The pfSense Store

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - taryezveb

Pages: [1] 2 3 4 5 ... 8
1
pfBlockerNG / Re: pfBlockerNG
« on: September 01, 2015, 01:36:26 pm »
IBlock again! Would have been nice to see which list was causing the issue... Some other poor sucker is going to get hit with that at some point... :)

Unfortunately did not have the time to test, sorry.

I am contemplating adding a feature to allow auto updating the Lists/Feeds for a future release. I am finalizing v2.0 which has DNSBL domain name blocking via Unbound Resolver and hope to get that released soon...

Looking forward to try this.

Thank You

2
pfBlockerNG / Re: pfBlockerNG
« on: August 28, 2015, 03:07:07 pm »
BBcan177,

Was finally able to do what you suggested. Got rid of those IBlock
lists, did not bother to see which list was causing the no internet
issue on reboot. Using your pfBlockerNG_import.php script, posted
here[0] by doktornotor and following superweasel's instructions[1]. No
more reboot issues.

For those that are going to use the pfBlockerNG_import.php script. There
are a few things you still need to do, after following superweasel's
instructions:

Firewall => pfBlockerNG => IPv4 tab

Edit each Alias/List Configuration to:

Enable the lists you want to use. Ie. 'State' to 'ON'.

And 'List Action' as needed.

Do not forget to 'Save' your changes. And also Force an Update and
Reload]; in:

Firewall => pfBlockerNG => Update tab


Once all that is done, will still need to adjust the feeds as they
change from time to time. Take a look at the error.log log file:

Firewall => pfBlockerNG => Logs tab

And this post[2] from BBcan177 for some hints. When done repeat the
Force [Update, Reload].



Is pfBlockerNG_import.php hosted somewhere and kept up to date? A search
did not bring up anything.


Would like to Thank all for the information in this thread. Specifically
for the information above, BBcan177, doktornotor and superweasel.
Especially BBcan177, without whom this would not be possible.

Thank You

3
pfBlockerNG / Re: pfBlockerNG
« on: July 16, 2015, 11:00:22 am »
BBcan177,

A reboot was forced on me; power went out again :) So can answer some of your questions:

On reboot is there a delay in the Reboot process? ie - Stuck on "Loading Firewall ... " in the pfSense boot console screen?

Can not answer this for sure, still have no monitor. Like said before do not recall any such issue.

After pfSense Boots, does the widget show entries in the packet column? or is it all blank?

Can verify, all blank.

When you hover-over the Firewall Rules for pfBNG, does each Firewall rule popup a table showing the IP addresses?

All blank as well.

Run the following commands when there are issues, and report back with the output.

    /sbin/pfctl -vvsTables | grep -A4 'pfB_'
    ls -lah /var/db/aliastables/*

Here is the output of both commands, before restarting pfBlockerNG:

Code: [Select]
# /sbin/pfctl -vvsTables | grep -A4 'pfB_'
#
# ls -lah /var/db/aliastables/*
-rw-r--r--  1 root  wheel   3.4K Jul 16 11:00 /var/db/aliastables/pfB_BC.txt
-rw-r--r--  1 root  wheel     0B Jul  1 12:49 /var/db/aliastables/pfB_BC.txt.tmp
-rw-r--r--  1 root  wheel   6.6M Jul 16 11:00 /var/db/aliastables/pfB_Bluetack.txt
-rw-r--r--  1 root  wheel     0B Jul  1 12:49 /var/db/aliastables/pfB_Bluetack.txt.tmp
-rw-r--r--  1 root  wheel    12M Jul 16 11:00 /var/db/aliastables/pfB_TBG.txt
-rw-r--r--  1 root  wheel     0B Jul  1 12:49 /var/db/aliastables/pfB_TBG.txt.tmp


Here is the output of both commands, after restarting pfBlockerNG:

Code: [Select]
# /sbin/pfctl -vvsTables | grep -A4 'pfB_'
-pa---- pfB_BC
        Addresses:   102
        Cleared:     Thu Jul 16 11:03:42 2015
        References:  [ Anchors: 0                  Rules: 0                  ]
        Evaluations: [ NoMatch: 0                  Match: 0                  ]
--
-pa---- pfB_Bluetack
        Addresses:   423729
        Cleared:     Thu Jul 16 11:03:39 2015
        References:  [ Anchors: 0                  Rules: 0                  ]
        Evaluations: [ NoMatch: 0                  Match: 0                  ]

# ls -lah /var/db/aliastables/*
-rw-r--r--  1 root  wheel   3.4K Jul 16 11:03 /var/db/aliastables/pfB_BC.txt
-rw-r--r--  1 root  wheel     0B Jul  1 12:49 /var/db/aliastables/pfB_BC.txt.tmp
-rw-r--r--  1 root  wheel   6.6M Jul 16 11:03 /var/db/aliastables/pfB_Bluetack.txt
-rw-r--r--  1 root  wheel     0B Jul  1 12:49 /var/db/aliastables/pfB_Bluetack.txt.tmp
-rw-r--r--  1 root  wheel    12M Jul 16 11:03 /var/db/aliastables/pfB_TBG.txt
-rw-r--r--  1 root  wheel     0B Jul  1 12:49 /var/db/aliastables/pfB_TBG.txt.tmp

As you can tell from the above, the pfB_TBG alias does not get loaded. The widget shows no entries for pfB_TBG alias or when hovering over the floating firewall rule for it. In the /var/log/pfblockerng/pfblockerng.log, shows the pfB_TBG alias fails to load:

Code: [Select]
Updating: pfB_TBG
no IP address found for /31pfctl: cannot load /var/db/aliastables/pfB_TBG.txt: No error: 0

And here is the full output after restarting pfBlockerNG, forcing an update, cron and reload:

Code: [Select]
**Saving Configuration [ 07/16/15 11:01:57 ] ...

**Saving Configuration [ 07/16/15 11:02:07 ] ...
 UPDATE PROCESS START [ 07/16/15 11:02:20 ]

[ level1 ] exists, Reloading File
[ level2 ] exists, Reloading File
[ level3 ] exists, Reloading File
[ ads ] exists, Reloading File
[ spyware ] exists, Reloading File
[ badpeers ] exists, Reloading File
[ hijacked ] exists, Reloading File
[ dshield ] exists, Reloading File
[ bogon ] exists, Reloading File
[ Primary_Threats ] exists, Reloading File
[ Hijacked ] exists, Reloading File
[ Bogon ] exists, Reloading File
[ General_Corporate_Ranges ] exists, Reloading File
[ Business_ISPs ] exists, Reloading File
[ Search_Engines ] exists, Reloading File
[ c2_IP_Feed ] exists, Reloading File
[ c2_All_Indicator_Feed ] exists, Reloading File

===[  Aliastables / Rules  ]================================

No Changes to Firewall Rules, Skipping Filter Reload
No Changes to Aliases, Skipping pfctl Update

 UPDATE PROCESS ENDED [ 07/16/15 11:02:22 ]
 CRON  PROCESS  START [ 07/16/15 11:02:30 ]

  No Updates required.
 CRON  PROCESS  ENDED
 UPDATE PROCESS ENDED
 UPDATE PROCESS START [ 07/16/15 11:02:41 ]

[ level1 ] Using Previously Downloaded File
[ level2 ] Using Previously Downloaded File [ 07/16/15 11:02:53 ]
[ level3 ] Using Previously Downloaded File [ 07/16/15 11:02:57 ]
[ ads ] Using Previously Downloaded File [ 07/16/15 11:02:58 ]
[ spyware ] Using Previously Downloaded File [ 07/16/15 11:02:59 ]
[ badpeers ] Using Previously Downloaded File
[ hijacked ] Using Previously Downloaded File [ 07/16/15 11:03:00 ]
[ dshield ] Using Previously Downloaded File
[ bogon ] Using Previously Downloaded File
[ Primary_Threats ] Using Previously Downloaded File
[ Hijacked ] Using Previously Downloaded File [ 07/16/15 11:03:17 ]
[ Bogon ] Using Previously Downloaded File
[ General_Corporate_Ranges ] Using Previously Downloaded File
[ Business_ISPs ] Using Previously Downloaded File [ 07/16/15 11:03:28 ]
[ Search_Engines ] Using Previously Downloaded File [ 07/16/15 11:03:34 ]
[ c2_IP_Feed ] Using Previously Downloaded File [ 07/16/15 11:03:35 ]
[ c2_All_Indicator_Feed ] Using Previously Downloaded File

===[  Aliastables / Rules  ]================================

No Changes to Firewall Rules, Skipping Filter Reload

 Updating: pfB_Bluetack
1 table created.423729 addresses added.
 Updating: pfB_TBG
no IP address found for /31pfctl: cannot load /var/db/aliastables/pfB_TBG.txt: No error: 0
 Updating: pfB_BC
1 table created.102 addresses added.

===[ FINAL Processing ]=============================================

   [ Original count   ]  [ 1173166 ]

===[ Deny List IP Counts ]===========================

 1173167 total
  375147 /var/db/pfblockerng/deny/Primary_Threats.txt
  257969 /var/db/pfblockerng/deny/level1.txt
  217513 /var/db/pfblockerng/deny/General_Corporate_Ranges.txt
  145954 /var/db/pfblockerng/deny/Business_ISPs.txt
   89452 /var/db/pfblockerng/deny/level2.txt
   48844 /var/db/pfblockerng/deny/badpeers.txt
   19891 /var/db/pfblockerng/deny/level3.txt
    5575 /var/db/pfblockerng/deny/Bogon.txt
    3654 /var/db/pfblockerng/deny/spyware.txt
    3341 /var/db/pfblockerng/deny/ads.txt
    2731 /var/db/pfblockerng/deny/bogon.txt
    1668 /var/db/pfblockerng/deny/Search_Engines.txt
     604 /var/db/pfblockerng/deny/Hijacked.txt
     536 /var/db/pfblockerng/deny/hijacked.txt
     151 /var/db/pfblockerng/deny/c2_All_Indicator_Feed.txt
      97 /var/db/pfblockerng/deny/c2_IP_Feed.txt
      40 /var/db/pfblockerng/deny/dshield.txt

====================[ Last Updated List Summary ]==============

Jul 15 07:20 spyware.gz
Jul 15 07:20 ads.gz
Jul 15 07:20 badpeers.gz
Jul 15 07:22 Primary_Threats.gz
Jul 15 07:30 dshield.gz
Jul 15 07:36 Hijacked.gz
Jul 15 07:50 hijacked.gz
Jul 15 07:51 bogon.gz
Jul 15 07:51 General_Corporate_Ranges.gz
Jul 15 07:51 level2.gz
Jul 15 07:51 level3.gz
Jul 15 07:51 Business_ISPs.gz
Jul 15 09:00 Bogon.gz
Jul 15 09:01 Search_Engines.gz
Jul 15 12:01 level1.gz
Jul 15 23:56 c2_IP_Feed.raw
Jul 15 23:56 c2_All_Indicator_Feed.raw
Jul 16 11:02 level1
Jul 16 11:02 level2
Jul 16 11:02 level3
Jul 16 11:02 spyware
Jul 16 11:02 ads
Jul 16 11:03 hijacked
Jul 16 11:03 dshield
Jul 16 11:03 bogon
Jul 16 11:03 badpeers
Jul 16 11:03 Primary_Threats
Jul 16 11:03 Hijacked
Jul 16 11:03 Bogon
Jul 16 11:03 General_Corporate_Ranges
Jul 16 11:03 Search_Engines
Jul 16 11:03 Business_ISPs
Jul 16 11:03 c2_IP_Feed
Jul 16 11:03 c2_All_Indicator_Feed
===============================================================

IPv4 Alias Table IP Total
-----------------------------
1173167

IPv6 Alias Table IP Total
-----------------------------
0

Alias Table IP Counts
-----------------------------
 1173167 total
  746461 /var/db/aliastables/pfB_TBG.txt
  426458 /var/db/aliastables/pfB_Bluetack.txt
     248 /var/db/aliastables/pfB_BC.txt

pfSense Table Stats
-------------------
table-entries hard limit  5000000
Table Usage Count        427593

 UPDATE PROCESS ENDED [ 07/16/15 11:03:43 ]

Hope this helps and Thank You.

4
pfBlockerNG / Re: pfBlockerNG
« on: July 15, 2015, 02:52:18 pm »
Hi cyberbot/taryezveb,

Are you running a Nano version/Ramdisk or a full installation of pfSense?

Full install here.

On reboot is there a delay in the Reboot process? ie - Stuck on "Loading Firewall ... " in the pfSense boot console screen?

None that can recall. pfSense boots normally, will verify again tho. Once the new monitor arrives, since the previous one failed and do not have any at the moment. Not much luck with hardware lately :)

After pfSense Boots, does the widget show entries in the packet column? or is it all blank?

It is all blank, will verify again tho.

When you hover-over the Firewall Rules for pfBNG, does each Firewall rule popup a table showing the IP addresses?

Will report back on this, did not think to try that.

Run the following commands when there are issues, and report back with the output.

    /sbin/pfctl -vvsTables | grep -A4 'pfB_'
    ls -lah /var/db/aliastables/*

Will do. Not sure when I can report back, whether forced by power outage or just by rebooting. Need to find the right time to do this, if not forced too. Some people here complain when they can not connect to the internet; I'd rather avoid that if possible ;)

Also having another issue with an alias, that fails to load. Do not think this is the cause of or related to the reboot issue. Since pfBlockerNG keeps on working regardless after it is restarted as explained before. Can supply some details of that now or would it be better to deal with one issue at a time?

Thank You

5
pfBlockerNG / Re: pfBlockerNG
« on: July 14, 2015, 05:59:33 pm »
Just wanted to add, also having issues with pfBlockerNG, but only after a reboot. Which just noticed, because the UPS needs new batteries. Power here is terrible and has gone out several times. Each time after pfSense reboots can not connect to the internet and sometimes even to pfSense.

Guessing this a new issue, since did not notice this before. Either with the recent change to pfSense made with the 2.2.3 update or with the pfBlockerNG 1.09 update. Both happened about the same time. Before those updates everything worked fine, but had not rebooted since the 2.2.2 update. So it is possible that is not the cause.

After connecting to pfSense and unchecking the Enable/Disable checkbox[to disable] and then saving; internet comes back up. After that checking the Enable/Disbable checkbox[to enable] and then saving. And forcing an update, cron and reload; pfBlockerNG works fine after that.

Note, if it matters: the few times I remembered to ping a site[7) Ping host], did not get any packet loss. Before doing the above. Also the Floating Rules are present before doing the above.

Using the defaults for many of the options and just have a few IPV4 lists. Nothing shows in the logs that would be helpful.

Thanks

6
pfBlockerNG / Re: pfBlockerNG
« on: March 25, 2015, 07:39:49 pm »

In my setup, this is what it does, so not sure why it doesn't do that
for you? The code for this is in pfSense base code, (pkg_edit.php). What
theme are you using?

Using the pfsense_ng theme, reverted to the pfsense theme. Still get the
same in chromium and firefox; after logging out closing the window and
opening a new window and logging back in. In case that would make a
difference.

Thank You

7
pfBlockerNG / Re: pfBlockerNG
« on: March 25, 2015, 05:59:23 pm »

Here is another Threat Source for pfBlockerNG :

This feed is provided by :   bambenekconsulting.com

These lists cover the following type of Threats:
  • Banjori
  • Bebloh/URLZone
  • Cryptolocker
  • Cryptowall
  • Dyre
  • Geodo
  • Hesperbot
  • Matsnu
  • Necurs
  • P2P GOZ
  • PT GOZ / New GOZ
  • Pushdo
  • Qakbot
  • Ramnit
  • Symmi
  • Tinba / TinyBanker
Here is a list of all the Feeds available:   All Feeds

I would recommend using the two main IP lists which encompass all of the individual Lists:

     c2 IP Feed                 Master Feed of known, active and non-sinkholed C&Cs IP addresses.

     c2 All Indicator Feed   Master Feed of known, active and non-sinkholed C&Cs indicators

Use the "html" Format to download these Lists. Download frequency of atleast once per day.

** Please read their License and please donate to the charity they run called the "Tumaini Foundation".

If you see Alerts to any of these Lists, please take additional measures to clean up any infections as these IPs are very malicious. So please put these lists into its own Alias.

Thanks for this and your work on pfBlockerNG; a welcomed upgrade to
pfBlocker.

Just started using pflockerNG and have a suggestion. When clicking on
the 'Cancel' button instead of reloading the page, it should take you
back to the previous page. For example, when editing/adding an
alias/list would take you back to the main alias/list page.

Maybe others like the current function. Just seems that when canceling
should go to the previous page, a reload does not convey that whatever
was done was canceled.

Thank You

8
Hardware / Re: Change NIC's without rebuilding pfSense?
« on: September 05, 2012, 02:21:00 pm »
Have needed to do the same a few times; NIC changes. It was pretty straight forward; just starting the machine again or after restoring from a backup configuration. Was asked how to assign the new interfaces. Did the auto detection for interfaces and changed/added the interfaces as needed in the GUI. After which all firewall rules changed to using the new assignments.

But as GruensFroeschli said, editing the config would work also.

9
Hardware / Re: New to pfsense, suggestion please :)
« on: August 24, 2012, 05:30:32 pm »
Here is my build [1].
Very similar to nexusN's build, with the following differences, AFAICT. Went with a mini-itx motherboard and used a dual port NIC [2]. Using quad NIC [3] now.

Realtek NICs tend to have problems with the BSDs, drivers wise from what I've read here on the forums. And also depends how the Realtek chips are implemented, which also makes a diferrence. The Realtek 8111E in the motherboard I used has worked fine for me for wifi, so YMMV. I would chose Intel NICs given a choice.


[1] http://forum.pfsense.org/index.php/topic,44269.msg229700.html
[2] http://ark.intel.com/products/50494/Intel-PRO1000-PT-Dual-Port-Server-Adapter
[3] http://ark.intel.com/products/49187/Intel-Gigabit-ET2-Quad-Port-Server-Adapter

10
Hardware / Re: System good for Pfsense
« on: August 08, 2012, 01:28:57 pm »
To be 100% sure is the controller intel I350, Intel 82576, Intel 82580 supported to?

From what I've read here in the forums and if IIRC. The I350 and 82580 should/might work in 2.1. But the 82576 is supported in 2.0. I'm using the Intel Gigabit ET2 Quad Port Server Adapter[1], which uses the 82576. Working fine here on 2.0.


[1] http://ark.intel.com/products/49187/Intel-Gigabit-ET2-Quad-Port-Server-Adapter

11
Packages / Re: Fixed
« on: June 20, 2012, 02:02:23 am »
All is working great again. Would like to Thank jimp and the other Snort developers, that are working hard on the Snort package. Will donate again soon :D

Edit: To be clear, I'm talking about *only* this issue. Having other Snort issues similar to others on this forum.

12
Those crazy snort errors started with 2.9.2.3.  :P

Never saw that here until today. But I was busy with other stuff and had not done anything with Snort; since 6/12 which would not install due to the barnyard package not being ready.

Thought would best for this error to have it's own thread. But if the mods don't agree, they will move it.

13
2.0.1-RELEASE (amd64)
built on Mon Dec 12 18:43:51 EST 2011
FreeBSD 8.1-RELEASE-p6

Snort: 2.9.2.3 pkg v. 2.2.1

I keep getting the following error when trying to start Snort, just like others have stated[1,2]:

Code: [Select]
/usr/local/bin/snort
/libexec/ld-elf.so.1: /usr/local/lib/libdnet.1: unsupported file layout

It would help when starting from the GUI it would log this error. All I get is:

Code: [Select]
Jun 16 21:06:55 SnortStartup[16291]: Interface Rule START for 0_14987_em1...
Jun 16 21:06:54 SnortStartup[10750]: Toggle for 14987_em1...
Jun 16 21:03:35 SnortStartup[50953]: Interface Rule START for 0_14987_em1...
Jun 16 21:03:35 SnortStartup[45644]: Toggle for 14987_em1...
Jun 16 21:02:27 SnortStartup[36940]: Interface Rule START for 0_14987_em1...
Jun 16 21:02:27 SnortStartup[30983]: Toggle for 14987_em1...

In the system log.

Luckily I read this thread[1,2] and tried starting Snort from the terminal and got the error above.

Note, that Snort was [re]installed a few times; before I saw[1,2]. But kept getting those messages in the system log.

[1] http://forum.pfsense.org/index.php/topic,50301.0.html
[2] http://forum.pfsense.org/index.php/topic,50301.msg268889.html#msg268889

14
Packages / Re: Snort stopped working!
« on: June 12, 2012, 06:11:06 pm »

it will be located here: http://files.pfsense.org/packages/8/All/ when its built

Thanks for all the info :)

15
Packages / Re: Snort Stable 2.9.2.3 pkg v. 2.2 Failed
« on: June 12, 2012, 06:04:04 pm »
Also as Cino points out..

http://forum.pfsense.org/index.php/topic,50397.msg268281.html#msg268281

noticed that too. barnyard2-1.9_2.tbz isnt built yet.. once its built, you should be good to go

Pages: [1] 2 3 4 5 ... 8