pfSense Support Subscription

Author Topic: firehol level 1 list blocking LAN resources  (Read 1262 times)

0 Members and 1 Guest are viewing this topic.

Offline adoucette

  • Jr. Member
  • **
  • Posts: 32
  • Karma: +0/-0
    • View Profile
Re: firehol level 1 list blocking LAN resources
« Reply #15 on: November 24, 2017, 12:53:38 pm »
Thank you seanr22a -- that's very generous of you to compile, filter, host and post. Very generous of iorx as well, above.

I put together a comparison in Excel of the three lists (FireHol lvl 1, iorx's compilation above, and seanr22a's compilation above) and the initial conclusions I draw are:
37% of FireHol Lvl 1's IPs are in iorx's list and 100% are in seanr22a's list
99% of iorx's values are reflected in FireHol's and 65% of the ips are reflected in seanr22a's.
Seanr22a's list may be more comprehensive. It is a 3MB download and has almost 200,000 IPs (the dbsbl list is a 45MB download  :o - may reflect lots of effort on his part).

Excel file attached.

My questions, as a layman, would be:
With the larger list, is there a substantially increased potential for false-positives?
Will this larger list slow down the pfSense box?

Ari
« Last Edit: November 25, 2017, 08:06:52 am by adoucette »

Offline Presbuteros

  • Jr. Member
  • **
  • Posts: 63
  • Karma: +4/-0
    • View Profile
Re: firehol level 1 list blocking LAN resources
« Reply #16 on: November 29, 2017, 02:06:25 am »
Yes, thanks to all who are contributing here.

With the larger list, is there a substantially increased potential for false-positives?
Will this larger list slow down the pfSense box?
Ari

I loaded the list from seanr22a. I took a while to download and compile. It did not "appear" to slow down the pfSense box. My mobo is a Gigabyte GA-J1900N-D3V so a Celeron quad-core 2Ghz and 8 GB of RAM. What I did notice was a lot of issues loading news sites like cnn, foznews, drudgereport, etc. Videos were stalling out and certain essential elements of the page would not load. However, I would like to hear from others on their use of the list and if they had any obvious issues. I simply disabled the list until I have more time to test later.

Offline seanr22a

  • Newbie
  • *
  • Posts: 22
  • Karma: +2/-0
    • View Profile
Re: firehol level 1 list blocking LAN resources
« Reply #17 on: November 29, 2017, 05:43:11 am »
Yes, thanks to all who are contributing here.

I loaded the list from seanr22a. I took a while to download and compile. It did not "appear" to slow down the pfSense box. My mobo is a Gigabyte GA-J1900N-D3V so a Celeron quad-core 2Ghz and 8 GB of RAM. What I did notice was a lot of issues loading news sites like cnn, foznews, drudgereport, etc. Videos were stalling out and certain essential elements of the page would not load. However, I would like to hear from others on their use of the list and if they had any obvious issues. I simply disabled the list until I have more time to test later.

Check the Pfblocker logs for what is blocked related to the sites you visit. You have logs for both DNSBL and IP lists.
As you can see in the info.txt file the lists are made from public available lists maintained by many different people and organizations. Unfortunately there is no list that fits everyone. Simply whitelist those sites that causes you problem, I've done that for many ip's and domains to make it work for me so start dig in to the logs :)

Offline iorx

  • Full Member
  • ***
  • Posts: 144
  • Karma: +4/-0
    • View Profile
Re: firehol level 1 list blocking LAN resources
« Reply #18 on: December 03, 2017, 06:53:54 pm »
I ended up taking BBcan's advice (good advice it always is) and simply put the lists that comprise firehol1 into pfblocker (minus the bogons list of course).

Using the Lvl 1 Feed is going to cause grief... Just don't do it  ;) ;)

Even with Suppression enabled?