PNG

      You then can use these aliases to apply to your custom firewallrules which gives you a lot of flexibility wether to only bloc http, smtp or whatever.

      1 Reply Last reply Reply Quote 0
      • E
        energy
        last edited by Oct 2, 2006, 1:53 PM

        Very nice, cant wait.

        Keep up the good work, u guys rox 8)

        1 Reply Last reply Reply Quote 0
        • U
          unforeseen
          last edited by Oct 17, 2006, 5:43 PM

          Wow this is really exciting.. I know this thread is a few weeks old but in my book this is one of the top 3 features I would build into my "ideal" firewall!  (also portscan detection/ auto blackhole 'ing) I just had to show my support!! Any chance that this will be in the beta stage of the 2.0 branch or will it first be introduced in 2.0 for the first time?

          Either way, whoever thought of adding it, thanx alot.  I think it will add an extra layer of protection to any network.  (I tried to do this this in m0n0wall but didn't really workout for me)  :P

          1 Reply Last reply Reply Quote 0
          • H
            hoba
            last edited by Oct 17, 2006, 7:24 PM

            This feature already is in the next alpharelease (or when you build your own headrelease from the developers iso).

            Btw, portscandetection and auto blackholing can be done with the snortpackage already. Just install it ;-)

            1 Reply Last reply Reply Quote 0
            • T
              teck9
              last edited by Nov 22, 2006, 11:00 AM

              is this in feature 1.0.1?

              1 Reply Last reply Reply Quote 0
              • H
                hoba
                last edited by Nov 22, 2006, 12:14 PM

                Snort is available as package like I said already.

                1 Reply Last reply Reply Quote 0
                • T
                  teck9
                  last edited by Nov 24, 2006, 6:04 AM

                  sorry, i meant the new aliases feature.

                  1 Reply Last reply Reply Quote 0
                  • H
                    hoba
                    last edited by Nov 24, 2006, 7:42 AM

                    This feature is not yet available. No timeframe for a release yet. The next major version just is in alpha stage.

                    1 Reply Last reply Reply Quote 0
                    • A
                      anomaly65
                      last edited by Dec 29, 2006, 9:31 PM

                      That'll definitely be a sweet addition to have.  Heck, if for nothing else, just to block trojan sites and so on.

                      I tried linblock.pl (will process same said files into iptables on your linux machine. By the time there are a few thousand entries my dual proc athlon w/ 4Gigs of ram and u320 hard drives just slows to a crawl)  Surreal to say the least. It's an old beast, overclocked to hell, intel server gig nic, but even with system loads at 15+ is 100% responsive. Not so with anything large in iptables.

                      Now the sad part is that in vmware on same said machine, peerguardian, protowall, and other similar programs run just fine and dandy with the exact same lists.

                      Yeah, I've been a pf fan for a long time. never did like that other brand of cola :-)

                      In any case, as always, keep up the excellent work, and look forward to continuing releases.
                      thanks,
                      andy

                      1 Reply Last reply Reply Quote 0
                      • M
                        Mikhail
                        last edited by Dec 31, 2006, 11:34 AM

                        @hoba:

                        No need for that. We already have this feature in the upcoming aliassystem for version 2.0: http://pfsense.com/~sullrich/pics/SampleAlias.PNG

                        You then can use these aliases to apply to your custom firewallrules which gives you a lot of flexibility wether to only bloc http, smtp or whatever.

                        Hoba, why are you using description like "Bad hosts like Russian"? I am from Russia. What do you mean? That all russian hosts are bad? There are much more hackers is EU and US than is Russia, remember this!

                        1 Reply Last reply Reply Quote 0
                        • H
                          hoba
                          last edited by Dec 31, 2006, 1:15 PM

                          1. This screenshot is not done by me, I just linked it
                          2. it reads "known bad hosts …" so it doesn't include ALL russian hosts, china is referenced there btw too
                          3. it's just an example
                          4. I don't have any hard feelings against russians or any other nation

                          ;D

                          1 Reply Last reply Reply Quote 0
                          • M
                            Mikhail
                            last edited by Dec 31, 2006, 2:06 PM

                            @hoba:

                            1. This screenshot is not done by me, I just linked it
                            2. it reads "known bad hosts …" so it doesn't include ALL russian hosts, china is referenced there btw too
                            3. it's just an example
                            4. I don't have any hard feelings against russians or any other nation

                            ;D

                            ;D
                            Ok. We are from the same dough, as other people ;)
                            Happy new year!

                            1 Reply Last reply Reply Quote 0
                            • B
                              baldmonkey
                              last edited by Feb 2, 2007, 2:11 AM

                              Sorry to resurrect an old thread but does anyone know of any integrated router/firewall/ proxy solution without high mardware requirements which will currently do this?
                              Or any way to hack m0n0/pfsense to do it?
                              I am guessing from the comment above that linblock.pl may work on pfsense but maybe i am wrong.

                              Thanks.

                              1 Reply Last reply Reply Quote 0
                              • T
                                Tuckie
                                last edited by May 1, 2007, 5:00 PM

                                Just wondering if anything has come of this.  I've been getting one too many letters from my ISP and would like to impliment a peerguardian-like solution.

                                1 Reply Last reply Reply Quote 0
                                • First post
                                  Last post
                                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                                  This community forum collects and processes your personal information.
                                  consent.not_received