Newbie alert! I haven't gotten very far yet as the docs appeared to be a fair bit behind when I last looked.
Can I import a text list of IPs and IP ranges to be blocklisted?
As I have built a large list of problem IP's over the last 20 years, I have no desire to do any kind of rule making procedure to enter each one individually.
I would also like to update the list from time to time.
Thanks for any advice or suggestions.
It's always a good idea to first do an internet search to see if there's any "how to" articles. Enter the following into a browser search:
opnsense ip blocklists
You'll find plenty to keep you busy. ;)
Thanks Bill. I have spent a fair while searching, found a lot of babble but not a clear and concise answer which I was hoping to find here.
Good to see that last century RTFM answers are still allowed. Or not good.
Edit. Apologies if that was a bit snarky. Upon reflection I have been very spoiled on a couple of tech forums that I use and contribute too where people are happy to help as much as they can.
If anybody else is interested, it appears that the answer is - No, you can't just import a text file of IPs/ranges to block.
You can do stuff like blocklist lookups etc, probably similar to RBL as used for blocking email senders, but I don't see the point in a router that has to keep looking stuff up for each packet on a remote server.
Any constructive comments appreciated.
I don't know why you couldn't get an answer from the search gives this article:
https://www.allthingstech.ch/using-opnsense-and-ip-blocklists-to-block-malicious-traffic
That should tell you everything you need to get a working blocklist, why does that not work for you? There are also many other choices in that list, did you look at them?
Quote from: Randomz on December 28, 2023, 09:36:16 AM
Thanks Bill. I have spent a fair while searching, found a lot of babble but not a clear and concise answer which I was hoping to find here.
Good to see that last century RTFM answers are still allowed. Or not good.
I don't take kindly to smart-ass replies like that.
I'm not a mind reader and you gave no indication that you'd searched nor what you tried from any of the articles on-line - if the online articles are not sufficient then you'd need to give a more detailed description of what exactly you want and what you've already tried and why they don't work.
That's a fair point, thanks for weighing in.
I haven't tried anything as I simply wanted to know if it is possible before I invest many hours getting into OPN-sense. The docs don't mention being able to import a text list so I optimistically thought to ask here.
A simple yes/no would have been enough, as I could then decide whether to go down the rabbit hole, or look elsewhere, or even stay with what I already have though it is getting old.
funny thing, this post shows up above the original article linked by randomz
I had a similar sort of requirement, and I believe my solution may also be applied to yours.
Note: I'm prob just as new as you, so you might screw your environment with this, but if it's for testing its probably fine.
1. Add one IP/IP range to be blocked
2. Export an unencrypted backup
3. The backup file is just XML... interpret it, and find the IP/IP range you added through the GUI
4. Copy/paste/generate as many as you like to fit into the XML structure
5. Restore the backup
In my case I have a lot of VLANs, and duplicating the "default" 4 firewall rules to each wasn't a lovely experience. So I copied the 4 rules I made through the GUI, modified the interface it applies to, generated new UUIDs (seems like each entity needs a unique ID) and applied it to each entity. Worked like a charm. You could probably even automate it to an extent.
Try creating a repository with your IPs in github.com.
(Note: Disregard the typo github.<net> in the first png below. It should be github.com.).