Archive > 19.7 Legacy Series

Large IP Blacklists...performance impact?

(1/2) > >>

labsy:
Hi,

I am thinking about to aggregate all IP blacklists from various web sites (WP, Joomla, custom builds...), which write logs of attacking (brute-force, dictionary attacks...) IP hosts/addresses into database. I have a script in PHP to extract IP's from database for past 7 or 14 days.
Then I have plan to try/test retreive these into BLocked ALIASES list of OPNSense.

Now, since this list will contain hundreds or even thousands of IP addresses, I am wondering how a 1000's of BLOCK ALIASES LIST would affect firewall performance?

gstuartj:
My largest IP alias used for blacklisting has well over 100,000 entries and performance of the rule is great. You should be fine.

labsy:
Great news.
Anyone knows how often do these aliases reload from external source? And more important...how can I check, if they are loaded?

firewall:
check whether or not they've downloaded:
ls -al /var/db/aliastables

the revision date on mine is 3 days ago but i'm not certain how often it kicks off.

labsy:
Mine was reloaded yesterday, right after I created the list Alias.

I tried to add CRON job to test and check every 5 minutes for "Update and reload firewall aliases"...but after half an hour the directory of aliases tables still shows yesterday's date. So there must be some other settings, which control frequency of Alias Table list refresh and reload.

Navigation

[0] Message Index

[#] Next page