Allow all external IP's listed in text file - possible?

  • This is maybe a stupid idea… But here it goes:

    I want to allow external IP's from a text file, to access some services on my network. This text file is updated frequently, and holds from 20 - 50 public IP addresses.

    I am willing to get my hands dirty to achieve this. Is it possible?

    edit: forgot to mention - I currently run v. 1.2.3 on CF card. I may switch to hdd if it makes it easier.

  • Rebel Alliance Developer Netgate

    Take a look at the URL table alias package, it lets you load the contents of a url (containing IP and IP/CIDR entries, one per line) into an alias. You can add a cron job that runs the update script and it will pull in entries periodically.

    Then you can use that alias however you want in rules (though in 1.2.3 since it's a pf table, you can't negate it, e.g. ! <alias>)</alias>

  • What a wonderful solution! :)

    Thanks a million!

    Though, this means I need to abandon CF, right?

  • Rebel Alliance Developer Netgate

    No, it should work on NanoBSD/CF, unless you plan on updating that list every few minutes. The URL table package is designed to update no more than once per day (though that could be changed by editing the update script)

  • I just realized the firewall in subject is 1.2.3-RC1. I will upgrade that first.

    I tested the package on an vSphere server an hour ago - works exactly as it is designed to. This feature makes things so much easier for me :D Thank you for your work!

Log in to reply