📡 ISP Lite & Premium

Import RPZ lists

21min

The Import RPZ lists service allows personal RPZ lists (e.g., https://threatfox.abuse.ch/downloads/threatfox.rpz) to be imported to the DNS Proxy.

File change control and eventual import is performed every 30 minutes.

To manage the service access the admin panel under A Advanced configuration » [Z] - Import RPZ lists.



Document image


It is advisable to block Proxy & Bypass Filters on the Cloud panel for proper operation of RPZ policies.



Document image


1. First configuration



  1. Access the Import RPZ list menu.
  2. Activate the service by typing y and pressing ENTER.
  3. On the next screen, type y and press ENTER to create the fsupload user (wait for the procedure to run).
  4. On the next screen, type y and press ENTER to proceed to enter the password on the fsupload user.

It is always possible to change the password from the Change fsupload password menu.

2. How to import an RPZ list

To import an RPZ list, an SFTP client (e.g., FileZilla or Linux/Windows sftp) must be used.

3. SFTP access parameters



Document image


Standard access mode: with any SFTP client connect with the listed parameters and the password chosen during configuration.

SSH key access mode enable the access mode from the Change configuration menu and enter the SSH keys of the machines enabled to access via the Manage SSH Keys » Add key .

4. Supported list formats

The following formats are supported:

  • Standard RPZ zone files
  • List Domains

Standard RPZ zone files

Standard RPZ files with Policy Triggers and Policy Actions Example RPZ zones:



Document image


Domain List It is possible to import a list of domains to be blocked and define policies for the list.

The policy definition must be entered in the first line respecting the following format:



Document image


Variables definition

  • block_type indicates the block type, enter one of these values.
  • block the domain is blocked with not-existent domain error.
  • send_to_ip the domain is resolved with the IP given in destination.
  • send_to_domain the domain is resolved with the domain specified in destination.
  • destination mandatory if block_type is send_to_ip or send_to_domain, indicates the IP or domain to resolve.

Example file with resolution to the domain example.com



Document image


Entering RPZ into the configuration

  • Log in sftp to the machine with the user fsupload.
  • Access the fsupload/rpz/ folder.
  • Upload the file with the extension .load.
  • Wait for the timing of the procedure or, to perform the import immediately, access the Check RPZ lists now menu.

5. Removing RPZ from the configuration



  • Log in sftp to the machine with the user fsupload.
  • Access the fsupload/rpz/ folder.
  • Remove the file with the .db extension.
  • Wait for the timing of the procedure or, to perform the removal immediately, access the Check RPZ lists now menu.

6. Check import errors



  • Log in sftp to the machine.
  • Access the fsupload/rpz/ folder.
  • Download the files with the extension .error and remove it from the folder.
  • Open the file with a text editor and move to the end of the file to check the error.
  • Correct the file and retry RPZ Insertion in the configuration.

7. List import example

The example below shows the import of an RPZ file using the sftp command, available on both Windows and Linux, in SSH key access mode. Notes: the first time you log in you will be asked for permission to log in, type yes and press ENTER.



Document image


8. Menu Import RPZ List



Document image


9. Disable service / Enable service

Access the menu to disable or enable the RPZ import service.

Disable service



  1. Access the [D] - Disable service menu.
  2. Type y and press ENTER to confirm deactivation (wait for the procedure to run). Access the menu to disable or enable the RPZ import service.

Enable service



  1. Go to the main menu Import RZP lists.
  2. Type y and press ENTER to confirm activation (wait for the procedure to be executed). Notes: if the fsupload user was not present it will be created and configured

10. Change configuration

Enable access via public SSH key

  1. Access the [C] - Change configuration menu.
  2. Type y and press ENTER to set up access.
  3. Type y and press ENTER to immediately manage the enabled SSH keys, or type n and press ENTER to return to the Import RPZ lists menu. It is possible to manage SSH enabled keys from the menu.

11. Manage SSH Keys

Through this menu you can manage the SSH keys authorized for access.

  1. Access the [M] - Manage SSH Keys menu.

View authorized keys

1. Access the [V] - View authorized keys menu. 2. If there are multiple SSH keys, the system divides the view into blocks, press the space bar to display the next block.

Add key

1. Access the [A] - Add key menu. 2. Enter an identifying name for the key and press ENTER, only letters, numbers and _ character are allowed. This name will be used when deleting the key 3. Enter/Copy the SSH key of the machine authorized to access and press ENTER (wait for the procedure to be executed).

Delete key

To delete an SSH key you need to know the idenfiticative name given to the chive when entering it. If you do not remember the name à you can view it through the Manage SSH Keys » View authorized keys menu. 1. Access the [D] - Delete single key menu. 2. Enter the idenficative name of the key to be deleted and press ENTER (wait for the procedure to run).

Clear all keys

Through this menu all SSH keys will be cleared: 1. Access the [C] - Clear all keys menu. 2. Type y and press ENTER to confirm the deletion (wait for the procedure to run).

12. Change fsupload password

1. Access the [P] - Change fsupload password menu. 2. Type y and press ENTER to proceed to enter the password on the fsupload user.

13. Check RPZ lists now

Checking the lists to be imported is done automatically every 30 minutes if execution is needed access this menu. 1. Access the [I] - Check RPZ lists now menu. 2. Type y and press ENTER to confirm the check (wait for the procedure to run). 3. When finished, the system will show the current import status.

14. View RPZ lists import status

1. Access the [S] - View RPZ lists import status menu. 2. Type y and press ENTER to confirm (wait for the procedure to run).

15. Legend

  • Last check/Last import » last check performed.
  • Last check: indicates that the check was performed but no changes were present.
  • Last import: indicates that the check was performed and changes were made.
  • Loaded » RPZ lists successfully loaded into the file configuration with .db extension.
  • To be parsed » RPZ lists that need to be checked by the system files with .load extension.
  • To be removed » RPZ lists to be removed, they are loaded in the configuration but no longer have .db files in the folder.
  • Error » RPZ lists that were checked but generated error and were not loaded into the configuration files with extension .erro



Other ways to ask: » The Import RPZ lists service allows personal RPZ lists » How to Import RPZ lists.

Updated 04 Nov 2024
Doc contributor
Doc contributor
Did this page help you?
PREVIOUS
Data Export
NEXT
Generic guide to enable FlashStart cloud filtering
Docs powered by Archbee