pfSense Aliases 2013-12-16
So kind of recently I posted a message in the pfSense forums asking if there was a way to setup "lists" for use in my firewall rules. It took a week or two but eventually a couple of people replied by saying that I could use aliases. Now I am not sure that "Alias" is the best term that could be used to describe these lists but I doubt anyone is going to change it on account o' me. Anyways, here's the story...
I obviously run a web server and have a few web sites on it that are accessible to the public at large. I am also a boring loser with a mild case of OCD so I look through my log files for traffic that bothers me. When I find such traffic I find ways to block it from further fucking with my web server. One of the things I see a lot of is server farms (hosting companies) hitting my login page. This bothers me because I know that nobody is sitting at home, remotely accessing their hosted server, and then surfing to my server from there. What is in fact happening is that the hosted servers are infected with shitware like bad WordPress plugins, and the shitware is trying to spread itself. The hosting companies don't care, and the people who own the web sites don't know.
I have been blocking the hosting companies with individual rules and the list is growing. I spent a fair bit of time looking for an alternative to WordPress (so I could just drop the hits), but frankly the competition is weak. I even considered moving (renaming) the login page and then using an Apache rewrite rule to bounce the retards. Finally I figured out how to use Aliases in pfSense (which is actually not as good as relocating the login page or replacing WordPress). So how do ya use Aliases?
Log in to your pfSense web interface and go to Aliases under the Firewall menu item, then click the ports tab. Create a new Alias and make it look like this.
Then go to the URL tab and make one that looks like this.
The URL near the bottom there is basically a text file that is available on a web server... my list is right here and you can use it if you want to block (or allow) hosted servers on your pfSense box. If you want me to change the list in any way just let me know. Now head to the Rules section under the Firewall menu item and make a new rule the looks like this.
Now you could use a different set of ports or hell you could block them from all ports if you wanted to (which would save you from making the port alias). The important thing is that you can make a text file with a bunch of addresses and then just use an Alias to refer to them in your pfSense rules. I'm not sure my description is any better than the pfSense documentation but maybe it'll help someone get it.