How to manage a local ip list

[myksto]

Hello everybody.
I would like to create and mantain a local (or more than one) list of ip addresses to use within alias and then in traffic rules.
I created a txt file and put it in a local folder in Opnsense (/mkst/lists/ip.txt).
I would like to load it and use an alias to do that.
So I created an alias using the URL IP type but I receive error and ip's don't load.
I tried in different ways and these are some errors:
update_tables.py: error fetching alias url \\127.0.0.1\mkst\lists\ips.txt
update_tables.py: error fetching alias url https://127.0.0.1/mkst/lists/ips.txt
update_tables.py: error fetching alias url https:\\127.0.0.1\mkst\lists\ips.txt

What is the right way to load a local list?

Thank you.

Cheers,
Michele.

[jodumont]

it is possible to see your file ?
I means it is snort formatted ?

[myksto]

Hi and thanks for reply.
I took the format from this file I've benn using for a long period with no problem https://www.spamhaus.org/drop/drop.txt

Anyway, I'm attaching the file I would like to use.
Can you exactly tell what is the right path to use? I mean, wich of the ones I used is valid? I mean:
1) file \\127.0.0.1\mkst\lists\ips.txt
2) https://127.0.0.1/mkst/lists/ips.txt
3) https:\\127.0.0.1\mkst\lists\ips.txt

Thanks and cheers,

Michele.

[jodumont]

Hi;

sorry I lost my post but long story short

for
2) https://127.0.0.1/mkst/lists/ips.txt
3) https:\\127.0.0.1\mkst\lists\ips.txt

you must alter lighttpd via a vhosts or the os-nginx plugin

as you must understand the os-nginx is a better choice
this could inspire you : https://wiki.opnsense.org/manual/how-tos/nginx.html

if you want to use lighttpd you have to create a vhost file into :
/usr/local/etc/lighttpd/vhosts.d
than put your ips.txt into /usr/local/www/vhost (such as an example)

but you could also host your file into any webserver/service like github, gitlab or netlify

personally I use the same method as you but with public list I found here
http://iplists.firehol.org/

[myksto]

I followed your advice and implemented the Firehol rules.
Plese can you tell me whether I did it all correctly?
1)I created a URL table Alias inserting "https://iplists.firehol.org/files/firehol_level1.netset" as value. In PfTable I noticed that ip's have been populated.
2) I set update to 1 day.
3) I inserted a block rule in the WAN interface.

That's all.

Can you give me any further advice for best practise?

Thanks and cheers,
Michele.

[jodumont]

hi myksto;

I'm glad I help you;
your setup seams fair

if you notice on https://iplists.firehol.org/ they have the average update frequency which is 41minutes; but I'll say a 1 day is fair enough to not being ban; I'll definitely don't go under every hour.

Best Practices ?

Hum; I'm a learner as you

but depend I add one or two of these list : https://firebog.net
- notice1 firehol and firebog may have overlaps.
- also as far I also understand firebog list which are just domain name and/or point to 127.0.0.1 so I use them in combination with unbound (probably works with dnsmasq too).
Actually I just discover in BIND OPNsense already integrate ads block list;.

Don't hesitate to share your try I'll be curious to test them too.