[SOLVED] How often is ALIAS URL table refreshed, if ever?

Started by labsy, January 09, 2020, 11:15:10 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
January 09, 2020, 11:15:10 PM Last Edit: February 02, 2020, 10:45:27 PM by labsy
Hi,

related to this: https://forum.opnsense.org/index.php?topic=15226.0 I am wondering, if ALIAS URL table, pulled from external source, is ever refreshed?

I have it configured to pull bad IPs to block them from external URL, but if I manually inject one testing IP there, it does not get blocked not after 1 hour, not after 1 day.
So I guess, whether list does not get updated ever, or maybe CRON for this update is not configured.

Any idea where refresh rate (update) can be set?
January 10, 2020, 09:48:59 AM #1
You can set expiration days and hours in the table settings, which means after this time the table expires and is reloaded. The expiration is checked each minute so that this is rather accurate when set.


Cheers,
Franco
January 10, 2020, 11:21:02 PM #2
Thank you, Franco, I assumed the same, too.
There are 2 fields with predefined values:
- Days: 0
- Hours: 4.00
How can I set it to refresh every 2 or 5 minutes?
I tried with 0.05 or 0.02 in hours field, but it does not seem to work.
February 02, 2020, 02:28:02 PM #3
Any idea on this subject?
How can I set URL TABLE refresh?
Is there any LOG of URL TABLE alias refresh scron?

My webhosting servers are under constant attacks, hundreds of brute force login attempts every minute, across all web sites. Attacking script maybe tries from same URL a dozen of times, then it obviously switches over to another web site at some other webhosting services.
My trap sites detect attacks at their first attempt, as they are made of traps actually. And immediately they push attacker's IP to the BAN LIST. So I am very interested to reload this BAN LIST into OPNSense FW --> ALiases --> URL TABLE list as son as possible, say every 1 minute at least to prevent any further attacks from the same IP.
It's crucial for me this mechanism to work.
February 02, 2020, 05:17:11 PM #4
I have in System -> Settings -> Cron a job that refreshes Aliases (i have set it to 3 min), is that what you are looking for?
kind regards
chemlud
____
"The price of reliability is the pursuit of the utmost simplicity."
C.A.R. Hoare

felix eichhorns premium katzenfutter mit der extraportion energie

A router is not a switch - A router is not a switch - A router is not a switch - A rou....
February 02, 2020, 10:44:48 PM #5 Last Edit: February 03, 2020, 07:45:05 AM by labsy
Chemlud, I just wanted to reply to you, that this is what I first tried. And I have tried many combinations there, each minute, each hour...
...BUT I took a look at this Cron guide https://www.codementor.io/@akul08/the-ultimate-crontab-cheatsheet-5op0f7o4r and realized, that I *might* have entered numbers wrong!
For example, I entere 5 for minutes and 0 for hours and 0 for days....whixch would in best case mean every day at 0:05 hours, but as also day was 0, I am not sure what that meant to Cron job.

So today I put my glases on, saw those dots are not asterisks * but rather zeros 0....oh, geeez, my oh my... Then I read the above mentioned cheat sheet :)))

So, for the URL TABLE Alias to reload every 2 minutes, picked up the following Cron job:
   Update and reload firewall aliases

...and entered the following schedule:
   */2   *   *   *   *

Now it works like a charm!
Thank you for kicking me back to the track!

BTW...If anybody else wants to take advantage of this list, it get's updated instantly. You are all welcome to use it: http://secureit.si/lockouts/list.php
Print
Go Up Pages1
User actions