Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
22.7 Legacy Series
»
API delete active states of IP?
« previous
next »
Print
Pages: [
1
]
Author
Topic: API delete active states of IP? (Read 815 times)
ThyOnlySandman
Jr. Member
Posts: 85
Karma: 4
API delete active states of IP?
«
on:
January 04, 2023, 02:07:12 pm »
Hi,
Been learning some Vaultwarden which lead me to also learn some fail2ban.
Wasted some time but eventually realized fail2ban wasn't going to work behind separate NGINX proxy regardless of forwarded header. (nftables / iptables have correct ban IP yet packets inbound only from Opnsense / NGINX IP - thus no block)
So that lead me to find this Opnsense API solution to create ban Alias which is working well.
https://github.com/fail2ban/fail2ban/pull/2761/files
curl -k -s -XPOST -d '{"address":"<ip>"}' -H "Content-Type: application/json" -k -u "<oskey>":"<ossecret>" \
https://<osaddress>/api/firewall/alias_util/add/<osalias>
However it won't block until you stop trying to brute force for a bit and let the state expire.
What I'm wondering if I can append another API Curl to this that will delete all active states for the same ban IP to force it to restart which would give desired result of immediate block.
Possible? Any tips or API documentation pointers appreciated.
Edit: I missed this before posting but still not sure exactly what I need being completely unfamiliar with API. Perhaps I'll spin up my opnsense VM template and explore.
https://docs.opnsense.org/development/api/core/diagnostics.html#
POST diagnostics firewall delState $stateid,$creatorid
POST diagnostics firewall queryStates
«
Last Edit: January 04, 2023, 02:40:52 pm by ThyOnlySandman
»
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
22.7 Legacy Series
»
API delete active states of IP?