Adding RBLs to your Paloalto Networks Firewall

By | September 21, 2019

A quick way to add Dynamic External Lists to your Paloalto firewall via cli is as follows.

login to your firewall via SSH.

type configure and paste the below

set external-list tor-threats type ip url http://panwdbl.appspot.com/lists/ettor.txt recurring hourly
set external-list spamhaus-drop type ip url http://panwdbl.appspot.com/lists/shdrop.txt recurring hourly
set external-list spamhaus-edrop type ip url http://panwdbl.appspot.com/lists/shedrop.txt recurring hourly
set external-list bf-blocker-rbl type ip url http://panwdbl.appspot.com/lists/bruteforceblocker.txt recurring hourly
set external-list malware-rbl type ip url http://panwdbl.appspot.com/lists/mdl.txt recurring hourly
set external-list compromised-hosts-rbl type ip url http://panwdbl.appspot.com/lists/etcompromised.txt recurring hourly
set external-list dshield-rbl type ip url http://panwdbl.appspot.com/lists/dshieldbl.txt recurring hourly
set external-list ssl-rbl type ip url http://panwdbl.appspot.com/lists/sslabuseiplist.txt recurring hourly
set external-list zeus-rbl type ip url http://panwdbl.appspot.com/lists/zeustrackerbadips.txt recurring hourly

from the UI if you look under Objects and External Dynamic lists you can see the below added to your device.

it is recommended that you create 2 security rules at the very beginning blocking all outgoing and incoming traffic to the address lists below.

after a few hours of running you can see the hit count rise as to how many attacks have been blocked by these malicious IPs

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.