@@ -56,6 +56,10 @@ OPNsense offers the following alias types:
5656| URL Tables (IPs) | A table of IP addresses that are fetched on regular |
5757| | intervals. |
5858+------------------+------------------------------------------------------+
59+ | URL Table in | A table of IP addresses that are fetched on regular |
60+ | JSON format | intervals. |
61+ | (IPs) | (using a json structure) |
62+ +------------------+------------------------------------------------------+
5963| GeoIP | Select countries or whole regions |
6064+------------------+------------------------------------------------------+
6165| Network group | Combine different network type aliases into one |
@@ -168,15 +172,48 @@ intervals from the :code:`arp` and :code:`ndp` tables.
168172URL Tables
169173..................
170174URL tables can be used to fetch a list of IP addresses from a remote server.
171- There are several IP lists available for free, most notably are the "Don't Route
172- Or Peer" lists from Spamhaus.
175+ You can specify a :code: `Refresh frequency` ` to determine how often this information should be updated.
173176
174177.. Note ::
175178
176179 The content of the file being fetched should contain one IPv[4|6] address per line, lines that start with a :code: `whitespace `
177180 , colon (:code: `, `), semicolon (:code: `; `), pipe (:code: `| `) or hash (:code: `# `) will be ignored.
178181
179182
183+ ....................................
184+ URL Table in JSON format (IPs)
185+ ....................................
186+
187+ URL tables can be used to fetch a list of IP addresses from a remote server and parse their contents when in
188+ `JSON <https://en.wikipedia.org/wiki/JSON >`__ format, similar to our standard (text based) url table.
189+
190+
191+ You can use a :code: `Path expression ` to select data from the container, in some cases, when content is "flat" you just need a
192+ single path reference. For example the spamhause `drop <https://www.spamhaus.org/drop/drop_v4.json >`__ list contains a json
193+ file per row with a field :code: `cidr `.
194+
195+ More advanced scenarios are also possible as our parser supports `jq <https://jqlang.org/ >`__,
196+ some (simple) examples can be found below in the table below.
197+
198+
199+ ======================================================================================================== ======================================================================================== ==============================================================
200+ Content Path Expression Topic
201+ ======================================================================================================== ======================================================================================== ==============================================================
202+ https://ip-ranges.amazonaws.com/ip-ranges.json .prefixes[] | select(.region=="us-east-1") | select(.service=="EC2") | .ip_prefix All ip addresses belonging to service EC2 in region us-east-1
203+ https://api.github.com/meta .web + .api + .git | .[] All of GitHubs web, api and git addresses
204+ https://endpoints.office.com/endpoints/worldwide?clientrequestid=b10c5ed1-bad1-445f-b386-b919946339a7 .[] | select(.serviceArea=="Exchange") | select(".ips")| .ips | .[]? Exchange networks from Microsoft
205+ ======================================================================================================== ======================================================================================== ==============================================================
206+
207+
208+
209+ .. Tip ::
210+
211+ Use `https://play.jqlang.org/ <https://play.jqlang.org/ >`__ to fiddle with the jq language before pasting content and
212+ path expression in an alias.
213+
214+
215+
216+
180217..................
181218GeoIP
182219..................
0 commit comments