PfBlocker



  • @marcelloc:

    While blocking adwares, proxies, spywares the default way is outbound

    Take a look in ipblocklist, the are many lists there.

    Also pay attention on direction.
    If you want to do not access somewhere, the action is deny outbound.
    If you want that someone in somewhere do not access your network, the action is deny inbound.

    If 100mil means you Speaker portuguese, there is also a pfBlocker topic in portuguese forum.

    I'm American. Thanks for the clarification. I was up till 3am last night playing with this, tweaking and fixing several small issues. Still got a few left, but so far I am amazed at pfsense. This is way better than Mikrotik for my needs and its FREE. :)



  • Yea the quality of this package is outstanding, if i had money, i would donate to it. :D honest.

    One feature request would be send all blocks to a new tab in the system logs status page called pfblocker and then have the ability to quickly add blocked ips to whitelist. Also a blocked log widget similar to the firewall logs one also.



  • @sekular:

    Yea the quality of this package is outstanding.

    Thanks for that, our main goal is write package that improves pfSense quality and help daily admins tasks.

    @sekular:

    One feature request would be send all blocks to a new tab in the system logs status page called pfblocker and then have the ability to quickly add blocked ips to whitelist. Also a blocked log widget similar to the firewall logs one also.

    I can't be done until pfsense has a way to choose log direction or prefix.

    pfblocker just help alias and rule creation.When you check enable log, it include rules with log enabled.



  • OK that makes sense. I guess adding a easyrule rule: pass from firewall will do the same thing.

    I do not have xmlrpc sync enabled but i am getting this in syslog after update list jobs.

    php: /pkg_edit.php: [pfblocker] pfblocker_xmlrpc_sync.php is starting.

    Nov 8 12:30:00 php: : /etc/rc.update_urltables: Starting up.
    Nov 8 12:30:00 php: : /etc/rc.update_urltables: Sleeping for 45 seconds.
    Nov 8 12:30:45 php: : /etc/rc.update_urltables: Starting URL table alias updates
    Nov 8 12:30:45 php: : /etc/rc.update_urltables: pfBlockerAsia does not need updated.
    Nov 8 12:30:45 php: : /etc/rc.update_urltables: pfBlockerSouthAmerica does not need updated.
    Nov 8 12:30:45 php: : /etc/rc.update_urltables: pfBlockerTopSpammers does not need updated.
    Nov 8 12:30:45 php: : /etc/rc.update_urltables: pfBlockerMicrosoft does not need updated.
    Nov 8 13:45:17 check_reload_status: Syncing firewall
    Nov 8 17:51:00 check_reload_status: Syncing firewall
    Nov 8 17:51:00 check_reload_status: Syncing firewall
    Nov 8 17:51:00 php: /pkg_edit.php: [pfblocker] pfblocker_xmlrpc_sync.php is starting.



  • it's just a print before if

    not a big deal.

    never mind If you do not have checked sync option.



  • My alias keeps getting knocked up to the top of the rule sets I have for my networks (I have a LAN and WLAN network). It's been happening erratically. I'm not sure what is causing it or what to do about it.

      			* 	* 	* 	LAN Address 	22
    80
    443 	* 	* 		Anti-Lockout Rule 	
    [move] 	[edit rule]
    	[add a new rule based on this one]
    	[click to toggle enabled/disabled status] 		TCP 	LAN net 	* 	* 	6697 	* 	none 	  	Allow all IRC (secure)  	
    	[edit rule]
    [delete rule] 	[add a new rule based on this one]
    	[click to toggle enabled/disabled status] 		TCP 	LAN net 	* 	* 	6667 	* 	none 	  	Allow all IRC  	
    	[edit rule]
    [delete rule] 	[add a new rule based on this one]
    	[click to toggle enabled/disabled status] 		TCP 	LAN net 	* 	* 	80 (HTTP) 	* 	none 	  	Allow all HTTP  	
    	[edit rule]
    [delete rule] 	[add a new rule based on this one]
    	[click to toggle enabled/disabled status] 		TCP 	LAN net 	* 	* 	21 (FTP) 	* 	none 	  	Allow all FTP  	
    	[edit rule]
    [delete rule] 	[add a new rule based on this one]
    	[click to toggle enabled/disabled status] 		TCP 	LAN net 	* 	* 	443 (HTTPS) 	* 	none 	  	Allow all HTTPS  	
    	[edit rule]
    [delete rule] 	[add a new rule based on this one]
    	[click to toggle enabled/disabled status] 		* 	* 	* 	pfBlockerantitorrentout 	* 	* 	none 	  	pfBlocker Outbound rule  	
    	[edit rule]
    [delete rule] 	[add a new rule based on this one]
    	[click to toggle enabled/disabled status] 		* 	LAN net 	* 	WLAN net 	* 	* 	none 	  	  	
    	[edit rule]
    [delete rule] 	[add a new rule based on this one]
    	[click to toggle enabled/disabled status] 		* 	LAN net 	* 	* 	* 	* 	none 	  	Default allow LAN to any rule  
    
    My pfBlocker rule won't stay in the order that I have here. It moves to the top and ends up blocking a lot of traffic my rules allow.[/move]
    


  • If you need custom rules before pfBocker, you must change pfBlocker action to alias only and then create your own block rules.

    A shortcut to this is changing pfBlocker applied rules description before changing action.



  • Makes sense. :)



  • Hey guys I'm new here and to pfsense. I noticed that when I enable pfblocker my wireless clients can longer connect to the internet but my wired. Any ideas. I'm using a linksys wireless router with dd-wrt loaded on it. It has worked forever until I enable pfblocker without any rules created. I'm a complete noob to linux/unix. Thanks in advance!!!



  • PfBlocker does not remove or include any rule different from its own rules.
    Try disabling it and see what happens.

    Also try to include some lists and see how it include aliases and rules.



  • You might add something about the rule being under pfBlocker control in the rules description.



  • Don't you think pfBlocker Inbound/outbound rule description is less robotic?  :)



  • I created an outbound rule using the ads, spyware, and level 3 list. Once I enabled pfblocker all wireless client stopped accessing the internet. My wired desktop worked perfectly fine. I disabled pfblocker and the wireless clients started working again. Any ideas?



  • i know ….  but the warning about the alias is very robotic  :D DO NOT EDIT THIS ALIAS

    but I did modify one of them and got surprised when the modification was lost  :o after a pfBlocker restart.

    I'm not sure now,  but maybe copy or the rule disappeared too !?

    In the end it is easier to just use aliases, that way you can choose the order of the rules.



  • @RonpfS:

    but I did modify one of them and got surprised when the modification was lost  :o after a pfBlocker restart.

    I'm not sure now,  but maybe copy or the rule disappeared too !?

    When you copy a rule, you must change pfblocker description to something without pfblocker and rule

    @RonpfS:

    In the end it is easier to just use aliases, that way you can choose the order of the rules.

    yes, it's realy usefull.



  • @WarMachine357:

    I created an outbound rule using the ads, spyware, and level 3 list. Once I enabled pfblocker all wireless client stopped accessing the internet. My wired desktop worked perfectly fine. I disabled pfblocker and the wireless clients started working again. Any ideas?

    Do your wireless clients are on the same subnet as LAN users?

    Check rules with pfBlocker enabled and disabled



  • Yeah, they are are the same subnet. The pfsense box hands out dhcp to them. The outbound rule I created comes before the default LAN rule LAN NET. Also, the ntp server in pfsense provides service to the wireless ap.



  • @WarMachine357:

    Yeah, they are are the same subnet. The pfsense box hands out dhcp to them. The outbound rule I created comes before the default LAN rule LAN NET. Also, the ntp server in pfsense provides service to the wireless ap.

    If wired and wireless machines are on the same subnet and using the same dhcp, I have no idea how pfsense or pfblocker could block one and do not block other. It's weird to me.



  • I have found by moving the rule after the allow rules the wireless clients work. But, that doesn't seem right does it?



  • I agree that it doesn't make sense. What happens to one should happen to the other. But, did you see what I said about moving the rule to the bottom?



  • @WarMachine357:

    I have found by moving the rule after the allow rules the wireless clients work. But, that doesn't seem right does it?

    No it's not.

    An outbound rule blocks access from any to pfblockerAlias.

    If you have one rule that permits traffic, the deny rule will have no effect.



  • Maybe level3 list is blocking all your network and the pfsense keep-state for your machine gives you a false diagnostics.

    Remove level3 list and see if it works.



  • HI everybody,

    Version 0.1.4.5 is out with all planned features coded.  8)

    main changes:

    • Dashboard widget includes package hit on applied aliases (10 second update)

    • Change in rule description to allow widget package count

    • Update frequency implemented

    Important note for custom rules

    keep aliasname in the beggining of rule description and do not end description with 'rule'.

    Once again, thank you for testing this amazing new tool for pfsense. ;)



  • Just reinstalled.

    Strange things happens when you switch to Alias
    Description: pfblockerWAN Inbound rule will disappear
    Description: pfblockerWAN Inbound   will persist

    Still showing 0 in the widget after 10 minutes



  • I've changed important note for better understanding.

    Aliasname something rule will be removed by package.

    To test rule packet count, block your own country While you are locally on your office/home.

    DO NOT TRY THIS REMOTELY.

    A less risky test is:

    • define your own country action as alias only

    • create a rule that deny outbound icmp access on lan.

    • include description as described

    • apply rules

    • Open Dashboard

    • try to Ping someone on your country.



  • Still showing 0

    I picked one host in the Diagnostics: Tables pfblocker table.
    I can ping from LAN or pfsense no problem
    Nothing is showed as blocked in the firewall logs !??

    rules are on WAN only

    Reject and log * 	* 	* 	pfBlockerWAN 	* 	* 	none 	  	pfBlockerWAN Outbound  
    Block and log * 	pfBlockerWAN 	* 	* 	* 	* 	none 	  	pfBlockerWAN Inbound  
    
    


  • If you are testing from lan, the blocking rule must be on lan.

    It's a statefull firewall. All rules are set where communication begins.



  • So I should have

    on the LAN 
    Reject and log * * * pfBlockerWAN * * none   pfBlockerWAN LAN - Outbound 
    on the
    WAN Block and log * pfBlockerWAN * * * * none   pfBlockerWAN WAN - Inbound

    I see the widget Packet number changes ;o)

    How do you block the pfsense box from accessing these aliases?



  • On floating rules, but it may not show in widget.

    Floating rules are not impelmented in this version but you can apply pfBlocker alias on it.



  • I just created a rule on the Floating tab…. and the Packets blocked are updated in the widget  ;D

    However the rule

    Reject and log *    *    *    pfBlockerWAN    *    *    none        pfBlockerWAN Floating Outbound

    disappeared in the Floating tab after a save in pfBlocker …..!!!

    same thing with

    pfBlockerWAN Floating
    pf BlockerWAN Whatever

    bummer  :(



  • As I told you, floating rules are not implemented but i'll try the same test here and see what happens.



  • Hi,

    ok, reinstalled on nanobsd and boot is much better. Got a new problem though: While the genaral and top spammers pages look good, I get the below instead of country lists for the others. Example below. Country.txt seems to load at install though, have also reinstalled package and rebooted - no change. Hence the drop down lists are missing.

    Thanks!

    ![2011-11-11 15:00:45.png](/public/imported_attachments/1/2011-11-11 15:00:45.png)
    ![2011-11-11 15:00:45.png_thumb](/public/imported_attachments/1/2011-11-11 15:00:45.png_thumb)



  • The countryipblocks.net removed the lists  :-[
    I will point it to files.pfsense.

    [b]EDIT

    Just did it.

    wait 15 minutes and reinstall package.


  • Rebel Alliance Developer Netgate

    Probably should not have users directly pull those lists anyhow, but keep them local and update them periodically. I have a feeling that too many people accessing their systems automatically may have been part of their decision to shut the service down.



  • Yeah, I'm doing it now.



  • Just released version 0.1.4.6 with fixes in float rules check and about section in gui.



  • From Countryblocks site…

    We have temporarily suspended certain services as our donation stream has suffered a significant decrease here in the fourth quarter. We are pursuing some other financing options to help us focus on providing you with our services. This temporary suspension may last a few hours or a few days. If you would like to help us expedite the process please consider making a donation to Country IP Blocks through the PayPal link (on their site)



  • If you can, please donate to Country IP Blocks

    Site: http://www.countryipblocks.net/

    We need to support this site.



  • @marcelloc:

    Just released version 0.1.4.6 with fixes in float rules check and about section in gui.

    Reinstalled, Floating rules are still there after a pfBlocker save, great  ::)
    Counter updates when pinging from pfsense box.
    Counter is reseted on firewall rule changes.

    When I select loopback interface, where does it put the rules?



  • @RonpfS:

    When I select loopback interface, where does it put the rules?

    Nothing  :)

    As we only use pfsense's framework components, interface selection includes loopback.

    If you select just loopback, pfBlocker send you a warning.


Log in to reply