Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    PfBlockerNG

    Scheduled Pinned Locked Moved pfBlockerNG
    1.2k Posts 210 Posters 1.8m Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      Mr. Jingles
      last edited by

      BB  :-* :-* :-* :-* :-*

      I will respond later with some useless text, but this one is not useless ( ;D ): I am amazed by your package, to me, while playing with it, it seems you've thought of some many things, and it is so fast. Your package to me is like the attached pic (and you know how I feel about these women.. ;D ;D ;D ).

      Ciao BB,

      BB001.jpg
      BB001.jpg_thumb

      6 and a half billion people know that they are stupid, agressive, lower life forms.

      1 Reply Last reply Reply Quote 0
      • G
        GoldServe
        last edited by

        Is there a known issue generating a custom list with an ip block of /8?

        I tried 17.0.0.0/8 for all of Apple's servers but when I look at the table, I only see 17.0.0.0

        When I tried 17.0.0.0/10, I see exactly 17.0.0.0/10 in the table.

        1 Reply Last reply Reply Quote 0
        • BBcan177B
          BBcan177 Moderator
          last edited by

          Hi GoldServe, there is a small bug that I have fixed. I am putting together some other changes/features for version 1.07 and this will be included.

          I will send you a PM shortly with a fix until v1.07 is released.

          "Experience is something you don't get until just after you need it."

          Website: http://pfBlockerNG.com
          Twitter: @BBcan177  #pfBlockerNG
          Reddit: https://www.reddit.com/r/pfBlockerNG/new/

          1 Reply Last reply Reply Quote 0
          • G
            GoldServe
            last edited by

            Thanks! I tried the patch and all is working…

            1 Reply Last reply Reply Quote 0
            • M
              Mr. Jingles
              last edited by

              Hi BB  :D

              I get this error constantly every day:

              
              [ pfB_PRI3 Juniper ] Download FAIL [ 04/14/15 18:00:27 ]
              
              

              The list does exist, 'though:

              https://www.juniper.net/security/auto/spam

              It is set to html (by default).

              Would your Royalty have any idea?

              Thank you  ;D

              6 and a half billion people know that they are stupid, agressive, lower life forms.

              1 Reply Last reply Reply Quote 0
              • BBcan177B
                BBcan177 Moderator
                last edited by

                Hi Mr. Jingles,

                Take a look at the pfblockerng.log  and/or the error.log … Both of these log files are accessible in the Log Browser Tab. It should give you clues as to why its failed.

                "Experience is something you don't get until just after you need it."

                Website: http://pfBlockerNG.com
                Twitter: @BBcan177  #pfBlockerNG
                Reddit: https://www.reddit.com/r/pfBlockerNG/new/

                1 Reply Last reply Reply Quote 0
                • H
                  Hakim
                  last edited by

                  Hi,

                  Since I upgrade from 2.2 to 2.2.2, I cannot change my NAT rules (well I can change them, but they do not apply).

                  In fact, I also change pfBlocker to pfBlockerNG.

                  And if I stop pfBlockerNG then my NAT changes are applied, I can make further NAT changes and they apply correctly.
                  As soon as I start pfBlockerNG, existing NAT settings are correctly applied, but I cannot change them (until I stop pfBlockerNG).

                  My global settings include :

                  <inbound_interface>opt1,wan</inbound_interface>
                  <inbound_deny_action>block</inbound_deny_action>
                  <outbound_interface>lan,opt2</outbound_interface>
                  <outbound_deny_action>reject</outbound_deny_action>
                  
                  

                  And I have 1 IPv4 Alias :

                   <pfblockernglistsv4><config><action>Deny_Both</action>
                  		<cron>04hours</cron>
                  		<dow>1</dow>
                  		<aliaslog>enabled</aliaslog>
                  		 <custom><custom_update>disabled</custom_update></custom></config></pfblockernglistsv4> 
                  
                  

                  Any idea about what could be wrong ?

                  Thanks,
                  Hakim

                  1 Reply Last reply Reply Quote 0
                  • D
                    doktornotor Banned
                    last edited by

                    @Hakim:

                    Since I upgrade from 2.2 to 2.2.2, I cannot change my NAT rules (well I can change them, but they do not apply).

                    As noted right above your comments, logs exist for a reason… ;)

                    1 Reply Last reply Reply Quote 0
                    • M
                      Mr. Jingles
                      last edited by

                      @BBcan177:

                      Hi Mr. Jingles,

                      Take a look at the pfblockerng.log  and/or the error.log … Both of these log files are accessible in the Log Browser Tab. It should give you clues as to why its failed.

                      Thanks BB  ;D

                      I got that previous quote from error.log, wasn't awake enough to realize there was also info contained in another log:

                      [ Juniper ]          Downloading New File
                      looking up www.juniper.net
                      connecting to www.juniper.net:443
                      SSL options: 81004bff
                      Peer verification enabled
                      Using CA cert file: /usr/local/etc/ssl/cert.pem
                      Certificate verification failed for /C=IE/O=Baltimore/OU=CyberTrust/CN=Baltimore CyberTrust Root
                      34381026664:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed:/usr/pfSensesrc/src/secure/lib/libssl/../../../crypto/openssl/ssl/s3_clnt.c:1162:
                      fetch: https://www.juniper.net/security/auto/spam: Authentication error

                      [ pfB_PRI3 Juniper ] Download FAIL [ 04/18/15 7:00:29 ]

                      6 and a half billion people know that they are stupid, agressive, lower life forms.

                      1 Reply Last reply Reply Quote 0
                      • H
                        Hakim
                        last edited by

                        As noted right above your comments, logs exist for a reason…

                        No doubt about it, but in this case, no clue in the logs (in fact nothing is logged - on pfBlockerNG side when I made a change in the firewall / NAT UI settings).

                        On the System/General log I only have :
                        check_reload_status: Reloading filter
                        check_reload_status: Syncing firewall

                        1 Reply Last reply Reply Quote 0
                        • D
                          doktornotor Banned
                          last edited by

                          pfBNG has nothing to do with NAT. You simply most likely have some broken alias coming from the pfBNG lists you did set up that breaks the firewall rules altogether. Again, there are logs for a reason.

                          1 Reply Last reply Reply Quote 0
                          • H
                            Hakim
                            last edited by

                            pfBNG has nothing to do with NAT

                            Maybe but :

                            • with pfBlockerNG ON : pfSense NAT update does not work
                            • with pfBlockerNG OFF : pfSense NAT update does work

                            So, I do not completly agree with your assertion. Just facts.

                            You simply most likely have some broken alias coming from the pfBNG lists you did set up that breaks the firewall rules altogether.

                            Is it an expected behavior of pfBlockerNG ?
                            When there is a problem with an alias, pfSense NAT does cannot be updated properly anymore ?

                            Because the problem is only about updating. I did not say that NAT is not working. If I stop pfBlockerNG and restart it, my NAT changes are applied.

                            As I already explain : I did check the logs and did not find anything.
                            Which log would you propose to check ?

                            1 Reply Last reply Reply Quote 0
                            • D
                              doktornotor Banned
                              last edited by

                              Yes. Because when the updated firewall rules are broken, they fail to load. Flush your pfBNG configuration by unchecking the Keep configuration box, reinstall the package and start from scratch, enabling only ONE list at a time, until you figure this out.

                              1 Reply Last reply Reply Quote 0
                              • H
                                Hakim
                                last edited by

                                @doktornotor:

                                Yes. Because when the updated firewall rules are broken, they fail to load. Flush your pfBNG configuration by unchecking the Keep configuration box, reinstall the package and start from scratch, enabling only ONE list at a time, until you figure this out.

                                Thanks for your help,

                                By enabling one by one the list in my alias, I figured out the list that was ginving problem.

                                I switch back to my previous config. pfSense 2.2 + pfBlocker with the same lists and everything was fine.

                                Any idea why that same list which was working fine with (pfSense 2.2 + pfBlocker) does not work anymore with (pfSense 2.2**.2** + pfBlockerNG) ?

                                That list is from i-blocklist with about 167 000 items.

                                When that list is loaded I can see the following in the "Live Log Viewer " :

                                Updating: pfB_AliasBlockList 
                                (...)
                                
                                no IP address found for /32pfctl: cannot load /var/db/aliastables/pfB_AliasBlockList.txt: No error: 0
                                
                                (...)
                                
                                ====================[ Empty Lists w/1.1.1.1 ]==================
                                
                                malicious
                                /32
                                malicious
                                /32
                                malicious
                                /32
                                malicious
                                /32
                                malicious
                                /32
                                malicious
                                /32
                                malicious
                                /32
                                malicious
                                /32
                                malicious
                                /32
                                malicious
                                /32
                                malicious
                                /32
                                
                                (...)
                                
                                
                                1 Reply Last reply Reply Quote 0
                                • BBcan177B
                                  BBcan177 Moderator
                                  last edited by

                                  Hi Hakim, my first guess is that IBlock has a variant of "0.0.0.0" in this list. I really do not understand why IBlock inserts this IP, every so often.

                                  Are you using the latest version of pfBlockerNG? (v1.06)

                                  Can you post the url of this list?

                                  "Experience is something you don't get until just after you need it."

                                  Website: http://pfBlockerNG.com
                                  Twitter: @BBcan177  #pfBlockerNG
                                  Reddit: https://www.reddit.com/r/pfBlockerNG/new/

                                  1 Reply Last reply Reply Quote 0
                                  • BBcan177B
                                    BBcan177 Moderator
                                    last edited by

                                    @Mr.:

                                    @BBcan177:

                                    Hi Mr. Jingles,

                                    Take a look at the pfblockerng.log  and/or the error.log … Both of these log files are accessible in the Log Browser Tab. It should give you clues as to why its failed.

                                    Thanks BB  ;D

                                    I got that previous quote from error.log, wasn't awake enough to realize there was also info contained in another log:

                                    [ Juniper ]          Downloading New File
                                    looking up www.juniper.net
                                    connecting to www.juniper.net:443
                                    SSL options: 81004bff
                                    Peer verification enabled
                                    Using CA cert file: /usr/local/etc/ssl/cert.pem
                                    Certificate verification failed for /C=IE/O=Baltimore/OU=CyberTrust/CN=Baltimore CyberTrust Root
                                    34381026664:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed:/usr/pfSensesrc/src/secure/lib/libssl/../../../crypto/openssl/ssl/s3_clnt.c:1162:
                                    fetch: https://www.juniper.net/security/auto/spam: Authentication error

                                    [ pfB_PRI3 Juniper ] Download FAIL [ 04/18/15 7:00:29 ]

                                    Looks like they have an issue with their certificate. Try to change the URL from 'https' to 'http'.

                                    If you load that https URL in the browser do you get the same Cert error?

                                    "Experience is something you don't get until just after you need it."

                                    Website: http://pfBlockerNG.com
                                    Twitter: @BBcan177  #pfBlockerNG
                                    Reddit: https://www.reddit.com/r/pfBlockerNG/new/

                                    1 Reply Last reply Reply Quote 0
                                    • M
                                      Mr. Jingles
                                      last edited by

                                      @BBcan177:

                                      @Mr.:

                                      @BBcan177:

                                      Hi Mr. Jingles,

                                      Take a look at the pfblockerng.log  and/or the error.log … Both of these log files are accessible in the Log Browser Tab. It should give you clues as to why its failed.

                                      Thanks BB  ;D

                                      I got that previous quote from error.log, wasn't awake enough to realize there was also info contained in another log:

                                      [ Juniper ]          Downloading New File
                                      looking up www.juniper.net
                                      connecting to www.juniper.net:443
                                      SSL options: 81004bff
                                      Peer verification enabled
                                      Using CA cert file: /usr/local/etc/ssl/cert.pem
                                      Certificate verification failed for /C=IE/O=Baltimore/OU=CyberTrust/CN=Baltimore CyberTrust Root
                                      34381026664:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed:/usr/pfSensesrc/src/secure/lib/libssl/../../../crypto/openssl/ssl/s3_clnt.c:1162:
                                      fetch: https://www.juniper.net/security/auto/spam: Authentication error

                                      [ pfB_PRI3 Juniper ] Download FAIL [ 04/18/15 7:00:29 ]

                                      Looks like they have an issue with their certificate. Try to change the URL from 'https' to 'http'.

                                      If you load that https URL in the browser do you get the same Cert error?

                                      Thanks BB  :-*

                                      No, in the Firefox, everything is fine and the certificate appears ok.

                                      I'll see what http instead of https does and report back  :P

                                      6 and a half billion people know that they are stupid, agressive, lower life forms.

                                      1 Reply Last reply Reply Quote 0
                                      • H
                                        Hakim
                                        last edited by

                                        Thanks for your answer

                                        Are you using the latest version of pfBlockerNG? (v1.06)

                                        Yes I am on this version

                                        Can you post the url of this list?

                                        http://list.iblocklist.com/?n=malicious&list=ffxgwdvcgelinvypvhuz&fileformat=p2p&archiveformat=gz

                                        There are username and pin parts at the end of the URL that I removed

                                        The file is 2 Mb I may send it to you by emails if it may help.

                                        1 Reply Last reply Reply Quote 0
                                        • N
                                          n3by
                                          last edited by

                                          I try to use the free lists from:
                                          https://www.iblocklist.com/lists.php

                                          but looks like nothing can be downloaded from there in pfBlockerNG, any idea ?
                                          [ IBads ] Downloading New File

                                          [ pfB_IBlist IBads ] Download FAIL
                                          …

                                          I use:
                                          2.2.2-RELEASE (amd64) built on Mon Apr 13 20:10:22 CDT 2015
                                          pfBlockerNG 1.06

                                          for example first link, can be saved ok in browser:

                                          [ IBads ]
                                          http://list.iblocklist.com/?list=dgxtneitpuvgqqcpfulq&fileformat=p2p&archiveformat=gz

                                          inside gz-txt:

                                          
                                          # List distributed by iblocklist.com
                                          
                                          Vitalij Martinov fastreadnew.com:1.36.202.60-1.36.202.60
                                          ads.herald-sun.com ads:4.18.162.102-4.18.162.102
                                          BURSTNETWORK ads:4.36.44.3-4.36.44.3
                                          spammer ATBP:4.38.98.140-4.38.98.140
                                          JKS Media, LLC:4.53.2.12-4.53.2.15
                                          yahoo scammer:4.65.105.109-4.65.105.109
                                          Quantcast:4.71.209.0-4.71.209.63
                                          Doubleclick:4.79.208.56-4.79.208.59
                                          comScore, Inc:4.79.208.224-4.79.208.255
                                          ...
                                          
                                          

                                          log:

                                          
                                           UPDATE PROCESS START [ 04/19/15 17:22:14 ]
                                          
                                          [ pfB_Top_v4 ] 		 exists, Reloading File 
                                          
                                          [ ET_Comp ] 		 exists, Reloading File 
                                          
                                          [ ET_Block ] 		 exists, Reloading File 
                                          
                                          [ CIArmy ] 		 exists, Reloading File 
                                          
                                          [ Abuse_Zeus ] 		 exists, Reloading File 
                                          
                                          [ Abuse_Spyeye ] 	 exists, Reloading File 
                                          
                                          [ Abuse_Palevo ] 	 Downloading New File 
                                          
                                           [ pfB_PRI1 Abuse_Palevo ] Download FAIL [ 04/19/15 17:22:15 ]
                                          
                                          [ Abuse_SSLBL ] 	 exists, Reloading File 
                                          
                                          [ dShield_Block ] 	 exists, Reloading File 
                                          
                                          [ Snort_BL ] 		 exists, Reloading File 
                                          
                                          [ BBC_Goz ] 		 exists, Reloading File 
                                          
                                          [ Alienvault ] 		 exists, Reloading File 
                                          
                                          [ Atlas_Attacks ] 	 exists, Reloading File 
                                          
                                          [ Atlas_Botnets ] 	 exists, Reloading File 
                                          
                                          [ Atlas_Fastflux ] 	 exists, Reloading File 
                                          
                                          [ Atlas_Phishing ] 	 exists, Reloading File 
                                          
                                          [ Atlas_Scans ] 	 exists, Reloading File 
                                          
                                          [ SRI_Attackers ] 	 exists, Reloading File 
                                          
                                          [ SRI_CC ] 		 exists, Reloading File 
                                          
                                          [ HoneyPot ] 		 exists, Reloading File 
                                          
                                          [ MDL ] 		 exists, Reloading File 
                                          
                                          [ Nothink_BL ] 		 exists, Reloading File 
                                          
                                          [ Nothink_SSH ] 	 exists, Reloading File 
                                          
                                          [ Nothink_Malware ] 	 exists, Reloading File 
                                          
                                          [ DangerRulez ] 	 exists, Reloading File 
                                          
                                          [ Shunlist ] 		 exists, Reloading File 
                                          
                                          [ Infiltrated ] 	 exists, Reloading File 
                                          
                                          [ DRG_SSH ] 		 exists, Reloading File 
                                          
                                          [ DRG_VNC ] 		 exists, Reloading File 
                                          
                                          [ DRG_HTTP ] 		 exists, Reloading File 
                                          
                                          [ Feodo_Block ] 	 exists, Reloading File 
                                          
                                          [ Feodo_Bad ] 		 exists, Reloading File 
                                          
                                          [ WatchGuard ] 		 Downloading New File 
                                          ----------------------------------------------------------
                                          Original   Masterfile Outfile     [ Post Duplication count ]   
                                          ----------------------------------------------------------
                                          2322       23         23          [ Passed ]                   
                                          ----------------------------------------------------------
                                          
                                          [ VMX ] 		 Downloading New File [ 04/19/15 17:22:19 ]
                                          ----------------------------------------------------------
                                          Original   Masterfile Outfile     [ Post Duplication count ]   
                                          ----------------------------------------------------------
                                          5445       1876       1876        [ Passed ]                   
                                          ----------------------------------------------------------
                                          
                                          [ Geopsy ] 		 exists, Reloading File [ 04/19/15 17:22:20 ]
                                          
                                          [ Maxmind ] 		 exists, Reloading File 
                                          
                                          [ BotScout ] 		 exists, Reloading File 
                                          
                                          [ Juniper ] 		 Downloading New File 
                                          
                                           [ pfB_PRI3 Juniper ] Download FAIL [ 04/19/15 17:22:21 ]
                                          
                                          [ Greensnow ] 		 exists, Reloading File 
                                          
                                          [ BlocklistDE ] 	 exists, Reloading File 
                                          
                                          [ SFS_Toxic ] 		 exists, Reloading File 
                                          
                                          [ MalwareGroup ] 	 exists, Reloading File 
                                          
                                          [ OpenBL ] 		 exists, Reloading File 
                                          
                                          [ Malcode ] 		 exists, Reloading File 
                                          
                                          [ BadIPs ] 		 exists, Reloading File 
                                          
                                          [ IBlock_Tor ] 		 Downloading New File 
                                          
                                           [ pfB_TOR IBlock_Tor ] Download FAIL [ 04/19/15 17:22:22 ]
                                          
                                          [ Blut_Tor ] 		 exists, Reloading File 
                                          
                                          [ ET_Tor ] 		 exists, Reloading File 
                                          
                                          [ IBads ] 		 Downloading New File 
                                          
                                           [ pfB_IBlist IBads ] Download FAIL 
                                          
                                          [ IBspyware ] 		 Downloading New File 
                                          
                                           [ pfB_IBlist IBspyware ] Download FAIL 
                                          
                                          [ IBproxy ] 		 Downloading New File 
                                          
                                           [ pfB_IBlist IBproxy ] Download FAIL 
                                          
                                          [ IBbadpeers ] 		 Downloading New File 
                                          
                                           [ pfB_IBlist IBbadpeers ] Download FAIL [ 04/19/15 17:22:23 ]
                                          
                                          [ IBhijacked ] 		 Downloading New File 
                                          
                                           [ pfB_IBlist IBhijacked ] Download FAIL 
                                          
                                          [ IBdshield ] 		 Downloading New File 
                                          
                                           [ pfB_IBlist IBdshield ] Download FAIL 
                                          
                                          [ IBforumspam ] 	 Downloading New File 
                                          
                                           [ pfB_IBlist IBforumspam ] Download FAIL [ 04/19/15 17:22:24 ]
                                          
                                          [ IBwebexploit ] 	 Downloading New File 
                                          
                                           [ pfB_IBlist IBwebexploit ] Download FAIL 
                                          
                                          [ IBDROP ] 		 Downloading New File 
                                          
                                           [ pfB_IBlist IBDROP ] Download FAIL 
                                          
                                          [ IBZeuS ] 		 Downloading New File 
                                          
                                           [ pfB_IBlist IBZeuS ] Download FAIL [ 04/19/15 17:22:25 ]
                                          
                                          [ IBSpyEye ] 		 Downloading New File 
                                          
                                           [ pfB_IBlist IBSpyEye ] Download FAIL 
                                          
                                          [ IBPalevo ] 		 Downloading New File 
                                          
                                           [ pfB_IBlist IBPalevo ] Download FAIL 
                                          
                                          [ IBMalicious ] 	 Downloading New File 
                                          
                                           [ pfB_IBlist IBMalicious ] Download FAIL [ 04/19/15 17:22:26 ]
                                          
                                          [ IBmalc0de ] 		 Downloading New File 
                                          
                                           [ pfB_IBlist IBmalc0de ] Download FAIL 
                                          
                                          [ Bambenek_C2IPFeed ] 	 Downloading New File 
                                          
                                           [ pfB_Bambenek Bambenek_C2IPFeed ] Download FAIL 
                                          
                                          ===[ Suppression Stats ]========================================
                                          
                                          List                 Pre        RFC1918    Suppress   Masterfile
                                          ----------------------------------------------------------------
                                          MDL                  666        666        666        100994    
                                          Nothink_BL           20         20         20         100994    
                                          Nothink_SSH          4          4          4          100994    
                                          Nothink_Malware      129        129        129        100994    
                                          DangerRulez          66         66         66         100994    
                                          Shunlist             38         38         38         100994    
                                          Infiltrated          2134       2134       2134       100994    
                                          DRG_SSH              218        218        218        100994    
                                          DRG_VNC              59         59         59         100994    
                                          DRG_HTTP             829        829        829        100994    
                                          Feodo_Block          2          2          2          100994    
                                          Feodo_Bad            1          1          1          100994    
                                          WatchGuard           23         23         23         100994    
                                          VMX                  1876       1874       1874       100992    
                                          Geopsy               2793       2793       2793       100992    
                                          Maxmind              177        177        177        100992    
                                          BotScout             15         15         15         100992    
                                          Greensnow            1812       1812       1812       100992    
                                          BlocklistDE          6107       6107       6107       100992    
                                          SFS_Toxic            15         15         15         100992    
                                          
                                          ===[  Aliastables / Rules  ]================================
                                          
                                          No Changes to Firewall Rules, Skipping Filter Reload 
                                          
                                           Updating: pfB_PRI3 
                                          1897 addresses added.
                                          
                                          ===[ FINAL Processing ]=====================================
                                          
                                             [ Original count   ]  [ 378397 ]
                                          
                                             [ Processed Count  ]  [ 100992 ]
                                          
                                          ===[ Deny List IP Counts ]===========================
                                          
                                            100994 total
                                             63463 /var/db/pfblockerng/deny/pfB_Top_v4.txt
                                              6959 /var/db/pfblockerng/deny/BadIPs.txt
                                              6607 /var/db/pfblockerng/deny/Alienvault.txt
                                              6107 /var/db/pfblockerng/deny/BlocklistDE.txt
                                              2793 /var/db/pfblockerng/deny/Geopsy.txt
                                              2789 /var/db/pfblockerng/deny/SRI_Attackers.txt
                                              2134 /var/db/pfblockerng/deny/Infiltrated.txt
                                              1874 /var/db/pfblockerng/deny/VMX.txt
                                              1812 /var/db/pfblockerng/deny/Greensnow.txt
                                              1571 /var/db/pfblockerng/deny/Snort_BL.txt
                                               829 /var/db/pfblockerng/deny/DRG_HTTP.txt
                                               783 /var/db/pfblockerng/deny/ET_Block.txt
                                               666 /var/db/pfblockerng/deny/MDL.txt
                                               565 /var/db/pfblockerng/deny/Malcode.txt
                                               426 /var/db/pfblockerng/deny/ET_Comp.txt
                                               274 /var/db/pfblockerng/deny/ET_Tor.txt
                                               218 /var/db/pfblockerng/deny/DRG_SSH.txt
                                               200 /var/db/pfblockerng/deny/CIArmy.txt
                                               190 /var/db/pfblockerng/deny/Abuse_SSLBL.txt
                                               177 /var/db/pfblockerng/deny/Maxmind.txt
                                               129 /var/db/pfblockerng/deny/Nothink_Malware.txt
                                                68 /var/db/pfblockerng/deny/OpenBL.txt
                                                66 /var/db/pfblockerng/deny/DangerRulez.txt
                                                59 /var/db/pfblockerng/deny/DRG_VNC.txt
                                                46 /var/db/pfblockerng/deny/Blut_Tor.txt
                                                38 /var/db/pfblockerng/deny/Shunlist.txt
                                                27 /var/db/pfblockerng/deny/MalwareGroup.txt
                                                23 /var/db/pfblockerng/deny/WatchGuard.txt
                                                20 /var/db/pfblockerng/deny/Nothink_BL.txt
                                                15 /var/db/pfblockerng/deny/SFS_Toxic.txt
                                                15 /var/db/pfblockerng/deny/BotScout.txt
                                                10 /var/db/pfblockerng/deny/Atlas_Fastflux.txt
                                                 8 /var/db/pfblockerng/deny/SRI_CC.txt
                                                 5 /var/db/pfblockerng/deny/Atlas_Botnets.txt
                                                 4 /var/db/pfblockerng/deny/dShield_Block.txt
                                                 4 /var/db/pfblockerng/deny/Nothink_SSH.txt
                                                 4 /var/db/pfblockerng/deny/Atlas_Phishing.txt
                                                 4 /var/db/pfblockerng/deny/Atlas_Attacks.txt
                                                 3 /var/db/pfblockerng/deny/HoneyPot.txt
                                                 2 /var/db/pfblockerng/deny/Feodo_Block.txt
                                                 2 /var/db/pfblockerng/deny/Atlas_Scans.txt
                                                 2 /var/db/pfblockerng/deny/Abuse_Zeus.txt
                                                 1 /var/db/pfblockerng/deny/Feodo_Bad.txt
                                                 1 /var/db/pfblockerng/deny/BBC_Goz.txt
                                                 1 /var/db/pfblockerng/deny/Abuse_Spyeye.txt
                                          
                                          ====================[ Empty Lists w/1.1.1.1 ]==================
                                          
                                          Abuse_Spyeye
                                          BBC_Goz
                                          Feodo_Bad
                                          
                                          ====================[ Last Updated List Summary ]==============
                                          
                                          Jul 5	2012	VMX
                                          May 2	2013	SFS_Toxic
                                          Oct 7	2013	IBwebexploit.gz
                                          Oct 7	2013	IBspyware.zip
                                          Oct 7	2013	IBspyware.gz
                                          Oct 7	2013	IBproxy.gz
                                          Oct 7	2013	IBmalc0de.gz
                                          Oct 7	2013	IBlocklist_webexploit
                                          Oct 7	2013	IBlocklist_webexploit.gz
                                          Oct 7	2013	IBlocklist_spyware.gz
                                          Oct 7	2013	IBlocklist_proxy
                                          Oct 7	2013	IBlocklist_proxy.gz
                                          Oct 7	2013	IBlocklist_malc0de
                                          Oct 7	2013	IBlocklist_malc0de.gz
                                          Oct 7	2013	IBlocklist_hijacked
                                          Oct 7	2013	IBlocklist_hijacked.gz
                                          Oct 7	2013	IBlocklist_forumspam
                                          Oct 7	2013	IBlocklist_forumspam.gz
                                          Oct 7	2013	IBlocklist_dshield
                                          Oct 7	2013	IBlocklist_dshield.gz
                                          Oct 7	2013	IBlocklist_badpeers
                                          Oct 7	2013	IBlocklist_badpeers.gz
                                          Oct 7	2013	IBlocklist_ads
                                          Oct 7	2013	IBlocklist_ads.gz
                                          Oct 7	2013	IBlocklist_ZeuS
                                          Oct 7	2013	IBlocklist_ZeuS.gz
                                          Oct 7	2013	IBlocklist_SpyEye
                                          Oct 7	2013	IBlocklist_SpyEye.gz
                                          Oct 7	2013	IBlocklist_Palevo
                                          Oct 7	2013	IBlocklist_Palevo.gz
                                          Oct 7	2013	IBlocklist_Malicious
                                          Oct 7	2013	IBlocklist_Malicious.gz
                                          Oct 7	2013	IBlocklist_DROP
                                          Oct 7	2013	IBlocklist_DROP.gz
                                          Oct 7	2013	IBlock_malc0de.gz
                                          Oct 7	2013	IBlock_dshield.gz
                                          Oct 7	2013	IBlock_adserversYoyo.gz
                                          Oct 7	2013	IBlock_ZeuS.gz
                                          Oct 7	2013	IBlock_Web.gz
                                          Oct 7	2013	IBlock_Tor.gz
                                          Oct 7	2013	IBlock_Spyware.gz
                                          Oct 7	2013	IBlock_SpyEye.gz
                                          Oct 7	2013	IBlock_Proxy.gz
                                          Oct 7	2013	IBlock_Palevo.gz
                                          Oct 7	2013	IBlock_Malicious.gz
                                          Oct 7	2013	IBlock_Hijack.gz
                                          Oct 7	2013	IBlock_FS.gz
                                          Oct 7	2013	IBlock_DROP.gz
                                          Oct 7	2013	IBlock_Badpeer.gz
                                          Oct 7	2013	IBlock_BT_Web.gz
                                          Oct 7	2013	IBlock_BT_Spy.gz
                                          Oct 7	2013	IBlock_BT_Hijack.gz
                                          Oct 7	2013	IBlock_BT_FS.gz
                                          Oct 7	2013	IBlock_Ads.gz
                                          Oct 7	2013	IBlock2_Tor2.gz
                                          Oct 7	2013	IBloc_Proxy.gz
                                          Oct 7	2013	IBloc_BT_Web.gz
                                          Oct 7	2013	IBloc_BT_Spy.gz
                                          Oct 7	2013	IBloc_BT_Hijack.gz
                                          Oct 7	2013	IBloc_BT_FS.gz
                                          Oct 7	2013	IBloc_Ads.gz
                                          Oct 7	2013	IBhijacked.gz
                                          Oct 7	2013	IBforumspam.gz
                                          Oct 7	2013	IBdshield.gz
                                          Oct 7	2013	IBbadpeers.gz
                                          Oct 7	2013	IBads.zip
                                          Oct 7	2013	IBads.gz
                                          Oct 7	2013	IBZeuS.gz
                                          Oct 7	2013	IBSpyEye.gz
                                          Oct 7	2013	IBPalevo.gz
                                          Oct 7	2013	IBMalicious.gz
                                          Oct 7	2013	IBDROP.gz
                                          Oct 7	2013	Abuse_Spyeye
                                          Oct 7	2013	Abuse_Palevo
                                          Oct 7	2014	SRI_Attackers
                                          Oct 7	2014	SRI_CC
                                          Jan 19	12:36	Geopsy.raw
                                          Apr 11	17:51	MDL
                                          Apr 17	07:30	ET_Block
                                          Apr 17	07:30	ET_Comp
                                          Apr 18	06:12	ET_Tor.raw
                                          Apr 18	16:17	Malcode
                                          Apr 19	01:05	Nothink_Malware
                                          Apr 19	01:05	Nothink_BL
                                          Apr 19	01:05	Nothink_SSH
                                          Apr 19	03:06	Atlas_Attacks.raw
                                          Apr 19	03:11	Atlas_Botnets.raw
                                          Apr 19	03:16	Atlas_Phishing.raw
                                          Apr 19	03:19	Atlas_Scans.raw
                                          Apr 19	03:21	Atlas_Fastflux.raw
                                          Apr 19	05:00	DRG_HTTP
                                          Apr 19	14:49	Atlas_Attacks
                                          Apr 19	14:49	Atlas_Botnets
                                          Apr 19	14:49	Atlas_Fastflux
                                          Apr 19	14:49	Atlas_Phishing
                                          Apr 19	14:49	Atlas_Scans
                                          Apr 19	14:50	Geopsy
                                          Apr 19	14:51	Blut_Tor
                                          Apr 19	14:51	ET_Tor
                                          Apr 19	15:00	pfB_Top_v4
                                          Apr 19	15:04	DRG_VNC
                                          Apr 19	15:04	DRG_SSH
                                          Apr 19	15:10	Infiltrated
                                          Apr 19	15:30	Shunlist.raw
                                          Apr 19	15:42	BlocklistDE
                                          Apr 19	16:01	Alienvault.gz
                                          Apr 19	16:01	Alienvault
                                          Apr 19	16:01	HoneyPot.raw
                                          Apr 19	16:01	HoneyPot
                                          Apr 19	16:01	DangerRulez
                                          Apr 19	16:01	Shunlist
                                          Apr 19	16:01	Feodo_Block
                                          Apr 19	16:01	Feodo_Bad
                                          Apr 19	16:01	Maxmind.raw
                                          Apr 19	16:01	Maxmind
                                          Apr 19	16:01	BotScout.raw
                                          Apr 19	16:01	BotScout
                                          Apr 19	16:01	Greensnow
                                          Apr 19	16:02	OpenBL.gz
                                          Apr 19	16:03	MalwareGroup.raw
                                          Apr 19	16:03	MalwareGroup
                                          Apr 19	16:03	OpenBL
                                          Apr 19	16:03	BadIPs
                                          Apr 19	16:15	CIArmy
                                          Apr 19	16:34	Abuse_Zeus
                                          Apr 19	16:53	BBC_Goz.raw
                                          Apr 19	16:56	dShield_Block.raw
                                          Apr 19	17:00	Snort_BL
                                          Apr 19	17:00	Abuse_SSLBL.raw
                                          Apr 19	17:00	Abuse_SSLBL
                                          Apr 19	17:00	dShield_Block
                                          Apr 19	17:00	BBC_Goz
                                          Apr 19	17:00	IBspyware
                                          Apr 19	17:00	IBads
                                          Apr 19	17:00	IBproxy
                                          Apr 19	17:00	IBhijacked
                                          Apr 19	17:00	IBbadpeers
                                          Apr 19	17:00	IBwebexploit
                                          Apr 19	17:00	IBforumspam
                                          Apr 19	17:00	IBdshield
                                          Apr 19	17:00	IBZeuS
                                          Apr 19	17:00	IBSpyEye
                                          Apr 19	17:00	IBDROP
                                          Apr 19	17:00	IBmalc0de
                                          Apr 19	17:00	IBPalevo
                                          Apr 19	17:00	IBMalicious
                                          Apr 19	17:16	Bambenek_C2IPFeed
                                          Apr 19	17:22	WatchGuard
                                          ===============================================================
                                          
                                          Sanity Check (Not Including IPv6)  ** These two Counts should Match! **
                                          ------------
                                          Masterfile Count    [ 100991 ]
                                          Deny folder Count   [ 100991 ]
                                          
                                          Duplication Sanity Check (Pass=No IPs reported)
                                          ------------------------
                                          Masterfile/Deny Folder Uniq check
                                          Deny Folder/Masterfile Uniq check
                                          
                                          Sync Check (Pass=No IPs reported)
                                          ----------
                                          
                                          IPv4 Alias Table IP Total
                                          -----------------------------
                                          100993
                                          
                                          IPv6 Alias Table IP Total
                                          -----------------------------
                                          0
                                          
                                          Alias Table IP Counts
                                          -----------------------------
                                            100993 total
                                             63463 /var/db/aliastables/pfB_Top_v4.txt
                                             16982 /var/db/aliastables/pfB_PRI3.txt
                                              9432 /var/db/aliastables/pfB_PRI2.txt
                                              7619 /var/db/aliastables/pfB_SEC1.txt
                                              3177 /var/db/aliastables/pfB_PRI1.txt
                                               320 /var/db/aliastables/pfB_TOR.txt
                                          
                                          pfSense Table Stats
                                          -------------------
                                          table-entries hard limit  2000000
                                          Table Usage Count        101003
                                          
                                           UPDATE PROCESS ENDED [ 04/19/15 17:22:34 ]
                                          
                                          

                                          Untitled.jpg
                                          Untitled.jpg_thumb

                                          1 Reply Last reply Reply Quote 0
                                          • BBcan177B
                                            BBcan177 Moderator
                                            last edited by

                                            Hi n3by,

                                            I would suggest that you uncheck "Keep Settings" and Disable pfBNG, and click "Save"… This will clear out all of the previously downloaded files... then enable "Keep" and pfBNG and execute a "Force Update".

                                            I tried to download the URL you sent to me and it downloaded ok in my test box.

                                            "Experience is something you don't get until just after you need it."

                                            Website: http://pfBlockerNG.com
                                            Twitter: @BBcan177  #pfBlockerNG
                                            Reddit: https://www.reddit.com/r/pfBlockerNG/new/

                                            1 Reply Last reply Reply Quote 0
                                            • First post
                                              Last post
                                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.