Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Feature Request: Export/Copy IP List

    Scheduled Pinned Locked Moved pfBlockerNG
    12 Posts 4 Posters 1.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • johnpozJ
      johnpoz LAYER 8 Global Moderator @MMapplebeck
      last edited by johnpoz

      @mmapplebeck said in Feature Request: Export/Copy IP List:

      There are numerous IP lists I have built that I would like to have on multiple instances

      Solution there would put your lists on the internet somewhere the other clients could just pull it down on a schedule. Update the one list and they all get the changes when they run their update.

      I thought there was some kind of problem with aliases that had both ipv4 and ipv6 in them? It would be cleaner to keep such lists separate.

      edit: what version of pfsense are you using - I see a export list, and there is import list function there..

      exportimport.jpg

      edit2: oh your talking about pfblocker - hmmm so your talking custom lists. Those can just be copied pasted so not sure why you need an "import/export" feature?

      An intelligent man is sometimes forced to be drunk to spend time with his fools
      If you get confused: Listen to the Music Play
      Please don't Chat/PM me for help, unless mod related
      SG-4860 24.11 | Lab VMs 2.8, 24.11

      MMapplebeckM 1 Reply Last reply Reply Quote 0
      • MMapplebeckM
        MMapplebeck @johnpoz
        last edited by

        @johnpoz Thanks for the suggestion, unfortunately, I am looking to specifically import/export pfBlocker lists. I have a bunch that update IP ranges and ASN lits from sources outside my control. Example below, we restrict our VPN users, but whitelist Zoom, so that they can attend meetings while on the VPN:

        ec1c0131-2cf5-4fce-b4bb-0d7f7a61838f-image.png

        My idea would be an export list button that allows all the list settings to be exported and quickly imported onto other boxes.

        I do also have a bunch of aliases that I have as central files on an internal webserver that all of my pfSense instances pull from. This allows me to quickly update lists of internal servers if need be, but the issue with pfBlocker is where it is scraping the IPs to create an alias, I need a way to easily get those list definitions on multiple devices.

        • Marc
        johnpozJ 1 Reply Last reply Reply Quote 0
        • johnpozJ
          johnpoz LAYER 8 Global Moderator @MMapplebeck
          last edited by

          @mmapplebeck said in Feature Request: Export/Copy IP List:

          I need a way to easily get those list definitions on multiple devices.

          So these other devices do not have pfblocker? You understand you can just create native alias from whatever urls your pulling data from.. That full list of ips can then just be view in the table and you can copy past that.

          So I created a alias with top 2 lists you show there.. Now I can view it in the table..

          list.jpg

          You can just copy that from your table listing.. And then just paste/import that into whatever other system that doesn't have pfblocker. If you have pfblocker on the other sites - why would you not just let it update its own lists?

          An intelligent man is sometimes forced to be drunk to spend time with his fools
          If you get confused: Listen to the Music Play
          Please don't Chat/PM me for help, unless mod related
          SG-4860 24.11 | Lab VMs 2.8, 24.11

          MMapplebeckM 1 Reply Last reply Reply Quote 0
          • MMapplebeckM
            MMapplebeck @johnpoz
            last edited by

            @johnpoz Yes, all other devices do have pfBlocker. What I want is an easy way to create the list item once on one instance, and then export its's definition to then import on all of my other instances. It's easier to enter one list that defines each line item once(I have some lists that are pulling multiple ASNs, and multiple text/csv files, performs de-duplication). It's a pain in the ass to have to enter all of these on 20+ instances.

            Ultimately, I am not looking to export/import the list/alias itself, I am looking to export/import the parameters of said list. Because the IPs contained in the external lists that are being pulled, along with the dynamic nature of ASNs, I need to easily copy these parameters to other boxes.

            johnpozJ 1 Reply Last reply Reply Quote 1
            • johnpozJ
              johnpoz LAYER 8 Global Moderator @MMapplebeck
              last edited by johnpoz

              Oh - now I get ya.. Yeah I could see how that could be handy.. You have a lot of items in that list.. I was reading it all wrong..

              An intelligent man is sometimes forced to be drunk to spend time with his fools
              If you get confused: Listen to the Music Play
              Please don't Chat/PM me for help, unless mod related
              SG-4860 24.11 | Lab VMs 2.8, 24.11

              MMapplebeckM 1 Reply Last reply Reply Quote 1
              • MMapplebeckM
                MMapplebeck @johnpoz
                last edited by

                @johnpoz Updated my original post, hopefully it's a bit more clear :)

                johnpozJ 1 Reply Last reply Reply Quote 0
                • johnpozJ
                  johnpoz LAYER 8 Global Moderator @MMapplebeck
                  last edited by

                  @mmapplebeck yeah crystal clear now ;)

                  An intelligent man is sometimes forced to be drunk to spend time with his fools
                  If you get confused: Listen to the Music Play
                  Please don't Chat/PM me for help, unless mod related
                  SG-4860 24.11 | Lab VMs 2.8, 24.11

                  1 Reply Last reply Reply Quote 0
                  • viktor_gV
                    viktor_g Netgate
                    last edited by

                    Create a feature request:
                    https://docs.netgate.com/pfsense/en/latest/development/feature-requests.html

                    MMapplebeckM 1 Reply Last reply Reply Quote 1
                    • MMapplebeckM
                      MMapplebeck @viktor_g
                      last edited by

                      @viktor_g Done! Thanks, I never really thought of using the redmine as it's an add-on package outside of Netgate.

                      1 Reply Last reply Reply Quote 0
                      • BBcan177B
                        BBcan177 Moderator @MMapplebeck
                        last edited by

                        @mmapplebeck
                        Take a look at the SYNC Tab

                        "Experience is something you don't get until just after you need it."

                        Website: http://pfBlockerNG.com
                        Twitter: @BBcan177  #pfBlockerNG
                        Reddit: https://www.reddit.com/r/pfBlockerNG/new/

                        MMapplebeckM 1 Reply Last reply Reply Quote 0
                        • MMapplebeckM
                          MMapplebeck @BBcan177
                          last edited by

                          @bbcan177 hmm... might work... Things are complicated by the fact that I have a mix of standalone boxes(satellite offices) and HA pairs(main office and multiple data centers). I might be able to figure a way to make it work, it would be helpful if the "Disable General/IP/DNSBL tab settings sync" button were available per target if using the "Sync to host(s) defined below" option.

                          What are your thoughts on:
                          I might be able to do a "full" sync from Main Office #1 to Main Office #2(HA paired with Main Office #1), then use "Disable General/IP/DNSBL tab settings sync" to sync from Main Office #2 to DC1 #1, DC2 #1, DC3 #1, and Satellite 1, 2, 3, 4, 5, 6, I could then do "full" sync from DC1 #1 to DC1 #2, DC2 #1 to DC2 #2, DC3 #1 to DC3 #2 and so forth. Does that sound right?

                          Also, can I get some clarification on the "Disable General/IP/DNSBL tab settings sync" button, am I correct in assuming that the following will/will not sync?

                          Will not sync:
                          /pfblockerng/pfblockerng_general.php
                          /pfblockerng/pfblockerng_ip.php
                          /pfblockerng/pfblockerng_dnsbl.php

                          Will sync:
                          /pfblockerng/pfblockerng_category.php?type=ipv4
                          /pfblockerng/pfblockerng_category.php?type=ipv6
                          /pfblockerng/pfblockerng_category.php?type=geoip
                          /pfblockerng/pfblockerng_reputation.php
                          /pfblockerng/pfblockerng_category.php?type=dnsbl
                          /pfblockerng/pfblockerng_blacklist.php
                          /pfblockerng/pfblockerng_safesearch.php

                          If the above assumptions are correct, I may be able to make my life even easier, with even less work than my feature request would make.

                          1 Reply Last reply Reply Quote 0
                          • First post
                            Last post
                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.