Alias Help

Started by Goombadave, January 21, 2020, 01:11:55 PM

Previous topic - Next topic
Print
Go Down Pages1 2
User actions
January 21, 2020, 01:11:55 PM
Hi, hopefully this is a quick answer to my question.

I am hoping somebody can look at my alias and tell me if I have created this correctly for use with spamhaus drop lists. The current setup when hitting save does not seem to populate PFtables and I am not sure that I set this up correctly. The OPNSense documentation https://docs.opnsense.org/manual/how-tos/edrop.html must be a little bit out of date because there is no "host(s)" selection to paste the drop list URL into when URL Tables type is selected.

Attached screenshot
January 22, 2020, 01:42:06 AM #1
Thoughts? Thanks
January 22, 2020, 04:37:49 AM #2 Last Edit: January 22, 2020, 04:47:19 AM by mitchellp
After you hit save on the alias, you must also hit apply on aliases page.
January 22, 2020, 12:32:48 PM #3 Last Edit: January 24, 2020, 02:43:00 AM by Goombadave
Quote from: mitchellp on January 22, 2020, 04:37:49 AM
After you hit save on the alias, you must also hit apply on aliases page.

Thanks for the reply; I have tried that and the pftables still shows empty...

January 22, 2020, 03:34:19 PM #4
Did you add a rule that uses this alias?
HP T730/AMD  RX-427BB/8GB/500GB SSD
HP NC365T 4-PORT
January 22, 2020, 03:48:23 PM #5
Please left Expiratin field blank and try again.

Tried and worked that way.
January 23, 2020, 07:44:48 AM #6
Quote from: eprom on January 22, 2020, 03:48:23 PM
Please left Expiratin field blank and try again.

Tried and worked that way.

Thanks I tried that but it has made no change, I still do not see any IP address in PFtables. I have also made a LAN and WAN rule that utilizes those aliases (Spamhaus drop and Edrop). I think I have created the alias correctly. I have tried rebooting as well for good measure with no change. My GEO IP rules populate PFtables just fine
January 23, 2020, 05:59:44 PM #7
Could you try:

Firewall  > Settings > Advanced and set the Firewall Maximum Table Entries to 4000000

Good luck
January 23, 2020, 08:14:23 PM #8
Hello,
I've try with "URL (IPs)" in Type field, this works for me. Maybe can you try it ? I have not check if expiration time (present in .txt files) is apply or not.
January 23, 2020, 10:38:35 PM #9
I have "URL Table" and that works for me (3 separate URL aliases).  All my settings match the OP except he didn't show the rule using the alias...though I'd assume that's entered correctly.

Any log messages showing it tried but failed?
HP T730/AMD  RX-427BB/8GB/500GB SSD
HP NC365T 4-PORT
January 24, 2020, 02:48:50 AM #10
Quote from: gpb on January 23, 2020, 10:38:35 PM
I have "URL Table" and that works for me (3 separate URL aliases).  All my settings match the OP except he didn't show the rule using the alias...though I'd assume that's entered correctly.

Any log messages showing it tried but failed?

The logs show this when I hit "save and update"

Jan 24 09:23:14    /update_tables.py: error fetching alias url https://www.spamhaus.org/drop/edrop.txt
Jan 24 09:23:14    /update_tables.py: error fetching alias url https://www.spamhaus.org/drop/edrop.txt [http_code:503]
Jan 24 09:23:14    /update_tables.py: error fetching alias url https://www.spamhaus.org/drop/drop.txt
Jan 24 09:23:14    /update_tables.py: error fetching alias url https://www.spamhaus.org/drop/drop.txt [http_code:503]

I don't think I misspelled the link; not sure why there is an error with the link and if I paste those into my browser I can see the text of IPs. These are my firewall rules:
January 24, 2020, 02:59:32 AM #11
I came across this thread: https://forum.opnsense.org/index.php?topic=9796.0

Is that how I should be using this?
January 24, 2020, 07:02:59 AM #12
I have your same settings (except I didn't enabled statistics, but that's for sure not the issue)

Have you checked you can reach the url from your firewall? check with a curl from ssh

[root@myfw ~]# curl https://www.spamhaus.org/drop/edrop.txt
; Spamhaus EDROP List 2020/01/23 - (c) 2020 The Spamhaus Project
; https://www.spamhaus.org/drop/edrop.txt
; Last-Modified: Sat, 28 Dec 2019 21:03:27 GMT
; Expires: Fri, 24 Jan 2020 14:54:02 GMT
5.188.11.0/24 ; SBL402809
5.188.207.0/24 ; SBL419952
5.188.216.0/24 ; SBL394632
27.112.32.0/19 ; SBL237955
31.184.237.0/24 ; SBL419884
. . .
https://www.signorini.ch
Protectli Pfsense Mi7500L6 Intel 7Th Gen Core I7 7500U 16Gb Ddr4 Ram
512Gb Msata Ssd
6 X Intel Gigabit Ethernet
January 24, 2020, 08:14:57 AM #13
Thanks for the reply, curl gets me:

!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

   <head>
      <title>The Spamhaus Project - Blocklist Removal Center Results</title>
      <style type="text/css">.body,.listmenu,.monospace{font-size:11px;line-height:18px}.body,.listmenu,.pagetitle,.topmenu{font-weight:400;font-family:Verdana,Arial,Helvetica,sans-serif}.body table,.defaultbodytable table{border:1px solid #fff;border-collapse:collapse}a.body:link,a.body:visited{color:#333;text-decoration:underline}a.body:hover{color:#00f;text-decoration:underline}a.body:active{color:red;text-decoration:underline}a.topmenu:link,a.topmenu:visited{color:#000;text-decoration:none}a.topmenu:hover{color:#fff;text-decoration:none}a.topmenu:active{color:red;text-decoration:underline}a.listmenu:link,a.listmenu:visited{color:#333;text-decoration:none}a.listmenu:hover{color:red;text-decoration:none}a.listmenu:active{color:red;text-decoration:underline}a.smallgrey:hover,a.smallgrey:link,a.smallgrey:visited{text-decoration:none}a.smallgrey:hover{color:red}a.smallgrey:active{color:red;text-decoration:underline}.body{color:#333}.listmenu{color:#006}.topmenu{color:#000;font-size:10px;line-height:12px}.pagetitle{color:#000070;font-size:20px;line-height:26px}.subtitle{color:#000070;font-size:13px;font-weight:700;line-height:16px;font-family:Verdana,Arial,Helvetica,sans-serif}.smallgrey,.smallnote{line-height:14px;font-family:Verdana,Arial,Helvetica,sans-serif}.smallgrey{color:#a0a0a0;font-size:10px;font-weight:400}.smallnote,.verysmall{color:#4c4c4c;font-weight:400}.smallnote{font-size:9px}.verysmall{font-size:8px;line-height:12px;font-family:Arial,Helvetica,sans-serif}.monospace,li,ul{color:#333}.monospace{font-weight:400;font-family:"Courier New",Courier,Monaco,monospace}.defaultbodytable td,.defaultbodytable th,li,ul{font-family:Verdana,Arial,Helvetica,sans-serif;font-size:11px;font-weight:400;line-height:18px}.body th{background-color:#fc0}.body td{background-color:#eaeaea}td{text-align:left}.defaultbodytable td{border:1px solid #fff;background:#eaeaea;padding:3px 7px}.defaultbodytable th{border:1px solid #fff;background:#fc0;padding:3px 7px}</style>
      <style type="text/css" >h1,p{font-weight:400;font-family:Verdana,Arial,Helvetica,sans-serif}h1{color:#000070;font-size:20px;line-height:26px}p{color:#333;font-size:11px;line-height:18px}</style>
   <script type="text/javascript">
  //<![CDATA[





Quote from: siga75 on January 24, 2020, 07:02:59 AM
I have your same settings (except I didn't enabled statistics, but that's for sure not the issue)

Have you checked you can reach the url from your firewall? check with a curl from ssh

[root@myfw ~]# curl https://www.spamhaus.org/drop/edrop.txt
; Spamhaus EDROP List 2020/01/23 - (c) 2020 The Spamhaus Project
; https://www.spamhaus.org/drop/edrop.txt
; Last-Modified: Sat, 28 Dec 2019 21:03:27 GMT
; Expires: Fri, 24 Jan 2020 14:54:02 GMT
5.188.11.0/24 ; SBL402809
5.188.207.0/24 ; SBL419952
5.188.216.0/24 ; SBL394632
27.112.32.0/19 ; SBL237955
31.184.237.0/24 ; SBL419884
. . .
January 24, 2020, 08:16:32 AM #14
and this the second time:

curl !DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
DOCTYPE: Event not found.


Weird...can someone confirm the URL to use? Mine works from the browser
Print
Go Up Pages1 2
User actions