PfBlockerNG



  • If you want to test pfBlockerNG on 2.2,

    create this patch using systempatches package.

    
    --- pkg-utils.orig.inc       2015-01-27 14:27:38.000000000 +0000
    +++ pkg-utils.inc      2015-01-27 14:27:50.000000000 +0000
    @@ -624,6 +624,7 @@
                    if (isset($pkg_info['maximum_version']))
                            $compatible = $compatible && (pfs_version_compare("", $version, $pkg_info['maximum_version']) <= 0);
    
    +               $compatible = true;
                    if (!$compatible) {
                            log_error(sprintf(gettext('Package %s is not supported on this version.'), $pkg_info['name']));
                            $static_output .= sprintf(gettext("Package %s is not supported on this version."), $pkg_info['name']);
    
    

    Note: Do not forget to click test and apply the patch after creating/saving  it.  ;)

    then install package with your pfsense url

    https://YOUR_PFSENSE_ADDRESS_HERE/pkg_mgr_install.php?id=pfBlockerNG
    

    And of cource, DO AT YOUR OWN RISK  :)






  • Your instructions are great, they're for dummies like me.

    It's greatly appreciated! I'm going to try and hit the datacenter this weekend. I'm doing a fresh install and moving from 2.1.5 (32bit) to 2.2 (64bit). I'll try installing pfBlockerNG then.

    Thank you!



  • is it  compatible with 32bit version?



  • Banned

    The package? Sure. The pkg-utils.inc patch? No idea, never tried.



  • i try install pfblockerng on 32bit pfsense with this patch and it failed.



  • Edit: They aren't built for 2.1.5. Only for 2.2

    http://files.pfsense.org/packages/10/All/

    
    pfblockerng-1.6.3_1-amd64.pbi                      27-Nov-2014 13:15             2743546
    pfblockerng-1.6.3_1-amd64.pbi.sha256               27-Nov-2014 13:15                  65
    pfblockerng-1.6.3_1-i386.pbi                       27-Nov-2014 13:23             2909780
    pfblockerng-1.6.3_1-i386.pbi.sha256                27-Nov-2014 13:23                  65
    
    

    i dont see anything in http://files.pfsense.org/packages/8/All/ for 2.1.5



  • ok, thx. this make sense to me.


  • Banned

    @Cino:

    I dont believe the pbi's are built for 32bit yet

    They certainly are, see https://files.pfsense.org/packages/10/All/

    Looking at the pkg-utils.inc file, you'd rather need $force_install = true; at proper place instead.



  • @doktornotor:

    @Cino:

    I dont believe the pbi's are built for 32bit yet

    They certainly are, see https://files.pfsense.org/packages/10/All/

    Looking at the pkg-utils.inc file, you'd rather need $force_install = true; at proper place instead.

    I corrected my post… They are not created for 2.1.5


  • Banned

    About time to upgrade. :P



  • than if is 32bit ready and i install on pfsense 2.2. release 32 bit i dont know why i cant install with posted patch.


  • Banned

    Already posted a hint above. As said, never tested the patch, edit the version temporarily and move on.



  • @marian78:

    i try install pfblockerng on 32bit pfsense with this patch and it failed.

    Did you tested and applied the patch under systempatches? the screen I've sent show how to create the patch but you need to apply after saving.

    Or edit file manually if you know how to handle with it.



  • aaa ,stupig me. i forgot apply patch…...... sorry. Now installed....


  • Banned

    Uhm… censored



  • ye, ******* :)



  • I've updated the install steps to make it easier :)



  • Output of full patch apply test:
    /usr/bin/patch –directory=/ -t -p1 -i /var/patches/54c7f4a39c5e8.patch --check --forward --ignore-whitespace

    Hmm...  Looks like a unified diff to me...
    The text leading up to this was:

    -- pkg-utils.orig.inc      2015-01-27 14:27:38.000000000 +0000

    +++ pkg-utils.inc      2015-01-27 14:27:50.000000000 +0000

    No file to patch.  Skipping...
    Hunk #1 ignored at 624.
    1 out of 1 hunks ignored while patching pkg-utils.inc
    done
    Close

    Is the patch info I got when I tried to use your patch.  I am running 64 bit release 2.2


  • Banned

    -p1 is obviously wrong with –directory=/

    Kindly use the System Patches package and see the screenshot above. If you cannot handle that, you probably should avoid doing similar changes in the first place.



  • I did use SYSTEM patches and pasted that in the code window and hit Test patch and this is the result I got


  • Banned

    Go back to the screenshot. Really.



  • I found the problem it was the screenshot I did I typo in my directory area

    Thank you and sorry for the posts regarding this



  • Is there a suggested base directory for the patch mentioned earlier?

    I'm pretty new and trying my best, but I can't figure this part out.  I looked at the screen shots and it shows /etc/inc, yet I cannot progress to the next step of the instructions (install…).

    Thank you in advance for your time, I appreciate your comments.



  • It's /etc/inc/ dir just like the screenshot shows.

    Save the patch then click on test (see what it returns)  then apply it.



  • Thank you for your reply, Marc :) With some help, it is now up and going.

    I'm going to go into the corner now and hang my head in shame lol.



  • This is working great great!

    Thank you BBcan!

    Thanks marcelloc and doktornotor for showing how to get this downloaded and installed.



  • Someone should make a page on how to use this on

    https://doc.pfsense.org/index.php/PfblockerNG

    I got it running just trying to get the lists I put in to block like the old did. Still more testing on it.



  • I think the first steps is for this package to become an Official pfSense package.. before anything else

    Its use at your own risk. I'll help out with support/tips once its official but until then, I can't. I don't want to be responsible if my advice breaks your box. It is pretty easy to use, just read the pages ;-) Everything you need to know if there



  • @marcelloc - Thanks a million for the steps to install pfBlockerNG. I was just a tad disappointed to see that the installed version doesn't have the DNSBL tabs. Is there any way to get the version that's referenced in this post?

    Thanks,
    MediocreFred.



  • It's not merged yet and still in the testing phase


  • Moderator

    @MediocreFred:

    I was just a tad disappointed to see that the installed version doesn't have the DNSBL tabs.

    DNSBL - I am still developing this at the moment.

    pfBlockerNG v1.0 still needs to be reviewed by the Devs for it to be an Official pkg.

    So I expect that I will release DNSBL in v2.0. I also expect to have easylist AdBlock plus integrated into the pkg. It won't have all of those features, but it will pull all of the AdBlock domains for blocking.



  • if I restore the config from the old pfblocker package, will NG pick it up? Or do I have to reconfigure it from scratch?



  • You'll have to configure it from scratch. Its a brand new package, separate from pfBlocker



  • @BBcan177:

    @MediocreFred:

    I was just a tad disappointed to see that the installed version doesn't have the DNSBL tabs.

    So I expect that I will release DNSBL in v2.0. I also expect to have easylist AdBlock plus integrated into the pkg. It won't have all of those features, but it will pull all of the AdBlock domains for blocking.

    Ah you liked my idea and think you can bring in those lists? They are not standard like CIDR or IP lists.  That would be amazing.

    Wonder if there could be history little long in the widget on home page so you can refresh screen and not zero out all the hits blocked? Maybe option for how long you want to keep or clear each time refresh for those that like that. 
    The Alerts page also maybe could have some range of days you would like to see. Maybe the widget has direct link to that page with the logs link you have


  • Moderator

    @Topper727:

    They are not standard like CIDR or IP lists.  That would be amazing.

    Yes DNSBL is already designed to handle domain names. Take a look at the Link in the post above. I have the most common formats already working, I have played with AdBlock plus list about a month ago, but put it aside for now, as it's in a non-standard format. I want to get the key parts of the code working first before spending more time on this AdBlock feature.. But it is on to todo list. So this will be released in v2.0 of pfBNG.

    Wonder if there could be history little long in the widget on home page so you can refresh screen and not zero out all the hits blocked? Maybe option for how long you want to keep or clear each time refresh for those that like that.

    The widget counts are "0" when the filter_reload is executed. So the design pfBNG is to only clear the widget when there are rules changes. So if the rules remain static, the widget counts will continue to increase without being cleared… This is the design of pfctl as that is where the counts are queried from.

    The Alerts page also maybe could have some range of days you would like to see. Maybe the widget has direct link to that page with the logs link you have

    The Alerts tab is not the place to handle queries of that nature. The best would be to send the logs to a remote syslog server for further analysis and correlation.  The Alerts Tab references the pfSense Firewall log, which in itself doesn't hold data for very long.



  • @BBcan177:

    So I expect that I will release DNSBL in v2.0. I also expect to have easylist AdBlock plus integrated into the pkg. It won't have all of those features, but it will pull all of the AdBlock domains for blocking.

    ::drool…

    Your teaser screenshots with DNSBL look pretty darn perfect! Go ahead and roll it into v1.0 and we can deal with any reported bugs later :)

    Or, can you release the DNSBL version - in its current state - as a beta package?



  • BBcan177, when time allows, consider adding MaxMind's Anonymous Proxy and Satellite "countries".

    I'm not sure where in the GUI to shoehorn them in.
    Anonymous Proxy might be worth replacing someone in the top 20.  Satellite - not a good fit there.

    It'd be sort of cool to have an option to auto-generate a couple of lists in the IPv4 section.
    That's just a serving suggestion. I know you have plenty of code to manage already.

    and
    I can't thank you enough for NG.
    and
    I hope marcelloc already knows how much he is appreciated.



  • I believe the Satelite and Anonymous Proxy lists are included in the lists BB sent out to the testers. Here is Anonymous Proxy's, set it to HTML.

    https://www.maxmind.com/en/anonymous_proxies

    @LinuxTracker:

    BBcan177, when time allows, consider adding MaxMind's Anonymous Proxy and Satellite "countries".

    I'm not sure where in the GUI to shoehorn them in.
    Anonymous Proxy might be worth replacing someone in the top 20.  Satellite - not a good fit there.

    It'd be sort of cool to have an option to auto-generate a couple of lists in the IPv4 section.
    That's just a serving suggestion. I know you have plenty of code to manage already.

    and
    I can't thank you enough for NG.
    and
    I hope marcelloc already knows how much he is appreciated.


  • Moderator

    @LinuxTracker:

    BBcan177, when time allows, consider adding MaxMind's Anonymous Proxy and Satellite "countries".

    Thanks _LinuxTracke_r… I had this on my todo list.. But got sidetracked  ;)

    Here is a screenshot of the new "Proxy and Satellite" Tab. Once I get it tested, I will submit a PR for the changes.
    In the meantime, the URL that wcrowder sent will suffice for the Maxmind Proxy List.

    On another note, You can create custom Aliases for Country/Continents. All of the Countries/Continent Files are in /var/db/pfblockerng/cc folder. These can be individually used as "Localfiles" in the URL field.



  • Amazing what this is becoming.  If ever package had this support and dedication Pfsense would jump new levels in users I am sure


Log in to reply