Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Update alias from web page or another system?

    Scheduled Pinned Locked Moved General pfSense Questions
    7 Posts 4 Posters 2.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      j4k3
      last edited by

      Hey PFSensers,

      I was wondering if there was a way to have PFSense update it's aliases from another system? Be it a file on a remote host, or possibly on a webpage.

      I've got several hosts which have things like fail2ban, RDPGuard etc. These programs spit out IP addresses of hosts that failed too many logins. I'd like to direct PFSense to scour these logs/files and update an alias which would block those hosts from even getting past the firewall.

      Is there some kind of facility or add on package which would scrape a text file or even an updated web page for hosts and stick it in a PFSense alias?

      EDIT:

      I'd even do some pre-processing of those logs to say format the logs to just contain the IP address, some of those programs that log the failed attempts are pretty verbose, so I'd then grep just the IP and spit them out into a new file that PFSense could easily read.

      Thanks!

      1 Reply Last reply Reply Quote 0
      • H
        heper
        last edited by

        Might get something working by using pfblocker to fetch a block list from a webserver

        1 Reply Last reply Reply Quote 0
        • G
          garyd9
          last edited by

          https://doc.pfsense.org/index.php/Aliases

          Scroll down to "url table aliases"

          1 Reply Last reply Reply Quote 0
          • J
            j4k3
            last edited by

            Hi Guys, and thanks, I'll check PFBlocker.

            garyd9 I got excited over the URL alias, but it looks like this is a one shot alias creation:

            "However, the content is only requested once and is immediately turned into a traditional alias. "

            These lists are updated constantly as new ips are added to them, I don't need it dynamically updated, but possibly every four hours or so to go and scrape the new hosts that have been blocked.

            1 Reply Last reply Reply Quote 0
            • G
              garyd9
              last edited by

              @j4k3:

              "However, the content is only requested once and is immediately turned into a traditional alias. "

              You've misread the information.  Read only the section for "URL Table Aliases".  The section that follows it (URL Alias) is something different.

              The refresh info for the "URL Table Aliases" section is:  "The URL will be periodically downloaded and refreshed."

              The question is, how often is the alias TABLE refreshed.  There's a setting for that somewhere in pfsense, but I don't remember where exactly.

              (I'm starting to sympathize with some of the more… abrasive forum members here.  I did the google search for you, gave you an exact link, and even pointed you to the proper section of the page...)

              1 Reply Last reply Reply Quote 0
              • D
                doktornotor Banned
                last edited by

                @garyd9:

                The refresh info for the "URL Table Aliases" section is:  "The URL will be periodically downloaded and refreshed."
                The question is, how often is the alias TABLE refreshed.  There's a setting for that somewhere in pfsense, but I don't remember where exactly.

                
                minute	hour	mday	month	wday	who	command
                30	12	*	*	*	root	/usr/bin/nice -n20 /etc/rc.update_urltables
                
                
                1 Reply Last reply Reply Quote 0
                • J
                  j4k3
                  last edited by

                  @garyd9:

                  @j4k3:

                  "However, the content is only requested once and is immediately turned into a traditional alias. "

                  You've misread the information.  Read only the section for "URL Table Aliases".  The section that follows it (URL Alias) is something different.

                  The refresh info for the "URL Table Aliases" section is:  "The URL will be periodically downloaded and refreshed."

                  The question is, how often is the alias TABLE refreshed.  There's a setting for that somewhere in pfsense, but I don't remember where exactly.

                  (I'm starting to sympathize with some of the more… abrasive forum members here.  I did the google search for you, gave you an exact link, and even pointed you to the proper section of the page...)

                  Yes, I apologize gary. My eyes jumped to URL Alias and my brain did not heed your advice to "URL Table Aliases"

                  Thanks

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.