OPNsense Forum

Archive => 18.1 Legacy Series => Topic started by: Ren on February 07, 2018, 10:16:31 pm

Title: PFBlocker/GeoIP Blocking alias updates
Post by: Ren on February 07, 2018, 10:16:31 pm
I read through a past post stating PFBLocker is not available but the same functionality can accomplished using the firewall alias

I created a couple alias to test

(https://image.ibb.co/jTuNGH/Firewall_Alias.png)

Added my firewall floating rules

(https://image.ibb.co/hHVJqc/Floating_Rules.png)

Checked my firewall logs and everything except for my firehol which i will get to later. My question is how often does the GEOIP list get updated ? I do not see a interval setting stating how often the GEOIP list gets updated

And finally my firehol doesn't seem to be working. I've set the expiration to 1 day for this alias. Does this mean after a day it grabs the new list ? Additionally how do i force an update ?

(https://image.ibb.co/gr57ix/firehol_Alias.png)

Title: Re: PFBlocker/GeoIP Blocking alias updates
Post by: nqnguyen2 on February 08, 2018, 06:05:29 am
1. Correct pfBlockerNG is not available.
2. From what I understand, the GeoIP updates every day (Gurus correct me if I'm wrong).
       *Source: core/src/opnsense/scripts/filter/lib/alias.py (line 160)
3. All Aliases auto-update, pull information, or populate in the pfTables as soon as you click the Save button.
4. I've tested firehol alias and it's working fine for me.
       *Alias has similar settings like yours: https://www.screencast.com/t/YrEu7vG2iyQ2 (https://www.screencast.com/t/YrEu7vG2iyQ2)
              -Firehol alias using this URL: https://iplists.firehol.org/files/firehol_level1.netset (https://iplists.firehol.org/files/firehol_level1.netset)
       *pfTables populated immediately after saving the alias: https://www.screencast.com/t/cpZvnqyaI (https://www.screencast.com/t/cpZvnqyaI)
5. Yes, your firehol alias set for 1 day expiration will update every day.
6. You can force an update by editing the alias, make no changes, and click Save button.

Recommendations
1. Please check your Alias Names and Descriptions. It appears you have multiple typos that can make troubleshooting confusing when your configurations become more complex.
2. Please consider allowing access for a smaller group of aliases vs denying the entire world. This will make your tables smaller, easier to troubleshoot, use less RAM, better performance, etc.
Title: Re: PFBlocker/GeoIP Blocking alias updates
Post by: Ren on February 09, 2018, 04:02:54 am
1. Correct pfBlockerNG is not available.
2. From what I understand, the GeoIP updates every day (Gurus correct me if I'm wrong).
       *Source: core/src/opnsense/scripts/filter/lib/alias.py (line 160)
3. All Aliases auto-update, pull information, or populate in the pfTables as soon as you click the Save button.
4. I've tested firehol alias and it's working fine for me.
       *Alias has similar settings like yours: https://www.screencast.com/t/YrEu7vG2iyQ2 (https://www.screencast.com/t/YrEu7vG2iyQ2)
              -Firehol alias using this URL: https://iplists.firehol.org/files/firehol_level1.netset (https://iplists.firehol.org/files/firehol_level1.netset)
       *pfTables populated immediately after saving the alias: https://www.screencast.com/t/cpZvnqyaI (https://www.screencast.com/t/cpZvnqyaI)
5. Yes, your firehol alias set for 1 day expiration will update every day.
6. You can force an update by editing the alias, make no changes, and click Save button.

Recommendations
1. Please check your Alias Names and Descriptions. It appears you have multiple typos that can make troubleshooting confusing when your configurations become more complex.
2. Please consider allowing access for a smaller group of aliases vs denying the entire world. This will make your tables smaller, easier to troubleshoot, use less RAM, better performance, etc.

Thank for the info. FIREHOL is working now. I can see offenders being blocked in the firewall logs