OPNsense Forum
Archive => 18.7 Legacy Series => Topic started by: ezraimanuel on November 06, 2018, 10:07:50 pm
-
Hello, i see Firewall alias that has type "external", what is it and how to use it? i see no documentation for it..
1 more thing... i have this list of blocked IPs which i want to load (I used to do this in FreeBSD using table <blockip> persist file "/path/to/file" ... containing more than 150K IPs with 2MB size... i tried to load it in opnsense and timeout from web browser..... is there anyway i can do this from terminal?
thanks!
-
Hi,
External means you can fill it via API, won't be touched otherwise. There is no documentation, because it's an internal feature that you can use, but we cannot make guarantees about breaking its behaviour in the future.
IPv6 bogons are big, yes.
% ls -lah /usr/local/etc/bogons*
-rw-r--r-- 1 root wheel 48K Nov 3 12:40 /usr/local/etc/bogons
-rw-r--r-- 1 root wheel 132B Sep 23 10:24 /usr/local/etc/bogons.sample
-rw-r--r-- 1 root wheel 1.6M Nov 3 12:40 /usr/local/etc/bogonsv6
-rw-r--r-- 1 root wheel 860B Sep 23 10:24 /usr/local/etc/bogonsv6.sample
You can disable bogon usage under "Interfaces: [WAN]".
Cheers,
Franco
-
thank you for your reply :)
about "External means you can fill it via API", how can i do this? thanks :)
-
Docs are pending on the alias endpoints. I am not sure if anyone will write a tutorial, but there is a powershell tool
that is/will be supporting it:
https://forum.opnsense.org/index.php?topic=6813.0
Docs link for future reference:
https://docs.opnsense.org/development/api.html
In addition to that, the Nginx-Plugin is using the external alias in its own code if you want to look for programmatic inspirations:
https://github.com/opnsense/plugins/tree/master/www/nginx
Cheers,
Franco
-
thank you! i will look into it :)
-
by the way,
https://repo.polkam.go.id/firehol/attacks.netset
https://repo.polkam.go.id/firehol/malware.netset
those are my list of backlisted IPs, when i try to load it as alias in OPNsense from web gui it always give me timeout... please try it adding it from web gui
in my old FreeBSD i just put those as table <tablename> persist file "/path/to/file" .. and it's done. (current OPN has no option to load alias from file, i think this is important)
PS: python2.7 bumped to 100% CPU usage if i add those into alias
thank you!
-
(https://i.imgur.com/hiHBjhf.jpg)
(https://i.imgur.com/d9gGsGK.jpg)
-
can you try https://github.com/opnsense/core/commit/08bd6c717751f3ce1c4b160fed7b747a5fa7da6f ?
opnsense-patch 08bd6c7
When deduplicating the retrieved addresses, the lookup was less performant it seemed.
-
can you try https://github.com/opnsense/core/commit/08bd6c717751f3ce1c4b160fed7b747a5fa7da6f ?
opnsense-patch 08bd6c7
When deduplicating the retrieved addresses, the lookup was less performant it seemed.
hello, I got this instead:
(https://i.imgur.com/uxOnBUq.jpg)
nothing shown on Type and any other selection fields. i already restart the webgui
-
Can't be related, the code in the patch has no relation the the ui. You can inspect the request/response in your browser, maybe that sheds some light on your issue.