Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    PfBlocker Lists

    Scheduled Pinned Locked Moved pfSense Packages
    6 Posts 4 Posters 3.8k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • H
      Heli0s
      last edited by

      I have limited memory on my pfSense box (2GB) and I already have Snort running using the Connectivity IPS policy, as well as pfBlocker blocking the Top 10 countries. What are some good pfBlocker lists that I should add for added security?

      1 Reply Last reply Reply Quote 0
      • F
        FlashPan
        last edited by

        I'm running with:

        Compromised
        http://rules.emergingthreats.net/blockrules/compromised-ips.txt

        EmergingThreat 
        http://rules.emergingthreats.net/fwrules/emerging-Block-IPs.txt

        Malicious
        http://www.ciarmy.com/list/ci-badguys.txt

        Malware
        http://rules.emergingthreats.net/blockrules/rbn-malvertisers.txt
        http://www.nothink.org/blacklist/blacklist_malware_dns.txt
        http://www.nothink.org/blacklist/blacklist_malware_http.txt
        http://www.malwaredomainlist.com/hostslist/ip.txt
        http://malc0de.com/bl/IP_Blacklist.txt

        Hijacked
        http://list.iblocklist.com/?list=usrcshglbiilevmyfhse&fileformat=p2p&archiveformat=gz

        Spyware
        http://list.iblocklist.com/?list=llvtlsjyoyiczbkjsxpf&fileformat=p2p&archiveformat=gz

        AdTrackers   
        http://list.iblocklist.com/?list=dgxtneitpuvgqqcpfulq&fileformat=p2p&archiveformat=gz

        WebExploit
        http://list.iblocklist.com/?list=ghlzqtqxnzctvvajwwag&fileformat=p2p&archiveformat=gz

        Drop
        http://feeds.dshield.org/top10-2.txt
        http://www.spamhaus.org/drop/drop.txt
        http://www.spamhaus.org/drop/edrop.txt

        SshAttacks
        http://www.nothink.org/blacklist/blacklist_ssh_week.txt
        http://www.dragonresearchgroup.org/insight/sshpwauth.txt

        1 Reply Last reply Reply Quote 0
        • H
          Heli0s
          last edited by

          Thanks for the list! Do you need a lot of memory to have all those lists active?

          1 Reply Last reply Reply Quote 0
          • W
            wbennett77
            last edited by

            Thanks for the lists as well. I noticed that with Iblocklist there are different formats such as cidr, p2p etc…what is the difference between  these, if any? I am using pfblocker on 2.1
            5. Thanks!

            Dell Optiplex 390 Pfsense 2.2 / Asus AC56U Wireless AP / Asus Switch

            1 Reply Last reply Reply Quote 0
            • F
              FlashPan
              last edited by

              Sorry my original post was a bit spaced out. :)  I cannot say what the actual difference is but P2P version (free) works fine

              pfblocker can become a little bloated (the more you add on the more ram is taken) but I'm running this with Snort, 2Gb ram on a Pentium D as well as a single core xeon with no much to worry about (and some other packages).  Of course more users on your lan can contribute to more wear and tear or your pfsense :)

              1 Reply Last reply Reply Quote 0
              • F
                fsansfil
                last edited by

                You can try this too : https://www.countryipblocks.net/country_selection.php

                Altho it offers a false sense of security; your malware these days will come from G5 hosting compagnies or amazonaws, cloudfront, cloudflare…etc....

                F.

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.