Coder Social home page Coder Social logo

jeffmbelt / opnsense Goto Github PK

View Code? Open in Web Editor NEW
5.0 1.0 1.0 265 KB

OpnSense Custom Auto Block bad acting IP Addresses. Includes Custom Auto Allow for Services like Facebook, Apple and Amazon; for use when implementing GeoBlock firewall rules.

Shell 100.00%
firewall opnsense wan-firewall

opnsense's Introduction

opnsense

OpnSense Custom Auto update of alias lists to Block of bad acting IP Addresses as detected in the /var/log/filter.log file. Also includes auto allow for service IP addresses such as Amazon, Facebook, Microsoft, etc..

Looking for

Looking for anyone who can provide some guidnace on implementing this capability via the OpnSense web interface. Having some trouble with the HelloWorld example and my limited PHP knowledge.

Prerequisits

Create an OpnSense API key. Instructions can be found at https://docs.opnsense.org/development/how-tos/api.html.

Implementation

  1. Copy actions_autoblock.conf to /usr/local/opnsense/service/conf/actions.d/
  2. Copy actions_autoallow.conf to /usr/local/opnsense/service/conf/actions.d/
  3. Copy rc.autoblock /to /usr/local/etc/
  4. Copy rc.autoallow /to /usr/local/etc/
  5. Create an Alias called BlockedAuto

Firewall -> Aliases

Field Value
Enabled checked
Name BlockedAuto
Type URL (IPs)
Content https://127.0.0.1/blocked.txt
Statistics unchecked
Description Auto Block Bad Acting IP Addresses
  1. Create an Alias called AllowedAuto

Firewall -> Aliases

Field Value
Enabled checked
Name AllowedAuto
Type URL (IPs)
Content https://127.0.0.1/allowed.txt
Statistics unchecked
Description Auto Allow Addresses for Services
  1. Add outgoing Firewall Rule to WAN

Firewall -> Rules -> WAN

Field Value
Action: Block
Disabled: unchecked
Quick: checked
Interface: WAN
Direction: out
TCP/IP Version: IPv4
Protocol: any
Source / Invert: unchecked
Source: BlockedAuto
Destination / Invert: unchecked
Destination: any
Destination port range: any to any
Log: checked
Category: Blocked
Description: DROP: Blocked Bad Acting IPs (In)
Source OS: any
No XMLRPC Sync: unchecked
Schedule: none
Gateway: default
  1. Add incoming Firewall Rule to WAN

Firewall -> Rules -> WAN

Field Value
Action: Block
Disabled: unchecked
Quick: checked
Interface: WAN
Direction: out
TCP/IP Version: IPv4
Protocol: any
Source / Invert: unchecked
Source: any
Destination / Invert: unchecked
Destination: BlockedAuto
Destination port range: any to any
Log: checked
Category: Blocked
Description: DROP: Blocked Bad Acting IPs (In)
Source OS: any
No XMLRPC Sync: unchecked
Schedule: none
Gateway: default
  1. Add outgoing Firewall Rule to WAN, put these before any GeoBlock rules so the services will work regardless of country blocking rules.

Firewall -> Rules -> WAN

Field Value
Action: PASS
Disabled: unchecked
Quick: checked
Interface: WAN
Direction: out
TCP/IP Version: IPv4
Protocol: any
Source / Invert: unchecked
Source: AllowedAuto
Destination / Invert: unchecked
Destination: any
Destination port range: 80 to 80
Log: checked
Category: ALLOWED
Description: DROP: ALLOW Service IPs (out)
Source OS: any
No XMLRPC Sync: unchecked
Schedule: none
Gateway: default
  1. Add outgoing Firewall Rule to WAN

Firewall -> Rules -> WAN

Field Value
Action: PASS
Disabled: unchecked
Quick: checked
Interface: WAN
Direction: out
TCP/IP Version: IPv4
Protocol: any
Source / Invert: unchecked
Source: AllowedAuto
Destination / Invert: unchecked
Destination: any
Destination port range: 443 to 443
Log: checked
Category: ALLOWED
Description: DROP: ALLOW Service IPs (out)
Source OS: any
No XMLRPC Sync: unchecked
Schedule: none
Gateway: default
  1. Run the following to refresh the Available CRON job entries list.
service configd restart
  1. Add CRON entries for Block and Allow lists

System -> Settings -> CRON

Update Allowed Destination Alias

  1. Add CRON entries for Block and Allow lists

System -> Settings -> CRON

Update Auto Blocked Alias

opnsense's People

Contributors

jeffmbelt avatar

Stargazers

avatar avatar avatar avatar avatar

Watchers

avatar

Forkers

ideraslab

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.