PfBlocker
-
Is it possible to currently use host name block lists with PFblocker?
I'd like to include some known malware URL's. Can that be a feature in an upcoming version?
-
Is it possible to currently use host name block lists with PFblocker?
I'd like to include some known malware URL's. Can that be a feature in an upcoming version?
Host names resolve to IP addresses. You can create your own custom list to be used with pfblocker or try to find a list that meets your needs. There are literally hundreds of lists available for free so I would bet your list is already made for you. Start looking at iblocklist.com
-
I have a problem where the inbound block rule does not get created for the included country lists. I have been installing and testing packages so i have installed havp and snort and uninstalled them and then reinstalled them again, due to trying to identify a problem. Outbound rules can still be created and the alias for both inbound and outbound are fine. But when i select inbound rule deny on the country lists pages it does not create the rule. Even if i stop pfblocker and remove all the lists and readd and then enable pfblocker, it creates the alias and the outbound block but not the rules on wan.
edit: Ok I added a random rule with port 123 on wan and then readded then the lists appeared in the rules and when i changed another country list to inbound deny it showed up. So maybe it is just my rules are not refreshing right and is not related to pfblocker.
-
You need at least one rule created to pfBlocker work on selected interface.
-
Running 2.0-RELEASE (i386) built on Tue Sep 13 17:00:00 EDT 2011 Intel(R) Xeon(TM) CPU 3.06GHz w/ 3gb RAM.
Just loaded and reloaded pfBlocker and I'm finding that if I set outbound to be blocked to spamlist I can still get to India or Russia located sites. Any idea what I might need to do. I have my firewall maximum table entries at 500000.
Thanks.
-
Running 2.0-RELEASE (i386) built on Tue Sep 13 17:00:00 EDT 2011 Intel(R) Xeon(TM) CPU 3.06GHz w/ 3gb RAM.
Just loaded and reloaded pfBlocker and I'm finding that if I set outbound to be blocked to spamlist I can still get to India or Russia located sites. Any idea what I might need to do. I have my firewall maximum table entries at 500000.
Thanks.
What are the sites?
-
194.226.127.34 - http://eng.kremlin.ru
203.199.104.241 - http://www.airindia.inand http://www.prodisney.ru/index.php?page=clones.php
-
Running 2.0-RELEASE (i386) built on Tue Sep 13 17:00:00 EDT 2011 Intel(R) Xeon(TM) CPU 3.06GHz w/ 3gb RAM.
Just loaded and reloaded pfBlocker and I'm finding that if I set outbound to be blocked to spamlist I can still get to India or Russia located sites. Any idea what I might need to do. I have my firewall maximum table entries at 500000.
Thanks.
Are you blocking countries India and Russia or applying a spamlist from ipblocklist?
Enable pfblocker widget. there you can see alias package count hit.
-
I have the spamlist all selected; I was assuming that if the country is in there the entire country would be blocked. Am I wrong?
I will take a look at the widget today.
Thanks!
-
The default way to block spam is inbound as you do not want them to send email to you.
You can also change action to alias only and create a block rule only on inbound smtp connections.
-
If i enable the top spammers alias included in pfblocker on outbound those hostnames you specified are not accessible.
-
If i enable the top spammers alias included in pfblocker on outbound those hostnames you specified are not accessible.
Top spammers is just a shortcut for countries that send many spams.
The best way to block this is changing action to alias only and create an inbound rule denying smtp connections.
-
I chose alias only and set outbound and inbound block; I'm still getting to the sites. The one interesting thing is that before I chose the option block outbound this morning I had it set to block inbound yesterday before I went home and when I loaded the widget this morning it had some packets listed. It doesn't have anything listed right now… I may need to reboot the server; I'll try that later on today.
-
There is no need to reboot, all rules are applied when you save config.
try this:
-
select only one country
-
apply
-
got to diagnostics -> table
-
select alias you applied country
-
check if the websites ip is in any of network CIDRS listed
Just to be sure you understand how rules work.
inbound rules -> applied on source side of wan rules
outbound rules -> applied on destination side of lan rules
Floating rules -> apply rules to block pfsense to reach something -
-
I don't know what is happening, but I just put a specific rule in place of the pfBlocker and the Indian site is still not getting blocked; could it be due to squid?
Thanks!
-
I don't know what is happening, but I just put a specific rule in place of the pfBlocker and the Indian site is still not getting blocked; could it be due to squid?
Thanks!Finally an answer. It's squid. :)
Create the same rule on floating rules.
Squid goes to internet using localhost, so lan rules will not match any squid access.
-
Okay, so question… do I need to have both WAN and LAN selected in the floating rule? I had just one and things seemed to still go through; with both the sites were blocked. I guess it could be that it's cached on my pc here, but I am getting things blocked on another pc with just LAN selected.
Thanks for your help marcelloc!
-
Well, it's time for first release.
pfblocker 1.0 is out. No changes from last beta version.
-
Congratulations! Excellent work marcelloc!
-
Another question… am I supposed to see numbers in the packets column? Mine are blank... Thanks.
