OPNsense Forum
English Forums => Intrusion Detection and Prevention => Topic started by: labsy on January 09, 2020, 11:15:10 pm
-
Hi,
related to this: https://forum.opnsense.org/index.php?topic=15226.0 I am wondering, if ALIAS URL table, pulled from external source, is ever refreshed?
I have it configured to pull bad IPs to block them from external URL, but if I manually inject one testing IP there, it does not get blocked not after 1 hour, not after 1 day.
So I guess, whether list does not get updated ever, or maybe CRON for this update is not configured.
Any idea where refresh rate (update) can be set?
-
You can set expiration days and hours in the table settings, which means after this time the table expires and is reloaded. The expiration is checked each minute so that this is rather accurate when set.
Cheers,
Franco
-
Thank you, Franco, I assumed the same, too.
There are 2 fields with predefined values:
- Days: 0
- Hours: 4.00
How can I set it to refresh every 2 or 5 minutes?
I tried with 0.05 or 0.02 in hours field, but it does not seem to work.
-
Any idea on this subject?
How can I set URL TABLE refresh?
Is there any LOG of URL TABLE alias refresh scron?
My webhosting servers are under constant attacks, hundreds of brute force login attempts every minute, across all web sites. Attacking script maybe tries from same URL a dozen of times, then it obviously switches over to another web site at some other webhosting services.
My trap sites detect attacks at their first attempt, as they are made of traps actually. And immediately they push attacker's IP to the BAN LIST. So I am very interested to reload this BAN LIST into OPNSense FW --> ALiases --> URL TABLE list as son as possible, say every 1 minute at least to prevent any further attacks from the same IP.
It's crucial for me this mechanism to work.
-
I have in System -> Settings -> Cron a job that refreshes Aliases (i have set it to 3 min), is that what you are looking for?
-
Chemlud, I just wanted to reply to you, that this is what I first tried. And I have tried many combinations there, each minute, each hour...
...BUT I took a look at this Cron guide https://www.codementor.io/@akul08/the-ultimate-crontab-cheatsheet-5op0f7o4r and realized, that I *might* have entered numbers wrong!
For example, I entere 5 for minutes and 0 for hours and 0 for days....whixch would in best case mean every day at 0:05 hours, but as also day was 0, I am not sure what that meant to Cron job.
So today I put my glases on, saw those dots are not asterisks * but rather zeros 0....oh, geeez, my oh my... Then I read the above mentioned cheat sheet :)))
So, for the URL TABLE Alias to reload every 2 minutes, picked up the following Cron job:
Update and reload firewall aliases
...and entered the following schedule:
*/2 * * * *
Now it works like a charm!
Thank you for kicking me back to the track!
BTW...If anybody else wants to take advantage of this list, it get's updated instantly. You are all welcome to use it: http://secureit.si/lockouts/list.php