Show threadKevin Karhan Mar 4
@Soblow AFAIK #pfBlockerNG doesn't digest #JSON, but ONLY plaintext.
Show threadKevin Karhan Nov 26

@hydrian @kajer yeah, because it just works, even in Enterprise networks and Datacenter setups same as with Office & Prosumer Networks!

#UniFi still doesn't have all the nice features and #pfBlockerNG really is awesome...

Still #Ubiquiti makes good equipment that only gets better...

Office Network Design and Planning with VLANs, LLDP, Rules, IoT, Guest using UniFi & pfsense

YouTube
Show threadKevin Karhan Nov 15

@zynaesthesie Und natürlich endet mastodon.id-52849.pro und id-52849.pro auf 172.67.208.214 welches im Addressblock 172.64.0.0/13 vom größten #RogueISP, #CloudFlare aka. #ClownFlare, liegt.

Ich hab daher jene domain auf meine öffentliche Blocklist gepackt die unter

https://raw.githubusercontent.com/greyhat-academy/lists.d/main/drop.domains.block.list.tsv

frei verfügbar ist und von dort in jedes System [egal ob #PiHole oder #pfBlockerNG) importiert und updated werden kann...

Falls dir weitere Domains auffallen lass' es mich wissen...

#Fediverse #WeKeepUsSafe #ITsec #InfoSec #OpSec #ComSec #Phishing

lists.d/drop.domains.block.list.tsv at 6083ee58c9325e11242bb436e3c977d5b1de2016 · greyhat-academy/lists.d

List of useful things. Contribute to greyhat-academy/lists.d development by creating an account on GitHub.

GitHub
Kevin Karhan Nov 12

I really need to update the #Scrapers #Blocklist more often...

Given that they retroactively added this, this means they're actively fighting against automated means to stop their ingestion aka. #DDoS'ing of sites!

#AIslop #AI #Enshittification #ITsec #InfoSec #OpSec #ComSec #CloudFlare

lists.d/scrapers.ipv4.block.list.tsv at main · greyhat-academy/lists.d

List of useful things. Contribute to greyhat-academy/lists.d development by creating an account on GitHub.

GitHub
Show threadKevin Karhan Oct 25
@quad Personally I use #pfBlockerNG because I already have #pfSense / #OPNsense deployed basically everywhere…
Show threadKevin Karhan Oct 4
@adisonverlice yeah, #pfBlockerNG redirects to a reserved IP it'll allocate for itself to allow for stats if one choses to enable them.
Show threadKevin Karhan Oct 4

@adisonverlice obviously schools could quite effectively enforce their rules by using #pfBlockerNG of a #pfSense / #OPNsense and just have some shared blocklists among them with (web-)proxies, adult websites, etc. on them as well as blocking alternative DNS resolvers.

  • Espechally since pfBlockerNG blocks not just DNS but also #IPv4 & #IPv6 addresses associated with said site and either rejects the connection or forwards to a 403 site.

And since that filtering is all onsite, they indeed don't need any "cloud" that harnesses students' data or collects details.

  • At most they gotta have some sort of blocklist URL feed they gonna pull with like an API key in the URL embedded. [ i.e. edublock.example/nsfw.txt?&api-key=example-api-key]

Kinda how I managed to add #VirusTotal to my .bash_aliases without violating their ToS and leak an API key.

misc-scripts/bash/.bash_aliases at 2e2d5691727b886ff567f7b1ae6b5271458a0f6f · kkarhan/misc-scripts

random scripts for various admin tasks. Contribute to kkarhan/misc-scripts development by creating an account on GitHub.

GitHub
Kevin Karhan May 28, 2025

@GuidoKostons @f4grx @nixCraft @torproject the nice part with #pfBlockerNG is that you can literally add entire ASNs and it'll resolve those into IPs.

  • As for blocklists I do maintain those I setup myself publicly and use the FEED-URL to automatically update them...
lists.d/blocklists.list.tsv at main · greyhat-academy/lists.d

List of useful things. Contribute to greyhat-academy/lists.d development by creating an account on GitHub.

GitHub
derMikeMay 8, 2025

Vorgestern neue Hardware aus der Post bekommen. Ein wenig mit #OpnSense rumgetinkert, mich dann aber doch aus subjektiven Gründen für #PfSense entschieden.
Gestern Abend, als keiner mehr Internet brauchte, alten Router gekappt und neuen ins Netz gehängt. Nochmal kurz das Routing anpassen müssen und schon waren wir alle wieder online! - Schön wenns läuft.
Jetzt folgen die Goodies wie #haproxy , #pfblockerng , #vpn , etc.

#selfhost #homelab #feierabend

Show threadKevin Karhan May 2, 2025

@f4grx @nixCraft @torproject not really.

  • #aws has pretty chunky blocks like /14.
  • They don't use #IPv6, only #IPv4.
  • Blocking entrie #ASN|s is easy.

    • I do this with #pfSense & #pfBlockerNG for quite a while…

    And the same #blocklist also works for other applications like #nginx, #HAproxy, #httpd, etc.