Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    PfBlocker

    pfSense Packages
    143
    896
    528899
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • ?
      Guest last edited by

      @marcelloc:

      While blocking adwares, proxies, spywares the default way is outbound

      Take a look in ipblocklist, the are many lists there.

      Also pay attention on direction.
      If you want to do not access somewhere, the action is deny outbound.
      If you want that someone in somewhere do not access your network, the action is deny inbound.

      If 100mil means you Speaker portuguese, there is also a pfBlocker topic in portuguese forum.

      I'm American. Thanks for the clarification. I was up till 3am last night playing with this, tweaking and fixing several small issues. Still got a few left, but so far I am amazed at pfsense. This is way better than Mikrotik for my needs and its FREE. :)

      1 Reply Last reply Reply Quote 0
      • S
        sekular last edited by

        Yea the quality of this package is outstanding, if i had money, i would donate to it. :D honest.

        One feature request would be send all blocks to a new tab in the system logs status page called pfblocker and then have the ability to quickly add blocked ips to whitelist. Also a blocked log widget similar to the firewall logs one also.

        1 Reply Last reply Reply Quote 0
        • marcelloc
          marcelloc last edited by

          @sekular:

          Yea the quality of this package is outstanding.

          Thanks for that, our main goal is write package that improves pfSense quality and help daily admins tasks.

          @sekular:

          One feature request would be send all blocks to a new tab in the system logs status page called pfblocker and then have the ability to quickly add blocked ips to whitelist. Also a blocked log widget similar to the firewall logs one also.

          I can't be done until pfsense has a way to choose log direction or prefix.

          pfblocker just help alias and rule creation.When you check enable log, it include rules with log enabled.

          Treinamentos de Elite: http://sys-squad.com

          Help a community developer! ;D

          1 Reply Last reply Reply Quote 0
          • S
            sekular last edited by

            OK that makes sense. I guess adding a easyrule rule: pass from firewall will do the same thing.

            I do not have xmlrpc sync enabled but i am getting this in syslog after update list jobs.

            php: /pkg_edit.php: [pfblocker] pfblocker_xmlrpc_sync.php is starting.

            Nov 8 12:30:00 php: : /etc/rc.update_urltables: Starting up.
            Nov 8 12:30:00 php: : /etc/rc.update_urltables: Sleeping for 45 seconds.
            Nov 8 12:30:45 php: : /etc/rc.update_urltables: Starting URL table alias updates
            Nov 8 12:30:45 php: : /etc/rc.update_urltables: pfBlockerAsia does not need updated.
            Nov 8 12:30:45 php: : /etc/rc.update_urltables: pfBlockerSouthAmerica does not need updated.
            Nov 8 12:30:45 php: : /etc/rc.update_urltables: pfBlockerTopSpammers does not need updated.
            Nov 8 12:30:45 php: : /etc/rc.update_urltables: pfBlockerMicrosoft does not need updated.
            Nov 8 13:45:17 check_reload_status: Syncing firewall
            Nov 8 17:51:00 check_reload_status: Syncing firewall
            Nov 8 17:51:00 check_reload_status: Syncing firewall
            Nov 8 17:51:00 php: /pkg_edit.php: [pfblocker] pfblocker_xmlrpc_sync.php is starting.

            1 Reply Last reply Reply Quote 0
            • marcelloc
              marcelloc last edited by

              it's just a print before if

              not a big deal.

              never mind If you do not have checked sync option.

              Treinamentos de Elite: http://sys-squad.com

              Help a community developer! ;D

              1 Reply Last reply Reply Quote 0
              • Q
                Quinn1981 last edited by

                My alias keeps getting knocked up to the top of the rule sets I have for my networks (I have a LAN and WLAN network). It's been happening erratically. I'm not sure what is causing it or what to do about it.

                  			* 	* 	* 	LAN Address 	22
                80
                443 	* 	* 		Anti-Lockout Rule 	
                [move] 	[edit rule]
                	[add a new rule based on this one]
                	[click to toggle enabled/disabled status] 		TCP 	LAN net 	* 	* 	6697 	* 	none 	  	Allow all IRC (secure)  	
                	[edit rule]
                [delete rule] 	[add a new rule based on this one]
                	[click to toggle enabled/disabled status] 		TCP 	LAN net 	* 	* 	6667 	* 	none 	  	Allow all IRC  	
                	[edit rule]
                [delete rule] 	[add a new rule based on this one]
                	[click to toggle enabled/disabled status] 		TCP 	LAN net 	* 	* 	80 (HTTP) 	* 	none 	  	Allow all HTTP  	
                	[edit rule]
                [delete rule] 	[add a new rule based on this one]
                	[click to toggle enabled/disabled status] 		TCP 	LAN net 	* 	* 	21 (FTP) 	* 	none 	  	Allow all FTP  	
                	[edit rule]
                [delete rule] 	[add a new rule based on this one]
                	[click to toggle enabled/disabled status] 		TCP 	LAN net 	* 	* 	443 (HTTPS) 	* 	none 	  	Allow all HTTPS  	
                	[edit rule]
                [delete rule] 	[add a new rule based on this one]
                	[click to toggle enabled/disabled status] 		* 	* 	* 	pfBlockerantitorrentout 	* 	* 	none 	  	pfBlocker Outbound rule  	
                	[edit rule]
                [delete rule] 	[add a new rule based on this one]
                	[click to toggle enabled/disabled status] 		* 	LAN net 	* 	WLAN net 	* 	* 	none 	  	  	
                	[edit rule]
                [delete rule] 	[add a new rule based on this one]
                	[click to toggle enabled/disabled status] 		* 	LAN net 	* 	* 	* 	* 	none 	  	Default allow LAN to any rule  
                
                My pfBlocker rule won't stay in the order that I have here. It moves to the top and ends up blocking a lot of traffic my rules allow.[/move]
                
                1 Reply Last reply Reply Quote 0
                • marcelloc
                  marcelloc last edited by

                  If you need custom rules before pfBocker, you must change pfBlocker action to alias only and then create your own block rules.

                  A shortcut to this is changing pfBlocker applied rules description before changing action.

                  Treinamentos de Elite: http://sys-squad.com

                  Help a community developer! ;D

                  1 Reply Last reply Reply Quote 0
                  • Q
                    Quinn1981 last edited by

                    Makes sense. :)

                    1 Reply Last reply Reply Quote 0
                    • ?
                      Guest last edited by

                      Hey guys I'm new here and to pfsense. I noticed that when I enable pfblocker my wireless clients can longer connect to the internet but my wired. Any ideas. I'm using a linksys wireless router with dd-wrt loaded on it. It has worked forever until I enable pfblocker without any rules created. I'm a complete noob to linux/unix. Thanks in advance!!!

                      1 Reply Last reply Reply Quote 0
                      • marcelloc
                        marcelloc last edited by

                        PfBlocker does not remove or include any rule different from its own rules.
                        Try disabling it and see what happens.

                        Also try to include some lists and see how it include aliases and rules.

                        Treinamentos de Elite: http://sys-squad.com

                        Help a community developer! ;D

                        1 Reply Last reply Reply Quote 0
                        • RonpfS
                          RonpfS last edited by

                          You might add something about the rule being under pfBlocker control in the rules description.

                          2.4.5-RELEASE-p1 (amd64)
                          Intel Core2 Quad CPU Q8400 @ 2.66GHz 8GB
                          Backup 0.5_5, Bandwidthd 0.7.4_4, Cron 0.3.7_5, pfBlockerNG-devel 3.0.0_16, Status_Traffic_Totals 2.3.1_1, System_Patches 1.2_5

                          1 Reply Last reply Reply Quote 0
                          • marcelloc
                            marcelloc last edited by

                            Don't you think pfBlocker Inbound/outbound rule description is less robotic?  :)

                            Treinamentos de Elite: http://sys-squad.com

                            Help a community developer! ;D

                            1 Reply Last reply Reply Quote 0
                            • ?
                              Guest last edited by

                              I created an outbound rule using the ads, spyware, and level 3 list. Once I enabled pfblocker all wireless client stopped accessing the internet. My wired desktop worked perfectly fine. I disabled pfblocker and the wireless clients started working again. Any ideas?

                              1 Reply Last reply Reply Quote 0
                              • RonpfS
                                RonpfS last edited by

                                i know ….  but the warning about the alias is very robotic  :D DO NOT EDIT THIS ALIAS

                                but I did modify one of them and got surprised when the modification was lost  :o after a pfBlocker restart.

                                I'm not sure now,  but maybe copy or the rule disappeared too !?

                                In the end it is easier to just use aliases, that way you can choose the order of the rules.

                                2.4.5-RELEASE-p1 (amd64)
                                Intel Core2 Quad CPU Q8400 @ 2.66GHz 8GB
                                Backup 0.5_5, Bandwidthd 0.7.4_4, Cron 0.3.7_5, pfBlockerNG-devel 3.0.0_16, Status_Traffic_Totals 2.3.1_1, System_Patches 1.2_5

                                1 Reply Last reply Reply Quote 0
                                • marcelloc
                                  marcelloc last edited by

                                  @RonpfS:

                                  but I did modify one of them and got surprised when the modification was lost  :o after a pfBlocker restart.

                                  I'm not sure now,  but maybe copy or the rule disappeared too !?

                                  When you copy a rule, you must change pfblocker description to something without pfblocker and rule

                                  @RonpfS:

                                  In the end it is easier to just use aliases, that way you can choose the order of the rules.

                                  yes, it's realy usefull.

                                  Treinamentos de Elite: http://sys-squad.com

                                  Help a community developer! ;D

                                  1 Reply Last reply Reply Quote 0
                                  • marcelloc
                                    marcelloc last edited by

                                    @WarMachine357:

                                    I created an outbound rule using the ads, spyware, and level 3 list. Once I enabled pfblocker all wireless client stopped accessing the internet. My wired desktop worked perfectly fine. I disabled pfblocker and the wireless clients started working again. Any ideas?

                                    Do your wireless clients are on the same subnet as LAN users?

                                    Check rules with pfBlocker enabled and disabled

                                    Treinamentos de Elite: http://sys-squad.com

                                    Help a community developer! ;D

                                    1 Reply Last reply Reply Quote 0
                                    • ?
                                      Guest last edited by

                                      Yeah, they are are the same subnet. The pfsense box hands out dhcp to them. The outbound rule I created comes before the default LAN rule LAN NET. Also, the ntp server in pfsense provides service to the wireless ap.

                                      1 Reply Last reply Reply Quote 0
                                      • marcelloc
                                        marcelloc last edited by

                                        @WarMachine357:

                                        Yeah, they are are the same subnet. The pfsense box hands out dhcp to them. The outbound rule I created comes before the default LAN rule LAN NET. Also, the ntp server in pfsense provides service to the wireless ap.

                                        If wired and wireless machines are on the same subnet and using the same dhcp, I have no idea how pfsense or pfblocker could block one and do not block other. It's weird to me.

                                        Treinamentos de Elite: http://sys-squad.com

                                        Help a community developer! ;D

                                        1 Reply Last reply Reply Quote 0
                                        • ?
                                          Guest last edited by

                                          I have found by moving the rule after the allow rules the wireless clients work. But, that doesn't seem right does it?

                                          1 Reply Last reply Reply Quote 0
                                          • ?
                                            Guest last edited by

                                            I agree that it doesn't make sense. What happens to one should happen to the other. But, did you see what I said about moving the rule to the bottom?

                                            1 Reply Last reply Reply Quote 0
                                            • marcelloc
                                              marcelloc last edited by

                                              @WarMachine357:

                                              I have found by moving the rule after the allow rules the wireless clients work. But, that doesn't seem right does it?

                                              No it's not.

                                              An outbound rule blocks access from any to pfblockerAlias.

                                              If you have one rule that permits traffic, the deny rule will have no effect.

                                              Treinamentos de Elite: http://sys-squad.com

                                              Help a community developer! ;D

                                              1 Reply Last reply Reply Quote 0
                                              • marcelloc
                                                marcelloc last edited by

                                                Maybe level3 list is blocking all your network and the pfsense keep-state for your machine gives you a false diagnostics.

                                                Remove level3 list and see if it works.

                                                Treinamentos de Elite: http://sys-squad.com

                                                Help a community developer! ;D

                                                1 Reply Last reply Reply Quote 0
                                                • marcelloc
                                                  marcelloc last edited by

                                                  HI everybody,

                                                  Version 0.1.4.5 is out with all planned features coded.  8)

                                                  main changes:

                                                  • Dashboard widget includes package hit on applied aliases (10 second update)

                                                  • Change in rule description to allow widget package count

                                                  • Update frequency implemented

                                                  Important note for custom rules

                                                  keep aliasname in the beggining of rule description and do not end description with 'rule'.

                                                  Once again, thank you for testing this amazing new tool for pfsense. ;)

                                                  Treinamentos de Elite: http://sys-squad.com

                                                  Help a community developer! ;D

                                                  1 Reply Last reply Reply Quote 0
                                                  • RonpfS
                                                    RonpfS last edited by

                                                    Just reinstalled.

                                                    Strange things happens when you switch to Alias
                                                    Description: pfblockerWAN Inbound rule will disappear
                                                    Description: pfblockerWAN Inbound   will persist

                                                    Still showing 0 in the widget after 10 minutes

                                                    2.4.5-RELEASE-p1 (amd64)
                                                    Intel Core2 Quad CPU Q8400 @ 2.66GHz 8GB
                                                    Backup 0.5_5, Bandwidthd 0.7.4_4, Cron 0.3.7_5, pfBlockerNG-devel 3.0.0_16, Status_Traffic_Totals 2.3.1_1, System_Patches 1.2_5

                                                    1 Reply Last reply Reply Quote 0
                                                    • marcelloc
                                                      marcelloc last edited by

                                                      I've changed important note for better understanding.

                                                      Aliasname something rule will be removed by package.

                                                      To test rule packet count, block your own country While you are locally on your office/home.

                                                      DO NOT TRY THIS REMOTELY.

                                                      A less risky test is:

                                                      • define your own country action as alias only

                                                      • create a rule that deny outbound icmp access on lan.

                                                      • include description as described

                                                      • apply rules

                                                      • Open Dashboard

                                                      • try to Ping someone on your country.

                                                      Treinamentos de Elite: http://sys-squad.com

                                                      Help a community developer! ;D

                                                      1 Reply Last reply Reply Quote 0
                                                      • RonpfS
                                                        RonpfS last edited by

                                                        Still showing 0

                                                        I picked one host in the Diagnostics: Tables pfblocker table.
                                                        I can ping from LAN or pfsense no problem
                                                        Nothing is showed as blocked in the firewall logs !??

                                                        rules are on WAN only

                                                        Reject and log * 	* 	* 	pfBlockerWAN 	* 	* 	none 	  	pfBlockerWAN Outbound  
                                                        Block and log * 	pfBlockerWAN 	* 	* 	* 	* 	none 	  	pfBlockerWAN Inbound  
                                                        
                                                        

                                                        2.4.5-RELEASE-p1 (amd64)
                                                        Intel Core2 Quad CPU Q8400 @ 2.66GHz 8GB
                                                        Backup 0.5_5, Bandwidthd 0.7.4_4, Cron 0.3.7_5, pfBlockerNG-devel 3.0.0_16, Status_Traffic_Totals 2.3.1_1, System_Patches 1.2_5

                                                        1 Reply Last reply Reply Quote 0
                                                        • marcelloc
                                                          marcelloc last edited by

                                                          If you are testing from lan, the blocking rule must be on lan.

                                                          It's a statefull firewall. All rules are set where communication begins.

                                                          Treinamentos de Elite: http://sys-squad.com

                                                          Help a community developer! ;D

                                                          1 Reply Last reply Reply Quote 0
                                                          • RonpfS
                                                            RonpfS last edited by

                                                            So I should have

                                                            on the LAN 
                                                            Reject and log * * * pfBlockerWAN * * none   pfBlockerWAN LAN - Outbound 
                                                            on the
                                                            WAN Block and log * pfBlockerWAN * * * * none   pfBlockerWAN WAN - Inbound

                                                            I see the widget Packet number changes ;o)

                                                            How do you block the pfsense box from accessing these aliases?

                                                            2.4.5-RELEASE-p1 (amd64)
                                                            Intel Core2 Quad CPU Q8400 @ 2.66GHz 8GB
                                                            Backup 0.5_5, Bandwidthd 0.7.4_4, Cron 0.3.7_5, pfBlockerNG-devel 3.0.0_16, Status_Traffic_Totals 2.3.1_1, System_Patches 1.2_5

                                                            1 Reply Last reply Reply Quote 0
                                                            • marcelloc
                                                              marcelloc last edited by

                                                              On floating rules, but it may not show in widget.

                                                              Floating rules are not impelmented in this version but you can apply pfBlocker alias on it.

                                                              Treinamentos de Elite: http://sys-squad.com

                                                              Help a community developer! ;D

                                                              1 Reply Last reply Reply Quote 0
                                                              • RonpfS
                                                                RonpfS last edited by

                                                                I just created a rule on the Floating tab…. and the Packets blocked are updated in the widget  ;D

                                                                However the rule

                                                                Reject and log *    *    *    pfBlockerWAN    *    *    none        pfBlockerWAN Floating Outbound

                                                                disappeared in the Floating tab after a save in pfBlocker …..!!!

                                                                same thing with

                                                                pfBlockerWAN Floating
                                                                pf BlockerWAN Whatever

                                                                bummer  :(

                                                                2.4.5-RELEASE-p1 (amd64)
                                                                Intel Core2 Quad CPU Q8400 @ 2.66GHz 8GB
                                                                Backup 0.5_5, Bandwidthd 0.7.4_4, Cron 0.3.7_5, pfBlockerNG-devel 3.0.0_16, Status_Traffic_Totals 2.3.1_1, System_Patches 1.2_5

                                                                1 Reply Last reply Reply Quote 0
                                                                • marcelloc
                                                                  marcelloc last edited by

                                                                  As I told you, floating rules are not implemented but i'll try the same test here and see what happens.

                                                                  Treinamentos de Elite: http://sys-squad.com

                                                                  Help a community developer! ;D

                                                                  1 Reply Last reply Reply Quote 0
                                                                  • G
                                                                    ghm last edited by

                                                                    Hi,

                                                                    ok, reinstalled on nanobsd and boot is much better. Got a new problem though: While the genaral and top spammers pages look good, I get the below instead of country lists for the others. Example below. Country.txt seems to load at install though, have also reinstalled package and rebooted - no change. Hence the drop down lists are missing.

                                                                    Thanks!

                                                                    ![2011-11-11 15:00:45.png](/public/imported_attachments/1/2011-11-11 15:00:45.png)
                                                                    ![2011-11-11 15:00:45.png_thumb](/public/imported_attachments/1/2011-11-11 15:00:45.png_thumb)

                                                                    1 Reply Last reply Reply Quote 0
                                                                    • marcelloc
                                                                      marcelloc last edited by

                                                                      The countryipblocks.net removed the lists  :-[
                                                                      I will point it to files.pfsense.

                                                                      [b]EDIT

                                                                      Just did it.

                                                                      wait 15 minutes and reinstall package.

                                                                      Treinamentos de Elite: http://sys-squad.com

                                                                      Help a community developer! ;D

                                                                      1 Reply Last reply Reply Quote 0
                                                                      • jimp
                                                                        jimp Rebel Alliance Developer Netgate last edited by

                                                                        Probably should not have users directly pull those lists anyhow, but keep them local and update them periodically. I have a feeling that too many people accessing their systems automatically may have been part of their decision to shut the service down.

                                                                        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                                                                        Need help fast? Netgate Global Support!

                                                                        Do not Chat/PM for help!

                                                                        1 Reply Last reply Reply Quote 0
                                                                        • marcelloc
                                                                          marcelloc last edited by

                                                                          Yeah, I'm doing it now.

                                                                          Treinamentos de Elite: http://sys-squad.com

                                                                          Help a community developer! ;D

                                                                          1 Reply Last reply Reply Quote 0
                                                                          • marcelloc
                                                                            marcelloc last edited by

                                                                            Just released version 0.1.4.6 with fixes in float rules check and about section in gui.

                                                                            Treinamentos de Elite: http://sys-squad.com

                                                                            Help a community developer! ;D

                                                                            1 Reply Last reply Reply Quote 0
                                                                            • chpalmer
                                                                              chpalmer last edited by

                                                                              From Countryblocks site…

                                                                              We have temporarily suspended certain services as our donation stream has suffered a significant decrease here in the fourth quarter. We are pursuing some other financing options to help us focus on providing you with our services. This temporary suspension may last a few hours or a few days. If you would like to help us expedite the process please consider making a donation to Country IP Blocks through the PayPal link (on their site)

                                                                              Triggering snowflakes one by one..

                                                                              1 Reply Last reply Reply Quote 0
                                                                              • T
                                                                                tommyboy180 last edited by

                                                                                If you can, please donate to Country IP Blocks

                                                                                Site: http://www.countryipblocks.net/

                                                                                We need to support this site.

                                                                                -Tom Schaefer
                                                                                SuperMicro 1U 2X Intel pro/1000 Dual Core Intel 2.2 Ghz - 2 Gig RAM

                                                                                Please support pfBlocker | File Browser | Strikeback

                                                                                1 Reply Last reply Reply Quote 0
                                                                                • RonpfS
                                                                                  RonpfS last edited by

                                                                                  @marcelloc:

                                                                                  Just released version 0.1.4.6 with fixes in float rules check and about section in gui.

                                                                                  Reinstalled, Floating rules are still there after a pfBlocker save, great  ::)
                                                                                  Counter updates when pinging from pfsense box.
                                                                                  Counter is reseted on firewall rule changes.

                                                                                  When I select loopback interface, where does it put the rules?

                                                                                  2.4.5-RELEASE-p1 (amd64)
                                                                                  Intel Core2 Quad CPU Q8400 @ 2.66GHz 8GB
                                                                                  Backup 0.5_5, Bandwidthd 0.7.4_4, Cron 0.3.7_5, pfBlockerNG-devel 3.0.0_16, Status_Traffic_Totals 2.3.1_1, System_Patches 1.2_5

                                                                                  1 Reply Last reply Reply Quote 0
                                                                                  • marcelloc
                                                                                    marcelloc last edited by

                                                                                    @RonpfS:

                                                                                    When I select loopback interface, where does it put the rules?

                                                                                    Nothing  :)

                                                                                    As we only use pfsense's framework components, interface selection includes loopback.

                                                                                    If you select just loopback, pfBlocker send you a warning.

                                                                                    Treinamentos de Elite: http://sys-squad.com

                                                                                    Help a community developer! ;D

                                                                                    1 Reply Last reply Reply Quote 0
                                                                                    • First post
                                                                                      Last post