Topic Thread

Expand all | Collapse all

Import Spamhaus DROP live IP list and block on firewall

  • 1.  Import Spamhaus DROP live IP list and block on firewall

    Posted 06-08-2018 23:19

    Hi,

    I want to block some WAN IPs (LAN to WAN & WAN to LAN) on the 300D firewall but the issue is that this is a third party live list in text format (https://myip.ms/files/blacklist/general/latest_blacklist.txt).

    How will I import this txt list on the firewall and block? 

     

    Regards,

    Deepak Kumar



  • 2.  Import Spamhaus DROP live IP list and block on firewall

    Posted 06-09-2018 03:42
    There is likely a nice scripting way but I typically take lists like this into Excel and create a column with the IP and one with the name. I then create a formula that creates in a third column the commands needed to add each object with a special character like % between each line. Lastly I copy the third column into a text editor and replace the % with a carriage return. I then have the CLI command to add all my objects. To add the group I do pretty much the same. Plan to add more scripting skills but for now this works and once I have it created I can add new IPs if they come out and only modify slightly.

    Regards,


    Peter

    From: Deepak Kumar, 12330, Network Admin via Firewall:


  • 3.  RE: Import Spamhaus DROP live IP list and block on firewall

     
    Posted 06-09-2018 05:30

    Hi,

    Usually i do this kind of tasks using Excel, backup your fortigate and open the file and check the black list part syntax and create similar one in excel for all the 300 entries.

    Rony Moussa

    NSE Certified : Level 8



  • 4.  RE: Import Spamhaus DROP live IP list and block on firewall

    Posted 06-09-2018 05:59

    Hi.

    Thanks for the answer. But this is an auto-update list, It will refresh on every 4 hours. So I think this is not a good idea to update manually. Is there any way to update it automatically with cron or scripts?

     

    Regards,

    Deepak Kumar



  • 5.  Import Spamhaus DROP live IP list and block on firewall

    Posted 06-09-2018 06:02
    You definitely could do it. Would be an interesting project to reach out and get the data then parse and create a CLI configuration which you could then apply, likely through the APIs.

    Regards,


    Peter Cook

    From: Deepak Kumar, 12330, Network Admin via Firewall:


  • 6.  RE: Import Spamhaus DROP live IP list and block on firewall

    Posted 06-09-2018 06:55

    HI,

    Can I get a reference document or URL for the same?

     

    Regards,

    Deepak Kumar

    NSE4



  • 7.  Import Spamhaus DROP live IP list and block on firewall

     
    Posted 06-10-2018 00:04
    Did you tried with External Resources featire in FortiOS 6.0.0 ?

    Regards
    Rony

    On Jun 9, 2018 7:38 PM, "Peter Cook via Firewall:"


  • 8.  RE: Import Spamhaus DROP live IP list and block on firewall

    Posted 06-10-2018 23:18

    Hi,

    Thanks for a great information. I got your point. Let me upgrade to 6.0 and will try it.

     

    Regards,

    Deepak Kumar

    NSE4