IP-Blocklist
-
Mule All I mean is why can't we have the package work the other way around. Would it not be more beneficial than blocking hundreds of thousands of ips? I am just asking a question of logic. I am not asking anyone to make a new package or anything.
-
Version 2 will include a white list feature.
Just remember outbound is usually open/unfiltered on almost all home setups. This is what this package addresses. Its the PeerGuardian2 or PeerBlock alternative for pfsense.
-
Yay….but I dont understand why Tom. To make it more secure, it is better to have the opportunity to block inbound IP's...
Normally it is not an issue with outbound traffic, but more what comes from the outside... I would really muck like to eliminate everything from selected countries.
-
The package stops inbound and outbound traffic in all protocols for the added IP lists.
You can block entire countries with this package. That is one of the main benefits of this package. So if you want to run p2p applications safely or block spam for your email servers, or even block entire countries this is the package for you.
Take a look at some of the public available lists you can use: http://iblocklist.com/lists.php
Remember this package blocks all inbound and outbound traffic on all protocols for the IPs in each list.
-
Thanks Mate!! :) That was exactly what I was looking for….
Looking forward to see if you find the reason for me having trouble getting it to work :)
The package stops inbound and outbound traffic in all protocols for the added IP lists.
You can block entire countries with this package. That is one of the main benefits of this package. So if you want to run p2p applications safely or block spam for your email servers, or even block entire countries this is the package for you.
Take a look at some of the public available lists you can use: http://iblocklist.com/lists.php
Remember this package blocks all inbound and outbound traffic on all protocols for the IPs in each list.
-
Version 2.0 is out!
Version 2.0 fixes several bugs. Some of you that could not get the package working may find that the package will work perfectly on your system.
New features:
White lists are now supported.Changes:
Removed manual IP blocking and replaced with White lists
Fixed a bug where the package would error out due to a large amount of firewall rules (Thank you Supermule!)
Fixed a bug where the package would not start on system boot during rare occasions. -
You are very welcome :) Glad I could help!!
-
Just a note: Package does not work with IE. Then again who uses IE anyway :P.
-
:( I do…...Firefox has problems showing layers on webpages....If I have a transparent webpage with a .jpg background, it doesnt show the background at all.....
IE is also more secure. Therefore I use IE....
-
Opps we don't want to start a FF vs. IE flame war here on this topic.
Just my two cents:
FF: http://secunia.com/advisories/product/28698/
IE:http://secunia.com/advisories/product/21625/Looks like IE has more unpatched bugs and a bigger threat score than FF does. Looks like FF is more secure to me.
-
Sorry…Havent seen the latest bulletins from Secunia :)
I rest my case. ;)
But pls make the package work under IE as well....Just for user friendlyness :D
Opps we don't want to start a FF vs. IE flame war here on this topic.
Just my two cents:
FF: http://secunia.com/advisories/product/28698/
IE:http://secunia.com/advisories/product/21625/Looks like IE has more unpatched bugs and a bigger threat score than FF does. Looks like FF is more secure to me.
-
Nice job! subscribing… ;)
-
The compress lists work well but I tried using this URL http://www.countryipblocks.net/e_country_data/Asia_cidr.txt and could not get it to work. Do they have to be a compressed tarball? I want to block the countries I get the most attacks from.
Wish I could just use this list http://www.countryipblocks.net/e_country_data/North_America_cidr.txt and an allow list but I will take what I can get. Want to block South America, Asia, Russia, and well a lot of others. It just seems like all those IPs would kill my box.
-
The lists can be any format such as .txt, .list, .IPs, and even no extention as long as they are plain text lists. If they are compressed then .gz is the only supported compression.
You list (http://www.countryipblocks.net/e_country_data/Asia_cidr.txt) is not in the correct format. Lists have to be in the PG2 format (Asia:58.16.15.56-58.100.0.100)
For country IPs you can either find countries at http://iblocklist.com/lists.php or make you own list.
I make my own lists at http://gskinner.com/RegExr/
For example I want to convert a .csv of IPs from www.stopforumspam.com to the PG2 format.-
Paste all the IPs in http://gskinner.com/RegExr/
-
Click find a replace, do a find for "\b\d{1,3}.\d{1,3}.\d{1,3}.\d{1,3}\b" and a replace for "\nIP:$&-$&"
Now that only works for single IP addresses
Since your list (http://www.countryipblocks.net/e_country_data/Asia_cidr.txt) is in CIDR format then you will have to find a script or online application to convert CIDR to IP range.
Here is a link that can help you convert CIDR to IP range: http://www.unix.com/shell-programming-scripting/34301-get-ip-list-cidr-2.html
Once you convert your list to IP range then you have to convert to PG2 format with http://gskinner.com/RegExr/If you are going to use www.countryipblocks.net then download the "IP range" list and convert to PG2 Format
-
-
speaking of iblocklist.com, it's as simple as copying the "http://list.iblocklist.com/?list=bt_level1" to add list url and that's it? or do I have to do it some other way?
-
It is that simple. :)
Just make sure you get the true url. Since the link you posted is a pointer to several mirrors that host that file you need to click that link and then copy the url to paste into the package.
Example: http://list.iblocklist.com/?list=bt_level1 points to http://iblocklist.dbnservers.net/files/bt_level1.gz
So you would paste http://iblocklist.dbnservers.net/files/bt_level1.gz into the package. -
got it! thanks mate ;) This package is very nice.
-
Since your list (http://www.countryipblocks.net/e_country_data/Asia_cidr.txt) is in CIDR format then you will have to find a script or online application to convert CIDR to IP range.
That is a large step backward. CIDR lists are much faster since pf supports them natively, and your app has to translate them back into CIDR lists anyhow. Converting them away from CIDR format will only slow things down.
It should be fairly easy to add support for CIDR lists to your app, or the person who wants to use CIDR lists can just use the URL Table Alias package instead, which currently only does CIDR or IP lists, since that's pf's desired format.
-
I still get this when hitting save/update
Warning: file_get_contents(wlists.txt): failed to open stream: No such file or directory in /usr/local/www/packages/ipblocklist/ipblocklist.php on line 30
-
Since your list (http://www.countryipblocks.net/e_country_data/Asia_cidr.txt) is in CIDR format then you will have to find a script or online application to convert CIDR to IP range.
That is a large step backward. CIDR lists are much faster since pf supports them natively, and your app has to translate them back into CIDR lists anyhow. Converting them away from CIDR format will only slow things down.
It should be fairly easy to add support for CIDR lists to your app, or the person who wants to use CIDR lists can just use the URL Table Alias package instead, which currently only does CIDR or IP lists, since that's pf's desired format.
Jimp,
I completely agree with you. In fact CIDR is supported in pf (edit-I see you pointed that out above). The reason is because my package is specifically written for a specific format, the PG2 format. This PG2 format requires IP address ranges. The package then converts the ranges to CIDR format to import into a pf table.With this being said I know it seems completely backwards to begin with but for those who have wanted PeerGuardian2 or Peer Block at the router level can defiantly appreciate this package and the list format it requires.
My suggestion for those who want to block countries is to first look at iblocklist.com for that country, if they don’t have your country then download the IP range list and convert.
I still get this when hitting save/update
Warning: file_get_contents(wlists.txt): failed to open stream: No such file or directory in /usr/local/www/packages/ipblocklist/ipblocklist.php on line 30
Browse to the Whitelist page, the error will go away.
EDIT2:
If there are enough people out there that would like to see a Country block package, I can make that in a couple hours. Just keep in mind that iblocklist.com has several countries already in the PG2 format and I am sure you can find every country in this format somewhere in the intertubes.
