• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

how to bulk import netblocks into an alias?

Scheduled Pinned Locked Moved General pfSense Questions
network aliasfacebookimport networksbulk import
5 Posts 2 Posters 878 Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • B
    beerguzzle
    last edited by Apr 14, 2022, 4:45 PM

    How to bulk import a list of IP netblocks into firewall aliases, and then automate it -- akin to how pfblockerng does it?

    Short story: I want to block facebook in/out. FB tells how to get a list of their networks on their developers page, which is:

    /usr/bin/whois -h whois.radb.net -- '-i origin AS32934' | /usr/bin/grep ^route | /usr/bin/tr -s ' ' '\t' | /usr/bin/cut -f2 | /usr/bin/uniq

    This pipeline could be put into a shell script in pfSense and updated via cron, but what is an easy to pull it into the network aliases list via shell command?

    If I put php code into /usr/local/www/mydir in order to pull the list in via an alias URL, eg https://127.0.0.1:443/mydir/mycode.php will this work? Do I risk breaking the pfSense web interface? Will it survive an upgrade? Is there an easier way to do this?

    Netgate 1100 and Netgate 2100, latest pfsense+ version

    1 Reply Last reply Reply Quote 0
    • B
      beerguzzle
      last edited by Apr 14, 2022, 4:47 PM

      I forgot to mention, I am using Netgate pfSense 22.01.

      Netgate 1100 and Netgate 2100, latest pfsense+ version

      1 Reply Last reply Reply Quote 0
      • S
        stephenw10 Netgate Administrator
        last edited by Apr 14, 2022, 5:04 PM

        Just use the ASN in pfBlocker directly and it does it all for you. 😉

        Screenshot from 2022-04-14 18-04-06.png

        Steve

        1 Reply Last reply Reply Quote 0
        • B
          beerguzzle
          last edited by Apr 14, 2022, 6:22 PM

          Thank you, thank you!! After getting the whois ASN list pulled into pfblockerng, and doing a force update to get the alias list built, I got my anti-Facebook rules going in floating rules, akin to the other pfBlockerng rules. This is a beautiful thing! It is amazing how much outbound crap to FB I am now blocking -- them stalking me around the Internet that I don't want.

          Netgate 1100 and Netgate 2100, latest pfsense+ version

          B 1 Reply Last reply Apr 14, 2022, 7:30 PM Reply Quote 1
          • B
            beerguzzle @beerguzzle
            last edited by Apr 14, 2022, 7:30 PM

            While this system of keeping an active list of a company's netblocks works great -- beware. It can suck up memory and result in "cannot allocate memory" errors. Example: building a list for Apple (AS6185) will give you a large list of small netblocks in 17.x.x.x. However, "whois 17.0.0.0" shows that 17.0.0.0/8 is a direct allocation to Apple, so specifying a network alias with a /8 takes a lot less memory. Google is even worse with 7400+ IPv4 netblocks from the whois ASN output.

            Netgate 1100 and Netgate 2100, latest pfsense+ version

            1 Reply Last reply Reply Quote 0
            1 out of 5
            • First post
              1/5
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
              This community forum collects and processes your personal information.
              consent.not_received