Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
Intrusion Detection and Prevention
»
External Block Lists - Firehol
« previous
next »
Print
Pages: [
1
]
Author
Topic: External Block Lists - Firehol (Read 2209 times)
gauthig
Newbie
Posts: 27
Karma: 6
External Block Lists - Firehol
«
on:
March 03, 2022, 05:00:21 pm »
Besides IPS, having a quick and very current block list of current events like Firehol is great.
But, I was testing a setup I did a long time ago and noticed the Networks in Firehol (1,2,3) do not seem to get applied in the ruleset.
For example I take any of the single IP's in the current Firehol2 and see it is blocked while monitoring the rules for my label.
When I take a IP from a subnet in the list (x.x.x.x/24) It does not block it. It seems that anything with network notation is not loaded.
I tried both URL IP(s) and URL Table IP(s).
I turned on statistics and went into the alias table. I see the networks listed i.e. x.x.x.x/24, but even though I curl, http, ping an IP in that network range the counts do not increase. But for any single IP in the list without a / mask works fine and the counters increase.
«
Last Edit: March 03, 2022, 05:05:04 pm by gauthig
»
Logged
abulafia
Full Member
Posts: 156
Karma: 8
Re: External Block Lists - Firehol
«
Reply #1 on:
April 28, 2022, 06:53:41 pm »
Can't recommend firehol - it often blocs GitHub addresses (false positives).
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
Intrusion Detection and Prevention
»
External Block Lists - Firehol