Text only | Text with Images

OPNsense Forum

Archive => 20.1 Legacy Series => Topic started by: Cyda on April 10, 2020, 09:21:12 PM

Title: Custom rule scripts
Post by: Cyda on April 10, 2020, 09:21:12 PM
I am very new to OPNsense and networking in general.

I am trying to figure out how to implement custom scripts to run once a day. I want them to automatically read specified publicly maintained dns/ip blacklists and update my firewall rules to block new items on said lists. Would something like this even be possible with OPNsense?
Title: Re: Custom rule scripts
Post by: hbc on April 10, 2020, 09:38:03 PM
Just read the docs/manual. There is an example with spamhaus blocklist.
https://docs.opnsense.org/manual/how-tos/edrop.html (https://docs.opnsense.org/manual/how-tos/edrop.html)
Title: Re: Custom rule scripts
Post by: Cyda on April 10, 2020, 09:48:50 PM
Thank you. That is very helpful. Will this work with other blacklists?

I was hoping to be able to write my own custom scripts to do this. For example, compiling a list of dns/IPs from multiple blacklists and updating the firewall rules from that compiled list. At it's base it would be like setting up this same thing but hosting my own list. Is it possible to use this feature in such a way?
Title: Re: Custom rule scripts
Post by: hbc on April 10, 2020, 10:08:08 PM
Sure you can create own lists, but to be honest: why do work twice and care for updates?
There are so many blacklists, even lists that already implement various lists, just use those.

A good starting point is: http://iplists.firehol.org/ (http://iplists.firehol.org/)
Title: Re: Custom rule scripts
Post by: Cyda on April 10, 2020, 10:23:38 PM
I know it is doing extra work, I am doing it for a university research project. I just need to be able to do it with a few lists for now as a proof of concept. I will be looking at that link after a meeting I have.

Thank you for helping me.
Title: Re: Custom rule scripts
Post by: Cyda on April 11, 2020, 04:40:56 AM
Would it be possible to have a script that pulls from lists and uploads them to GitHub, then have the alias source be that GitHub?
Title: Re: Custom rule scripts
Post by: cmdr.adama on April 11, 2020, 06:26:13 AM
Can't see why not. It just pulls from an external list so if you wanted to do up a script to compile your own list then I can't see why it wouldn't work. I do agree with hbc, I just implement the existing public lists though I have been starting to generate my own from other IP's that I can see have been hitting IPS.
Title: Re: Custom rule scripts
Post by: Cyda on April 11, 2020, 07:39:47 AM
Yeah. Like I said, this is for a university research project.

I think I basically understand what I need to do. Script pulls lists together into one and puts it on GitHub, then use an alias with URL table using the url to the GitHub. If I am understanding it right that should be all there is to it.
Title: Re: Custom rule scripts
Post by: hbc on April 12, 2020, 10:42:42 PM
There is really no magic in hosting blacklists on GitHub. There even exists lists hosted on GitHub like this DoH blacklist:
https://github.com/oneoffdallas/dohservers?files=1 (https://github.com/oneoffdallas/dohservers?files=1)

You just have to take care that you use the RAW link as source for your URL table alias.

E.g.: https://raw.githubusercontent.com/oneoffdallas/dohservers/master/iplist.txt (https://raw.githubusercontent.com/oneoffdallas/dohservers/master/iplist.txt)
Text only | Text with Images