PfBlockerNG
-
Hi all,
So I got around to mimicking the setup i had in pfBlocker; I added all the lists and configured everything based on the way things used to be. However, my status widget just looks like this after a few hours:
With the old setup, I'd be able to see all the blocked packets. In pfBlocker, I had it set as deny inbound and WAN as both inbound/outbound interface…
Obviously the lists have loaded fine and firewall rules have been made as well but... what am I missing here?
Thanks!
-
go to the update tab and view log .. send it here
Oh and send your list links here also please so I can try and see if that is problem too
-
My lists actually require a subscription… but nevertheless, here they are; username and password redacted:
http://list.iblocklist.com/?list=rynxmrknfjysesjtjlxy&fileformat=p2p&archiveformat=gz&username=yyyyyy&pin=xxxxxxx
http://list.iblocklist.com/?list=fruzekpkpzlmzozmuuhx&fileformat=p2p&archiveformat=gz&username=yyyyyy&pin=xxxxxxx
http://list.iblocklist.com/?list=ydxerpxkpcfqjaybcssw&fileformat=p2p&archiveformat=gz&username=yyyyyy&pin=xxxxxxx
http://list.iblocklist.com/?list=ijfqtofzixtwayqovmxn&fileformat=p2p&archiveformat=gz&username=yyyyyy&pin=xxxxxxx
http://list.iblocklist.com/?list=llvtlsjyoyiczbkjsxpf&fileformat=p2p&archiveformat=gz&username=yyyyyy&pin=xxxxxxx
http://list.iblocklist.com/?list=usrcshglbiilevmyfhse&fileformat=p2p&archiveformat=gz&username=yyyyyy&pin=xxxxxxx
http://list.iblocklist.com/?list=zbdlwrqkabxbcppvrnos&fileformat=p2p&archiveformat=gz&username=yyyyyy&pin=xxxxxxx
http://list.iblocklist.com/?list=lujdnbasfaaixitgmxpp&fileformat=p2p&archiveformat=gz&username=yyyyyy&pin=xxxxxxx
http://list.iblocklist.com/?list=cwworuawihqvocglcoss&fileformat=p2p&archiveformat=gz&username=yyyyyy&pin=xxxxxxx
http://list.iblocklist.com/?list=mcvxsnihddgutbjfbghy&fileformat=p2p&archiveformat=gz&username=yyyyyy&pin=xxxxxxx
http://list.iblocklist.com/?list=czvaehmjpsnwwttrdoyl&fileformat=p2p&archiveformat=gz&username=yyyyyy&pin=xxxxxxxFull log can be found here:
http://pastebin.com/raw.php?i=xR3DD8Br
I just noticed this interesting tidbit in the log:
===[ Aliastables / Rules ]================================ No Changes to Firewall Rules, Skipping Filter Reload Updating: pfB_TopSpammers 1 table created.312 addresses added. Updating: pfB_Ads no IP address found for /32pfctl: cannot load /var/db/aliastables/pfB_Ads.txt: No error: 0 Updating: pfB_Hijacked 1 table created.536 addresses added. Updating: pfB_DROP 1 table created.651 addresses added. Updating: pfB_BOGON no IP address found for /8pfctl: cannot load /var/db/aliastables/pfB_BOGON.txt: No error: 0 Updating: pfB_BadPeers 1 table created.48783 addresses added. Updating: pfB_Spider 1 table created.859 addresses added. Updating: pfB_CruzitWebAttacks 1 table created.4251 addresses added. ===[ FINAL Processing ]=============================================
Is the above an issue at all?
Thanks!
-
I seen failed download in the beginning of your log. You can fix that by putting type of url in list to gz_2
and I had similar issue that was fixed by reinstalling the package
force a reload before doing that though
-
I changed them to gz_2 and forced an update; I'll give it some time and see what happens. Thanks!
-
Hit the thanks button for me please. Hope that works for you
-
Just out of curiosity - there shouldn't be anything related to configuration other than the lists that could affect the behavior, could there?
For what its worth - this is how mine is configured:
-
For what its worth - this is how mine is configured:
On an unrelated note: WAN is not an outbound interface.
-
Just out of curiosity - there shouldn't be anything related to configuration other than the lists that could affect the behavior, could there?
For what its worth - this is how mine is configured:
Except the LAN should be the outbound normally
Looks ok to me, maybe tomorrow about 11pm EST I can help with teamviewer if you don't have right by then
-
Whoops - I must have accidentally toggled it. Fixed right now; will monitor.
-
Hi McFuzz,
These are IBlock lists. And they are in a range format. You need to select "gz" format. There is a chart below the URL entry section to indicate what each "Format" is for.
I think the issue is with the "Ads" list. I will be doing some debugging today but try to toggle that list "off" and change all IBlock to "gz" then run a "Force Reload".
If you see a "-" in the widget there are issues with pfctl and it's not going to block anything.
-
I would also recommend removing the Bogon list and using pfSense built-in Bogon settings in the "Advanced Tab" of the GUI.
-
Is it possible to use easy list (https://easylist-downloads.adblockplus.org/easylist.txt) to block ads? I tried putting it in IPv4 Format: Text, List action Deny Inbound, but it doesn't seem to work. Also, When I do Force update it says Download FAIL.
-
Obviously the lists have loaded fine and firewall rules have been made as well but… what am I missing here?
Hi McFuzz,
Seems the issue is with IBlock posting the following IP for Blocking
# List distributed by iblocklist.com
doclix.com:0.0.0.0-0.0.0.0
I have code to remove "0.0.0.0", but as this was in a range format, it was being converted to "0.0.0.0**/32**", so the existing code was removing the "0.0.0.0" but leaving behind "/32". This would cause pfctl to not load properly.
I see that IBlock has removed that entry in their Ads List. It should never have been there in the first place. >:(
I will post a fix to resolve this potential Issue.
You can manually delete the old Ads Files.
rm /var/db/pfblockerng/original/Ads*.*
then Re-enable the "Ads" List and then run a "Force Reload".
-
Is it possible to use easy list
Not currently. That is a Domain Blocklist. pfBlockerNG is an IP Based Blocking solution. pfBNG v2.0 will have this functionality.
-
I have configured iBlock list under IPv4 to block in both directions I see the logs showing blocking however no updates for the widget, please see attached
-
I have configured iBlock list under IPv4 to block in both directions I see the logs showing blocking however no updates for the widget, please see attached
When you look at the System Logs: Firewall Logs in the GUI. Do these alerts have pfB_ in the Rule Column?
-
no I don't but i see the IP being blocked in both the pfblockerNG:Alerts and the Firewall Log
-
Clear the Firewall Log and start fresh. When you make Rule Changes, they can go out of Sync.
-
how do you show Rule column under system:firewall log?
System Logs: Settings:
Filter Descriptions and select "Display as Column"
Also make sure the logs are in reverse. First Checkbox at the top of the Settings page.