Blocking Access to URL Entire Networks with pfSense: Difference between revisions
Jump to navigation
Jump to search
(Created page with "Category:Firewall To block (or enable) an entire network for a URL, you need to create a properly formatted URL table file for pfsense. Three steps to create the file:<br...") |
No edit summary |
||
| Line 13: | Line 13: | ||
Once that is done, put the file on a web server in a place that pfsense can reach it. Configure the alias to point to the URL of the file, and select how many days it should check in and get a new file. | Once that is done, put the file on a web server in a place that pfsense can reach it. Configure the alias to point to the URL of the file, and select how many days it should check in and get a new file. | ||
The last whois command could be crontab'd to | The last whois command could be crontab'd to periodically run and update the url table file. | ||
Latest revision as of 20:46, 29 December 2016
To block (or enable) an entire network for a URL, you need to create a properly formatted URL table file for pfsense. Three steps to create the file:
1) Lookup an ip from the URL
2) run a whois against one of the IPs so you can get the AS number
3) run a whois against the AS number and dump out the whole routing table, output it to a file.
host ups.com whois -h whois.radb.net 153.2.228.50 whois -h whois.radb.net -- '-i origin AS12217' | grep ^route | grep -v route6 | cut -d" " -f7 > ups.com
Once that is done, put the file on a web server in a place that pfsense can reach it. Configure the alias to point to the URL of the file, and select how many days it should check in and get a new file.
The last whois command could be crontab'd to periodically run and update the url table file.