Adding IPs Automation
-
Hi Folks,
I have a LOT of random External IPs (not in the same subnet) to be allowed to my pfsense box,
is there a way to automate the process? -
@ivanjrx can you add some context?
-
@michmoor Certainly, I need to add a white list Rules of External IPs or Even dns names to pfsense, on port different ports as well, is there a way to automate that?
or do they all have to be input 1 by 1 ? -
@ivanjrx Well depending on the amount of IPs that need to be whitelisted it may make sense to just do a permit any. Not advisable but i dont know how often your requests come in.
Adding IPs to an Alias is the obvious way to go along with creating an Port Alias. I dont know of any way to program it. Sadly pfSense doesnt offer any API functionality. -
@ivanjrx There is a URL alias and URL Table alias ability where you can pull the list from a web site.
https://docs.netgate.com/pfsense/en/latest/firewall/aliases.html#url-aliasesThere is also a one time import but it has a bad bug in 23.05…install the patch via System Patches package.
-
@ivanjrx perhaps command "easyrule" is what you are looking for?
The EasyRule function found in the GUI and on the command line can add firewall rules quickly.
See https://docs.netgate.com/pfsense/en/latest/firewall/easyrule.html
-
@pst Thanks!
-
@ivanjrx
so this is what I just learned ALIASES will help you do that, and the automated way would be:- Create a github with all the IPs
- Create an ALIAS and refer to the page, so it can do the pull
- Create a FW Rule and associate it with that ALIAS , + the desired configuration!
there's this video that shows how to, ```
https://www.youtube.com/watch?v=Jgb3DZ7lrMsNice !
Thanks for the spark @SteveITS
-
@ivanjrx Moderators can change the status for solved