pfSense pfBlockerNG: The Ultimate List of IP and DNSBL Blocklists for Home Internet Security Firewall and Gateway: Supratim Sanyal's Computing Blog

pfSense Dashboard

The amazing pfSense Community Edition forms the first of my three-layer home internet security firewall and gateway. I have a dual-WAN setup with subscriptions to both Verizon FiOS and Comcast Xfinity, with the LAN side feeding into a Sophos UTM 9 which is further protected by ClearOS.

I run pfSense in a virtual machine. However, there are excellent dedicated firewall routers with pfSense preinstalled available that you can simply plug in between your WAN and LAN, like this one (includes my Amazon affiliate link):

I am a huge fan of blocklists and over the years settled down to a functional set of IP and DNSBL blocklists used with the wonderful pfBlockerNG package on my installation of pfSense Community open-source router firewall.

I have completely disabled IPv6; all of the following blocklists are for IPv4, and for DNSBL, domain names.

IP BLOCKLISTS

For the IP blocklists, the top-level blocklist groups are Level-1, Level-2, Level-3, Level-4 and SANYALnet.

pfBlockerNG on pfSense - top level IP (IPv4) blocklist groups

Level-1 IP Blocklist

pfBlockerNG Level-1 IP Blocklist sources

Incoming as well as outgoing connections from / to blocklisted IPs are blocked for these highest risk IP addresses. Of particular concern in modern times are the command-and-control (CNC) botnets particularly infecting digital security and surveillance systems, cameras, routers, televisions, DVD players and all sorts of devices making up the Internet of Things (IoT). The Level-1 IP BL is updated every hour, and the group members are:

https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/firehol_level1.netset
~~https://ransomwaretracker.abuse.ch/downloads/RW_IPBL.txt~~ (removed, no longer works)
https://rules.emergingthreats.net/blockrules/compromised-ips.txt
https://rules.emergingthreats.net/fwrules/emerging-Block-IPs.txt
http://www.abuseat.org/iotcc.txt
https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/cybercrime.ipset

Level-2 IP Blocklist

pfBlockerNG Level-2 IP Blocklist sources

In addition to IoT C&C botnets, the other primary threat today is from Ransomware. I only have Firehol Level 2, Ransomware Tracker IP blacklists from abuse.ch including CryptoWall, Locky, TeslaCrypt, TorrentLocker C&C and Payment, and Zeus tracker and ci badguys IP deny blocklists at my level 2, which is also configured to block all outgoing as well as incoming connections. Level 2 IP blocklists are updated every 2 hours.

https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/firehol_level2.netset
http://cinsscore.com/list/ci-badguys.txt
https://ransomwaretracker.abuse.ch/downloads/CW_PS_IPBL.txt
https://ransomwaretracker.abuse.ch/downloads/LY_PS_IPBL.txt
~~https://ransomwaretracker.abuse.ch/downloads/RW_IPBL.txt~~ (removed, no longer works)
https://ransomwaretracker.abuse.ch/downloads/TC_PS_IPBL.txt
https://ransomwaretracker.abuse.ch/downloads/TL_C2_IPBL.txt
https://ransomwaretracker.abuse.ch/downloads/TL_PS_IPBL.txt
https://zeustracker.abuse.ch/blocklist.php?download=badips

Level-3 IP Blocklist

Supratim Sanyal's Blog: pfSense pfBlockerNG Level-3 IP BL Blocklist sources

pfBlockerNG Level-3 IP Blocklist sources

IP addresses in my level 3 blocklist are denied on the incoming side only, i.e. I allow connections initiated from inside my home LAN out to these IPs to go through. The level 3 IP blacklist addresses are updated every 4 hours. The sources are:

https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/firehol_level3.netset
http://danger.rulez.sk/projects/bruteforceblocker/blist.php
http://www.openbl.org/lists/base_7days.txt
https://lists.blocklist.de/lists/all.txt
http://malc0de.com/bl/IP_Blacklist.txt
https://feodotracker.abuse.ch/blocklist/?download=ipblocklist

Level-4 IP Blocklist

Supratim Sanyal's Blog: pfSense pfBlockerNG Level-3 IP Blocklist sources

pfBlockerNG Level-4 IP Blocklist sources

There are only a couple of blacklist sources for my level 4, including Firehol Level 4, and Malware Domain List IP addresses the equivalent domains of which are also included in my list of DNSBL lists separately. Level 4 is configured to block inbound connections only and updated every 8 hours.

https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/firehol_level4.netset
http://www.malwaredomainlist.com/hostslist/ip.txt

SANYALnet IP Blocklist

pfBlockerNG SANYALnet IP Blocklist sources

The SANYALnet group is a collection of blocklists I maintain myself based on the brute force attacks and intrusion attempts logged by my own servers. This group is updated every hour to minimize on-going attacks. Please note: these are my own servers hosted on a super-cheap VPS service and up-times are not the best :)

http://sanyalnet-cloud-vps.freeddns.org/blocklist.txt [status]
http://sanyalnet-cloud-vps.freeddns.org/mirai-ips.txt [status]
http://sanyalnet-cloud-vps2.freeddns.org/blocklist.txt [status]
http://microvax3100-80.duckdns.org/blocklist.txt (experimental) [status]

pfBlockerNG DNSBL Feeds

pfBlockerNG DNSBL Feeds DNS Groups

In addition to IP blocklists, I also extensively use pfBlockerNG's domain name blocklisting feature with publicly available domain blocklists.

The DNSBL configuration redirects domain name lookups for blocked domains to my own "httpd410server" DNS sinkhole.

I have grouped the DNSBL feeds into three groups.

Zero-day Threat Domain Blocklist Group

pfBlockerNG DNSBL Zero-Day Threat Domain Blocklist

I use the OpenPhish blocklist to block out emerging zero-day phishing and spear-phishing domains. Following advice from the pfSense forum, I use the "FLEX" as the State to retrieve feeds over https in cases where the usual "ON" state fails to retrieve them citing a peculiar curl error "SSL certificate problem: unable to get local issuer certificate" on pfSense. The feeds in this group are updated every hour.

https://openphish.com/feed.txt

General Domain Blocklist Group

pfBlockerNG DNSBL General Domain Blocklist Group

This group contains a collection of malware, ransomware, adware, spyware, tracker and generally undesirable domain blocklists updated once every day. This includes advertising services, thus making my pfSense firewall an effective ad blocker for all devices on my entire home network.

I turned the Eladkarako and Immortal Long Lived Malware Domains blocklists off because they were too generic and were blocking too many websites used by folks in my home. If you wish, you can turn them on for a more secure DNSBL at the cost of filtering out some websites that are otherwise useful.

https://ransomwaretracker.abuse.ch/downloads/RW_DOMBL.txt
http://www.malware-domains.com/files/justdomains.zip
https://isc.sans.edu/feeds/suspiciousdomains_Low.txt
https://isc.sans.edu/feeds/suspiciousdomains_Medium.txt
https://isc.sans.edu/feeds/suspiciousdomains_High.txt
https://raw.githubusercontent.com/Dawsey21/Lists/master/main-blacklist.txt
http://s3.amazonaws.com/lists.disconnect.me/simple_malvertising.txt
http://s3.amazonaws.com/lists.disconnect.me/simple_ad.txt
http://s3.amazonaws.com/lists.disconnect.me/simple_tracking.txt
http://raw.githubusercontent.com/quidsup/notrack/master/trackers.txt
Use with care: http://raw.githubusercontent.com/eladkarako/hosts.eladkarako.com/master/_raw__hosts.txt
Use with care: http://mirror1.malwaredomains.com/files/immortal_domains.txt

Hosts File Format Blocklists

pfBlockerNG DNSBL General hosts File Format Blocklist Group

This group contains another long list of advertising domains, malware, ransomware, adware, spyware, tracker and generally undesirable domain blocklists updated daily. I like to keep blocklists formatted like the /etc/hosts file in a separate group.

https://raw.githubusercontent.com/StevenBlack/hosts/master/alternates/fakenews-gambling-porn/hosts
http://avant.it-mate.co.uk/dl/Tools/hpHosts/HOSTS.zip
https://adaway.org/hosts.txt
https://pgl.yoyo.org/adservers/serverlist.php?hostformat=hosts&showintro=0&startdate%5Bday%5D=&startdate%5Bmonth%5D=&startdate%5Byear%5D=&mimetype=plaintext
http://someonewhocares.org/hosts/hosts
http://sysctl.org/cameleon/hosts
http://winhelp2002.mvps.org/hosts.txt
http://www.malekal.com/HOSTS_filtre/HOSTS.txt
http://www.malwaredomainlist.com/hostslist/hosts.txt
https://zeustracker.abuse.ch/blocklist.php?download=hostfile
http://www.hostsfile.org/Downloads/hosts.txt
http://www.securemecca.com/Downloads/hosts.txt
http://hosts-file.net/exp.txt
http://hosts-file.net/ad_servers.txt
http://hosts-file.net/emd.txt
http://hosts-file.net/hjk.txt
http://hosts-file.net/fsa.txt
http://hosts-file.net/grm.txt
http://hosts-file.net/psh.txt
http://hosts-file.net/mmt.txt
http://hosts-file.net/hfs.txt
http://hosts-file.net/pha.txt
http://hosts-file.net/wrz.txt
http://raw.githubusercontent.com/michaeltrimm/hosts-blocking/master/_hosts.txt

pfBlockerNG DNSBL Custom Domain Whitelist

pfSense pfBlockerNG DNSBL Custom Domain Whitelist

Sometimes a domain blocklist included in pfSense pfBlockerNG DNSBL configuration will block URLs that you find useful and want to visit. Instead of digging through the logs to figure out which list is blocking your desired domain and disabling the entire list, you can simply add the domains that should not be blocked in the nifty Custom Domain Whitelist feature included as part of the DNSBL configuration.

Consolidated IP and DNSBL Blocklists

I make consolidated IP address and Domain Name blocklists available for free public use from my VPS at the following links; feel free to use them.

Consolidated IP Address Blocklist
Consolidated Domain Name Blocklist (This is NOT pfBlockerNG compatible, but useful for folks running dnsmasq daemon on their internet gateway)

pfSense pfBlockerNG in Action

With the pfBlockerNG setup for IP and DNS Blocklists described above, I do see domains and IPs blocked all the time - here is a typical example of pfBlockerNG's "Alert" screen that shows the last 25 IP addresses and domains blocked at the time of writing:

pfSense pfBlockerNG Active Blocked IP Addresses and Domains

A pfBlockerNG force reload log looks like this:

	UPDATE PROCESS START [ 05/04/17 23:26:31 ]

	===[ DNSBL Process ]================================================

	[ EasyList_wo_Elements ] Reload [ 05/04/17 23:26:32 ] . completed ..
	----------------------------------------------------------------------
	Orig. Unique # Dups # White # Alexa Final
	----------------------------------------------------------------------
	7964 7577 0 0 0 7577
	----------------------------------------------------------------------
	IP count=35

	[ EasyPrivacy ] Reload [ 05/04/17 23:26:36 ] . completed ..
	----------------------------------------------------------------------
	Orig. Unique # Dups # White # Alexa Final
	----------------------------------------------------------------------
	2852 2830 25 0 0 2805
	----------------------------------------------------------------------
	IP count=15

	[ Openphish ] Reload [ 05/04/17 23:26:39 ] . completed ..
	----------------------------------------------------------------------
	Orig. Unique # Dups # White # Alexa Final
	----------------------------------------------------------------------
	4834 2593 0 0 0 2593
	----------------------------------------------------------------------
	IP count=12

	[ AbuseCH_Ransomware_DOMBL ] Reload [ 05/04/17 23:26:42 ] . completed ..
	----------------------------------------------------------------------
	Orig. Unique # Dups # White # Alexa Final
	----------------------------------------------------------------------
	1715 1715 0 0 0 1715
	----------------------------------------------------------------------

	[ Malware_Domains ] Reload [ 05/04/17 23:26:44 ] . completed ..
	----------------------------------------------------------------------
	Orig. Unique # Dups # White # Alexa Final
	----------------------------------------------------------------------
	20327 20327 421 0 0 19906
	----------------------------------------------------------------------

	[ Sans_Edu_Low_Senstvty ] Reload [ 05/04/17 23:26:51 ] . completed ..
	----------------------------------------------------------------------
	Orig. Unique # Dups # White # Alexa Final
	----------------------------------------------------------------------
	2489 2489 1714 0 0 775
	----------------------------------------------------------------------

	[ Sans_Edu_Med_Senstvty ] Reload [ 05/04/17 23:26:52 ] . completed ..
	----------------------------------------------------------------------
	Orig. Unique # Dups # White # Alexa Final
	----------------------------------------------------------------------
	2252 2252 2252 0 0 0
	----------------------------------------------------------------------

	[ Sans_Edu_High_Senstvty ] Reload [ 05/04/17 23:26:54 ] . completed ..
	----------------------------------------------------------------------
	Orig. Unique # Dups # White # Alexa Final
	----------------------------------------------------------------------
	173 173 173 0 0 0
	----------------------------------------------------------------------

	[ Spam_404 ] Reload [ 05/04/17 23:26:55 ] . completed ..
	----------------------------------------------------------------------
	Orig. Unique # Dups # White # Alexa Final
	----------------------------------------------------------------------
	6285 6282 28 0 0 6254
	----------------------------------------------------------------------

	[ Disconnet ] Reload [ 05/04/17 23:26:59 ] . completed ..
	----------------------------------------------------------------------
	Orig. Unique # Dups # White # Alexa Final
	----------------------------------------------------------------------
	5347 5347 3049 0 0 2298
	----------------------------------------------------------------------

	[ Disconnect_Ad_Filter_List ] Reload [ 05/04/17 23:27:02 ] . completed ..
	----------------------------------------------------------------------
	Orig. Unique # Dups # White # Alexa Final
	----------------------------------------------------------------------
	2703 2703 2702 0 0 1
	----------------------------------------------------------------------

	[ Disconnect_Trackers ] Reload [ 05/04/17 23:27:04 ] . completed ..
	----------------------------------------------------------------------
	Orig. Unique # Dups # White # Alexa Final
	----------------------------------------------------------------------
	34 34 34 0 0 0
	----------------------------------------------------------------------

	[ NoTrack ] Reload [ 05/04/17 23:27:06 ] . completed ..
	----------------------------------------------------------------------
	Orig. Unique # Dups # White # Alexa Final
	----------------------------------------------------------------------
	12394 12388 837 0 0 11551
	----------------------------------------------------------------------

	[ Hosts_file_dot_net_ad_servers ] Reload [ 05/04/17 23:27:12 ] . completed ..
	Whitelist: docs.google.com\|
	----------------------------------------------------------------------
	Orig. Unique # Dups # White # Alexa Final
	----------------------------------------------------------------------
	636815 636815 10939 1 0 625875
	----------------------------------------------------------------------
	IP count=2

	[ Adaway_org ] Reload [ 05/04/17 23:30:51 ] . completed ..
	----------------------------------------------------------------------
	Orig. Unique # Dups # White # Alexa Final
	----------------------------------------------------------------------
	409 409 286 0 0 123
	----------------------------------------------------------------------

	[ YoYo_Org ] Reload [ 05/04/17 23:30:55 ] . completed ..
	----------------------------------------------------------------------
	Orig. Unique # Dups # White # Alexa Final
	----------------------------------------------------------------------
	2344 2344 2318 0 0 26
	----------------------------------------------------------------------

	[ Someone_Who_Cares ] Reload [ 05/04/17 23:31:01 ] . completed ..
	Whitelist: localhost.localdomain\|
	----------------------------------------------------------------------
	Orig. Unique # Dups # White # Alexa Final
	----------------------------------------------------------------------
	12702 12700 3498 1 0 9201
	----------------------------------------------------------------------
	IP count=1

	[ Cameleon ] Reload [ 05/04/17 23:31:09 ] . completed ..
	----------------------------------------------------------------------
	Orig. Unique # Dups # White # Alexa Final
	----------------------------------------------------------------------
	21271 21271 8283 0 0 12988
	----------------------------------------------------------------------

	[ Winhelp2002 ] Reload [ 05/04/17 23:31:20 ] . completed ..
	----------------------------------------------------------------------
	Orig. Unique # Dups # White # Alexa Final
	----------------------------------------------------------------------
	13203 13203 12352 0 0 851
	----------------------------------------------------------------------

	[ Malekal ] Reload [ 05/04/17 23:31:29 ] . completed ..
	----------------------------------------------------------------------
	Orig. Unique # Dups # White # Alexa Final
	----------------------------------------------------------------------
	676 675 139 0 0 536
	----------------------------------------------------------------------

	[ MalwareDomainList ] Reload [ 05/04/17 23:31:34 ] . completed ..
	----------------------------------------------------------------------
	Orig. Unique # Dups # White # Alexa Final
	----------------------------------------------------------------------
	1158 1158 573 0 0 585
	----------------------------------------------------------------------

	[ ZeusTracker_DNSBL ] Reload [ 05/04/17 23:31:38 ] . completed ..
	----------------------------------------------------------------------
	Orig. Unique # Dups # White # Alexa Final
	----------------------------------------------------------------------
	403 403 399 0 0 4
	----------------------------------------------------------------------

	[ Samedi_SecureMecca_1 ] Reload [ 05/04/17 23:31:42 ] . completed ..
	----------------------------------------------------------------------
	Orig. Unique # Dups # White # Alexa Final
	----------------------------------------------------------------------
	22984 22984 15914 0 0 7070
	----------------------------------------------------------------------

	[ Samedi_SecureMecca_2 ] Reload [ 05/04/17 23:31:54 ] . completed ..
	----------------------------------------------------------------------
	Orig. Unique # Dups # White # Alexa Final
	----------------------------------------------------------------------
	22897 22897 22831 0 0 66
	----------------------------------------------------------------------

	[ hpHosts_EXP_only ] Reload [ 05/04/17 23:32:06 ] . completed ..
	----------------------------------------------------------------------
	Orig. Unique # Dups # White # Alexa Final
	----------------------------------------------------------------------
	17288 17286 12316 0 0 4970
	----------------------------------------------------------------------

	[ hpHosts_Ad_and_Tracking ] Reload [ 05/04/17 23:32:16 ] . completed ..
	----------------------------------------------------------------------
	Orig. Unique # Dups # White # Alexa Final
	----------------------------------------------------------------------
	48011 48008 48005 0 0 3
	----------------------------------------------------------------------

	[ hpHosts_EMD_Malware_Distribution ] Reload [ 05/04/17 23:32:36 ] . completed ..
	----------------------------------------------------------------------
	Orig. Unique # Dups # White # Alexa Final
	----------------------------------------------------------------------
	152143 152109 149183 0 0 2926
	----------------------------------------------------------------------
	IP count=1

	[ hpHosts_HJK_Hijacking ] Reload [ 05/04/17 23:33:26 ] . completed ..
	----------------------------------------------------------------------
	Orig. Unique # Dups # White # Alexa Final
	----------------------------------------------------------------------
	74 74 74 0 0 0
	----------------------------------------------------------------------

	[ hpHosts_FSA_Fraud ] Reload [ 05/04/17 23:33:30 ] . completed ..
	----------------------------------------------------------------------
	Orig. Unique # Dups # White # Alexa Final
	----------------------------------------------------------------------
	215824 215381 208910 0 0 6471
	----------------------------------------------------------------------

	[ hpHosts_GRM_Astroturfing ] Reload [ 05/04/17 23:34:38 ] . completed ..
	----------------------------------------------------------------------
	Orig. Unique # Dups # White # Alexa Final
	----------------------------------------------------------------------
	720 720 718 0 0 2
	----------------------------------------------------------------------

	[ hpHosts_PSH_Phishing ] Reload [ 05/04/17 23:34:43 ] . completed ..
	----------------------------------------------------------------------
	Orig. Unique # Dups # White # Alexa Final
	----------------------------------------------------------------------
	179849 179839 176732 0 0 3107
	----------------------------------------------------------------------
	IP count=1

	[ hpHosts_MMT_Misleading_Marketing_Tactics ] Reload [ 05/04/17 23:35:53 ] . completed ..
	----------------------------------------------------------------------
	Orig. Unique # Dups # White # Alexa Final
	----------------------------------------------------------------------
	5524 5524 5522 0 0 2
	----------------------------------------------------------------------

	[ hpHosts_HFS_hpHosts_Forum_Spammers ] Reload [ 05/04/17 23:36:00 ] . completed ..
	----------------------------------------------------------------------
	Orig. Unique # Dups # White # Alexa Final
	----------------------------------------------------------------------
	567 567 565 0 0 2
	----------------------------------------------------------------------

	[ hpHosts_PHA_Pharmacies ] Reload [ 05/04/17 23:36:05 ] . completed ..
	----------------------------------------------------------------------
	Orig. Unique # Dups # White # Alexa Final
	----------------------------------------------------------------------
	28803 28802 28740 0 0 62
	----------------------------------------------------------------------

	[ hpHosts_WRZ_Warez ] Reload [ 05/04/17 23:36:20 ] . completed ..
	----------------------------------------------------------------------
	Orig. Unique # Dups # White # Alexa Final
	----------------------------------------------------------------------
	3235 3235 3233 0 0 2
	----------------------------------------------------------------------

	[ Michael_Trimm_Malware_List ] Reload [ 05/04/17 23:36:25 ] . completed ..
	----------------------------------------------------------------------
	Orig. Unique # Dups # White # Alexa Final
	----------------------------------------------------------------------
	27438 27152 26125 0 0 1027
	----------------------------------------------------------------------

	[ DNSBL_IP ] Updating aliastable [ 05/04/17 23:36:58 ]...
	no changes.
	Total IP count = 67

	------------------------------------------
	Assembling database... completed
	Validating database... Skipped [ 05/04/17 23:37:22 ]
	Reloading Unbound.... completed
	DNSBL update [ 731374 \| PASSED ]... completed [ 05/04/17 23:37:43 ]
	------------------------------------------

	===[ Continent Process ]============================================


	===[ IPv4 Process ]=================================================

	[ Firehol_Level_1 ] Reload [ 05/04/17 23:37:44 ] . completed ..

	[ AbuseCH_Ransomware ] Reload [ 05/04/17 23:37:49 ] . completed ..

	[ ET_Compromised_IPs ] Reload [ 05/04/17 23:37:52 ] . completed ..

	[ ET_Block_IPs ] Reload . completed ..

	[ Abuseat_iotcc ] Reload [ 05/04/17 23:37:53 ] . completed ..

	[ Firehol_Level_2 ] Reload . completed ..

	[ cinsscore_CI_Badguys ] Reload [ 05/04/17 23:38:03 ] . completed ..

	[ ransomwaretracker_CryptoWall_Pmnt ] Reload [ 05/04/17 23:38:07 ] . completed ..
	Empty file, Adding '1.1.1.1' to avoid download failure.

	[ ransomwaretracker_Locky_Pmnt ] Reload . completed ..

	[ ransomwaretracker_Ransomware_Pmnt ] Reload . completed ..

	[ ransomwaretracker_TeslaCrypt_Pmnt ] Reload [ 05/04/17 23:38:09 ] . completed ..

	[ ransomwaretracker_TorrentLocker_CNC ] Reload [ 05/04/17 23:38:12 ] . completed ..

	[ ransomwaretracker_TorrentLocker_Pmnt ] Reload . completed ..

	[ zeustracker_abuse_ch ] Reload . completed ..

	[ Firehol_Level_3 ] Reload . completed ..

	[ Danger_Rulez_BruteForce ] Reload [ 05/04/17 23:38:21 ] . completed ..

	[ OpenBL_7_Day ] Reload [ 05/04/17 23:38:22 ] . completed ..
	Empty file, Adding '1.1.1.1' to avoid download failure.

	[ Blocklist_DE_48_Hours ] Reload . completed ..

	[ malc0de_bl ] Reload [ 05/04/17 23:38:33 ] . completed ..

	[ feodotracker_abuse_ch ] Reload . completed ..

	[ Firehol_Level_4 ] Reload . completed ..

	[ MalwareDomainList_IP_BL ] Reload [ 05/04/17 23:38:58 ] . completed ..

	[ sanyalnet_cloud_vps_bruteforce_ip_bl ] Reload . completed ..

	[ sanyalnet_cloud_vps_botnet_ip_bl ] Reload [ 05/04/17 23:39:00 ] . completed ..

	[ sanyalnet_cloud_vps2_bruteforce_ip_bl ] Reload [ 05/04/17 23:39:01 ] . completed ..

	[ wbri_duckdns_org_brute_force_ip_bl ] Reload . completed ..

	[ yiradio_brute_force_ip_bl ] Reload . completed ..

	[ glewlwyd_duckdns_org_brute_force_ip_bl ] Reload . completed ..

	===[ Suppression Stats ]===================================

	List Pre Suppress Master
	-----------------------------------------------------------
	pfB_DNSBLIP 67 67 0
	Firehol_Level_1 17676 17676 0
	AbuseCH_Ransomware 11771 11771 0
	ET_Compromised_IPs 1714 1714 0
	ET_Block_IPs 1799 1799 0
	Abuseat_iotcc 76 76 0
	Firehol_Level_2 37416 37416 0
	cinsscore_CI_Badguys 19291 19291 0
	ransomwaretracker_CryptoWall_Pmnt 1 1 0
	ransomwaretracker_Locky_Pmnt 7 7 0
	ransomwaretracker_Ransomware_Pmnt 11771 11771 0
	ransomwaretracker_TeslaCrypt_Pmnt 10998 10998 0
	ransomwaretracker_TorrentLocker_CNC 49 49 0
	ransomwaretracker_TorrentLocker_Pmnt 218 218 0
	zeustracker_abuse_ch 119 119 0
	Firehol_Level_3 40386 40386 0
	Danger_Rulez_BruteForce 1695 1695 0
	OpenBL_7_Day 1 1 0
	Blocklist_DE_48_Hours 45116 45116 0
	malc0de_bl 41 41 0
	feodotracker_abuse_ch 819 819 0
	Firehol_Level_4 105726 105726 0
	MalwareDomainList_IP_BL 1031 1031 0
	sanyalnet_cloud_vps_bruteforce_ip_bl 5623 5623 0
	sanyalnet_cloud_vps_botnet_ip_bl 1655 1651 0
	sanyalnet_cloud_vps2_bruteforce_ip_bl 56 56 0
	wbri_duckdns_org_brute_force_ip_bl 31 31 0
	yiradio_brute_force_ip_bl 207 207 0
	glewlwyd_duckdns_org_brute_force_ip_bl 150 150 0


	===[ Aliastables / Rules ]==========================================

	No changes to Firewall rules, skipping Filter Reload

	Updating: pfB_Level1
	no changes.
	Updating: pfB_Level2
	no changes.
	Updating: pfB_Level3
	no changes.
	Updating: pfB_Level4
	no changes.
	Updating: pfB_SANYALnet
	no changes.


	Archiving Aliastable folder


	Archiving selected pfBlockerNG files.

	===[ FINAL Processing ]=====================================

	[ Original IP count ] [ 315563 ]

	===[ Deny List IP Counts ]===========================

	315439 total
	105726 /var/db/pfblockerng/deny/Firehol_Level_4.txt
	45116 /var/db/pfblockerng/deny/Blocklist_DE_48_Hours.txt
	40386 /var/db/pfblockerng/deny/Firehol_Level_3.txt
	37416 /var/db/pfblockerng/deny/Firehol_Level_2.txt
	19291 /var/db/pfblockerng/deny/cinsscore_CI_Badguys.txt
	17676 /var/db/pfblockerng/deny/Firehol_Level_1.txt
	11771 /var/db/pfblockerng/deny/ransomwaretracker_Ransomware_Pmnt.txt
	11771 /var/db/pfblockerng/deny/AbuseCH_Ransomware.txt
	10998 /var/db/pfblockerng/deny/ransomwaretracker_TeslaCrypt_Pmnt.txt
	5623 /var/db/pfblockerng/deny/sanyalnet_cloud_vps_bruteforce_ip_bl.txt
	1799 /var/db/pfblockerng/deny/ET_Block_IPs.txt
	1714 /var/db/pfblockerng/deny/ET_Compromised_IPs.txt
	1695 /var/db/pfblockerng/deny/Danger_Rulez_BruteForce.txt
	1651 /var/db/pfblockerng/deny/sanyalnet_cloud_vps_botnet_ip_bl.txt
	1031 /var/db/pfblockerng/deny/MalwareDomainList_IP_BL.txt
	819 /var/db/pfblockerng/deny/feodotracker_abuse_ch.txt
	218 /var/db/pfblockerng/deny/ransomwaretracker_TorrentLocker_Pmnt.txt
	207 /var/db/pfblockerng/deny/yiradio_brute_force_ip_bl.txt
	150 /var/db/pfblockerng/deny/glewlwyd_duckdns_org_brute_force_ip_bl.txt
	119 /var/db/pfblockerng/deny/zeustracker_abuse_ch.txt
	76 /var/db/pfblockerng/deny/Abuseat_iotcc.txt
	56 /var/db/pfblockerng/deny/sanyalnet_cloud_vps2_bruteforce_ip_bl.txt
	49 /var/db/pfblockerng/deny/ransomwaretracker_TorrentLocker_CNC.txt
	41 /var/db/pfblockerng/deny/malc0de_bl.txt
	31 /var/db/pfblockerng/deny/wbri_duckdns_org_brute_force_ip_bl.txt
	7 /var/db/pfblockerng/deny/ransomwaretracker_Locky_Pmnt.txt
	1 /var/db/pfblockerng/deny/ransomwaretracker_CryptoWall_Pmnt.txt
	1 /var/db/pfblockerng/deny/OpenBL_7_Day.txt

	====================[ Empty Lists w/1.1.1.1 ]==================

	OpenBL_7_Day
	ransomwaretracker_CryptoWall_Pmnt

	===[ DNSBL Domain/IP Counts ] ===================================

	731441 total
	625875 /var/db/pfblockerng/dnsbl/Hosts_file_dot_net_ad_servers.txt
	19906 /var/db/pfblockerng/dnsbl/Malware_Domains.txt
	12988 /var/db/pfblockerng/dnsbl/Cameleon.txt
	11551 /var/db/pfblockerng/dnsbl/NoTrack.txt
	9201 /var/db/pfblockerng/dnsbl/Someone_Who_Cares.txt
	7577 /var/db/pfblockerng/dnsbl/EasyList_wo_Elements.txt
	7070 /var/db/pfblockerng/dnsbl/Samedi_SecureMecca_1.txt
	6471 /var/db/pfblockerng/dnsbl/hpHosts_FSA_Fraud.txt
	6254 /var/db/pfblockerng/dnsbl/Spam_404.txt
	4970 /var/db/pfblockerng/dnsbl/hpHosts_EXP_only.txt
	3107 /var/db/pfblockerng/dnsbl/hpHosts_PSH_Phishing.txt
	2926 /var/db/pfblockerng/dnsbl/hpHosts_EMD_Malware_Distribution.txt
	2805 /var/db/pfblockerng/dnsbl/EasyPrivacy.txt
	2593 /var/db/pfblockerng/dnsbl/Openphish.txt
	2298 /var/db/pfblockerng/dnsbl/Disconnet.txt
	1715 /var/db/pfblockerng/dnsbl/AbuseCH_Ransomware_DOMBL.txt
	1027 /var/db/pfblockerng/dnsbl/Michael_Trimm_Malware_List.txt
	851 /var/db/pfblockerng/dnsbl/Winhelp2002.txt
	775 /var/db/pfblockerng/dnsbl/Sans_Edu_Low_Senstvty.txt
	585 /var/db/pfblockerng/dnsbl/MalwareDomainList.txt
	536 /var/db/pfblockerng/dnsbl/Malekal.txt
	123 /var/db/pfblockerng/dnsbl/Adaway_org.txt
	66 /var/db/pfblockerng/dnsbl/Samedi_SecureMecca_2.txt
	62 /var/db/pfblockerng/dnsbl/hpHosts_PHA_Pharmacies.txt
	35 /var/db/pfblockerng/dnsbl/EasyList_wo_Elements.ip
	26 /var/db/pfblockerng/dnsbl/YoYo_Org.txt
	15 /var/db/pfblockerng/dnsbl/EasyPrivacy.ip
	12 /var/db/pfblockerng/dnsbl/Openphish.ip
	4 /var/db/pfblockerng/dnsbl/ZeusTracker_DNSBL.txt
	3 /var/db/pfblockerng/dnsbl/hpHosts_Ad_and_Tracking.txt
	2 /var/db/pfblockerng/dnsbl/hpHosts_WRZ_Warez.txt
	2 /var/db/pfblockerng/dnsbl/hpHosts_MMT_Misleading_Marketing_Tactics.txt
	2 /var/db/pfblockerng/dnsbl/hpHosts_HFS_hpHosts_Forum_Spammers.txt
	2 /var/db/pfblockerng/dnsbl/hpHosts_GRM_Astroturfing.txt
	2 /var/db/pfblockerng/dnsbl/Hosts_file_dot_net_ad_servers.ip
	1 /var/db/pfblockerng/dnsbl/hpHosts_PSH_Phishing.ip
	1 /var/db/pfblockerng/dnsbl/hpHosts_EMD_Malware_Distribution.ip
	1 /var/db/pfblockerng/dnsbl/Someone_Who_Cares.ip
	1 /var/db/pfblockerng/dnsbl/Disconnect_Ad_Filter_List.txt
	0 /var/db/pfblockerng/dnsbl/hpHosts_HJK_Hijacking.txt
	0 /var/db/pfblockerng/dnsbl/Sans_Edu_Med_Senstvty.txt
	0 /var/db/pfblockerng/dnsbl/Sans_Edu_High_Senstvty.txt
	0 /var/db/pfblockerng/dnsbl/Disconnect_Trackers.txt

	====================[ Last Updated List Summary ]==============

	May 1 10:07 OpenBL_7_Day
	May 1 16:23 MalwareDomainList_IP_BL
	May 4 04:30 ET_Block_IPs
	May 4 04:31 ET_Compromised_IPs
	May 4 13:17 malc0de_bl
	May 4 22:17 cinsscore_CI_Badguys
	May 4 22:27 sanyalnet_cloud_vps_botnet_ip_bl
	May 4 22:32 zeustracker_abuse_ch
	May 4 23:05 Blocklist_DE_48_Hours
	May 4 23:07 yiradio_brute_force_ip_bl
	May 4 23:07 wbri_duckdns_org_brute_force_ip_bl
	May 4 23:07 sanyalnet_cloud_vps_bruteforce_ip_bl
	May 4 23:07 glewlwyd_duckdns_org_brute_force_ip_bl
	May 4 23:07 sanyalnet_cloud_vps2_bruteforce_ip_bl
	May 4 23:08 Abuseat_iotcc
	May 4 23:15 ransomwaretracker_TorrentLocker_Pmnt
	May 4 23:15 ransomwaretracker_TorrentLocker_CNC
	May 4 23:15 ransomwaretracker_Locky_Pmnt
	May 4 23:15 ransomwaretracker_CryptoWall_Pmnt
	May 4 23:15 ransomwaretracker_TeslaCrypt_Pmnt
	May 4 23:15 ransomwaretracker_Ransomware_Pmnt
	May 4 23:15 AbuseCH_Ransomware
	May 4 23:16 Firehol_Level_1
	May 4 23:16 Firehol_Level_2
	May 4 23:16 Danger_Rulez_BruteForce
	May 4 23:16 Firehol_Level_3
	May 4 23:17 feodotracker_abuse_ch
	May 4 23:17 Firehol_Level_4

	IPv4 alias tables IP count
	-----------------------------
	315506

	IPv6 alias tables IP count
	-----------------------------
	0

	Alias table IP Counts
	-----------------------------
	315506 total
	106757 /var/db/aliastables/pfB_Level4.txt
	88058 /var/db/aliastables/pfB_Level3.txt
	79870 /var/db/aliastables/pfB_Level2.txt
	33036 /var/db/aliastables/pfB_Level1.txt
	7718 /var/db/aliastables/pfB_SANYALnet.txt
	67 /var/db/aliastables/pfB_DNSBLIP.txt

	pfSense Table Stats
	-------------------
	table-entries hard limit 2000000
	Table Usage Count 290288

	UPDATE PROCESS ENDED [ 05/04/17 23:40:09 ]

view raw pfblockerng-reload-log hosted with ❤ by GitHub

Hope you find this useful and please share the IP and domain blocklists you have found and use in comments below.

Supratim Sanyal's Computing Blog | Wandering Digital Wastelands as a Geek

Search

Tuesday, April 4, 2017