From: Michael Tremer <michael.tremer@ipfire.org>
To: development@lists.ipfire.org
Subject: Re: Banish add-on for ipblocklist.
Date: Wed, 25 May 2022 16:27:34 +0100 [thread overview]
Message-ID: <149DAAA5-34E2-4375-B22F-C6201DBEA58D@ipfire.org> (raw)
In-Reply-To: <t6l86t$pfp$1@tuscan3.grantura.co.uk>
[-- Attachment #1: Type: text/plain, Size: 4568 bytes --]
Cool. Thank you for answering those questions for me.
Is the source available in a Git repository somewhere?
-Michael
> On 25 May 2022, at 13:42, Rob Brewer <ipfire-devel(a)grantura.co.uk> wrote:
>
> Hi Michael
>
> On Wednesday 25 May 2022 11:08 Michael Tremer wrote:
>
>> Hello Rob,
>>
>> Thanks for posting this.
>>
>> I do not quite understand at the moment what the role of this add-on
>> could/should be?
>>
> it adds a user configurable blocklist to the ipblocklist menu. The Banish
> blocklist is configured with ip-address information from a separate GUI menu
> in IPFire.
>
>> Does it complement the current IP blocklist feature that is in the works,
>> or is it an alternative implementation?
>>
> Yes it complements the ipblocklist feature as this version does not run
> without ipblocklist installed.
>
> This implementation was intended to be a 'light touch' on IPFire and the
> only a modified sources list is required to ipblocklist to introduce the new
> resource and modifications to the IPFire Menu items.
>
> Originally Banish generated numerous iptables entries and became very slow
> to update (I use a Banish blocklist list of about 250 cidr and ip-ranges
> entries). This version moves the Banish blocklist to ipset and is
> considerably faster to update than the IPTABLES version.
>
>> Does it have features that should be merged together with the IP blocklist
>> feature, or does it practically offer the same features and you uploaded
>> it for reference/inspiration - and because it works already? :)
>>
>> -Michael
>
> I uploaded it because others may find it a useful addition to ipblocklist as
> I find it an invaluable feature.
>
> I use Banish as a personalized blocklist to prevent rouge domains from
> attacking my mail server.
>
> I could have made this version of Banish a stand alone ipset addon similar
> to the Location Block feature. However this would require significant
> changes to IPFire's infrastructure which may well be overwritten during
> upgrades.
>
> If there is a positive reception to Banish it may be worth considering
> merging it with ipblacklist or a stand alone feature. I find it very useful
> but others may be more skeptical, hopefully some users will try it and make
> their views known.
>
> Rob
>
>
>>
>>> On 24 May 2022, at 21:58, Rob Brewer <ipfire-devel(a)grantura.co.uk> wrote:
>>>
>>> Hi all,
>>>
>>> I have uploaded my new version of Banish as an add-on to ipblocklist
>>> which uses ipset from ipblocklist instead of the original iptables making
>>> updating large blocklists considerably faster.
>>>
>>> If you are new to Banish it allows you to maintain a personalized
>>> blocklist which can consist of ip-address, ip-address-ranges. cidr or
>>> fqdns. I have removed the facility of adding mac address to be compatible
>>> with ipblocklist.
>>>
>>> The use of fqdn should however be avoided as many abusive domains are now
>>> multi homed and evade simple dns lookup s to get ip ranges. I have been
>>> looking at using AS numbers for future issues, however I retained this
>>> facility in this version for backwards compatibility with my earlier
>>> version.
>>>
>>> I have been running this version with Tims original ipblacklist for
>>> several weeks now and have carried out some testing with ipblocklist and
>>> should be transparent between the 2 versions.
>>>
>>> In operation the Banish address list is converted to a net hash of
>>> individual ip address or cidrs and drops the processed banish_list into
>>> /srv/web/ipfire/html/ where it is collected by ipblocklist. In the
>>> current version of ipblocklist this may be a slow process as it can only
>>> update 1/hour. I believe this will be increased to 15 minutes in later
>>> versions.
>>>
>>> I have also included a Banish-functions.pl file which as a replacement
>>> for some of the functions in general-functions.pl as some of the
>>> functions in the ipfire version are broken.
>>>
>>> In operation I find Banish as a complement to Location Block in banning
>>> abusive domains such as spam domains and port scanners when banning
>>> complete countries isn't possible.
>>>
>>> This is an add-on for ipblocklist so make sure you load this first.
>>> https://people.ipfire.org/~stevee/ipblocklist/ipblocklist-001.tar.gz
>>>
>>> https://people.ipfire.org/~helix/banish/Banish-001.tar.gz
>>> https://people.ipfire.org/~helix/banish/README
>>>
>>> Rob
>>>
>>>
>
next prev parent reply other threads:[~2022-05-25 15:27 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-05-24 20:58 Rob Brewer
2022-05-25 10:08 ` Michael Tremer
2022-05-25 12:42 ` Rob Brewer
2022-05-25 15:27 ` Michael Tremer [this message]
2022-05-25 15:41 ` Rob Brewer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=149DAAA5-34E2-4375-B22F-C6201DBEA58D@ipfire.org \
--to=michael.tremer@ipfire.org \
--cc=development@lists.ipfire.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox