OPNsense Forum
English Forums => Intrusion Detection and Prevention => Topic started by: myksto on September 27, 2018, 10:42:56 am
-
Hello everybody.
I would like to create and mantain a local (or more than one) list of ip addresses to use within alias and then in traffic rules.
I created a txt file and put it in a local folder in Opnsense (/mkst/lists/ip.txt).
I would like to load it and use an alias to do that.
So I created an alias using the URL IP type but I receive error and ip's don't load.
I tried in different ways and these are some errors:
update_tables.py: error fetching alias url \\127.0.0.1\mkst\lists\ips.txt
update_tables.py: error fetching alias url https://127.0.0.1/mkst/lists/ips.txt
update_tables.py: error fetching alias url https:\\127.0.0.1\mkst\lists\ips.txt
What is the right way to load a local list?
Thank you.
Cheers,
Michele.
-
it is possible to see your file ?
I means it is snort formatted ?
-
Hi and thanks for reply.
I took the format from this file I've benn using for a long period with no problem https://www.spamhaus.org/drop/drop.txt
Anyway, I'm attaching the file I would like to use.
Can you exactly tell what is the right path to use? I mean, wich of the ones I used is valid? I mean:
1) file \\127.0.0.1\mkst\lists\ips.txt
2) https://127.0.0.1/mkst/lists/ips.txt
3) https:\\127.0.0.1\mkst\lists\ips.txt
Thanks and cheers,
Michele.
-
Hi;
sorry I lost my post but long story short
for
2) https://127.0.0.1/mkst/lists/ips.txt
3) https:\\127.0.0.1\mkst\lists\ips.txt
you must alter lighttpd via a vhosts or the os-nginx plugin
as you must understand the os-nginx is a better choice
this could inspire you : https://wiki.opnsense.org/manual/how-tos/nginx.html
if you want to use lighttpd you have to create a vhost file into :
/usr/local/etc/lighttpd/vhosts.d
than put your ips.txt into /usr/local/www/vhost (such as an example)
but you could also host your file into any webserver/service like github, gitlab or netlify
personally I use the same method as you but with public list I found here
http://iplists.firehol.org/
-
I followed your advice and implemented the Firehol rules.
Plese can you tell me whether I did it all correctly?
1)I created a URL table Alias inserting "https://iplists.firehol.org/files/firehol_level1.netset" as value. In PfTable I noticed that ip's have been populated.
2) I set update to 1 day.
3) I inserted a block rule in the WAN interface.
That's all.
Can you give me any further advice for best practise?
Thanks and cheers,
Michele.
-
hi myksto;
I'm glad I help you;
your setup seams fair
if you notice on https://iplists.firehol.org/ (https://iplists.firehol.org/) they have the average update frequency which is 41minutes; but I'll say a 1 day is fair enough to not being ban; I'll definitely don't go under every hour.
Best Practices ?
Hum; I'm a learner as you
but depend I add one or two of these list : https://firebog.net
- notice1 firehol and firebog may have overlaps.
- also as far I also understand firebog list which are just domain name and/or point to 127.0.0.1 so I use them in combination with unbound (probably works with dnsmasq too).
Actually I just discover in BIND OPNsense already integrate ads block list;.
Don't hesitate to share your try I'll be curious to test them too.