Solution to update unbound blacklist and whitelist
I have a service which provide my own blacklist of ip.
I want to grab the blacklist of ip each minute and automatically drop all connection from it under OPNsense.
I have already spamhaus installed (with their alias).
To solve it, I need :
- an alias to make firewall rules
- a script to download my blacklist
- a new cron command available under OPNsense GUI
- a cron job
- Create script in
/usr/local/etc/unbound/blacklist-update.sh
(or where you want) :vi /usr/local/etc/unbound/blacklist-update.sh
- Add the content of the according file below
- Set permissions
chmod 0700 blacklist-update.sh
- Create script in
/usr/local/etc/unbound/whitelist-update.sh
(or where you want) :vi /usr/local/etc/unbound/whitelist-update.sh
- Add the content of the according file below
- Set permissions
chmod 0700 whitelist-update.sh
Create a .conf file in /usr/local/opnsense/service/conf/actions.d/
(your file must start with "actions_")
vi /usr/local/opnsense/service/conf/actions.d/actions_blacklist-update.conf
Add the content of the according file below
Restart and reload :
configctl reload : action must be the filename without the prefix "actions_"
service configd restart
configctl blacklist-update reload
Go to System
> Settings
> Cron
and add a Job
You can show your cron command in dropdown Command
Plan your cron as like as you want...