Update alias from web page or another system?



  • Hey PFSensers,

    I was wondering if there was a way to have PFSense update it's aliases from another system? Be it a file on a remote host, or possibly on a webpage.

    I've got several hosts which have things like fail2ban, RDPGuard etc. These programs spit out IP addresses of hosts that failed too many logins. I'd like to direct PFSense to scour these logs/files and update an alias which would block those hosts from even getting past the firewall.

    Is there some kind of facility or add on package which would scrape a text file or even an updated web page for hosts and stick it in a PFSense alias?

    EDIT:

    I'd even do some pre-processing of those logs to say format the logs to just contain the IP address, some of those programs that log the failed attempts are pretty verbose, so I'd then grep just the IP and spit them out into a new file that PFSense could easily read.

    Thanks!



  • Might get something working by using pfblocker to fetch a block list from a webserver



  • https://doc.pfsense.org/index.php/Aliases

    Scroll down to "url table aliases"



  • Hi Guys, and thanks, I'll check PFBlocker.

    garyd9 I got excited over the URL alias, but it looks like this is a one shot alias creation:

    "However, the content is only requested once and is immediately turned into a traditional alias. "

    These lists are updated constantly as new ips are added to them, I don't need it dynamically updated, but possibly every four hours or so to go and scrape the new hosts that have been blocked.



  • @j4k3:

    "However, the content is only requested once and is immediately turned into a traditional alias. "

    You've misread the information.  Read only the section for "URL Table Aliases".  The section that follows it (URL Alias) is something different.

    The refresh info for the "URL Table Aliases" section is:  "The URL will be periodically downloaded and refreshed."

    The question is, how often is the alias TABLE refreshed.  There's a setting for that somewhere in pfsense, but I don't remember where exactly.

    (I'm starting to sympathize with some of the more… abrasive forum members here.  I did the google search for you, gave you an exact link, and even pointed you to the proper section of the page...)


  • Banned

    @garyd9:

    The refresh info for the "URL Table Aliases" section is:  "The URL will be periodically downloaded and refreshed."
    The question is, how often is the alias TABLE refreshed.  There's a setting for that somewhere in pfsense, but I don't remember where exactly.

    
    minute	hour	mday	month	wday	who	command
    30	12	*	*	*	root	/usr/bin/nice -n20 /etc/rc.update_urltables
    
    


  • @garyd9:

    @j4k3:

    "However, the content is only requested once and is immediately turned into a traditional alias. "

    You've misread the information.  Read only the section for "URL Table Aliases".  The section that follows it (URL Alias) is something different.

    The refresh info for the "URL Table Aliases" section is:  "The URL will be periodically downloaded and refreshed."

    The question is, how often is the alias TABLE refreshed.  There's a setting for that somewhere in pfsense, but I don't remember where exactly.

    (I'm starting to sympathize with some of the more… abrasive forum members here.  I did the google search for you, gave you an exact link, and even pointed you to the proper section of the page...)

    Yes, I apologize gary. My eyes jumped to URL Alias and my brain did not heed your advice to "URL Table Aliases"

    Thanks