ELLIO for IP blocking on OPNsense

Discover how to quickly set up IP filtering on OPNsense firewall and why ELLIO’s advanced IP blocklists are a smart choice for effectively filtering active malicious IP addresses. This tutorial shows you how to set up an external IP blocklist in just a few minutes.

You’ll find in this article:

What is ELLIO: Threat List MAX and why use it for OPNsense.
10-step installation tutorial for setting up an IP blacklist on OPNsense.
How to get a free trial to test ELLIO: Threat List MAX.
Access the ELLIO free community IP blocklist.

Why use ELLIO for IP blocking on OPNsense.

ELLIO offers the most comprehensive, swift, and advanced external IP blocklist on the market today. While other providers update their lists every hour or 15 minutes, ELLIO refreshes its lists every 1 to 5 minutes, based on your subscription. On average, ELLIO updates over 10% of its IP addresses daily and adds 98 new threats every 5 minutes. (See the current status and live data in the ELLIO Demo Space.)

ELLIO: Threat List MAX is available in formats compatible with OPNsense and other platforms, including pfSense, Fortinet, Palo Alto Networks, Check Point, F5, Cisco, ntopng, and more.

Hold off attackers before detections are available.

ELLIO IP blocklists protect your network from the latest malicious IPs, mass exploitation, and disruptive bots. They also act as a buffer, blocking attackers immediately and giving security teams time to detect and patch new vulnerabilities before they affect your network.

ELLIO offers following blocklists:

ELLIO: Threat List MAX: Ultimate IP blocking at the firewall level Covering 175,000 to 400,000 entities with updates every minute, easily compatible with Chek Point and other next-gen firewalls. Along with the ELLIO: Threat List, you also gain access to the ELLIO Blocklist Management Platform for managing all blocklists across firewall vendors.
ELLIO free community blocklist for homelabers, cybersecurity enthusiasts, and non-commercial individual use only.

How to set up an external IP blocklist on OPNsense.

Part 1: Configure Alias in OPNsense

Step 1: To use ELLIO: Threat List (or other external IP blocklists) on OPNsense, you need to create a new alias. First, click on Firewall >> Aliases.

How to configure Alias in OPNsense firewall.

Step 2: In the Aliases section, click on the red plus-sign button.

Alias configuration in open-source firewall OPNsense.

Step 3: Use a descriptive name, like ftl.ellio.tech, and select URL Table (IPs) from the dropdown menu.

How to set up an external IP blocklist on OPNsense using useful installation guide by ELLIO.

Step 4: Set the Refresh Frequency to 1 hour, then paste the URL from our portal into the Content field. Click the Save button to apply the changes.

How to set up freaquency for IP blocking on OPNsense firewall.

Step 5: After a few seconds, the Loaded# and Last Updated fields will populate with information, confirming that the setup is working as intended.

Step 5 of the Installation Guide: How to Allow an External IP Blocklist on the OPNsense Firewall.

Part 2: Configure firewall in OPNsense

Step 6: To set up a blocking rule on the firewall, navigate to Firewall -> Rules -> WAN (ignore LAN screenshots).

How to set up a IP blocking rule on the OPNsense firewall.

Step 7: Click the red plus sign to add a new rule.

How to configure firewall in OPNsense and set up IP blocking on OPNsesnse.

Step 8: Set the Action to Block or Reject. For the Source, select the alias created in the previous step from the dropdown list.

How configurate ELLIO IP blocklist on OPNsense.

Step 9: After the page loads with the new rule listed, click the red Apply Changes button in the upper right corner to activate the rule.

10-step practical tutorial how to set up external IP blocklist on firewall OPNsense.

Step 10: Confirm all changes by clicking the red Apply Changes button.

Try ELLIO with a free trial.

Explore all the benefits of ELLIO: Threat List MAX, ELLIO Blocklist Management, ELLIO IP Lookup, and more, with a free trial: https://ftl.ellio.tech/auth/registration

Get ELLIO Free Community IP Blocklist.

To support the tech community, ELLIO provides a free community version of its ELLIO: Threat List for non-commercial use. Homelabbers and tech enthusiasts can download it from this link: https://cdn.ellio.tech/community-feed.

Useful links

Explore ELLIO: Threat List MAX, the largest and most dynamic IP blocklist on the market, compatible with all popular next-gen firewalls.
Use a free ELLIO IP Lookup to check suspicious IPs.
Try ELLIO: Blocklist Management with a 7day trial.
Download ELLIO Free Community IP Blocklist.
Check out ELLIO: Threat Intelligence to reduce alert fatigue and speed up threat hunting

About ELLIO
ELLIO offers advanced network security solutions for real-time visibility into mass vulnerability exploitation, botnets, scanning activities, and background cybernoise (aka mass attacks, background internet noise, or grey noise). Our IP Threat Intelligence and blocklists reduce alert fatigue, speed up triage, enhance automation, and boost network firewall protection, leading to more efficient security operations and better-optimized resource allocation. ELLIO integrates seamlessly with next-gen firewalls, SOAR, SIEM, TIP, through API or as a local database for most demanding on-premises workloads.

Jailbreak3509

ELLIO for IP blocking on OPNsense

RSAC 2025. BSidesSF 2025. Connect with ELLIO.

ELLIO IP Lookup to check risky IPs and uncover their past activity

New ELLIO Blocklist Platform: Easy Multi-Vendor IP Blocklist Control & Customization

SIEM: What’s been making waves in 2024?

ELLIO triples sensor coverage.