Suggestion: api access to pfblocker and agents controlling the lists.
-
Hi.
The suggestion is simple:
Enter in Firewall -> Alias.
Create a List of ips, example: List_IPBlocks_Automated
In float or WAN interface add this list for block any traffic.In System -> Remote APIs -> pfBlocker create a key (the api can be other port to be controlled access by LAN).
The commands is simple:
get/lists make a list of all created lists.
add/$name_list add a IP.
rm/$name_list_rulenumber delets the ip.A client in any OS can update the rules in real time, example:
A windows agent can monitor the events logs for 4625 event (wrong user and password).
When the agent detect for example 5 failures (can be definied), he block the ip for some hours (can be defined in the agent). The comments on lists can be used for date and hour for comparation.
The agent can be writed on any language, by any person ou company. Will be a greate add to this fantastic firewall project. The agent can proliferate the rules to all other pfsenses across the globe.
smb and other services like IIS, nginx, sql server and other can be montored by the logs and use the same logic. -
You can open a feature request: https://redmine.pfsense.org/
-
https://redmine.pfsense.org/issues/16286
I included a code i made it in the github.
