Aliases



  • Hi Team,

    We run pfsense and our own mail server. On a daily basis we find ip addresses that try brute force attack and we add those ip addresses to an alias list that reject those traffic. Is it possible to get those added to a txt file on a share and then get the alias to read from that list. The amount of ip addresses has started to grow very big.

    Any help is welcome.

    Regards,

    rajbps


  • Global Moderator

    @rajbps sure: https://docs.netgate.com/pfsense/en/latest/book/firewall/aliases.html

    URL Aliases
    With a URL type alias, a URL is set which points to a text file that contains a list of entries. Multiple URLs may be entered. When Save is clicked, up to 3,000 entries from each URL are read from the file and imported into a network type alias.

    If URL (IPs) is selected, then the URLs must contain IP address or CIDR masked network entries, and the firewall creates a network type alias from the contents.

    If URL (Ports) is selected, then the URL must contain only port numbers or ranges, and the firewall creates a port type alias from the contents.

    URL Table Aliases
    A URL Table alias behaves in a significantly different way than the URL alias. For starters, it does not import the contents of the file into a normal alias. It downloads the contents of the file into a special location on the firewall and uses the contents for what is called a persist table, also known as a file-based alias. The full contents of the alias are not directly editable in the GUI, but can be viewed in the Tables viewer (See Viewing the Contents of Tables).

    For a URL Table alias, the drop-down list after the / controls how many days must pass before the contents of the alias are re-fetched from the stored URL by the firewall. When the time comes, the alias contents will be updated overnight by a script which re-fetches the data.

    URL Table aliases can be quite large, containing many thousands of entries. Some customers use them to hold lists of all IP blocks in a given country or region, which can easily surpass 40,000 entries. The pfBlocker package uses this type of alias when handling country lists and other similar actions.

    Currently, URL Table aliases are not capable of being nested.

    If URL Table (IPs) is selected, then the URLs must contain IP address or CIDR masked network entries, and the firewall creates a network type alias from the contents.

    If URL Table (Ports) is selected, then the URL must contain only port numbers or ranges, and the firewall creates a port type alias from the contents.


Log in to reply