Blocking tor via alias rules?
-
Is there a way to block more than 5000 hosts in a single alias or rule? Intending to block inbound tor exit nodes and I think the list is 7000 IP's. Maybe on the command line alias file?
For reference I going off of the tor list at https://www.dan.me.uk/tornodes
Thanks!
-
Have you looked at the pfBlocker-NG package? You can load that list in and have it automatically update at a given interval.
-
@jeffh:
Have you looked at the pfBlocker-NG package? You can load that list in and have it automatically update at a given interval.
Yes I had installed it but have not set it up yet, is this straight forward? I am also interested in country blocking too.
-
@jeffh:
Have you looked at the pfBlocker-NG package? You can load that list in and have it automatically update at a given interval.
Yes I had installed it but have not set it up yet, is this straight forward? I am also interested in country blocking too.
Its relatively straight forward. You want to create a new IPv4 list with the Tor node list URL. Read through the list actions to decide what you want the action to be. (If you choose one of the alias options you'll need to manually make a firewall rule using that alias).
Once you have it saved go to the update tab and tell it to update and check for errors.
Country blocking is similar, but you won't need to provide a URL to make the list.
-
Here are some TOR lists to use with pfBlockerNG:
http://list.iblocklist.com/?list=togdoptykrlolpddwbvz&fileformat=p2p&archiveformat=gz
https://torstatus.blutmagie.de/ip_list_exit.php/Tor_ip_list_EXIT.csv
https://rules.emergingthreats.net/open/suricata/rules/tor.rules
-
I got this working with pfBlockerNG. I just wanted to mention I'm very impressed with pfsense community and thanks to everyone answering newbie questions!
