OPNsense Custom script and Cron
Solution to high frequency refresh of an Alias (table ip) from an URL.
I have a service which provide my own blacklist of ip.
I want to grab the blacklist of ip each minute and automatically drop all connection from it under OPNsense.
I have already spamhaus installed (with their alias).
To solve it, I need :
- an alias to make firewall rules
- a script to download my blacklist
- a new cron command available under OPNsense GUI
- a cron job
an alias to make firewall rules
Aliases and add an Alias
Enabled : checked
Name : MyOwnBlacklist
Type : External (advanced)
Description : Grab from my centralized service about blacklist ip
a script to download my blacklist
Create script in
/usr/home/ (or where you want) :
Add the content of the according file below (don't forget to change variables)
chmod 700 blacklist-update.sh
a new cron command available under OPNsense GUI
Create a .conf file in
/usr/local/opnsense/service/conf/actions.d/ (your file must start with "actions_")
Add the content of the according file below Restart and reload :
configctl reload : action must be the filename without the prefix "actions_"
service configd restart
configctl blacklist-update reload
a cron job
Cron and add a Job
You can show your cron command in dropdown
Plan your cron as like as you want...