PR # 156/157 have been posted for pfBlockerNG v2.1.1

CHANGELOG:

MaxMind GeoLite2

New Changes here:

https://dev.maxmind.com/geoip/geoip2/whats-new-in-geoip2/

Highlights:

GeoLite2 data is already in CIDR format, so should be faster to process then the previous GeoLite data which was in Range format.

GeoLite2 data now includes "Represented IPs" along with "Registered IPs"… So the options now include Countries with "_rep".

Asia and Europe have an "Undefined" Network list which is now available to be used.

Localized Language options are available… See General Tab.

Add Antarctica Tab.

Downloads via HTTPS MaxMind URLs

Top 20 Spammers Tab is now auto-generated (as other GeoIP Tabs)

DNSBL TLD (Beta Feature)

DNSBL TLD is a new feature to determine if all Sub-Domains should be blocked for each listed Domain. TLD is more memory intensive and is not recommended for low performance/Low-Memory installations. TLD will limit the number of Domains that can be processed, Once the TLD Domain limit below is exceeded, the balance of the Domains will be listed as-is. IE: Blocking only the listed Domain (Not Sub-Domains).

TLD Domain Limit Restrictions:

< 1.0GB RAM - Max 100k Domains

< 1.5GB RAM - Max 150k Domains

< 2.0GB RAM - Max 200k Domains

< 2.5GB RAM - Max 250k Domains

< 3.0GB RAM - Max 400k Domains

< 4.0GB RAM - Max 600k Domains

< 5.0GB RAM - Max 1.0M Domains

< 6.0GB RAM - Max 1.5M Domains

< 7.0GB RAM - Max 2.5M Domains

> 7.0GB RAM - > 2.5M Domains

When enabled and after all downloads for DNSBL Feeds have completed; TLD will process the Domains. TLD uses a predetermined list of TLDs, to determine if the listed Domain should be configured to block all Sub-Domains. The predetermined TLD list can be found in [ [i] /usr/local/pkg/pfblockerng/dnsbl_tld ]

Options to Blacklist whole TLDs with a provision to Whitelist specific Domain/Sub-Domains in these TLD Blacklists. With the TLD Whitelist option, Alerts will not populate, as the Domains are in a "Static" Resolver zone and as such DNS resolution is via NXDOMAIN.

Options to exclude certain TLDs and/or Domains from the TLD Process.

Lists of worst TLDs:

https://www.spamhaus.org/statistics/tlds/

http://toolbar.netcraft.com/stats/tlds

The TLD feature has so far been tested by approximately a dozen beta testers.

Other Improvements