Re: ipblacklist V2

[Michael Tremer <michael.tremer@ipfire.org>]

[-- Attachment #1: Type: text/plain, Size: 4125 bytes --]

Hello Rob,

> On 9 Feb 2022, at 13:23, Rob Brewer <ipfire-devel(a)grantura.co.uk> wrote:
> 
> Hi Michael
> 
> 
> Michael Tremer wrote:
> 
>> Hello Rob,
>> 
>> Thank you for your interest in working on this.
>> 
>> Yes, I always thought that there was great interest in moving this over
>> the line. However, I could not find where we left off here.
>> 
>> There were a couple of outstanding issues that had to be resolved. I just
>> couldn’t find my last emails. Are you aware of these?
>> 
> 
> I'm pleased to say I have had an email from Tim and is supportive of my 
> attempts to progress ipblacklist into IPFire. Tim however says "Between 
> COVID, my taking on additional responsibilities and the code not being part 
> of ipfire, it's currently got a very low priority for me."

Good to hear that you are in touch. I would like to invite Tim to join the conversation on here. I am sure he has a couple of thoughts to contribute and I hope he can find the time.

> Tim pointed me to his git pages where I was able to find most of the code 
> that I thought was missing from patchwork and is all now installed on my 
> firewall and is working extremely well.

I assume you are talking about this here?

  https://git.ipfire.org/?p=people/timf/ipfire-2.x.git;a=shortlog;h=refs/heads/ipblacklist

That would have been one of my first questions having looked at my emails again: Get the code into some Git repository.

This is a large patchset and it is very difficult to scroll up and down to review it. Uploading it to a Git repository that is browsable in a web browser somewhere would be a lot better and we can put any patches on top of the branch, so that we only will have smaller changes to review and not a whole patchset again and again.

Do you have a Git repository somewhere? Would you like me to set up your IPFire account so that you can use our servers?

Do you have experience with Git?

We would need to rebase the branch onto next (which Adolf has already pointed out), but I don’t think this would be a problem because we are mainly adding new code and don’t modify too much existing stuff here.

> You may be interested in one of the modification I have made to ipblacklist, 
> is to add an additional local blacklist to the sources file to get a 
> blocklist from a web server on my local network.  This is populated by a 
> script which greps the mail server logs for SMTP Auth attacks and has been  
> particularly useful in protecting the mail server from a recent botnet 
> attack where the offending ip addresses have been recycled every one to 
> three weeks. Currently the blocklist contains about 3000 ip addresses and 
> has blocked nearly 2000 smtp auth attempts so far to-day.
> 
> I also use fail2ban and Banish to manage iptables blocks on the firewall.

This is kind of a fail2ban but on the firewall. Since this patchset is already so large and there has been a custom blocklist existing before which got removed, I would push this project back a little bit until we have a base that we can add new features to.

I am not entirely convinced that this functionality scales well across all users. How would they move the logs to the firewall? We don’t have a simple API, but if we did, we would not have a system to authenticated other servers. This would be a project that I would find a little bit more complicated and we would need a couple more pieces in the puzzle before we are ready for it.

> The last communication I could find between yourself and Tim was in May 
> 2020. https://lists.ipfire.org/pipermail/development/2020-May/007822.html

Thanks for finding this. Indeed the conversation just ended in nothingness due to lack of time of everybody I would suspect.

I could not find anything on the list that I would consider a blocker. There are however some smaller things like translations and probably there will be a couple of minor bugs and some improvements to the look and feel.

So, can we start with rebasing the Git branch, please?

-Michael

> Hope this is useful.
> 
> Rob
> 
>