Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Feature Request: Export/Copy IP List

    Scheduled Pinned Locked Moved pfBlockerNG
    12 Posts 4 Posters 1.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • MMapplebeckM
      MMapplebeck @johnpoz
      last edited by

      @johnpoz Thanks for the suggestion, unfortunately, I am looking to specifically import/export pfBlocker lists. I have a bunch that update IP ranges and ASN lits from sources outside my control. Example below, we restrict our VPN users, but whitelist Zoom, so that they can attend meetings while on the VPN:

      ec1c0131-2cf5-4fce-b4bb-0d7f7a61838f-image.png

      My idea would be an export list button that allows all the list settings to be exported and quickly imported onto other boxes.

      I do also have a bunch of aliases that I have as central files on an internal webserver that all of my pfSense instances pull from. This allows me to quickly update lists of internal servers if need be, but the issue with pfBlocker is where it is scraping the IPs to create an alias, I need a way to easily get those list definitions on multiple devices.

      • Marc
      johnpozJ 1 Reply Last reply Reply Quote 0
      • johnpozJ
        johnpoz LAYER 8 Global Moderator @MMapplebeck
        last edited by

        @mmapplebeck said in Feature Request: Export/Copy IP List:

        I need a way to easily get those list definitions on multiple devices.

        So these other devices do not have pfblocker? You understand you can just create native alias from whatever urls your pulling data from.. That full list of ips can then just be view in the table and you can copy past that.

        So I created a alias with top 2 lists you show there.. Now I can view it in the table..

        list.jpg

        You can just copy that from your table listing.. And then just paste/import that into whatever other system that doesn't have pfblocker. If you have pfblocker on the other sites - why would you not just let it update its own lists?

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.11 | Lab VMs 2.8, 24.11

        MMapplebeckM 1 Reply Last reply Reply Quote 0
        • MMapplebeckM
          MMapplebeck @johnpoz
          last edited by

          @johnpoz Yes, all other devices do have pfBlocker. What I want is an easy way to create the list item once on one instance, and then export its's definition to then import on all of my other instances. It's easier to enter one list that defines each line item once(I have some lists that are pulling multiple ASNs, and multiple text/csv files, performs de-duplication). It's a pain in the ass to have to enter all of these on 20+ instances.

          Ultimately, I am not looking to export/import the list/alias itself, I am looking to export/import the parameters of said list. Because the IPs contained in the external lists that are being pulled, along with the dynamic nature of ASNs, I need to easily copy these parameters to other boxes.

          johnpozJ 1 Reply Last reply Reply Quote 1
          • johnpozJ
            johnpoz LAYER 8 Global Moderator @MMapplebeck
            last edited by johnpoz

            Oh - now I get ya.. Yeah I could see how that could be handy.. You have a lot of items in that list.. I was reading it all wrong..

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 24.11 | Lab VMs 2.8, 24.11

            MMapplebeckM 1 Reply Last reply Reply Quote 1
            • MMapplebeckM
              MMapplebeck @johnpoz
              last edited by

              @johnpoz Updated my original post, hopefully it's a bit more clear :)

              johnpozJ 1 Reply Last reply Reply Quote 0
              • johnpozJ
                johnpoz LAYER 8 Global Moderator @MMapplebeck
                last edited by

                @mmapplebeck yeah crystal clear now ;)

                An intelligent man is sometimes forced to be drunk to spend time with his fools
                If you get confused: Listen to the Music Play
                Please don't Chat/PM me for help, unless mod related
                SG-4860 24.11 | Lab VMs 2.8, 24.11

                1 Reply Last reply Reply Quote 0
                • viktor_gV
                  viktor_g Netgate
                  last edited by

                  Create a feature request:
                  https://docs.netgate.com/pfsense/en/latest/development/feature-requests.html

                  MMapplebeckM 1 Reply Last reply Reply Quote 1
                  • MMapplebeckM
                    MMapplebeck @viktor_g
                    last edited by

                    @viktor_g Done! Thanks, I never really thought of using the redmine as it's an add-on package outside of Netgate.

                    1 Reply Last reply Reply Quote 0
                    • BBcan177B
                      BBcan177 Moderator @MMapplebeck
                      last edited by

                      @mmapplebeck
                      Take a look at the SYNC Tab

                      "Experience is something you don't get until just after you need it."

                      Website: http://pfBlockerNG.com
                      Twitter: @BBcan177  #pfBlockerNG
                      Reddit: https://www.reddit.com/r/pfBlockerNG/new/

                      MMapplebeckM 1 Reply Last reply Reply Quote 0
                      • MMapplebeckM
                        MMapplebeck @BBcan177
                        last edited by

                        @bbcan177 hmm... might work... Things are complicated by the fact that I have a mix of standalone boxes(satellite offices) and HA pairs(main office and multiple data centers). I might be able to figure a way to make it work, it would be helpful if the "Disable General/IP/DNSBL tab settings sync" button were available per target if using the "Sync to host(s) defined below" option.

                        What are your thoughts on:
                        I might be able to do a "full" sync from Main Office #1 to Main Office #2(HA paired with Main Office #1), then use "Disable General/IP/DNSBL tab settings sync" to sync from Main Office #2 to DC1 #1, DC2 #1, DC3 #1, and Satellite 1, 2, 3, 4, 5, 6, I could then do "full" sync from DC1 #1 to DC1 #2, DC2 #1 to DC2 #2, DC3 #1 to DC3 #2 and so forth. Does that sound right?

                        Also, can I get some clarification on the "Disable General/IP/DNSBL tab settings sync" button, am I correct in assuming that the following will/will not sync?

                        Will not sync:
                        /pfblockerng/pfblockerng_general.php
                        /pfblockerng/pfblockerng_ip.php
                        /pfblockerng/pfblockerng_dnsbl.php

                        Will sync:
                        /pfblockerng/pfblockerng_category.php?type=ipv4
                        /pfblockerng/pfblockerng_category.php?type=ipv6
                        /pfblockerng/pfblockerng_category.php?type=geoip
                        /pfblockerng/pfblockerng_reputation.php
                        /pfblockerng/pfblockerng_category.php?type=dnsbl
                        /pfblockerng/pfblockerng_blacklist.php
                        /pfblockerng/pfblockerng_safesearch.php

                        If the above assumptions are correct, I may be able to make my life even easier, with even less work than my feature request would make.

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.