Cool. Thank you for answering those questions for me. Is the source available in a Git repository somewhere? -Michael > On 25 May 2022, at 13:42, Rob Brewer wrote: > > Hi Michael > > On Wednesday 25 May 2022 11:08 Michael Tremer wrote: > >> Hello Rob, >> >> Thanks for posting this. >> >> I do not quite understand at the moment what the role of this add-on >> could/should be? >> > it adds a user configurable blocklist to the ipblocklist menu. The Banish > blocklist is configured with ip-address information from a separate GUI menu > in IPFire. > >> Does it complement the current IP blocklist feature that is in the works, >> or is it an alternative implementation? >> > Yes it complements the ipblocklist feature as this version does not run > without ipblocklist installed. > > This implementation was intended to be a 'light touch' on IPFire and the > only a modified sources list is required to ipblocklist to introduce the new > resource and modifications to the IPFire Menu items. > > Originally Banish generated numerous iptables entries and became very slow > to update (I use a Banish blocklist list of about 250 cidr and ip-ranges > entries). This version moves the Banish blocklist to ipset and is > considerably faster to update than the IPTABLES version. > >> Does it have features that should be merged together with the IP blocklist >> feature, or does it practically offer the same features and you uploaded >> it for reference/inspiration - and because it works already? :) >> >> -Michael > > I uploaded it because others may find it a useful addition to ipblocklist as > I find it an invaluable feature. > > I use Banish as a personalized blocklist to prevent rouge domains from > attacking my mail server. > > I could have made this version of Banish a stand alone ipset addon similar > to the Location Block feature. However this would require significant > changes to IPFire's infrastructure which may well be overwritten during > upgrades. > > If there is a positive reception to Banish it may be worth considering > merging it with ipblacklist or a stand alone feature. I find it very useful > but others may be more skeptical, hopefully some users will try it and make > their views known. > > Rob > > >> >>> On 24 May 2022, at 21:58, Rob Brewer wrote: >>> >>> Hi all, >>> >>> I have uploaded my new version of Banish as an add-on to ipblocklist >>> which uses ipset from ipblocklist instead of the original iptables making >>> updating large blocklists considerably faster. >>> >>> If you are new to Banish it allows you to maintain a personalized >>> blocklist which can consist of ip-address, ip-address-ranges. cidr or >>> fqdns. I have removed the facility of adding mac address to be compatible >>> with ipblocklist. >>> >>> The use of fqdn should however be avoided as many abusive domains are now >>> multi homed and evade simple dns lookup s to get ip ranges. I have been >>> looking at using AS numbers for future issues, however I retained this >>> facility in this version for backwards compatibility with my earlier >>> version. >>> >>> I have been running this version with Tims original ipblacklist for >>> several weeks now and have carried out some testing with ipblocklist and >>> should be transparent between the 2 versions. >>> >>> In operation the Banish address list is converted to a net hash of >>> individual ip address or cidrs and drops the processed banish_list into >>> /srv/web/ipfire/html/ where it is collected by ipblocklist. In the >>> current version of ipblocklist this may be a slow process as it can only >>> update 1/hour. I believe this will be increased to 15 minutes in later >>> versions. >>> >>> I have also included a Banish-functions.pl file which as a replacement >>> for some of the functions in general-functions.pl as some of the >>> functions in the ipfire version are broken. >>> >>> In operation I find Banish as a complement to Location Block in banning >>> abusive domains such as spam domains and port scanners when banning >>> complete countries isn't possible. >>> >>> This is an add-on for ipblocklist so make sure you load this first. >>> https://people.ipfire.org/~stevee/ipblocklist/ipblocklist-001.tar.gz >>> >>> https://people.ipfire.org/~helix/banish/Banish-001.tar.gz >>> https://people.ipfire.org/~helix/banish/README >>> >>> Rob >>> >>> >