pfBlocker Lists

These RBL lists are designed to be used by pfBlockerNG on pfSense. They can also be used with OPNsense. I normally update them once or twice a week. They are released under the GPLv3+ license.

SpamList is a RBL list of IP addresses that have sent my email server spam that made it through my other spam filtering. It works well when combined with SpamAssassin on the mail server.

https://pfblockerlists.smallbusinesstech.net/spamlist.txt

HackerList is a RBL list of IP addresses that have attempted to hack my servers.

https://pfblockerlists.smallbusinesstech.net/hackerlist.txt

If your IP address is on either of these lists erroneously, you may contact me at soren@smallbusinesstech.net. IP addresses are not auto-pruned. The bulk of the IP addresses fall into one of two categories:

  1. Machines at hosting providers who don’t care if their clients use their systems to send out spam or hack other systems. Even if the current customer gives up and stops paying to use those IP addresses, it is likely that in the future some other customer will pick them up and use them for spamming or hacking.
  2. Compromised machines that are being used to send out spam or hack other systems. Even if the machine is cleaned up, most people who are compromised once will be compromised again repeatedly. So it is likely their IP address will be used for spamming and hacking again in the future.

If you haven’t already seen it, you should check out the list of why all spam filtering will fail. My personal favorite is, “Specifically, your plan fails to account for … willingness of users to install OS patches received by email.”

Last updated

One response to “pfBlocker Lists”

  1. Antoniogut

    Make sure the rules were actually created. When pfBlocker is enabled and lists are selected, you will see entries on either the WAN or LAN tab of the firewall rules page. They will appear near the top of the page.

Leave a Reply