Re: [pfSense] how does on create a DNS blacklist with aout 1000 or so entries?

[Benjamin E. Nichols]

Forgive me, but, those arent DNS Blacklists, they are just CCID ip 
blacklists.


This thread clearly has absolutely nothing to do with DNS blacklists.



On 9/30/2016 2:23 PM, Steve Yates wrote:

Basically, but doing it directly would avoid dealing with the package.  
I guess it's just down to how often the chosen list is updated.  And, if it's 
just via allocation, aren't they done allocating IPv4 blocks...

--

Steve Yates
ITS, Inc.

-Original Message-
From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Vick Khera
Sent: Friday, September 30, 2016 2:19 PM
To: pfSense Support and Discussion Mailing List 
Subject: Re: [pfSense] how does on create a DNS blacklist with aout 1000 or so 
entries?

On Fri, Sep 30, 2016 at 12:57 PM, Doug Lytle  wrote:

On 09/30/2016 11:53 AM, Steve Yates wrote:

So you could keep your list somewhere else on a web server.


This is what I do.

And I grab the list from

http://www.wizcrafts.net/chinese-iptables-blocklist.html

Once a month


Isn't this more or less what pfBlockerNG does for you automatically?
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold




--
--

Signed,

Benjamin E. Nichols
http://www.squidblacklist.org

1-405-397-1360 - Call Anytime.

___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] how does on create a DNS blacklist with aout 1000 or so entries?

[Steve Yates]

Basically, but doing it directly would avoid dealing with the package.  
I guess it's just down to how often the chosen list is updated.  And, if it's 
just via allocation, aren't they done allocating IPv4 blocks...

--

Steve Yates
ITS, Inc.

-Original Message-
From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Vick Khera
Sent: Friday, September 30, 2016 2:19 PM
To: pfSense Support and Discussion Mailing List 
Subject: Re: [pfSense] how does on create a DNS blacklist with aout 1000 or so 
entries?

On Fri, Sep 30, 2016 at 12:57 PM, Doug Lytle  wrote:
> On 09/30/2016 11:53 AM, Steve Yates wrote:
>>
>> So you could keep your list somewhere else on a web server.
>
>
> This is what I do.
>
> And I grab the list from
>
> http://www.wizcrafts.net/chinese-iptables-blocklist.html
>
> Once a month
>

Isn't this more or less what pfBlockerNG does for you automatically?
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] how does on create a DNS blacklist with aout 1000 or so entries?

[Vick Khera]

On Fri, Sep 30, 2016 at 12:57 PM, Doug Lytle  wrote:
> On 09/30/2016 11:53 AM, Steve Yates wrote:
>>
>> So you could keep your list somewhere else on a web server.
>
>
> This is what I do.
>
> And I grab the list from
>
> http://www.wizcrafts.net/chinese-iptables-blocklist.html
>
> Once a month
>

Isn't this more or less what pfBlockerNG does for you automatically?
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] how does on create a DNS blacklist with aout 1000 or so entries?

[Doug Lytle]

On 09/30/2016 11:53 AM, Steve Yates wrote:

So you could keep your list somewhere else on a web server.


This is what I do.

And I grab the list from

http://www.wizcrafts.net/chinese-iptables-blocklist.html

Once a month

Doug


___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] how does on create a DNS blacklist with aout 1000 or so entries?

[Steve Yates]

A package like pfBlockerNG will maintain such a list for you.

An alternative, maybe, is that one can set up a "firewall URL alias" that pulls 
its data from a URL.  For instance pfBlockerNG sets them up on our router and 
then refers to them as 
"https://127.0.0.1:443/pfblockerng/pfblockerng.php?pfb=pfB_Africa_v4.;  So you 
could keep your list somewhere else on a web server.

--

Steve Yates
ITS, Inc.

-Original Message-
From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of qmail
Sent: Friday, September 30, 2016 10:30 AM
To: list@lists.pfsense.org
Subject: [pfSense] how does on create a DNS blacklist with aout 1000 or so 
entries?

i's like to blacklist all of mainland china, russia, korea, ..
i could have done it by creating a DNS with just those entries.
I dont see a way to add in BULK a list of bad boys of the internet.

___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] is there a way to get pfsense to not fetch help from the internet?

[Moshe Katz]

Here is the complete list of help pages:
https://github.com/pfsense/pfsense/blob/master/src/usr/local/www/help.php

If you want a local copy, you could spider the pages listed in that file
from doc.pfsense.org with a tool like HTTrack ,
the modify /usr/local/www/help.php to point to your local copy.

Keep in mind that you will probably have to do this again every time you
update pfSense.


Moshe

--
Moshe Katz
-- mo...@ymkatz.net
-- +1(301)867-3732

On Fri, Sep 30, 2016 at 11:33 AM, qmail  wrote:

> Everythime i as for help from pfsense, it appears that it brings up a
> browser, and errors out due to no connection to the internet.
> is there a way to fetch  and then install. and then redirect pfsense to
> look upon itself for that info?
> ___
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold
>
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] how does on create a DNS blacklist with aout 1000 or so entries?

[Todd Russell]

Create an alias for all those IPs under Firewall > Aliases, then use that
alias in your rules.

Peace,
Todd Russell
Director of IT and Webmaster
Saint Joseph Abbey and Seminary College
985-867-2266
985-789-4319

Please consider helping Saint Joseph Abbey and Seminary College recover
from the devastating flood waters that overtook our campus on March 11,
2016.
http://helptheabbey.com

---

http://saintjosephabbey.com

For IT Requests, please submit a ticket at:
https://docs.google.com/forms/d/1e3PCRvnEVNU5-rVFolf9zivA9-m41Nj07eDjjCtFwpI/viewform?usp=send_form#start=invite

On Fri, Sep 30, 2016 at 10:29 AM, qmail  wrote:

> i's like to blacklist all of mainland china, russia, korea, ..
> i could have done it by creating a DNS with just those entries.
> I dont see a way to add in BULK a list of bad boys of the internet.
> ___
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold
>
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

[pfSense] is there a way to get pfsense to not fetch help from the internet?

[qmail]

Everythime i as for help from pfsense, it appears that it brings up a 
browser, and errors out due to no connection to the internet.
is there a way to fetch  and then install. and then redirect pfsense to 
look upon itself for that info?

___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

[pfSense] how does on create a DNS blacklist with aout 1000 or so entries?

[qmail]

i's like to blacklist all of mainland china, russia, korea, ..
i could have done it by creating a DNS with just those entries.
I dont see a way to add in BULK a list of bad boys of the internet.
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] "interface name too long" on "Pure NAT" activation

[Mathieu HOHL]

hi,

Hum, no ideas ? :(

mat

Le 24/08/2016 à 10:19, Mathieu HOHL a écrit :

Hello,

I have some web servers behind my PfSense 2.3.2. This PfSense has 2 
physical network ports, and on the LAN port I use 10 Vlans. So 
finally, I have 12 interfaces (+ 2 interface Groups):

- 1 on the WAN
- 1 "global" on the LAN
- 10 VLAN on the LAN


I put some NAT rules (FireWall > NAT > Port Forward) to redirect ssh 
and web ports (22,80,443) from CARP addresses to different internal 
IPs. Associated filters rules where automatically created.


example
* Interface : WAN
* Protocol: TCP
* Source : "Single host or alias" "authorized_ips" (alias)
* Destination : "Single host or alias" "host1_public_ip" (alias)
* Destination port range : SSH - SSH
* Redirect target IP : "host1_private_ip" (alias)
* redirect target port : SSH

no problem on filter reloading, but it doesn't work from my LAN network.

So, I activate "NAT Reflection mode for port forward" "Pure NAT" 
(https://doc.pfsense.org/index.php/Why_can%27t_I_access_forwarded_ports_on_my_WAN_IP_from_my_LAN/OPTx_networks) 



but on filter reloading I get this message:
There were error(s) loading the rules: /tmp/rules.debug:210: interface 
name too long - The line in question reads [210]: rdr on { ix1 
ix1_vlan4 ix1_vlan5 ix1_vlan6 ix1_vlan7 ix1_vlan8 ix1_vlan9 ix1_vlan10 
ix1_vlan11 ix1_vlan12 ix1_vlan13 GrVlanSI GrVlan } proto tcp from 
$authorized_ips to $host1_public_ip port 22 -> $host1_private_ip...


And I fall every time on the pfsense server from LAN. From WAN it works.

When I deactivate this NAT rule, the next one (same but with others 
IPs or ports) is on error...


I must have missed something...

How can I resolve this problem ?

thanks

mathieu
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold