Blocking with ipfilter.dat
-
Many P2P clients can make use of a file called ipfilter.dat, which can be found on the net. It's basically a huge blocklist of bad IP addresses belonging to the MAFIAA, spammers, ad servers, FBI etc. Is there some way to import this list into pfSense for blocking?
-
i think can be done ..
create an alias and include the addressescreate an drop rule to that alias..
-
The problem is that the text file containing the rules is 13 megs. Entering them manually would be impossible.
-
http://forum.pfsense.org/index.php/topic,6233.0.html
-
http://forum.pfsense.org/index.php/topic,6233.0.html
Thanks, that sounds like it could be close to what I want, but I note that the alias system only allows single IP addresses, not ranges.
Also, there is no simple way to update it, although that isn't such a big deal.
-
Aliases do allow ranges: –> Type of Alias: "Network"
-
I have a massive list I want to import also. But after realizing that it would be stored in config.xml I feared that my list (~14MB in size) would slow down the pfSense box too much.
-
I dont think so.
pfSense loads the xml at startup and after that runs from RAM. it only access the "slow" storage when you change something in the configuration.(I think you would need REALLY REALLY many aliases to slow pfSense down)