Re: [pfSense] how does on create a DNS blacklist with aout 1000 or so entries?
pfblockerng = IPs squid= http/https pfblockerng under dnsbl options/settings. thats for DNS. * bind=DNS. * * you need to use one of those, and 'block' under the root domain the .cn etc. 2016-09-30 17:08 GMT-03:00 Benjamin E. Nichols: > Forgive me, but, those arent DNS Blacklists, they are just CCID ip > blacklists. > > This thread clearly has absolutely nothing to do with DNS blacklists. > > > > > On 9/30/2016 2:23 PM, Steve Yates wrote: > >> Basically, but doing it directly would avoid dealing with the >> package. I guess it's just down to how often the chosen list is updated. >> And, if it's just via allocation, aren't they done allocating IPv4 blocks... >> >> -- >> >> Steve Yates >> ITS, Inc. >> >> -Original Message- >> From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Vick >> Khera >> Sent: Friday, September 30, 2016 2:19 PM >> To: pfSense Support and Discussion Mailing List >> Subject: Re: [pfSense] how does on create a DNS blacklist with aout 1000 >> or so entries? >> >> On Fri, Sep 30, 2016 at 12:57 PM, Doug Lytle
wrote: >> >>> On 09/30/2016 11:53 AM, Steve Yates wrote: >>> So you could keep your list somewhere else on a web server. >>> >>> This is what I do. >>> >>> And I grab the list from >>> >>> http://www.wizcrafts.net/chinese-iptables-blocklist.html >>> >>> Once a month >>> >>> Isn't this more or less what pfBlockerNG does for you automatically? >> ___ >> pfSense mailing list >> https://lists.pfsense.org/mailman/listinfo/list >> Support the project with Gold! https://pfsense.org/gold >> >> >> > -- > -- > > Signed, > > Benjamin E. Nichols > http://www.squidblacklist.org > > 1-405-397-1360 - Call Anytime. > > > ___ > pfSense mailing list > https://lists.pfsense.org/mailman/listinfo/list > Support the project with Gold! https://pfsense.org/gold > ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] how does on create a DNS blacklist with aout 1000 or so entries?
Forgive me, but, those arent DNS Blacklists, they are just CCID ip blacklists. This thread clearly has absolutely nothing to do with DNS blacklists. On 9/30/2016 2:23 PM, Steve Yates wrote: Basically, but doing it directly would avoid dealing with the package. I guess it's just down to how often the chosen list is updated. And, if it's just via allocation, aren't they done allocating IPv4 blocks... -- Steve Yates ITS, Inc. -Original Message- From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Vick Khera Sent: Friday, September 30, 2016 2:19 PM To: pfSense Support and Discussion Mailing ListSubject: Re: [pfSense] how does on create a DNS blacklist with aout 1000 or so entries? On Fri, Sep 30, 2016 at 12:57 PM, Doug Lytle
wrote: On 09/30/2016 11:53 AM, Steve Yates wrote: So you could keep your list somewhere else on a web server. This is what I do. And I grab the list from http://www.wizcrafts.net/chinese-iptables-blocklist.html Once a month Isn't this more or less what pfBlockerNG does for you automatically? ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold -- -- Signed, Benjamin E. Nichols http://www.squidblacklist.org 1-405-397-1360 - Call Anytime. ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] how does on create a DNS blacklist with aout 1000 or so entries?
Basically, but doing it directly would avoid dealing with the package. I guess it's just down to how often the chosen list is updated. And, if it's just via allocation, aren't they done allocating IPv4 blocks... -- Steve Yates ITS, Inc. -Original Message- From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Vick Khera Sent: Friday, September 30, 2016 2:19 PM To: pfSense Support and Discussion Mailing ListSubject: Re: [pfSense] how does on create a DNS blacklist with aout 1000 or so entries? On Fri, Sep 30, 2016 at 12:57 PM, Doug Lytle
wrote: > On 09/30/2016 11:53 AM, Steve Yates wrote: >> >> So you could keep your list somewhere else on a web server. > > > This is what I do. > > And I grab the list from > > http://www.wizcrafts.net/chinese-iptables-blocklist.html > > Once a month > Isn't this more or less what pfBlockerNG does for you automatically? ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] how does on create a DNS blacklist with aout 1000 or so entries?
On Fri, Sep 30, 2016 at 12:57 PM, Doug Lytlewrote: > On 09/30/2016 11:53 AM, Steve Yates wrote: >> >> So you could keep your list somewhere else on a web server. > > > This is what I do. > > And I grab the list from > > http://www.wizcrafts.net/chinese-iptables-blocklist.html > > Once a month > Isn't this more or less what pfBlockerNG does for you automatically? ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] how does on create a DNS blacklist with aout 1000 or so entries?
On 09/30/2016 11:53 AM, Steve Yates wrote: So you could keep your list somewhere else on a web server. This is what I do. And I grab the list from http://www.wizcrafts.net/chinese-iptables-blocklist.html Once a month Doug ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] how does on create a DNS blacklist with aout 1000 or so entries?
A package like pfBlockerNG will maintain such a list for you. An alternative, maybe, is that one can set up a "firewall URL alias" that pulls its data from a URL. For instance pfBlockerNG sets them up on our router and then refers to them as "https://127.0.0.1:443/pfblockerng/pfblockerng.php?pfb=pfB_Africa_v4.; So you could keep your list somewhere else on a web server. -- Steve Yates ITS, Inc. -Original Message- From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of qmail Sent: Friday, September 30, 2016 10:30 AM To: list@lists.pfsense.org Subject: [pfSense] how does on create a DNS blacklist with aout 1000 or so entries? i's like to blacklist all of mainland china, russia, korea, .. i could have done it by creating a DNS with just those entries. I dont see a way to add in BULK a list of bad boys of the internet. ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] how does on create a DNS blacklist with aout 1000 or so entries?
Create an alias for all those IPs under Firewall > Aliases, then use that alias in your rules. Peace, Todd Russell Director of IT and Webmaster Saint Joseph Abbey and Seminary College 985-867-2266 985-789-4319 Please consider helping Saint Joseph Abbey and Seminary College recover from the devastating flood waters that overtook our campus on March 11, 2016. http://helptheabbey.com --- http://saintjosephabbey.com For IT Requests, please submit a ticket at: https://docs.google.com/forms/d/1e3PCRvnEVNU5-rVFolf9zivA9-m41Nj07eDjjCtFwpI/viewform?usp=send_form#start=invite On Fri, Sep 30, 2016 at 10:29 AM, qmailwrote: > i's like to blacklist all of mainland china, russia, korea, .. > i could have done it by creating a DNS with just those entries. > I dont see a way to add in BULK a list of bad boys of the internet. > ___ > pfSense mailing list > https://lists.pfsense.org/mailman/listinfo/list > Support the project with Gold! https://pfsense.org/gold > ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
[pfSense] how does on create a DNS blacklist with aout 1000 or so entries?
i's like to blacklist all of mainland china, russia, korea, .. i could have done it by creating a DNS with just those entries. I dont see a way to add in BULK a list of bad boys of the internet. ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold