Text only | Text with Images

OPNsense Forum

International Forums => German - Deutsch => Topic started by: Gandalf2434 on April 16, 2021, 07:44:15 PM

Title: IP-Liste blocken
Post by: Gandalf2434 on April 16, 2021, 07:44:15 PM
Hallo zusammen,

ich würde gerne eine Liste von IP-Adressen blocken. Es handelt sich dabei um folgende Liste: https://block.energized.pro/extensions/ips/formats/list.txt

Ich habe dazu unter Firewall->Aliases eine URL Table (IPs) angelegt und unter Content die URL zur Liste eingetragen.
Leider wird die Liste aber nicht aktuallisiert. Wenn ich unter Firewall->Diagnostics->pfTables den Alias auswähle ist er leer.

Was mich nur so wundert ist, dass ich das schonmal für eine andere IP-Liste gemacht hatte und das geht.
Liegt es daran, dass in der IP-List Kommentare enthalten sind?
Title: Re: IP-Liste blocken
Post by: allebone on April 16, 2021, 08:36:34 PM
Could be caused by your firewall entries being set too low.
Delete the blocklist alias you added, and then:

Try this:

Goto Firewall - Settings - Advanced - Firewall Maximum Table Entries:
Default size is: 200000 - CHANGE THIS TO 800000 to allow more entries.

Then try add the blocklist again and see if it works.
Title: Re: IP-Liste blocken
Post by: Gandalf2434 on April 16, 2021, 09:02:31 PM
Thanks for your hint. I tried to increase the max table entries. Removed the alias and added it again, but still the same issue. The alias stays empty.
Title: Re: IP-Liste blocken
Post by: allebone on April 16, 2021, 09:43:26 PM
I tried adding this list also.

I receive this error but dont know why:

System Log
2021-04-16T15:41:32    error fetching alias url https://block.energized.pro/extensions/ips/formats/list.txt
2021-04-16T15:41:32    fetch alias url https://block.energized.pro/extensions/ips/formats/list.txt (lines: 155066)


I was able to test adding my own blocklist and this worked fine so must be something in the formatting:
https://raw.githubusercontent.com/pallebone/StrictBlockPAllebone/master/BlockIP.txt
Above has no error.
Title: Re: IP-Liste blocken
Post by: allebone on April 17, 2021, 03:21:10 AM
Im thinking the list you want to use is not formatted correctly.
Title: Re: IP-Liste blocken
Post by: Gandalf2434 on April 17, 2021, 07:40:06 PM
I left the Alias active and this night it could update the alias. I don't know why it did not work yesterday. But using this list all my internet-traffic is blocked. I think because there are also my private adress-ranges inside the list. Thats not really helpful...

I need to think how to handle this or if I don't use this list. Looks as if the list is not that reliable.
Title: Re: IP-Liste blocken
Post by: allebone on April 17, 2021, 10:26:36 PM
Try my list instead. I dont add any private ranges to the list.
Title: Re: IP-Liste blocken
Post by: JeGr on April 20, 2021, 04:07:30 PM
Da wir im Deutschen Bereich sind, schreib ich auch mal so weiter.

@OT: man kann auch IP Bereiche excluden aus solchen Listen. Bspw. ein Alias erzeugen, die Liste mit reinnehmen und den eigenen Bereich oder generell die RFC1918 Bereiche excluden wenn man die raus haben möchte (mit !10.0.0.0/8 bspw.)

Näheres dazu steht auch in der Alias Doku

Cheers
Text only | Text with Images