Migrating BSD packet filter to pfsense

rae

I'm migrating from openBSD packet filter to pfsense.
Trying to convert a pf.config file to the web menu pfsense format.

pf.config had:

table <abusive_hosts> file "/etc/pf.abusive"
block in quick from { <abusive_countries>, <abusive_hosts>}

How do I port this to pfsense?
How does pfsense read the 92k line abusive hosts file?

I also have tables with IP ranges that include exceptions. e.g.
table <invalid_ip4> { X.X.X.0/24 !X.X.X.12/2 !X.X.X.99 }

How do I specify that sort of alias in pfsense?

Thanks for any and all help.

ptt

Check / Take a look at:

https://docs.netgate.com/pfsense/en/latest/firewall/aliases.html

rae

thanks!

so, instead of a file name an rely on the OS to read the file,
use a url that points to the abusive hosts text file.

well, I suppose a piece of network equipment would want to use the network to access stuff. :)
that'll work. I can deal...

got any suggestions for the 2nd part? how to express exceptions to blocks of host ip addresses?