[SOLVED] Temporary ip blacklist

Started by Maarten, October 21, 2015, 10:18:47 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
October 21, 2015, 10:18:47 AM Last Edit: October 23, 2015, 08:41:16 AM by franco
Hi, On a linux server I'm running I'm using a temporary blacklist. When I detect misbehaving clients I put their ip in a blacklist. This blacklist holds the ip for a few hours or so. I use IPSET for this functionality.

What I would like to do is to temporary register such an ip in a blacklist on the router, so everything is blocked for this misbehaving ip. Is there something similar in OPNsense? I know there is a blacklist feature, but that is just way to static. The ip must be blocked right away.

Thanks.
October 22, 2015, 10:09:17 AM #1
Hi Maarten,

You can use aliasses for that, just create a new one in
Firewall -> Aliases ( and choose IP when creating a new one)

Next create a firewall rule attached to this alias to block your clients on the correct interface.

Regards,

Ad
October 23, 2015, 08:41:03 AM #2
Someone was working on improving a daemon to do arbitrary (temporary) lockouts using https://github.com/opnsense/sshlockout_pf as the base. We use this utility to blacklist GUI and SSH access in case of bad logins and it's fully automated.
October 23, 2015, 08:43:11 AM #3
Thanks franco, I'm going to check it out.
Print
Go Up Pages1
User actions