We want to add firewall block rules automatically after detecting malicious IPs on pfsense. The time spent manually on this issue is going to waste in most cases. We're looking for ways to automate this and looking for custom packages on pfsense. There are tools like suricata that can act as detection systems, some python scripts on github and easyrule on pfsense(last 2 are for shell). What we actually want to do is create a database to store malicious IPs, and a package or script pulling IPs from this database to create firewall rules automatically. How should we approach this? Or is there any real world examples that people use with firewalls(especially pfsense)?
Asked
Active
Viewed 604 times
1 Answers
1
You don't need to make a IP list by yourself. There are many of them available on the internet. You can use the following lists:
- https://feodotracker.abuse.ch/downloads/ipblocklist.txt
- https://sslbl.abuse.ch/blacklist/sslipblacklist.txt
- https://cinsarmy.com/list/ci-badguys.txt
- http://www.talosintelligence.com/documents/ip-blacklist
Once you have the IP lists then use pfBlockerNG to block them.
Gui
- 53
- 5