From mboxrd@z Thu Jan 1 00:00:00 1970 From: Michael Tremer To: development@lists.ipfire.org Subject: Re: Banish add-on for ipblocklist. Date: Wed, 25 May 2022 16:27:34 +0100 Message-ID: <149DAAA5-34E2-4375-B22F-C6201DBEA58D@ipfire.org> In-Reply-To: MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============0715873609599754623==" List-Id: --===============0715873609599754623== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Cool. Thank you for answering those questions for me. Is the source available in a Git repository somewhere? -Michael > On 25 May 2022, at 13:42, Rob Brewer wrote: >=20 > Hi Michael >=20 > On Wednesday 25 May 2022 11:08 Michael Tremer wrote: >=20 >> Hello Rob, >>=20 >> Thanks for posting this. >>=20 >> I do not quite understand at the moment what the role of this add-on >> could/should be? >>=20 > it adds a user configurable blocklist to the ipblocklist menu. The Banish=20 > blocklist is configured with ip-address information from a separate GUI men= u=20 > in IPFire. >=20 >> Does it complement the current IP blocklist feature that is in the works, >> or is it an alternative implementation? >>=20 > Yes it complements the ipblocklist feature as this version does not run=20 > without ipblocklist installed. >=20 > This implementation was intended to be a 'light touch' on IPFire and the=20 > only a modified sources list is required to ipblocklist to introduce the ne= w=20 > resource and modifications to the IPFire Menu items. >=20 > Originally Banish generated numerous iptables entries and became very slow = > to update (I use a Banish blocklist list of about 250 cidr and ip-ranges=20 > entries). This version moves the Banish blocklist to ipset and is=20 > considerably faster to update than the IPTABLES version. >=20 >> Does it have features that should be merged together with the IP blocklist >> feature, or does it practically offer the same features and you uploaded >> it for reference/inspiration - and because it works already? :) >>=20 >> -Michael >=20 > I uploaded it because others may find it a useful addition to ipblocklist a= s=20 > I find it an invaluable feature. >=20 > I use Banish as a personalized blocklist to prevent rouge domains from=20 > attacking my mail server. >=20 > I could have made this version of Banish a stand alone ipset addon similar = > to the Location Block feature. However this would require significant=20 > changes to IPFire's infrastructure which may well be overwritten during=20 > upgrades. >=20 > If there is a positive reception to Banish it may be worth considering=20 > merging it with ipblacklist or a stand alone feature. I find it very useful= =20 > but others may be more skeptical, hopefully some users will try it and make= =20 > their views known. >=20 > Rob >=20 >=20 >>=20 >>> On 24 May 2022, at 21:58, Rob Brewer wrot= e: >>>=20 >>> Hi all, >>>=20 >>> I have uploaded my new version of Banish as an add-on to ipblocklist >>> which uses ipset from ipblocklist instead of the original iptables making >>> updating large blocklists considerably faster. >>>=20 >>> If you are new to Banish it allows you to maintain a personalized >>> blocklist which can consist of ip-address, ip-address-ranges. cidr or >>> fqdns. I have removed the facility of adding mac address to be compatible >>> with ipblocklist. >>>=20 >>> The use of fqdn should however be avoided as many abusive domains are now >>> multi homed and evade simple dns lookup s to get ip ranges. I have been >>> looking at using AS numbers for future issues, however I retained this >>> facility in this version for backwards compatibility with my earlier >>> version. >>>=20 >>> I have been running this version with Tims original ipblacklist for >>> several weeks now and have carried out some testing with ipblocklist and >>> should be transparent between the 2 versions. >>>=20 >>> In operation the Banish address list is converted to a net hash of >>> individual ip address or cidrs and drops the processed banish_list into >>> /srv/web/ipfire/html/ where it is collected by ipblocklist. In the >>> current version of ipblocklist this may be a slow process as it can only >>> update 1/hour. I believe this will be increased to 15 minutes in later >>> versions. >>>=20 >>> I have also included a Banish-functions.pl file which as a replacement >>> for some of the functions in general-functions.pl as some of the >>> functions in the ipfire version are broken. >>>=20 >>> In operation I find Banish as a complement to Location Block in banning >>> abusive domains such as spam domains and port scanners when banning >>> complete countries isn't possible. >>>=20 >>> This is an add-on for ipblocklist so make sure you load this first. >>> https://people.ipfire.org/~stevee/ipblocklist/ipblocklist-001.tar.gz >>>=20 >>> https://people.ipfire.org/~helix/banish/Banish-001.tar.gz >>> https://people.ipfire.org/~helix/banish/README >>>=20 >>> Rob >>>=20 >>>=20 >=20 --===============0715873609599754623==--