Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Adding IPs Automation

    Scheduled Pinned Locked Moved Firewalling
    9 Posts 4 Posters 320 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • I
      ivanjrx
      last edited by

      Hi Folks,
      I have a LOT of random External IPs (not in the same subnet) to be allowed to my pfsense box,
      is there a way to automate the process?

      M 1 Reply Last reply Reply Quote 0
      • M
        michmoor LAYER 8 Rebel Alliance @ivanjrx
        last edited by

        @ivanjrx can you add some context?

        Firewall: NetGate,Palo Alto-VM,Juniper SRX
        Routing: Juniper, Arista, Cisco
        Switching: Juniper, Arista, Cisco
        Wireless: Unifi, Aruba IAP
        JNCIP,CCNP Enterprise

        I 1 Reply Last reply Reply Quote 0
        • I
          ivanjrx @michmoor
          last edited by

          @michmoor Certainly, I need to add a white list Rules of External IPs or Even dns names to pfsense, on port different ports as well, is there a way to automate that?
          or do they all have to be input 1 by 1 ?

          M S P 3 Replies Last reply Reply Quote 0
          • M
            michmoor LAYER 8 Rebel Alliance @ivanjrx
            last edited by

            @ivanjrx Well depending on the amount of IPs that need to be whitelisted it may make sense to just do a permit any. Not advisable but i dont know how often your requests come in.
            Adding IPs to an Alias is the obvious way to go along with creating an Port Alias. I dont know of any way to program it. Sadly pfSense doesnt offer any API functionality.

            Firewall: NetGate,Palo Alto-VM,Juniper SRX
            Routing: Juniper, Arista, Cisco
            Switching: Juniper, Arista, Cisco
            Wireless: Unifi, Aruba IAP
            JNCIP,CCNP Enterprise

            1 Reply Last reply Reply Quote 0
            • S
              SteveITS Galactic Empire @ivanjrx
              last edited by

              @ivanjrx There is a URL alias and URL Table alias ability where you can pull the list from a web site.
              https://docs.netgate.com/pfsense/en/latest/firewall/aliases.html#url-aliases

              There is also a one time import but it has a bad bug in 23.05…install the patch via System Patches package.

              Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
              When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
              Upvote 👍 helpful posts!

              1 Reply Last reply Reply Quote 0
              • P
                pst @ivanjrx
                last edited by

                @ivanjrx perhaps command "easyrule" is what you are looking for?

                The EasyRule function found in the GUI and on the command line can add firewall rules quickly.

                See https://docs.netgate.com/pfsense/en/latest/firewall/easyrule.html

                I 1 Reply Last reply Reply Quote 1
                • I
                  ivanjrx @pst
                  last edited by

                  @pst Thanks!

                  I 1 Reply Last reply Reply Quote 0
                  • I
                    ivanjrx @ivanjrx
                    last edited by ivanjrx

                    @ivanjrx
                    so this is what I just learned ALIASES will help you do that, and the automated way would be:

                    • Create a github with all the IPs
                    • Create an ALIAS and refer to the page, so it can do the pull
                    • Create a FW Rule and associate it with that ALIAS , + the desired configuration!

                    there's this video that shows how to, ```
                    https://www.youtube.com/watch?v=Jgb3DZ7lrMs

                    Nice !

                    Thanks for the spark @SteveITS

                    I 1 Reply Last reply Reply Quote 0
                    • I
                      ivanjrx @ivanjrx
                      last edited by

                      @ivanjrx Moderators can change the status for solved

                      1 Reply Last reply Reply Quote 0
                      • First post
                        Last post
                      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.