IP-Blocklist
-
I tried all three lists on the configuration page to no avail.
-
IP-Blocklist 3.0.1 released!
fixed uninstall problem.
updated perl to 5.12
updated netCIDR to 0.14pfsense 1.2.3 has been tested.
pfsense 2.0BETA not tested.
Completely uninstall IP-Blocklist. If you still have a link for IP-Blocklist then run "rm -R /usr/local/www/packages/ipblocklist" and "rm /usr/local/etc/rc.d/IP-Blocklist.sh" before re-installing 3.0.1
-
You are all kinds of awesome. Started working right away.
Thanks -
-
So I rm the package rm -R /usr/local/www/packages/ipblocklist" and "rm /usr/local/etc/rc.d/IP-Blocklist.sh"
I reinstalled, doesn't block any .gz listRemoved, uninstallation went fine, the menu are not present in Firewall menu :)
Install again, still You are blocking 0 Networks/IPs
I modified /etc/inc/config.inc from 128MB to 256M and /usr/local/lib/php.ini from 32M to 128M
no change (not sure if I have to reboot or not)Uninstall is my next move
-
So I rm the package rm -R /usr/local/www/packages/ipblocklist" and "rm /usr/local/etc/rc.d/IP-Blocklist.sh"
I reinstalled, doesn't block any .gz listRemoved, uninstallation went fine, the menu are not present in Firewall menu :)
Install again, still You are blocking 0 Networks/IPs
I modified /etc/inc/config.inc from 128MB to 256M and /usr/local/lib/php.ini from 32M to 128M
no change (not sure if I have to reboot or not)Uninstall is my next move
Uninstall the package from your package manager page and then re-install. That should do it. The rm -R command was only for those that still had a link after uninstalling and still had the package installed.
-
It seem to working perfectly, without any issues. However, how do I know it's actively blocking in real time, is there's a way to monitor this similar to logfile? I enabled Logging, and I don't see it under Status > System Logs
-
hm, I seem to be failing at everything, lol.
Uninstall IP-Blocklist OK, but link remains.
Executed the CL as suggested above to remove the link, and the link remains (when clicked, 404 - Not Found). Reboot / reinstall / uninstall in any/every order doesn't seem to help, IP-Blocklist 3.0 keeps installing (instead of 3.0.1), and Running, but Blocking = 0 Networks.
-
An old config is preventing you from getting the new version. I forget where the directory is but I think it somewhere near /usr/etc/pkgs or something like that. Just delete everything IP-Blocklist/ipblocklist.
I can't tell for sure since I'm away from home right now (working on my CCENT/CCNA). If you can't get it working let me know, I can probably get a VM of pfsense up if I need to.
-
just a small feature request, can you add this to bottom of whitelist page like "You're currently unblocking #### IPs"
-
Found a cpl ipblockist.* in /usr/local/pkg -deleted them, same prob(s) still exist - no worries though, thanks for the tip :)
-
An old config is preventing you from getting the new version. I forget where the directory is but I think it somewhere near /usr/etc/pkgs or something like that. Just delete everything IP-Blocklist/ipblocklist.
I can't tell for sure since I'm away from home right now (working on my CCENT/CCNA). If you can't get it working let me know, I can probably get a VM of pfsense up if I need to.
Hey good buddy. I was on a wicked old version, like 2.2.1, something like that. I am having no luck getting the latest to work for me. I tried looking all over the fs, using your other awesome package btw, and couldn't find anything in terms of remnants from a past config.
The newest package installs fine, but when I add .gz lists I still have 0 showing for number of blocks with service Running. Any ideas? Thanks again!
-
An old config is preventing you from getting the new version. I forget where the directory is but I think it somewhere near /usr/etc/pkgs or something like that. Just delete everything IP-Blocklist/ipblocklist.
I can't tell for sure since I'm away from home right now (working on my CCENT/CCNA). If you can't get it working let me know, I can probably get a VM of pfsense up if I need to.
Hey good buddy. I was on a wicked old version, like 2.2.1, something like that. I am having no luck getting the latest to work for me. I tried looking all over the fs, using your other awesome package btw, and couldn't find anything in terms of remnants from a past config.
The newest package installs fine, but when I add .gz lists I still have 0 showing for number of blocks with service Running. Any ideas? Thanks again!
I have some ideas. First are you using 1.2.3 or the BETA 2.0? I have been having problems keeping this package working smoothly for those with BETA2.0. Someone was kind enough to agree to send me a laptop for development but unfortunately it hasn't arrived yet.
If you're on 1.2.3 then we should be able to figure it out quickly. Just to confirm you have IP-Blocklist ver 0.3.0 or 0.3.1 correct?
Can you try this .gz file: http://iblocklist.dbnservers.net/files/bt_ads.gz Just to be sure.Edit: By the way thank you for your suggestion for a whitelist feature a long time ago. I hope you can enjoy the package here soon.
-
I was very excited to see the whitelist! I can't wait to start using it. I have been plenty happy with the package so far, as you can tell, I haven't upgraded since I first installed it :)
I am on pfSense 1.2.3 with IP Blocklist 0.3.1 and I did as you suggested, adding this list: http://iblocklist.dbnservers.net/files/bt_ads.gz
Still shows running with 0 blocked.
-
I was very excited to see the whitelist! I can't wait to start using it. I have been plenty happy with the package so far, as you can tell, I haven't upgraded since I first installed it :)
I am on pfSense 1.2.3 with IP Blocklist 0.3.1 and I did as you suggested, adding this list: http://iblocklist.dbnservers.net/files/bt_ads.gz
Still shows running with 0 blocked.
This might be a really stupid question but do you have the enable check box checked before clicking save?
SSH in to your system and check the contents of /usr/local/www/packages/ipblocklist/lists The .gz file should be in that directory if it got downloaded correctly. Also check the contents of /usr/local/www/packages/ipblocklist/lists/ipfw.ipfw and see if there is anything in there.
-
No worries man.
Yes the box is checked to enable.
# ls -l /usr/local/www/packages/ipblocklist/lists total 132 -rw-r--r-- 1 root wheel 133982 Dec 30 18:00 bt_ads -rw-r--r-- 1 root wheel 0 Dec 30 22:25 ipfw.ipfw # -
So it looks like the ads file does get downloaded but for some reason it's not being processed to ipfw.ipfw.
Check the format of the bt_ads file. If it looks good then run /usr/local/www/packages/ipblocklist/convert-execute.sh from the command line manually so you can see any errors if any.
-
Tommyboy having the same issue ipfw.ipfw 0
/usr/local/www/packages/ipblocklist/convert-execute.sh
no errors just a list of numbers 0 to 283everything was working good for months then
You are blocking 0 Networks/IPs
all .gz files did download and listed in the dir
haven't installed anything new or did any updatesuninstall and reinstall about 6 times with no luck
-
I just installed a fresh copy of pfsense 1.2.3 and installed the latest IP-Blocklist. Added the bt_ads.gz URL and everything worked.
I'm surprised you didn't get any errors from running the executable.Does that packages at least tell you that it's running?
On command line run "pfctl -s rules | grep ipblocklist". Paste output.
Also see if "pfctl -T show -t ipblocklist" has any output but don't paste.If you want you can email me your config file and I will be able to figure out the issue much faster.
EDIT: My output from convert-execute.sh looks like this:
./convert-execute.sh
1 table deleted.
1 table deleted.
rm: /usr/local/www/packages/ipblocklist/lists/ipfw.ipfwTEMP: No such file or directory
rm: Wlists/whitelistTEMP: No such file or directory
rm: /tmp/rules.debug.tmp: No such file or directory
rm: /tmp/rules.debug.tmp: No such file or directory
0
1
2
3
…
....
145 -
$ pfctl -s rules | grep ipblocklist
pass quick from <ipblocklistw>to any flags S/SA keep state label "IP-Blocklist"
pass quick inet from 192.168.1.100 to <ipblocklistw>flags S/SA keep state label "IP-Blocklist"
pass quick on em1 inet6 from fe00::3e3:5yff:fgx44:8c84 to <ipblocklistw>flags S/SA keep state label "IP-Blocklist"
block drop quick inet from <ipblocklist>to 192.168.1.100 label "IP-Blocklist"
block drop quick on em1 inet6 from <ipblocklist>to fe00::3e3:5yff:fgx44:8c84 label "IP-Blocklist"
block drop quick inet from 192.168.1.100 to <ipblocklist>label "IP-Blocklist"
block drop quick on em1 inet6 from fe00::3e3:5yff:fgx44:8c84 to <ipblocklist>label "IP-Blocklist"
pass quick from <ipblocklistw>to any flags S/SA keep state label "IP-Blocklist"
pass quick on em0 inet6 from fe93::6k04:hh:fhg0:5783 to <ipblocklistw>flags S/SA keep state label "IP-Blocklist"
pass quick inet from 42.200.59.16 to <ipblocklistw>flags S/SA keep state label "IP-Blocklist"
block drop quick on em0 inet6 from <ipblocklist>to fe93::6k04:hh:fhg0:5783 label "IP-Blocklist"
block drop quick inet from <ipblocklist>to 192.168.1.100 label "IP-Blocklist"
block drop quick on em0 inet6 from fe93::6k04:hh:fhg0:5783 to <ipblocklist>label "IP-Blocklist"
block drop quick inet from 42.200.59.16 to <ipblocklist>label "IP-Blocklist"pfctl -T show -t ipblocklist
has no output$ /usr/local/www/packages/ipblocklist/convert-execute.sh
0
1
2
3
4
5
269
270
271
272
273
274</ipblocklist></ipblocklist></ipblocklist></ipblocklist></ipblocklistw></ipblocklistw></ipblocklistw></ipblocklist></ipblocklist></ipblocklist></ipblocklist></ipblocklistw></ipblocklistw></ipblocklistw>
