Project

General

Profile

Actions

Feature #9793

closed

Add support for HAProxy ACLs "src -f /ipalias.lst" to use pfBlockerNG IP Alias Native

Added by DRago_Angel [InV@DER] about 5 years ago. Updated about 4 years ago.

Status:
Resolved
Priority:
Normal
Category:
pfBlockerNG
Target version:
-
Start date:
09/25/2019
Due date:
% Done:

100%

Estimated time:
Plus Target Version:

Description

Currently pfBlockerNG is power tool to create any IP aliases you can imagine: from domain resolving, ASNs, parser of IPs from http responses, parsing MaxMind GeoIP DB, etc. This work simple and solid like a rock.
At same time HAProxy can use pfSense Aliases as SourceIP list for ACLs. It has many use-cases, like:
  • configure one alias for store all CloudFlare IPs and then respond 503 for any client not from that list
  • use GeoIP to determinate client country and redirect he to localized version of website.

Unfortunately currently only static (manually created) aliases at HAProxy works. In case you will try pointing to pfBlockerNG Alias: you will get blank IPs list on filesystem.

Future request: can integrate pfBlockerNG IP Aliases to work with HAProxy?
Maybe additionally add option to pfBlockerNG to reload HAProxy on changes in pfBlockerNG Alias IP List.

Actions

Also available in: Atom PDF