dark mode light mode Back to ellio.tech

ELLIO for IP blocking on OPNsense

Using ELLIO IP block list for OPNsense

Discover how to quickly set up IP filtering on OPNsense firewall and why ELLIO’s advanced IP blocklists are a smart choice for effectively filtering active malicious IP addresses. This tutorial shows you how to set up an external IP blocklist in just a few minutes.

You’ll find in this article:

  • What is ELLIO: Threat List and why use it for OPNsense.
  • 10-step installation tutorial for setting up an IP blacklist on OPNsense.
  • How to get a free trial to test ELLIO: Threat Lists (MAX and ONE blocklists).
  • Access the ELLIO free community IP blocklist.

Why use ELLIO for IP blocking on OPNsense

ELLIO offers the most comprehensive, swift, and advanced external IP blocklist on the market today. While other providers update their lists every hour or 15 minutes, ELLIO refreshes its lists every 1 to 5 minutes, based on your subscription. On average, ELLIO updates over 10% of its IP addresses daily and adds 98 new threats every 5 minutes. (See the current status and live data in the ELLIO Demo Space.)

ELLIO master blacklist is available in formats compatible with OPNsense and other platforms, including pfSense, Fortinet, Palo Alto Networks, Check Point, F5, Cisco, ntopng, and more.

ELLIO also holds off attackers until detections are available.
ELLIO blacklists protect your network from the latest malicious IPs, mass exploitation, and disruptive bots. They also act as a buffer, blocking attackers immediately and giving security teams time to detect and patch new vulnerabilities before they affect your network.

ELLIO offers following blocklists (compare ONE vs MAX here):

  • ELLIO: Threat List MAX: Covers 175,000 to 400,000 entities with updates every minute.
  • ELLIO: Threat List ONE: Includes 40,000 to 90,000 entities, customized for your network perimeter, with updates every 5 minutes.
  • ELLIO free community blocklist: Contains 25,000 entities with updates every 5 minutes.

How to set up an external IP blocklist on OPNsense

Part 1: Configure Alias in OPNsense

Step 1: To use ELLIO: Threat List on OPNsense, you need to create a new alias. First, click on Firewall >> Aliases.

How to configure Alias in OPNsense firewall.

Step 2: In the Aliases section, click on the red plus-sign button.

Alias configuration in open-source firewall OPNsense.

Step 3: Use a descriptive name, like ftl.ellio.tech, and select URL Table (IPs) from the dropdown menu.

How to set up an external IP blocklist on OPNsense using useful installation guide by ELLIO.

Step 4: Set the Refresh Frequency to 1 hour, then paste the URL from our portal into the Content field. Click the Save button to apply the changes.

How to set up freaquency for IP blocking on OPNsense firewall.

Step 5: After a few seconds, the Loaded# and Last Updated fields will populate with information, confirming that the setup is working as intended.

Step 5 of the Installation Guide: How to Allow an External IP Blocklist on the OPNsense Firewall.

Part 2: Configure firewall in OPNsense

Step 6: To set up a blocking rule on the firewall, navigate to Firewall -> Rules -> LAN.

How to set up a IP blocking  rule on the OPNsense firewall.

Step 7: Click the red plus sign to add a new rule.

How to configure firewall in OPNsense and set up IP blocking on OPNsesnse.

Step 8: Set the Action to Block or Reject. For the Source, select the alias created in the previous step from the dropdown list.

How configurate ELLIO IP blocklist on OPNsense.

Step 9: After the page loads with the new rule listed, click the red Apply Changes button in the upper right corner to activate the rule.

10-step practical tutorial how to set up external IP blocklist on firewall OPNsense.

Step 10: Confirm all changes by clicking the red Apply Changes button.

Try ELLIO IP blocklists for free

Visit the ELLIO Demo Space, complete a brief online form, and receive a 14-day free trial of either the ELLIO Threat List MAX or ONE. The trial provides the same protection features as the paid commercial version. Enjoy testing, and share your feedback with us on our ELLIO community Slack.

Access to the ELLIO Free Community IP Blocklist

To support the tech community, ELLIO provides a free community version of its ELLIO: Threat List for non-commercial use. Homelabbers and tech enthusiasts can download it from this link: https://cdn.ellio.tech/community-feed.

Did you find this tutorial helpful?

Did this guide help you set up IP blocking on OPNsense easily? We hope so! Feel free to share it with your friends, colleagues, or community.

About ELLIO
ELLIO offers advanced network security solutions for real-time visibility into mass vulnerability exploitation, botnets, scanning activities, and background cybernoise (aka mass attacks, background internet noise, or grey noise). Our IP Threat Intelligence and blocklists reduce alert fatigue, speed up triage, enhance automation, and boost network firewall protection, leading to more efficient security operations and better-optimized resource allocation. ELLIO integrates seamlessly with next-gen firewalls, SOAR, SIEM, TIP, through API or as a local database for most demanding on-premises workloads.

Join us on social media
LinkedInTwitter, Mastodon, and ELLIO Community Slack

Total
0
Shares