rss logo

How To : Packet Filter to block IPs address from a blacklist

OpenBSD Logo

This How-To guide demonstrates how to use the Packet Filter firewall to block IP addresses using a blacklist file, similar to how PeerBlock works on Windows. Compared to Netfilter, Packet Filter offers better performance and more flexibility for customizing your firewall rules.

Configuration

  • OS : OpenBSD 7.3

Commands

Download a black list

We can download list from www.iblocklist.com. For example download the PrimaryThreats here. We need to unzip and format the file to make it work with Packet Filter.

  • Get the list :
root# wget "URLtomyremotelist" -O list.zip
  • Unzip the list :
root# unzip file.zip
  • format the list :
root# cut -d ":" -f2 list.txt | grep -E "[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}" > blocklist.tmp root# sed -i 's/-/:/' blocklist.tmp root# for i in $(cat blocklist.tmp); do echo "$i"; ipcalc -r "$i"| grep "/" >> blocklist; done
  • Copy the blocklist file to /etc/blocklist :
root# cp blocklist /etc/blocklist

Packet Filter

  • add the list to Packet Filter rules :
#sets the maximum number of entries allowed in PF table. set limit table-entries 1000000 table <blocklist> persist file "/etc/blocklist" pass out on $wan pass in quick on $lan inet proto tcp from 192.168.1.10 to any port { 80, 443 } block quick log (all, to pflog0) on any from <blocklist> to 192.168.1.10 block quick log (all, to pflog1) on any from 192.168.1.10 to <blocklist>
Creative Commons License
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.

Contact :

contact mail address