plugins icon indicating copy to clipboard operation
plugins copied to clipboard
verified publisher icon opnsense

Add responsive firewall / adbuseipdb integration plugin

Open CRCinAU opened this issue 1 year ago • 2 comments

Add in a plugin that takes a deny firewall rule id (filter id / rule id) and uses that to auto-populate an alias used as a blanket deny rule.

Gets installed as a service: image

Settings as follows: image

Logs via syslog and integrates (hopefully) correctly within OPNsense's log operation: image

When used without an API Key, the plugin will react only to hits on the firewall rule specified in 'Firewall Rule ID' and not do any reporting of traffic. It will still add hosts exceeding the packet / timeframe threshold to an automatic blocklist.

With an API Key, the plugin will initially download a list of hosts from abuseipdb.com that have a 100% confidence of abusive behaviour. It will also report back to abuseipdb.com remote hosts that hit the packet / timeframe threshold as configured.

API Keys: https://www.abuseipdb.com/pricing

abuseipdb.com offers a free subscription for up to 1,000 reports per day and initial blocklist download of 10,000 hosts. Paid plans will download a higher number of initial blocklist entries. If you are able to verify as a webmaster, you can increase your limits for free.

CRCinAU avatar Aug 03 '24 15:08 CRCinAU

Hi.

How do you add the undercover module? Adbuseipdb integration plugin

Thank you.

Pipitapi avatar Feb 09 '25 20:02 Pipitapi

Also interested for that! How? 😅

gongoscho avatar Nov 23 '25 05:11 gongoscho

too much code to review, not enough interested parties at moment.

AdSchellevis avatar Dec 17 '25 08:12 AdSchellevis