English Forums > Tutorials and FAQs

Blocking malicious IPs with OPNsense and blacklists

(1/2) > >>

binaryanomaly:
Cross posting this here for better discoverability:

Blocking malicious IPs with OPNsense using spamhaus droplists and dshield_30_days is actually quite easy.

How it's done:
➡️ https://www.allthingstech.ch/blocking-malicious-ips-with-opnsense/

hushcoden:
Thanks, trying to understand why the alias of the blocklists is in 'destination' and in 'source' or in both ?

binaryanomaly:
Hi,

In the proposed configuration it's currently destination only.
Having it in source and destination would require to set up two separate rules.

For most simple configurations destination should be good enough to catch potential outgoing traffic if you block incoming traffic from WAN already - which probably most simple setups do.

If you have a more advanced set up where you allow incoming traffic from WAN, i.e. for a VPN or other services you may want to have an additional rule to block incoming traffic by source.

That would be my current understanding of how it works.
Does it make sense or have I overlooked something?

hushcoden:
Thanks binaryanomaly for the explanation, and I think it's better to have just one set of those rules rather than duplicate them in both LAN and WAN as I did following this article: https://docs.opnsense.org/manual/how-tos/edrop.html

I wonder why the official documentation doesn't mention this other option too...

binaryanomaly:

--- Quote from: hushcoden on August 12, 2021, 08:25:07 am ---I wonder why the official documentation doesn't mention this other option too...

--- End quote ---

I think the official documentation does not get updated too often.
(Updating it is also not as simple and straightforward as with modern wysiwyg wikis.)

Navigation

[0] Message Index

[#] Next page