Is it possible to import/update a text list of IPs and ranges to blocklist?

[Randomz]

Newbie alert!    I haven't gotten very far yet as the docs appeared to be a fair bit behind when I last looked.

Can I import a text list of IPs and IP ranges to be blocklisted?

As I have built a large list of problem IP's over the last 20 years, I have no desire to do any kind of rule making procedure to enter each one individually.

I would also like to update the list from time to time.

Thanks for any advice or suggestions.

[phoenix]

It's always a good idea to first do an internet search to see if there's any "how to" articles. Enter the following into a browser search:

Code Select Expand

opnsense ip blocklists

You'll find plenty to keep you busy. ;)

[Randomz]

Thanks Bill.  I have spent a fair while searching, found a lot of babble but not a clear and concise answer which I was hoping to find here.

Good to see that last century RTFM answers are still allowed.  Or not good.

Edit.  Apologies if that was a bit snarky.  Upon reflection I have been very spoiled on a couple of tech forums that I use and contribute too where people are happy to help as much as they can.

[Randomz]

If anybody else is interested, it appears that the answer is - No, you can't just import a text file of IPs/ranges to block.

You can do stuff like blocklist lookups etc, probably similar to RBL as used for blocking email senders, but I don't see the point in a router that has to keep looking stuff up for each packet on a remote server.

Any constructive comments appreciated.

[phoenix]

I don't know why you couldn't get an answer from the search gives this article:

https://www.allthingstech.ch/using-opnsense-and-ip-blocklists-to-block-malicious-traffic

That should tell you everything you need to get a working blocklist, why does that not work for you? There are also many other choices in that list, did you look at them?

Thanks Bill.  I have spent a fair while searching, found a lot of babble but not a clear and concise answer which I was hoping to find here.

Good to see that last century RTFM answers are still allowed.  Or not good.

I don't take kindly to smart-ass replies like that.

I'm not a mind reader and you gave no indication that you'd searched nor what you tried from any of the articles on-line - if the online articles are not sufficient then you'd need to give a more detailed description of what exactly you want and what you've already tried and why they don't work.

[Randomz]

That's a fair point, thanks for weighing in.

I haven't tried anything as I simply wanted to know if it is possible before I invest many hours getting into OPN-sense.  The docs don't mention being able to import a text list so I optimistically thought to ask here.

A simple yes/no would have been enough, as I could then decide whether to go down the rabbit hole, or look elsewhere, or even stay with what I already have though it is getting old.

[Snowflocke]

funny thing, this post shows up above the original article linked by randomz

[celloza]

I had a similar sort of requirement, and I believe my solution may also be applied to yours.

Note: I'm prob just as new as you, so you might screw your environment with this, but if it's for testing its probably fine.

1. Add one IP/IP range to be blocked
2. Export an unencrypted backup
3. The backup file is just XML... interpret it, and find the IP/IP range you added through the GUI
4. Copy/paste/generate as many as you like to fit into the XML structure
5. Restore the backup

In my case I have a lot of VLANs, and duplicating the "default" 4 firewall rules to each wasn't a lovely experience. So I copied the 4 rules I made through the GUI, modified the interface it applies to, generated new UUIDs (seems like each entity needs a unique ID) and applied it to each entity. Worked like a charm. You could probably even automate it to an extent.

[battle]

Try creating a repository with your IPs in github.com.
(Note: Disregard the typo github.<net> in the first png below.  It should be github.com.).