pfBlocker introduces an Enhanced Aliastable Feature to pfSense.
What it allows:
Replaces Countryblock and IPblocklist (provides same functionality of both in one package and more)
This package only uses native functions of pfSense instead of file hacks and table manipulation as was done in Countryblock and IPblocklist.
Current version is 1.0.1 and includes:
Dashboard widget with aliases applied and package hit
Lists update frequency
Many new options to choose what to block and how to block. Network lists may be used in to custom rules.
General Set the interfaces to be monitored by pfBlocker (both inbound and outbound). The inbound is the Internet connection. To prevent devices or users from accessing sites in the countries/IP addresses selected later, select local interfaces under outbound and access will be blocked.
Lists This is the IPBlocklist feature, enter IP addresses here to specifically block. It must be in the file format or CIDR. Create a list for each type of action to be taken by pfBlocker.
'Deny Both' - Will deny access on Both directions.
'Deny Inbound' - Will deny access from selected lists to the local network.
'Deny Outbound' - Will deny access from local users to IP address lists selected to block.
'Permit Inbound' - Will allow access from selected lists to the local network.
'Permit Outbound' - Will allow access from local users to IP address lists selected to block.
'Disabled' - Will just keep selection and do nothing to selected Lists.
'Alias Only' - Will create an alias with selected Lists to help custom rule assignments.
The rest of the tabs (except sync) specify the other lists included with the package. They are separated by continent with the exception of the spammer list which contains countries from around the globe that are known to harbor spammers.
Sync tab configures pfBlocker to sync its configuration to other pfSense devices
Spamhaus DROP and EDROP
DShield Most Active Attacking IPs
iblocklist.com has a number of lists available.
I'm getting memory errors while applying pfblocker lists, how to fix this?
Increase table size to avoid memory errors in Advanced settings.
I can't see any pfblocker rules applied, whats wrong?
pfblocker requires at least one firewall entry (any interface) for it to be active. One way to verify is to check the front page widget.
pfBlocker always moves its rules to the top, how can I stop this?
Change rule action to Alias only and then apply custom rules using pfBlocker aliases with an arbitrary sequence.
How can I apply pfBlocker lists in floating rules?
Aliases are used for customized filter entries and float rules.
Some users with 256 MB RAM or less reported boot errors while pfSense startup is done before GUI is available.
Very large lists need PHP memory increase by doing some file hacks on pfSense.
This package is developed and maintained by marcelloc and tommyboy180. This package gets its lists from the following sites:
Country IP Blocks