OPNsense Forum

English Forums => General Discussion => Topic started by: Maarten on October 21, 2015, 10:18:47 am

Title: [SOLVED] Temporary ip blacklist
Post by: Maarten on October 21, 2015, 10:18:47 am

Hi, On a linux server I'm running I'm using a temporary blacklist. When I detect misbehaving clients I put their ip in a blacklist. This blacklist holds the ip for a few hours or so. I use IPSET for this functionality.

What I would like to do is to temporary register such an ip in a blacklist on the router, so everything is blocked for this misbehaving ip. Is there something similar in OPNsense? I know there is a blacklist feature, but that is just way to static. The ip must be blocked right away.

Thanks.

Title: Re: Temporary ip blacklist
Post by: AdSchellevis on October 22, 2015, 10:09:17 am

Hi Maarten,

You can use aliasses for that, just create a new one in
Firewall -> Aliases ( and choose IP when creating a new one)

Next create a firewall rule attached to this alias to block your clients on the correct interface.

Regards,

Ad

Title: Re: Temporary ip blacklist
Post by: franco on October 23, 2015, 08:41:03 am

Someone was working on improving a daemon to do arbitrary (temporary) lockouts using https://github.com/opnsense/sshlockout_pf as the base. We use this utility to blacklist GUI and SSH access in case of bad logins and it's fully automated.

Title: Re: [SOLVED] Temporary ip blacklist
Post by: Maarten on October 23, 2015, 08:43:11 am

Thanks franco, I'm going to check it out.