Pfblocker and emails



  • Good evening everyone!

    I just noticed these emails starting within a couple days, picture attached. I get one every hour on the hour and I'm sure it coincides with my custom list that I have update every 1 hour. Why did these emails just start occurring? Are they trying to tell me something is wrong?

    I also attached a snippet from the log.

    Thanks for the help,
    Josh




  • Moderator

    Maybe one of the Lists is failing to download properly and is empty causing this issue?

    How many lists are you using? Does each list have multiple blocklists?

    On the main Status:Dashboard, do you see the pfBlocker Widget? Are any of the CIDRs blank?

    You can try to disable pfBlocker and then re-enable. It will auto generate the Cron jobs.



  • The list is still accessible. It is on my local network and I just calculated the total it has in it and it matches what pfblocker reports.

    I'm using 1 custom list and a bunch of the other built in lists. I'm not sure what you mean by each list having multiple block lists. Maybe a screen shot of what I have for the widget will explain a little as well. If I add up all the entries within each possible table pfblocker related or not it totals almost 85,000 entries.

    I have pfsense configured for a total of 200,000 entries.

    Apart from the emails everything seems to be functioning alright. The emails are just slightly annoying and randomly started.

    Any other ideas?

    Thanks for the help!



  • Moderator

    Hi jwhostet,

    First off, please do not use the Country Blocklisting from pfBlocker. Those are out of date and should be removed from the Package.

    From the attachment, the question I had was if there were any "0" values in the CIDR column, which there are not.

    I wrote a post  https://forum.pfsense.org/index.php?topic=73353.msg402927#msg402927  that lists some other good Blocklists.

    Maybe try to remove those Country Lists and use some of these.

    I would also recommend that you use "Alias Only" in pfBlocker. It seems to work the best and offers more control on how to handle the lists. There are posts in the forum on how to use "Aliases", if you need more help let us know.

    I have found a way to use the Maxmind Geoip Country Database to create your own Country Blocking lists. If you are a little savy in the shell I could share it with you.



  • Hi BBcan177

    I've had the country blocking for some time now and I have no real preference if i have them due to the custom list. The custom list runs off a honeypot and blocks users based off of that which is similar to how I was using the country block list. I will definitely take a look at the lists you provided in the link.

    I've been meaning to go through and reset the lists anyway.

    Alias Only - That means under list action you set to "alias only"?  :P

    Based off of my simple use of just simple blocking wouldn't I be getting the same out of the deny outbound? Of course that changes if I wanted something set specific in the rule.

    I will see what happens when I disable some countries or even all the countries and leave just my custom list enable. Is this going to possible make the emails stop?

    I looked for a change log for the pfBlocker package which i thought updated the other day but I didn't come across anything useful that would state some form of emailing for custom lists when updated.

    If it isn't to much extra trouble or if you have a link or something, I am interested in how you were able to use maxmind's geoip database. I am very comfortable in the shell :)

    Thanks again for all of the help!



  • How many lists can be added to pfblocker? Whre is the limit?


  • Moderator

    @foresthus:

    How many lists can be added to pfblocker? Whre is the limit?

    I haven't seen any information to state that it has a limit on the number of Lists? I have a box with about 30 main lists (on the "List" Tab) and within the lists, I have multiple lists per.

    Only thing you need to watch for is the max number of IPs in the Tables.

    Advanced:Firewall:Firewall/NAT - Firewall Maximum Table Entries

    Maximum number of table entries for systems such as aliases, sshlockout, snort, etc, 
          combined. Note: Leave this blank for the default.


Log in to reply