Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
Tutorials and FAQs
»
Blocking malicious IPs with OPNsense and blacklists
« previous
next »
Print
Pages: [
1
]
Author
Topic: Blocking malicious IPs with OPNsense and blacklists (Read 8179 times)
binaryanomaly
Full Member
Posts: 163
Karma: 9
Blocking malicious IPs with OPNsense and blacklists
«
on:
July 22, 2021, 08:20:31 pm »
Cross posting this here for better discoverability:
Blocking malicious IPs with OPNsense using spamhaus droplists and dshield_30_days is actually quite easy.
How it's done:
➡️
https://www.allthingstech.ch/blocking-malicious-ips-with-opnsense/
«
Last Edit: November 01, 2021, 08:33:24 pm by binaryanomaly
»
Logged
hushcoden
Hero Member
Posts: 544
Karma: 23
Re: Blocking malicious IPs with OPNsense and blacklists
«
Reply #1 on:
July 30, 2021, 11:54:13 pm »
Thanks, trying to understand why the alias of the blocklists is in 'destination' and in 'source' or in both ?
Logged
binaryanomaly
Full Member
Posts: 163
Karma: 9
Re: Blocking malicious IPs with OPNsense and blacklists
«
Reply #2 on:
July 31, 2021, 08:18:18 am »
Hi,
In the proposed configuration it's currently
destination
only.
Having it in
source
and
destination
would require to set up two separate rules.
For most simple configurations
destination
should be good enough to catch potential outgoing traffic if you block incoming traffic from WAN already - which probably most simple setups do.
If you have a more advanced set up where you allow incoming traffic from WAN, i.e. for a VPN or other services you may want to have an additional rule to block incoming traffic by
source
.
That would be my current understanding of how it works.
Does it make sense or have I overlooked something?
Logged
hushcoden
Hero Member
Posts: 544
Karma: 23
Re: Blocking malicious IPs with OPNsense and blacklists
«
Reply #3 on:
August 12, 2021, 08:25:07 am »
Thanks
binaryanomaly
for the explanation, and I think it's better to have just one set of those rules rather than duplicate them in both LAN and WAN as I did following this article:
https://docs.opnsense.org/manual/how-tos/edrop.html
I wonder why the official documentation doesn't mention this other option too...
Logged
binaryanomaly
Full Member
Posts: 163
Karma: 9
Re: Blocking malicious IPs with OPNsense and blacklists
«
Reply #4 on:
August 12, 2021, 08:48:15 pm »
Quote from: hushcoden on August 12, 2021, 08:25:07 am
I wonder why the official documentation doesn't mention this other option too...
I think the official documentation does not get updated too often.
(Updating it is also not as simple and straightforward as with modern wysiwyg wikis.)
Logged
hushcoden
Hero Member
Posts: 544
Karma: 23
Re: Blocking malicious IPs with OPNsense and blacklists
«
Reply #5 on:
November 01, 2021, 05:33:56 pm »
Sorry, me again, I'm trying to understand how those floating rules work and I'm still confused, i.e. from what I understood from the article and your response, that floating rule blocks any attempt from a LAN client to connect to any of the malicious IPs, am I right?
If so, why we need direction to '
any
' and not just '
in
' ?
What if I also want to block any attempt from any of those malicious IPs (defined in the alias) to attempt to connect to a LAN client ?
From your response I take it we need to add another rule?
Tia.
Logged
binaryanomaly
Full Member
Posts: 163
Karma: 9
Re: Blocking malicious IPs with OPNsense and blacklists
«
Reply #6 on:
November 01, 2021, 08:26:39 pm »
Hi,
The rule blocks any connections where the destination is one of the IPs in the blacklist.
You would need another rule to block any connections where the source is one of the IPs in the blacklist.
But most setups do not allow incoming traffic from the WAN interface anyway so this is kinda obsolete.
You're right, the
any
for the direction may not even be required but I just didn't bother since any works just fine as well.
-b
«
Last Edit: November 01, 2021, 08:35:00 pm by binaryanomaly
»
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
Tutorials and FAQs
»
Blocking malicious IPs with OPNsense and blacklists