Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    PfBlocker Limits

    pfSense Packages
    2
    3
    823
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      awsiemieniec last edited by

      2.1.3-RELEASE (amd64)
      pfBlocker 1.0.2

      I know not to use the built in country lists because they are outdated and not being updated any more.  So with the help of this forum I've located lists and made use of them.  One such list is "iBlockList" and it contains 55,998 CIDRs.  If I go to https://www.countryipblocks.net/country_selection.php and create a country block, I can't select all counties (minus the few I want to have access to) because pfBlocker won't save the list after I've pasted the TXT into a New List/Custom List.  So then I tried only selecting countries starting from A to D… once again, pfBlocker won't save my custom list.  So I cut back and only select countries that start from A to B.  With that selection pfBlocker will save my custom list.

      iBlockList CIDRs: 55,998
      Countries A - B CIDRs: 21,492
      Countries C - D CIDRs: 17,056

      So why can't I create custom CIDR range that contains countries A - D (total number of CIDRs is 38,548) because it's way less than iBlockList count of CIDRs.

      What is limiting the creation of a custom list?

      thanks

      1 Reply Last reply Reply Quote 0
      • BBcan177
        BBcan177 Moderator last edited by

        Hello awsiemieniec,

        If you are comfortable in the shell, you can create a new file and save the CIDR ranges in a file in:

        /usr/local/www/[ new folder ]

        Once the file is saved, from pfBlocker add a new List. At the URL location, you will see

        "Format URL or localfile"

        So in the URL box, you can enter the path above and the filename you created.

        You will have to do this once a month to get the updated changes or create a script to do this automatically.

        Note:
        Compressed lists must be in gz format.
        Downloaded or local file must have only one network per line and could follows PeerBlock syntax or this below:
        Network ranges: 172.16.1.0-172.16.1.255
        IP Address: 172.16.1.10
        CIDR: 172.16.1.0/24

        1 Reply Last reply Reply Quote 0
        • A
          awsiemieniec last edited by

          Thank you for your help.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post

          Products

          • Platform Overview
          • TNSR
          • pfSense Plus
          • Appliances

          Services

          • Training
          • Professional Services

          Support

          • Subscription Plans
          • Contact Support
          • Product Lifecycle
          • Documentation

          News

          • Media Coverage
          • Press
          • Events

          Resources

          • Blog
          • FAQ
          • Find a Partner
          • Resource Library
          • Security Information

          Company

          • About Us
          • Careers
          • Partners
          • Contact Us
          • Legal
          Our Mission

          We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

          Subscribe to our Newsletter

          Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

          © 2021 Rubicon Communications, LLC | Privacy Policy