Add responsive firewall / adbuseipdb integration plugin #4149
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Add in a plugin that takes a deny firewall rule id (filter id / rule id) and uses that to auto-populate an alias used as a blanket deny rule.
Gets installed as a service:
Settings as follows:
Logs via syslog and integrates (hopefully) correctly within OPNsense's log operation:
When used without an API Key, the plugin will react only to hits on the firewall rule specified in 'Firewall Rule ID' and not do any reporting of traffic. It will still add hosts exceeding the packet / timeframe threshold to an automatic blocklist.
With an API Key, the plugin will initially download a list of hosts from abuseipdb.com that have a 100% confidence of abusive behaviour. It will also report back to abuseipdb.com remote hosts that hit the packet / timeframe threshold as configured.
API Keys:
https://www.abuseipdb.com/pricing
abuseipdb.com offers a free subscription for up to 1,000 reports per day and initial blocklist download of 10,000 hosts. Paid plans will download a higher number of initial blocklist entries. If you are able to verify as a webmaster, you can increase your limits for free.