pfSense Support Subscription

Author Topic: pfBlockerNG  (Read 283542 times)

0 Members and 1 Guest are viewing this topic.

Offline wbennett77

  • Jr. Member
  • **
  • Posts: 52
  • Karma: +20/-1
    • View Profile
pfBlockerNG
« on: January 03, 2015, 11:05:31 am »
pfBlockerNG v1.0 – Official Release

This is a new package based upon the previous pfBlocker package. pfBlockerNG is basically an IP Download manager. It can collect IPs from a multitude of sources. The auto-creation of Firewall rules in Deny, Permit and Match. Firewall rules can also be created on any Interface including the 'Floating' interface. Custom setup can be achieved utilizing the Alias Format.

Improved Features

[ Country Blocking ]
Country Blocking utilizes Maxmind Inc. Free GeoLite2 IP geolocation databases (IPv4/6). The data is 99.8% accurate for Country Codes and is updated the first Tuesday of each Month. The download hour is randomized (0-23) to reduce a surge in downloads to any specific hour.

[ Cron
1. Min Start time (00, 15, 30, 45)
2. Base Hour Start Time (0-23)
3. Update hours of (1,2,3,4,6,8,12,24, and weekly)
4. Time/Date file check to skip downloads where remote file remains unchanged.
5. On any download fail, a Query is now performed to see if a BlockList or IDS  (Snort/Suricata) has blocked the Lists download.  ( see error.log )
6. Multiple list formats available – txt, gz (Iblock), gz (all other), zip, xlsx, block and html based lists.
7. Individual lists can be enabled/disabled in an 'Alias'. Lists can also be put on “Hold”
8. If Firewall Rule changes are made a 'Filter Reload' is performed, otherwise a pfctl command updates the Alias Tables as required. This will minimize Log spamming and will not clear the Widget packet counts.

[ Logging ]  With the real-time viewer, all pfBlockerNG functions are easily managed.
1. Selecting any of the “Force” buttons in the Update Tab will run a Live Log viewer.
2. Logging for Each Alias can be individually controlled.
3. Global Logging can be selected for all Aliases

[ Firewall Rules Ordering ] Four rule ordering options are now available to re-order Firewall Rules based upon user specific network requirements.

[ XML RPC Sync ] Improvements to http/https and Username. The 'General Tab settings' can also be excluded from the sync to allow for Site specific customizations.

[ Widget ] Enabled status, Links to Alerts/Log page, IP Counts and failed download alerting.

[ IPv4/6 ] Improved Regex Parsers to validate IP address.


New Features

[ De-Duplication ] Utilizing a tool called Grepcidr by Jem Berkes (Partially funded by Spamhaus).
“grepcidr can be used to filter a list of IP addresses against one or more Classless Inter-Domain Routing (CIDR) specifications. “

[ Suppression ] IP address(es) may be suppressed from the Lists. The new Alerts Tab, allows for an immediate clear of the Blocked IP and prevents the re-occurrence of the IP thereafter. Country Blocking Suppression will require a new “Permit Outbound” Alias.

[ Reputation ] An advanced process to analyze for Repeat Offenders in each IP Range.

[ Emerging Threats IQRisk ] A professional IP list accessible via Subscription only. This list can    be used for Blocking or Match Rules.

[ IPv6 ] As lists become available, IPv6 is now supported. User Custom Lists can also be used.

[ Log Browser ] All files are easily managed via the Log Browser management Tab. Lists can also be downloaded to your local machine.

[ Alerts Tab ] Deny, Permit and Match alerts are visible all in one Tab. IPs can be resolved by clicked the “!” icon. IPs can also be suppressed. The List that contains the IP is also referenced.


Thanks,
BBCan177

[ Thanks to wbennett77 for allowing me to commandeer this first post in the thread! ]
« Last Edit: February 02, 2015, 01:26:53 pm by wbennett77 »
Dell Optiplex 390 Pfsense 2.2 / Asus AC56U Wireless AP / Asus Switch

Offline Supermule

  • Hero Member
  • *****
  • Posts: 2530
  • Karma: +77/-102
    • View Profile
Re: pfBlockerNG
« Reply #1 on: January 03, 2015, 11:09:03 am »
Via the private repository but it will be available soon as a pfsense package.

Be patient :)
Kind regards Brian


Offline justsomeguy6575

  • Jr. Member
  • **
  • Posts: 71
  • Karma: +0/-0
    • View Profile
Re: pfBlockerNG
« Reply #2 on: January 08, 2015, 08:50:04 pm »
Can us mortals access this private repository? I'm guessing private probably means no which is ok. I've just got the upgrade itch. I've been holding off updating to the latest nightly as it sounds like there are issues with it and the current pfblocker.

Offline Supermule

  • Hero Member
  • *****
  • Posts: 2530
  • Karma: +77/-102
    • View Profile
Re: pfBlockerNG
« Reply #3 on: January 08, 2015, 11:23:42 pm »
Its very close to release afaik so keep the itch under control for a short while.

:)
Kind regards Brian


Offline Mr. Jingles

  • Hero Member
  • *****
  • Posts: 1136
  • Karma: +92/-724
    • View Profile
    • The FreeBSD Foundation
Re: pfBlockerNG
« Reply #4 on: January 09, 2015, 11:24:05 am »
I'm eagerly awaiting it in the Repo too  :P

BB is very skilled (and kind  ;) ), as are the current beta-testers I know off. BB tried to help me set it up in a virtual machine, but I couldn't get it to work. So I'll simply have to wait until it's in the repository. I think I'll drewl if I see what this Master has made  ;D

Offline wcrowder

  • Full Member
  • ***
  • Posts: 118
  • Karma: +12/-5
    • View Profile
Re: pfBlockerNG
« Reply #5 on: January 11, 2015, 04:36:18 pm »
Wait till you see what he's done for Unbound (DNS Resolver) on 2.2  :D

Offline simby

  • Full Member
  • ***
  • Posts: 206
  • Karma: +0/-0
    • View Profile
Re: pfBlockerNG
« Reply #6 on: January 14, 2015, 12:40:44 am »
Any picture?

Offline Cino

  • Hero Member
  • *****
  • Posts: 1516
  • Karma: +61/-2
    • View Profile
Re: pfBlockerNG
« Reply #7 on: January 14, 2015, 06:32:49 am »
Any picture?

thats like watching porn, why would you want to be teased?

Offline KOM

  • Hero Member
  • *****
  • Posts: 5270
  • Karma: +657/-18
    • View Profile
Re: pfBlockerNG
« Reply #8 on: January 14, 2015, 08:16:13 am »
Quote
why would you want to be teased?

He paid extra for that

Offline Mr. Jingles

  • Hero Member
  • *****
  • Posts: 1136
  • Karma: +92/-724
    • View Profile
    • The FreeBSD Foundation
Re: pfBlockerNG
« Reply #9 on: January 14, 2015, 10:50:31 am »
Any picture?

If rumors are true, it should be looking a lot like this ( ;D ;D ;D )

Offline wcrowder

  • Full Member
  • ***
  • Posts: 118
  • Karma: +12/-5
    • View Profile
Re: pfBlockerNG
« Reply #10 on: January 20, 2015, 07:15:10 pm »
Hmm... Probably going to get slapped via email... :)
« Last Edit: January 20, 2015, 07:27:27 pm by wcrowder »

Offline BBcan177

  • Moderator
  • Hero Member
  • *****
  • Posts: 2468
  • Karma: +750/-5
    • View Profile
    • Click for Support
Re: pfBlockerNG
« Reply #11 on: January 20, 2015, 07:33:41 pm »
I think you can't do better than Mr Jingles pic  ;D
"Experience is something you don't get until just after you need it."

 | Twitter @BBcan177  | #pfBlockerNG |

Offline dancwilliams

  • Newbie
  • *
  • Posts: 19
  • Karma: +2/-0
    • View Profile
Re: pfBlockerNG
« Reply #12 on: January 20, 2015, 08:42:21 pm »
I think you can't do better than Mr Jingles pic  ;D

I would have to agree!   ::)

Offline Topper727

  • Full Member
  • ***
  • Posts: 245
  • Karma: +25/-0
    • View Profile
Re: pfBlockerNG
« Reply #13 on: January 20, 2015, 09:33:36 pm »
I wait for it.. nice
Dell 2950 g3 server
Intel(R) Xeon(R) CPU E5430 @ 2.66GHz
Current: 2000 MHz, Max: 2667 MHz
8 CPUs: 2 package(s) x 4 core(s)
8152 MiB and 600meg 10k drive
Pfsense 2.4 .. Hoping to get the phpvirtualbox going again.

Offline GoldServe

  • Sr. Member
  • ****
  • Posts: 301
  • Karma: +1/-0
    • View Profile
Re: pfBlockerNG
« Reply #14 on: January 21, 2015, 06:20:31 am »
I have a request to make. Is it possible to put a port in the whitelist so I can always permit VPN port regardless of country I am traveling in?