Blocking a list of IP addresses via script



  • Hi,

    I'm new to pfSense and would like to Block/Reject a list of several hundred IP addresses and address ranges.

    Is there a simple way of scripting this list into an alias to load into my dedicated pfSense machine?

    E.g. something like a scripted list of "netsh" commands as you can use in Windows command prompt:
    netsh advfirewall firewall add rule name="avoidthissite" dir=out action=block remoteip=123.123.123.017 enable=yes

    If this is possible in pfSense, please give an example of the syntax of how would I specify a range of addresses?  E.g. 123.123.123.001 - 123.123.123.255, setting "Reject" on the outbound, and "Block" on inbound?

    If I create such a script on another computer and put it on a flash drive, what are the steps in getting it into pfSense?  (Again, I am new to this environment, and don't know how to use SSH, etc., so it would be really helpful if you can describe the steps.)

    Thanks!



  • Instead of guessing at a solution and then asking for steps, why not tell us what you are trying to accomplish?

    pfSense supports URL Table aliases:

    https://doc.pfsense.org/index.php/Aliases

    URL Table Aliases
    A URL table alias is a URL that points to a plain text file containing IP and/or CIDR masked network addresses. The URL will be periodically downloaded and refreshed. The contents of the file would look like so:

    192.0.2.0/24
    172.22.59.49
    192.168.0.128/26

    Come up with a text file and put it on a web server and the rest is easy.  pfSense will download the file per the schedule you set and add everything to an alias that you can use in a firewall rule.