PfBlocker
-
Hi!
How can i fix this on PF 2.2 BETA?
Crash report begins. Anonymous machine information:
amd64
10.1-PRERELEASE
FreeBSD 10.1-PRERELEASE #28 30e366f(HEAD)-dirty: Fri Sep 19 23:30:48 CDT 2014 root@pf22-amd64-snap:/usr/obj.amd64/usr/pfSensesrc/src/sys/pfSense_SMP.10Crash report details:
PHP Errors:
in /usr/local/pkg/pfblocker.inc on line 256This error doesn't seem to be related to Country Blocking. Maybe its one of your Lists that is failing? Which lists are you using?
-
Thank you BBcan177 I don't believe I have the skill set to accomplish this
Edit - I took the country list of top spammers from http://www.projecthoneypot.org/spam_server_top_countries.php and made a script to make my own replacement for the pfBlocker top spammers list. Please use the link from my previous post above.
-
Hi there,
Total newbie to Pfsense here. I have installed Pfblocker but and added a few countries to block. It is enabled, logging enabled and "deny inbound" is selected for the countries I chose. When I look at the status i see that the status is a red arrow (down). Am I missing something?
Thanks -
PfBlocker will not add an Inbound Rule if there are no other rules on the WAN. So you just need to create a dummy rule and it will populate the Auto Rules.
-
PfBlocker will not add an Inbound Rule if there are no other rules on the WAN. So you just need to create a dummy rule and it will populate the Auto Rules.
Being a eager to learn newbie, how and where would I create a dummy rule. Sorry if this has been asked before.
Update: Got it working. Dummy rule created on the wan did the trick. I disabled the rule after pfblocker started working and all is still good.
Cheers!
-
You need to goto the Firewall rules Tab and create a dummy Block Rule on the Wan interface. If you hover over the pfBlocker Inbound rule that was created. You can use one of those IPs to copy/paste into the dummy rule.
If you edit the inbound rule. It will give you an idea on how to configure the new WAN Block Rule.
-
You need to goto the Firewall rules Tab and create a dummy Block Rule on the Wan interface. If you hover over the pfBlocker Inbound rule that was created. You can use one of those IPs to copy/paste into the dummy rule.
If you edit the inbound rule. It will give you an idea on how to configure the new WAN Block Rule.
Once pfblocker is working can I delete the dummy rule I created. Also, how does the list of ip addresses get updated?
Thanks!
-
It is being very actively forked, we will just have to wait for an announcement from the author doing the update… Or, you could read this thread more carefully. ;D Did you read the thread I posted to you Panz? :-*
This is a 58 page thread and the link is a long thread also - why not not just enlighten us? ;D
Cheers!
-
Have a look here
https://forum.pfsense.org/index.php?topic=42543.msg439552#msg439552
-
Aha - thanks! I found an older version of the work here: https://github.com/BBcan177/pf-IPrep
Hope this is progressing well! I'd love to just install and configure a package rather all the manual steps… ;D
-
:) ;D :-*…. > :-X
Aha - thanks! I found an older version of the work here: https://github.com/BBcan177/pf-IPrep
Hope this is progressing well! I'd love to just install and configure a package rather all the manual steps… ;D
-
Hope this is progressing well! I'd love to just install and configure a package rather all the manual steps… ;D
Where is the fun in that! ? Lol..
The version you refered to is my shell script. If you want to step into the wild side and try my pfBlockerNG package shoot me a PM.
-
I am trying to upload a local .txt IP blocklist to pfBlocker. What is the correct file address location to use?
C:\Users\my user\Desktop\ipblocklist.txt (example) does not work.
Thanks.
-
'Local file' means local to the pfSense box. Upload the file and then fill in the path. If you use the file upload facility in Diagnostics in the webgui it will be in /tmp.
Steve
-
Came across a new list of malware IPs
http://labs.alienvault.com/labs/index.php/projects/open-source-ip-reputation-portal/download-ip-reputation-database/
Looks like either the gzip ver or the plain ver - of the Generic Format - would load fine in pfBlocker.
Haven't tried it yet - will give it a go tonight and post back how it loads.
Here's my report back on the AlienVault IP Reputation list.
I had it block matching http/https outbound - and block matching * inbound.The list is big, over 300k IPs.
The text version is 17MB and it added nearly a minute to my filter reload time (3Ghz PentiumD, 4GB).
I tried the gzip version and found it much smaller and faster. I had no noticeable difference in filter reload times.
After running the list for a most of a week, I had 2 false positives. That's not bad.
One was a big web host that AlienVault listed over a year ago (for serious malware distribution).
The IP was cleaned immediately so AlienVault must not delist IPs automatically.
The other false positive was a Tor directory server.Conclusion:
Given the big database (and no auto-delisting) I'd say AlienVault has a really low false positive rate.
My opinion is that it's worth trying - providing you log any hits on it.LinuxTracker - Sorry to bring up this 2 year old post, but I was wondering how things were going with the AlienVault IP Reputation Database (Generic), and its use as a pfBlocker list source. I see the generic list is near 114K IPs as of 11/17/14. I am interested in using this in pfBlocker. Where you able to just add in the .gz url, and it work automatically like other pfBlocker lists, or did you have to massage the data? Any other information you might have on this is greatly appreciated. Have a great day.
Ash,
-
I suggest you get intouch with BBcan17 and talk to him about pfblockerNG as a replacement.
I run it here in test mode and besides some small issues, then it works like a charm!
-
I suggest you get intouch with BBcan17 and talk to him about pfblockerNG as a replacement.
I run it here in test mode and besides some small issues, then it works like a charm!
it is!
Been testing pfblockerNG and it's a real step forward.
-
There is now a pfBlockerNG package that replaces pfBlocker, so I am locking this thread.
