Products Firewalla Gold SE Firewalla Gold Pro Firewalla Gold Plus Firewalla Purple Firewalla Purple SE Firewalla Wi-Fi SD Product Comparison Product Reviews

block lists via URLs in the target list section

Follow
Avatar
prapador

Is it possible to add block lists via URLs in the target list section? In other words, instead of manually creating the list by adding and copying domains (which I believe would require manual updating), can we simply point to a URL that points to a .txt file that contains the entire list?
Is this possible?

Thank you very much.

2

Comments

13 comments

Sort by Date Votes
  • Avatar
    Firewalla

    What kind of list/s do you want to import via this? Or, this is something that you are managing? (want to see how big this is, and if the list is well maintained)

    0
    Comment actions Permalink
  • Avatar
    William Van Aacken

    The firewalla "Crypto list" is pulling from https://blocklistproject.github.io/Lists.  I have been interested in blocking other lists they have: Abuse, Fraud, Malware, Ransomware, Scam.

    There can also be other lists.  I have my network using NextDNS and have categories selected to be blocked by that service.  It would be GREAT to have many/all of those categories blocked on the firewalla so I don't need NextDNS:
    - AI-Driven Threat Detection
    - Cryptojacking Protection
    - Block Newly Registered Domains (NRDs)
    - Block Parked Domains

    1
    Comment actions Permalink
  • Avatar
    powells

    okay ..hey 

    how about something like this

    https://shield.adlumin.com/ip_indicators.txt

    would there be a way to block this? I cannot add as a "target List" as it has too many entires (200 limit) would be nice ...

     

    thanks.

     

    0
    Comment actions Permalink
  • Avatar
    Sami S.

    Is there a tutorial or KB on how to add lists like this to the target list? I am having trouble adding anything via URL to the target list. It seems to only accept IP addresses. I get an error like this: - [ Target "https://v.firebog.net/hosts/Kowabit.txt" is invalid]  

     

    It would be nice if we could add a list like this for ad blocking. 

    0
    Comment actions Permalink
  • Avatar
    Firewalla

    you can't add a full url; Firewalla (and most firewalls) can't see beyond the v.firebog.net 

    0
    Comment actions Permalink
  • Avatar
    Dallas Eaglestar

    Pointing to a dynamic external list for blocking and other purposes is becoming a pretty standard use case for most firewalls. It would be really nice to see this feature come to Firewalla as well.

    1
    Comment actions Permalink
  • Avatar
    Firewalla
    • Edited

    we already started experimenting importing target lists https://help.firewalla.com/hc/en-us/articles/40317799446035-MSP-Release-2-8-Ask-FireAI-Import-Target-List-IPsec-Local-Flows#01J2T9VN681NVXXQZBK4AVXNMF

     

    1
    Comment actions Permalink
  • Avatar
    prapador

    Is there any expectation that the import lists feature will come to users who don't have MSP?

    Thanks.

    1
    Comment actions Permalink
  • Avatar
    Firewalla

    Unless we figure out a way to fully secure 3rd party lists (meaning, there is nothing inside that can blow up your unit), we can not make any important changes without extra filtering and versioning.

    Plus, only very very few people are even using the 'popular' MSP lists ... 

    0
    Comment actions Permalink
  • Avatar
    Dallas Eaglestar

    It isn't necessarily Firewalla's job to fully secure 3rd party lists. You can always just include a "use at your own risk" notification in the GUI. I'd rather just have the feature sooner.

    0
    Comment actions Permalink
  • Avatar
    Firewalla

    There are really two problems, one is safely import a list (make sure there isn't anything that can blow up your firewalla code, in software, this is likely parsing stuff) And the next problem is to ensure the list is sane and not garbage. Most support tickets we get are "why I can't access XYZ" and "why my network is slow", and with 3rd party (often lower quality lists) that support request will increase. It is very painful for support to debug problems introduced by "any" 3rd party lists. (unless some how we version it and put some control)

     

    1
    Comment actions Permalink
  • Avatar
    powells

    @firealla, yeah I don't think that "your mom" is going to be running a blocklist on her firewalla.

    I might be supporting "My mom" but that's because I mostly know what I'm doing.... 

    I like Dallas Eaglestar's idea -- "Use at your own risk" <-- Brilliant... 

    so please Sir, may I have a blocklist? 

     

     

    0
    Comment actions Permalink
  • Avatar
    Firewalla
    • Edited

    Remember, when thing break ... it never point to one thing a person did. A smart person may started the normal process and find the block is from a target list. But, there are a lot of people just open a case and ask us to help them out ... we may eventually narrow down to a crazy block list installed, but that process is very costly for us and also taken time away from legit support cases.

    This is the reason we need to do some basic home work and make sure the gun is not loaded before we hand it to you :) hence, why MSP is there

     

    1
    Comment actions Permalink

Please sign in to leave a comment.

Didn't find what you were looking for?

New post