OPNsense Forum
Archive => 20.1 Legacy Series => Topic started by: sja1440 on May 11, 2020, 08:49:54 am
-
When an ipv4 address from the internet attempts to connect to a specific group of closed ports on my firewall, I would like the address to be automatically added to a blocklist (i.e. a pf Table). Addresses on the blocklist are denied all access to the firewall. Addresses would be removed from the blocklist after a fixed amount of time (say 1 day).
What is the best way of doing this on OPNsense?
I suppose that one way of doing it might be to produce a script to listen on the firewall logs and when a trigger event occurs add the offending address to an Alias. But, if I can, I would prefer to use distributed OPNsense software.