Blocking a list of IP addresses via script
-
Hi,
I'm new to pfSense and would like to Block/Reject a list of several hundred IP addresses and address ranges.
Is there a simple way of scripting this list into an alias to load into my dedicated pfSense machine?
E.g. something like a scripted list of "netsh" commands as you can use in Windows command prompt:
netsh advfirewall firewall add rule name="avoidthissite" dir=out action=block remoteip=123.123.123.017 enable=yesIf this is possible in pfSense, please give an example of the syntax of how would I specify a range of addresses? E.g. 123.123.123.001 - 123.123.123.255, setting "Reject" on the outbound, and "Block" on inbound?
If I create such a script on another computer and put it on a flash drive, what are the steps in getting it into pfSense? (Again, I am new to this environment, and don't know how to use SSH, etc., so it would be really helpful if you can describe the steps.)
Thanks!
-
Instead of guessing at a solution and then asking for steps, why not tell us what you are trying to accomplish?
pfSense supports URL Table aliases:
https://doc.pfsense.org/index.php/Aliases
URL Table Aliases
A URL table alias is a URL that points to a plain text file containing IP and/or CIDR masked network addresses. The URL will be periodically downloaded and refreshed. The contents of the file would look like so:192.0.2.0/24
172.22.59.49
192.168.0.128/26Come up with a text file and put it on a web server and the rest is easy. pfSense will download the file per the schedule you set and add everything to an alias that you can use in a firewall rule.