OPNsense Firewall Integration

Integration Steps

1. Log in to OPNsense Web Interface: Access your firewall via a web browser, e.g., https://<firewall-ip>.
2. Install and Enable the Firewall Alias Feature:
   1. Go to Firewall > Aliases.
   2. Click + Add to create a new alias.
   3. Configure the alias:
      • Name: ThreatHive_Blocklist
      • Type: URL Table (IPs)
      • Content: https://www.threathive.net/hiveblocklist.txt
      • Update Frequency: 15 Minutes
      • Description: ThreatHive.net Blocklist - Malicious IPs
   4. Click Save, then Apply Changes.
3. Create a Firewall Rule to Block Traffic:
   1. Go to Firewall > Rules > WAN.
   2. Click + Add to create a new rule.
   3. Configure the rule:
      • Action: Block
      • Interface: WAN
      • Direction: In
      • Source: Single host or alias
      • Source Address: ThreatHive_Blocklist
      • Destination: Any
      • Description: Block traffic from ThreatHive malicious IPs
      • Log: Optional, but recommended
   4. Click Save, then Apply Changes.
4. Enable Logging and Monitoring:
   • Enable logging in the firewall rule to capture blocked traffic.
   • Go to Firewall > Log Files > Live View to monitor blocked IPs in real time.
5. Confirm It’s Working:
   • Go to Firewall > Aliases.
   • Click the 🔍 icon next to ThreatHive_Blocklist to view current IPs being blocked.
6. Additional Notes:
   • The ThreatHive blocklist updates automatically every 15 minutes.
   • Ensure WAN rules are correctly ordered, especially if other allow/deny rules exist.
   • This guide focuses on blocking incoming connections; the same method can be adapted for outbound filtering if needed.