OPNsense Forum

English Forums => Intrusion Detection and Prevention => Topic started by: hushcoden on May 20, 2020, 11:49:33 pm

Title: How to configure Spamhaus ASN-DROP ?
Post by: hushcoden on May 20, 2020, 11:49:33 pm

Would anybody know how to configure the Spamhaus ASN DROP List ?

I can see in the OPNsense documentation the instructions for both DROP and EDROP, but not for the ASN DROP list...

Tia.

Title: Re: How to configure Spamhaus ASN-DROP ?
Post by: hushcoden on June 03, 2020, 11:09:55 pm

Or can someone confirm if this is not possible with OPNsense?

Tia.

Title: Re: How to configure Spamhaus ASN-DROP ?
Post by: AdSchellevis on June 04, 2020, 11:31:03 am

ASN lists are not supported, you need to map them to ip ranges first and publish the list. OPNsense (currently) does not resolve ASN entries, in case of the Spamhaus list I don't expect many of those entries will resolve to anything at the moment ( e.g. https://mxtoolbox.com/SuperTool.aspx?action=asn:AS612&newAppVersion=1).

Although I'm not very familiar with these specific lists, I expect their intended usage seems more related to dynamic routing / BGP to deny access to publish new routes.

Best regards,

Ad

Title: Re: How to configure Spamhaus ASN-DROP ?
Post by: hushcoden on June 04, 2020, 07:56:55 pm

Ok, thanks.