Re: [pfSense] 2.2.6 and IPv6 RA

[Antonio Prado]

On 1/23/16 2:55 AM, Jon Gerdes wrote:
> What is the fault you are actually trying to fix?

before fixing, currently I'm trying to avoid breaking.

consider a LAN segment where everything is working as supposed to:
routing, v6 slaac etc.

now, connect a new box in that scenario mounting a fresh pfSense 2.2.6,
configure on it a LAN IPv4 address just to reach its web gui (I made
this on a LAGG).

what I achieved here is a broke IPv6 connectivity on the LAN segment
because pfSense 2.2.6 starts advertising itself as IPv6 gateway (leading
nowhere actually) like a rogue RA would do.

pfSense 2.2.6 should begin advertising only after having been told to do
so, as any other BSD box after all.

thank you
--
antonio
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] pfblockerng

[Steve Yates]

>>> "Finally, I think that this list, mentionned in the doc, should not be
>>> used: http://feeds.dshield.org/top10-2.txt.  This one should:
>>> http://feeds.dshield.org/block.txt;
>> 
>> The top10-2.txt file has last been updated in July 2015 according to my
>> curl command and is not auto-documented.
>> 
>> http://feeds.dshield.org/block.txt is updated frequently (as of now, its
>> most recent generation is 5 minutes ago), it is auto-documented.
>> 
>> Also, https://www.dshield.org/xml.html states "We offer one blocklist,
>> and one blocklist only (http://www.dshield.org/block.txt)."
> 
> Is anyone using pfblockerng with this list?  Would someone want me to
> try to update the obsolete doc?

We do, though technically we're using a different method to get that 
list.  Unfortunately, for a Google search for "dshield feed pfSense" it's the 
first result, and there are plenty of other pages referencing the other lists.  
I had found the top10-2 list is outdated, but I don't recall where now.  I had 
realized the other method we use wasn't updating and thought it was me but it 
was pulling old Bluetack lists from I-Blocklist, and those lists still exist 
online also but also stopped updating a while back...apparently Bluetack closed 
or something.

Anyway it's confusing for newbies if one never sees the list update, 
and bad if someone thinks they have a working list and aren't protected at all 
after it is months or years old.

Why they wouldn't set up a redirect for 
http://feeds.dshield.org/top10-2.txt to http://feeds.dshield.org/block.txt, or 
take the old list down, is beyond me.

Also note the list is available at https://www.dshield.org/block.txt 
and  https://secure.dshield.org/block.txt either of which are probably better 
to use/list since they use HTTPS.

--

Steve Yates
ITS, Inc.


___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] pfblockerng

[compdoc]

>> The top10-2.txt file has last been updated in July 2015 according to 
>> my curl command and is not auto-documented.

I find I'm only using "http://www.malwaredomainlist.com/hostslist/ip.txt;
these days. 

Am I already hacked?


___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold