Guide to Blockpost V2-V4 + Using Blocklists

[Moore]

################################################## ###############
Blockpost Plugin by DMUT & FAZION
################################################## ###############
Hi , this guide has been created to help you understand how to use the Blockpost plugin for Outpost firewall and the ways you can use it to block IP addresses.

What is Blockpost?

Blockpost is a free 3rd party plugin for the security industry's leading personal firewall , Outpost Pro by www.Agnitum.com.

The Blockpost plugin is designed to filter all inbound/outbound internet connections by their IP address , allowing Outpost firewall users to block/deny IP addresses via the IP entries listed in their blockpost.txt file.

-

Thanks to Dmut and Fazion for their fine work on this great plugin.

The official release page for Blockpost is here:
http://outpostfirewall.com/forum/showthread.php?t=7229

#####################################

Blockpost's READ ME file:

Quote:

If you have a question regarding this plug-in,
please post it in Official Agnitum Forums www.outpostfirewall.com in Plug-in Developers area.

This plug-in provided "Restricted Zone" feature,
i.e. every IP-packet and every higher protocols packet: ICMP, TCP, UDP, HTTP, etc.
from or to IP address in "Restricted Zone" list to be dropped/rejected.

This plug-in has maximum possible priority in OP packet processing algorithm,
this means: higher than "Trusted application", "Trusted Zone", etc. No one from your applications,
including operation system, could be able to send or receive any IP data
and higher from (or to) host included in "Restricted Zone".

Feedback and bug reports are strongly appreciated, please use this forum
http://www.outpostfirewall.com/forum/forum...p?s=&forumid=56

Some tips:

- click on column to sort block list, and double-click to reverse sorting

- to edit entry, right click on it and data from entry to be transferred to "Add new entry" panel, then delete current entry from a list, do some edit and then click "Add"

- do not use "Rebuild" too often, it's takes a lot of time, and create noticeable DNS traffic; some ISP may think you doing DOS attack

- to select all items, do double right-click on list

###################################

## PLEASE NOTE ##

To enable [activate] Blockpost Plugin , right click on the Blockpost icon in the plugin section of Outposts main window and choose 'enable plugin'.

If there is no tick beside enable plugin , then Blockpost will not block any IP addresses.



-

Click on properties to bring up the default Blockpost Gui.

** Blockpost will not have any entries to display until you have loaded a blocklist into it **

-




** The allow port 80 / https checkbox should not be selected , unless you are well aware of the consequences. Blockpost will no longer monitor these ports and your web surfing will be totally unprotected by Blockpost. This selection would most apply to p2p users with extreme blocklists that limit their web surfing. The choice is yours.

-

By selecting the systray notifier option you will have an icon for Blockpost display in the systray next to Outpost icon. You will need to restart Outpost after activating the systray notifier.. If it still does not appear then reboot.



Here you can now access the various functions for Blockpost without the need to launch Outpost Gui [ graphical user interface ] directly :








===================

Blockpost.txt:
Blockpost installation adds a default empty blocklist named blockpost.txt into the Outpost program files folder. You can add ranges to this file or overwrite it with your own file , but the filename must remain the same for the reload function to work.

Reload:
Use the new reload option to load the blockpost.txt file without the need to import a list manually through the Blockpost GUI.

===================

Importing

===================

To import your IP blocklist into Blockpost plugin :

- open the Blockpost plugin from Outpost's main window by right clicking the Blockpost icon.

- select 'properties' for the Blockpost main interface to appear.

- Click on the import tab and search for the folder / directory where you have stored your list.

- Doubleclick [or select and open] on the new list to import it into Blockpost


Blockpost plugin also has a feature to add ranges manually if you choose , by IP range , single IP with a mask or by hostname.



You can add single IP ranges in the IP range option without the need to specify an entry with IP mask , by using the same IP in both sections such as :

1.0.0.1 - 1.0.0.1 # comment


You can easily create your own personal custom blocklists with notepad/text editor etc to block only what you want

## Outpost/Blockpost V1 format [ free version of Outpost firewall V1 ] is not compatible with Blockpost V2.*/V3.*/V4 ##

For more information on Outpost/Blockpost V1 and its format , read the excellent guide here:
http://www.outpostfirewall.com/guide.../blockpost.htm


################################################## #
Blockpost Format
################################################## #

Applies to all versions of Outpost V2.1 to V3.51/V4.0

=--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

Here is short description [thanks to Dmut] about the IP format Blockpost uses:

1,209.133.244.0/209.133.255.255#MEDIASENTRY-MEDIAFORCE
2,203.1.254.0-203.1.254.255#ASIO
3,hop.clickbank.net,209.81.0.46

1,IP/MASK#comment - entry with masked IP
2,IP1-IP2#comment - entry with range from IP1 to IP2
3,host,IP#comment - entry with symbolic hostname

In all 3 cases "#comment" is optional.

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

The Blockpost List format for V2 importing looks like this below:

When you are creating your own custom lists , dont forget to add this to the first line #BLOCKPOST V2.. or your lists will not work.


#BLOCKPOST V2
2,1.0.0.0-3.255.255.255#IANA-Reserved
2,4.0.0.0-4.255.255.255#Genuity
2,5.0.0.0-5.255.255.255#IANA Reserved
2,6.0.0.0-6.255.255.255#DoD Network
2,7.0.0.0-7.255.255.255#DoD Network-IANA-Reserved
2,8.0.0.0-8.255.255.255#Genuity
2,9.0.0.0-9.255.255.255#IBM
2,10.0.0.0-10.255.255.255#IANA-Private Use
2,11.0.0.0-11.255.255.255#DoD Network

etc etc

These entries are just example ranges.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
::Blocklists ::

For managing large blocklists , you have the option of using Bluetacks online converter , or the Blocklist Manager.

There are also pre-made blocklists provided, such as the ones freely available here at Outpost firewall forum.

><><

Pre-made Spyware/malware and ads-trackers blocklists can be found here for free download ::

><><

The are also Blocklists available from the downloads section at B.I.S.S. forums which will need to be converted to Blockpost format.

The Blocklists FAQ which explains what is in each list is here


################################################## #################


First option for converting large amounts of IP's into Blockpost format :

To use the online blocklist converter to convert your choice of IPs into Blockpost format , follow these simple steps:

Go here to find the online converter:
http://bluetack.co.uk/convert.html

Set up the converter to use peerguardian format as the source and blockpost V2 as the Output format.

Other options are listed in the pic , these are my settings that I choose to use



Paste in your current IP list and wait for the converter to accept the IPs , it might take a bit longer if you have very large lists.

*Some lists are too large for the converter to handle and we recommend using the Blocklist Manager for those lists.

Now sit back and relax a while and wait for the conversion , this can take a minute maybe even more if you have a super sized list , so please have patience.



################################################## ################

[Moore]

Second option for managing large blocklists :

Download and install the Blocklist Manager from here :

The BLM FAQ at B.I.S.S. forums is here:

Direct link to the help file:
http://bluetack.co.uk/blmhelp

The BLM forum section is here:
http://www.bluetack.co.uk/forums/ind...?showforum=126

You must be registered at the forum for access to the support section:
http://www.bluetack.co.uk/forums/index.php...hp?showforum=53


The BLM will allow you to enable / disable and then download the current updated blocklist sources of your choice:



Once your list has been downloaded you can press the convert tab in the centre of the BLM main window and then select the option for outpost V2 format in the drop down box..



Now save your Blockpost IP list somewhere you will remember if you plan on importing it manually to add ranges to your existing blocklist ...

or you can choose to overwrite your current blockpost.txt file in the Outpost program files directory and use the Blockpost reload button.

Now you should have an updated blocklist loaded into Blockpost.


################################################

:: TINY BLM :: By Csimbi

A smaller|lighter application to download/convert and export a blocklist in Blockpost format.

For more details see here :
http://www.outpostfirewall.com/forum...ad.php?t=14873


################################################


:: Outpost 4.0 users ::

Outpost 4.0 now offers a new self protection feature. This will prevent the Blocklist Manager from updating the blockpost.txt [in Outpost Program files folder] when you try to use the export to file function.

At the moment you will need to temporarily disable self protection if you want to use this feature, while updating your blockpost.txt file directly from the BLM.. Or simply save your new file from the BLM conversion window to the desktop, and use the import button in Blockpost to load your updated list.




##################################################

Making life a lot easier for Blockpost users is the BLM Exclusions Manager.

It will help you manage your personal blocklist entries and allow you to permanently unblock any IP address ranges or specific IPs while still blocking the full parent IP range , or just helping to keep unblocked those annoying IPs that are blocked in other peoples lists that conflict with your own preferences..

################################################## ######

..::°Ø. INCLUSIONS / EXCLUSIONS .Ø°::..

################################################## ######


Using Inclusions and Exclusions


The Blocklist Manager enables you to create a list of IP addresses and ranges that are based on the blacklists obtained from the Bluetack server. The main blacklists contain many general IP and IP ranges. These downloaded and merged lists becomes your main blocklist.

However, you may have specific needs and uses for your connection. For example, you might have certain sites that you visit often and want to allow. Maybe you have a certain address that you would like to always block whether it is in the main blacklist or not.

By using Inclusions and Exclusions, you can specifically maintain IP addresses or ranges to be imported and merged into the blocklist each time you obtain the latest blacklists.


Inclusion = Deny/Block
An inclusion is a rule that can be added to your blocklist to block a certain bad IP or bad IP range.

Exclusion = Permit/Allow
An exclusion is a rule that can be added to your blocklist to allow a certain IP or IP range.

The following settings will allow you to configure the BLM for using Inclusions and Exclusions ,

In BLM General Options :

- Uncheck 'Only import deny rules'

- Select 'Permit rules take priority over Deny rules'

- Uncheck 'merge adjacent rules' [if checked]

- Uncheck bypass personal sources integration [if checked]


These settings are important because if there is a range that we have included in a blacklist, and you want a single IP inside that range to be permitted (allowed), then you will want BLM to split the deny range into two ranges; permitting your IP exclusion.


Next in BLM Options -> Personal sources :

check either of the Exclusions / Inclusions boxes , or both depending on your choices , to enable the exclusions and/or inclusions lists.

Click on the box with the three ... , and navigate to the Blocklist manager program files directory..

select the exclusions.txt.

If there is no exclusions / inclusions file in your BLM program files directory , then you should create a blank text file and name it Exclusions.txt or Inclusions.txt



The file paths should look like this below [ depending on which drive your operating system is installed into] :

Quote:

C:\Program Files\Bluetack\Blocklist Manager\Exclusions.txt

C:\Program Files\Bluetack\Blocklist Manager\Inclusions.txt

For fast access to the exclusions/inclusions managers while the BLM is maximised on screen , press CTRL+E for the Exclusions manager or CTRL+I for the Inclusions manager.

Exclusions / Inclusions lists must be enabled in the personal sources options before you can begin to use the editors.

Alternately you can access the editors by going to file -> Exclusions manager / Inclusions Manager.


<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< <
Storing Inclusions and Exclusions
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> >

Inclusions and Exclusions are stored in files named inclusions.txt and exclusions.txt in the BLM directory.

Although these files can be modified using a text editor like notepad, the BLM now offers an Inclusions and Exclusions Manager.


The format for inclusions and exclusions is the same.

xxx.xxx.xxx.xxx - yyy.yyy.yyy.yyy , nnn , Any Comment Here


NOTE: The spaces are intentional. There must be a space before and after each separator in the rule. Space before and after the dash (-) and a space before and after each comma (,).

Example Rules:

Inclusions :

Quote:

123.123.100.000 - 123.123.255.255 , 000 , Test Deny Range

155.155.150.150 - 155.155.150.150 , 000 , Test Deny single IP address

Exclusions :

Quote:

250.255.000.222 - 250.255.001.096 , 200 , Test Permit Range

011.022.033.111 - 011.022.033.111 , 200 , Test Permit single IP address

Inclusions

If you find an IP address or range that you want to specifically block whether or not it is in a blacklist, you can add an inclusion. Inclusions are IP's and IP ranges that you want to add to the blocklist to make sure they always get blocked.

Use the Inclusions Manager to add or remove IP's and IP ranges that you want to deny.



Exclusions

If you find an IP address or range that you want to specifically allow whether or not it is in a blacklist, you can add an exclusion. Exclusions are IP's and IP ranges that you want to merge into the blocklist to make sure they are always allowed.



Use the Exclusions Manager to add or remove IP's and IP ranges that you want to permit.

Rules need to be in the following format so that they will be properly Excluded / Allowed / Permitted ....

xxx.xxx.xxx.xxx - yyy.yyy.yyy.yyy , 200 , Any Comment Here (Exclusion)

Quote:

012.118.143.228 - 012.118.143.250 , 200 , Sample Exclusion Range
067.151.000.000 - 067.151.255.255 , 200 , Another Range
213.002.010.123 - 213.002.010.123 , 200 , A Single IP

The exclusions will split ranges in the Blocklist Manager for you, if there is a server that we missed then you can make custom list so that the IP address or IP range will never be blocked for you.

lots more info at:
Blocklist Manager Help File


################################################

[Moore]

Help Blockpost Isnt Blocking Everything !!

http://outpostfirewall.com/forum/sho...2&postcount=15

Q:

Quote:

I have now found that "Blockpost" is not blocking everything it should.

I have the exact same blocklist in Blockpost and in eMule" [or any other P2P app that suports IP blocking] , and I still see packets from blocked IPs getting through to eMule [your P2P app] , which then has to block it itself.

So, there is definitely some blocked IPs filtering through Blockpost.

Green edits added by me ..

A: <> LINK <>

Quote:

Originally Posted by bluetack

This is a common misconception.

If the packet going to/coming from a blocked IP address actually reaches Blockpost [or Protowall] then it will be blocked (this is also true of any firewall which blocks IPs). there are cases, however, where it will not reach Blockpost at all. Here's an example:

Say you are running eMule with IP blocking enabled. You have a file which someone, who you don't want to serve it to, wants to download.

They make a request directly to get the file. They are blocked.

Now, because eMule is designed to work behind restrictive firewalls, and your client has a connection to the hub, the request to download the file is then made via the hub. The request is accepted and passed onto your client (the hub isn't blocked).

Your eMule client then tries to connect from your machine to the bad ip and push the file to them. eMule will check the list to see if the destination IP is blacklisted. It will then block it.

Blockpost will never see that packet, because it has already been blocked.

If eMule is logging blocked packets, then you will see that eMule has done the job for you.

If your p2p software works in a similar manner (I expect it does) then you will see packets blocked by the p2p app as well.

This is perfectly normal and nothing to worry about. I hope that makes sense.

[MegaHertz]

Renamed, moved & stuck.

[Dmut]

Good job Moore and Mega!

[Shaka]

Hi people....If i need to blook a single IP from my LAN what should I do ?

[Moore]

Quote:

Originally Posted by Shaka

If i need to blook a single IP from my LAN what should I do ?

Hi shaka

you can either import a single IP in a list , using this format

2,192.168.0.5-192.168.0.5#single IP block

Or add the single IP into the add IP with/without subnet mask section

[Keith]

Quote:

Originally Posted by Moore

Importing
To import your IP blocklist into Blockpost plugin :

- open the Blockpost plugin from Outpost's main window by right clicking the Blockpost icon.

- select 'properties' for the Blockpost main interface to appear.

- Click on the import tab and search for the folder / directory where you have stored your list.

- Doubleclick [or select and open] on the new list to import it into Blockpost

Personally I prefer to add all new IPs by importing them from a list, even when I have only a few to add , it's much quicker than adding them into Blockpost manually one at a time.

OK, I'm late to the party, but I finally sat still long enough to start playing with BP and BLM. I follow the above steps but upon import, it adds the list to the existing list. So I get duplicates - which Repair clears. But the range that I wanted split gets entered without the original range getting deleted, thus I'm still blocked.

Also, where is the blocklist stored that is being used by BP. From reading the history, it looks like it should be reading from blockpost.txt, but if I edit that file, it doesn't edit the list displayed on BP on restarts.

Am I missing some obvious stuff here?

And on the bluetack side, why is a "2 " being added to the front of each Comment, both when I import from BP (using generic) or download new.

Thanks to Dmut, Moore and Fazion for the work they've been doing on this plugin.

[zhitch]

any word on if the newest works with v3?

[Keith]

Quote:

Originally Posted by zhitch

any word on if the newest works with v3?

BP (2005-06-04) works fine for me.
The only quirk is that I can't access the Properties by right clicking on the BP from the left frame of OP's GUI. This can be accessed by selecting Plug-ins in the left frame, then selecting BP in the right frame.

[Moore]

Hi , sorry for the late reply Keith.. Hope it's all working good for you still.

Quote:

Originally Posted by Keith

OK, I'm late to the party, but I finally sat still long enough to start playing with BP and BLM. I follow the above steps but upon import, it adds the list to the existing list. So I get duplicates - which Repair clears. But the range that I wanted split gets entered without the original range getting deleted, thus I'm still blocked.

If you are using sources from say , the Blocklist Manager , that are updated regularly , then yes you will need to clear your old blocklist first before adding a new one to prevent any duplicates.

Personally I maintain a couple of extra blocklist files to save my own custom entries into , so I wont lose them , just in case I need to add them again later.

Quote:

But the range that I wanted split gets entered without the original range getting deleted, thus I'm still blocked.

Only thing I can suggest is to look into using the Blocklist manager Exclusions manager , and to make sure the IP ranges you split get priority over the deny ranges in the BLM options.

Quote:

Also, where is the blocklist stored that is being used by BP. From reading the history, it looks like it should be reading from blockpost.txt, but if I edit that file, it doesn't edit the list displayed on BP on restarts.

Am I missing some obvious stuff here?

Ok , my blocklist file is located in "C:\Program files\Agnitum\Outpost Firewall\blockpost.txt"

Did you try editing the file while Outpost was shutdown , or while it was still running ?

I think no changes can be saved to the blockpost.txt file unless Outpost is already fully shutdown.

Quote:

And on the bluetack side, why is a "2 " being added to the front of each Comment, both when I import from BP (using generic) or download new.

ok , thats just the format Blockpost uses for IP ranges:

Quote:

Here is short description [thanks to Dmut] about the IP format Blockpost uses:

1,209.133.244.0/209.133.255.255#MEDIASENTRY-MEDIAFORCE
2,203.1.254.0-203.1.254.255#ASIO
3,hop.clickbank.net,209.81.0.46

1,IP/MASK#comment - entry with masked IP
2,IP1-IP2#comment - entry with range from IP1 to IP2
3,host,IP#comment - entry with symbolic hostname

In all 3 cases "#comment" is optional

Hope that helps , guide could probably do with an update soon too