Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Feature Request: Export/Copy IP List

    Scheduled Pinned Locked Moved pfBlockerNG
    12 Posts 4 Posters 1.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • MMapplebeckM
      MMapplebeck
      last edited by MMapplebeck

      I'd like to see if it's possible to add a few features to the IP lists pages(/pfblockerng/pfblockerng_category.php?type=ipv4 and /pfblockerng/pfblockerng_category.php?type=ipv6).

      1. Export/Import: As an admin, I manage multiple pfSense instances(20+). There are numerous IP lists(with multiple external sources like txt/csv and ASNs, where pfBlocker scrapes these lists, and performs de-duplication) I have built that I would like to have on multiple instances, an import/export option would be nice to have to manage this. It is a pain to have to create this list on each box I have. Ultimately, I am not looking to export/import the list/alias itself, I am looking to export/import the parameters of said list. Because the IPs contained in the external lists that are being pulled, along with the dynamic nature of ASNs, I need to easily copy these parameters to other boxes.

      2. Copy List: It would be a great time-saver if I could easily copy a rule from IPv4 to IPv6. I have a lot of lists that pull from supplied txt/csv files, or ASN lookups. It would be nice to be able to copy a list from IPv4 to IPv6 rather than having to re-enter the same data twice. Another option would be to, when creating a list, specify IPv4/IPv6/IPv4+IPv6 and automatically create the two lists. Most external files are the same file for both IPv4 and IPv6, along with the fact that ASNs can have prefixes for both IPv4 and IPv6, a lot of the times, the lists are exactly the same.

      Thanks for looking!

      • Marc
      johnpozJ BBcan177B 2 Replies Last reply Reply Quote 0
      • johnpozJ
        johnpoz LAYER 8 Global Moderator @MMapplebeck
        last edited by johnpoz

        @mmapplebeck said in Feature Request: Export/Copy IP List:

        There are numerous IP lists I have built that I would like to have on multiple instances

        Solution there would put your lists on the internet somewhere the other clients could just pull it down on a schedule. Update the one list and they all get the changes when they run their update.

        I thought there was some kind of problem with aliases that had both ipv4 and ipv6 in them? It would be cleaner to keep such lists separate.

        edit: what version of pfsense are you using - I see a export list, and there is import list function there..

        exportimport.jpg

        edit2: oh your talking about pfblocker - hmmm so your talking custom lists. Those can just be copied pasted so not sure why you need an "import/export" feature?

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.11 | Lab VMs 2.8, 24.11

        MMapplebeckM 1 Reply Last reply Reply Quote 0
        • MMapplebeckM
          MMapplebeck @johnpoz
          last edited by

          @johnpoz Thanks for the suggestion, unfortunately, I am looking to specifically import/export pfBlocker lists. I have a bunch that update IP ranges and ASN lits from sources outside my control. Example below, we restrict our VPN users, but whitelist Zoom, so that they can attend meetings while on the VPN:

          ec1c0131-2cf5-4fce-b4bb-0d7f7a61838f-image.png

          My idea would be an export list button that allows all the list settings to be exported and quickly imported onto other boxes.

          I do also have a bunch of aliases that I have as central files on an internal webserver that all of my pfSense instances pull from. This allows me to quickly update lists of internal servers if need be, but the issue with pfBlocker is where it is scraping the IPs to create an alias, I need a way to easily get those list definitions on multiple devices.

          • Marc
          johnpozJ 1 Reply Last reply Reply Quote 0
          • johnpozJ
            johnpoz LAYER 8 Global Moderator @MMapplebeck
            last edited by

            @mmapplebeck said in Feature Request: Export/Copy IP List:

            I need a way to easily get those list definitions on multiple devices.

            So these other devices do not have pfblocker? You understand you can just create native alias from whatever urls your pulling data from.. That full list of ips can then just be view in the table and you can copy past that.

            So I created a alias with top 2 lists you show there.. Now I can view it in the table..

            list.jpg

            You can just copy that from your table listing.. And then just paste/import that into whatever other system that doesn't have pfblocker. If you have pfblocker on the other sites - why would you not just let it update its own lists?

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 24.11 | Lab VMs 2.8, 24.11

            MMapplebeckM 1 Reply Last reply Reply Quote 0
            • MMapplebeckM
              MMapplebeck @johnpoz
              last edited by

              @johnpoz Yes, all other devices do have pfBlocker. What I want is an easy way to create the list item once on one instance, and then export its's definition to then import on all of my other instances. It's easier to enter one list that defines each line item once(I have some lists that are pulling multiple ASNs, and multiple text/csv files, performs de-duplication). It's a pain in the ass to have to enter all of these on 20+ instances.

              Ultimately, I am not looking to export/import the list/alias itself, I am looking to export/import the parameters of said list. Because the IPs contained in the external lists that are being pulled, along with the dynamic nature of ASNs, I need to easily copy these parameters to other boxes.

              johnpozJ 1 Reply Last reply Reply Quote 1
              • johnpozJ
                johnpoz LAYER 8 Global Moderator @MMapplebeck
                last edited by johnpoz

                Oh - now I get ya.. Yeah I could see how that could be handy.. You have a lot of items in that list.. I was reading it all wrong..

                An intelligent man is sometimes forced to be drunk to spend time with his fools
                If you get confused: Listen to the Music Play
                Please don't Chat/PM me for help, unless mod related
                SG-4860 24.11 | Lab VMs 2.8, 24.11

                MMapplebeckM 1 Reply Last reply Reply Quote 1
                • MMapplebeckM
                  MMapplebeck @johnpoz
                  last edited by

                  @johnpoz Updated my original post, hopefully it's a bit more clear :)

                  johnpozJ 1 Reply Last reply Reply Quote 0
                  • johnpozJ
                    johnpoz LAYER 8 Global Moderator @MMapplebeck
                    last edited by

                    @mmapplebeck yeah crystal clear now ;)

                    An intelligent man is sometimes forced to be drunk to spend time with his fools
                    If you get confused: Listen to the Music Play
                    Please don't Chat/PM me for help, unless mod related
                    SG-4860 24.11 | Lab VMs 2.8, 24.11

                    1 Reply Last reply Reply Quote 0
                    • viktor_gV
                      viktor_g Netgate
                      last edited by

                      Create a feature request:
                      https://docs.netgate.com/pfsense/en/latest/development/feature-requests.html

                      MMapplebeckM 1 Reply Last reply Reply Quote 1
                      • MMapplebeckM
                        MMapplebeck @viktor_g
                        last edited by

                        @viktor_g Done! Thanks, I never really thought of using the redmine as it's an add-on package outside of Netgate.

                        1 Reply Last reply Reply Quote 0
                        • BBcan177B
                          BBcan177 Moderator @MMapplebeck
                          last edited by

                          @mmapplebeck
                          Take a look at the SYNC Tab

                          "Experience is something you don't get until just after you need it."

                          Website: http://pfBlockerNG.com
                          Twitter: @BBcan177  #pfBlockerNG
                          Reddit: https://www.reddit.com/r/pfBlockerNG/new/

                          MMapplebeckM 1 Reply Last reply Reply Quote 0
                          • MMapplebeckM
                            MMapplebeck @BBcan177
                            last edited by

                            @bbcan177 hmm... might work... Things are complicated by the fact that I have a mix of standalone boxes(satellite offices) and HA pairs(main office and multiple data centers). I might be able to figure a way to make it work, it would be helpful if the "Disable General/IP/DNSBL tab settings sync" button were available per target if using the "Sync to host(s) defined below" option.

                            What are your thoughts on:
                            I might be able to do a "full" sync from Main Office #1 to Main Office #2(HA paired with Main Office #1), then use "Disable General/IP/DNSBL tab settings sync" to sync from Main Office #2 to DC1 #1, DC2 #1, DC3 #1, and Satellite 1, 2, 3, 4, 5, 6, I could then do "full" sync from DC1 #1 to DC1 #2, DC2 #1 to DC2 #2, DC3 #1 to DC3 #2 and so forth. Does that sound right?

                            Also, can I get some clarification on the "Disable General/IP/DNSBL tab settings sync" button, am I correct in assuming that the following will/will not sync?

                            Will not sync:
                            /pfblockerng/pfblockerng_general.php
                            /pfblockerng/pfblockerng_ip.php
                            /pfblockerng/pfblockerng_dnsbl.php

                            Will sync:
                            /pfblockerng/pfblockerng_category.php?type=ipv4
                            /pfblockerng/pfblockerng_category.php?type=ipv6
                            /pfblockerng/pfblockerng_category.php?type=geoip
                            /pfblockerng/pfblockerng_reputation.php
                            /pfblockerng/pfblockerng_category.php?type=dnsbl
                            /pfblockerng/pfblockerng_blacklist.php
                            /pfblockerng/pfblockerng_safesearch.php

                            If the above assumptions are correct, I may be able to make my life even easier, with even less work than my feature request would make.

                            1 Reply Last reply Reply Quote 0
                            • First post
                              Last post
                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.