Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Blocking tor via alias rules?

    Scheduled Pinned Locked Moved Firewalling
    6 Posts 3 Posters 2.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      sodasam
      last edited by

      Is there a way to block more than 5000 hosts in a single alias or rule? Intending to block inbound tor exit nodes and I think the list is 7000 IP's. Maybe on the command line alias file?

      For reference I going off of the tor list at https://www.dan.me.uk/tornodes

      Thanks!

      1 Reply Last reply Reply Quote 0
      • J
        jeffhammett
        last edited by

        Have you looked at the pfBlocker-NG package? You can load that list in and have it automatically update at a given interval.

        1 Reply Last reply Reply Quote 0
        • S
          sodasam
          last edited by

          @jeffh:

          Have you looked at the pfBlocker-NG package? You can load that list in and have it automatically update at a given interval.

          Yes I had installed it but have not set it up yet, is this straight forward? I am also interested in country blocking too.

          1 Reply Last reply Reply Quote 0
          • J
            jeffhammett
            last edited by

            @sodasam:

            @jeffh:

            Have you looked at the pfBlocker-NG package? You can load that list in and have it automatically update at a given interval.

            Yes I had installed it but have not set it up yet, is this straight forward? I am also interested in country blocking too.

            Its relatively straight forward. You want to create a new IPv4 list with the Tor node list URL. Read through the list actions to decide what you want the action to be. (If you choose one of the alias options you'll need to manually make a firewall rule using that alias).

            Once you have it saved go to the update tab and tell it to update and check for errors.

            Country blocking is similar, but you won't need to provide a URL to make the list.

            1 Reply Last reply Reply Quote 0
            • BBcan177B
              BBcan177 Moderator
              last edited by

              Here are some TOR lists to use with pfBlockerNG:

              http://list.iblocklist.com/?list=togdoptykrlolpddwbvz&fileformat=p2p&archiveformat=gz
              https://torstatus.blutmagie.de/ip_list_exit.php/Tor_ip_list_EXIT.csv
              https://rules.emergingthreats.net/open/suricata/rules/tor.rules

              "Experience is something you don't get until just after you need it."

              Website: http://pfBlockerNG.com
              Twitter: @BBcan177  #pfBlockerNG
              Reddit: https://www.reddit.com/r/pfBlockerNG/new/

              1 Reply Last reply Reply Quote 0
              • S
                sodasam
                last edited by

                I got this working with pfBlockerNG. I just wanted to mention I'm very impressed with pfsense community and thanks to everyone answering newbie questions!

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.