From mboxrd@z Thu Jan 1 00:00:00 1970 From: Michael Tremer To: development@lists.ipfire.org Subject: Re: ipblacklist V2 Date: Thu, 10 Feb 2022 09:41:55 +0000 Message-ID: <1A1775FB-102E-4629-B7A8-3D2DFAAD4A06@ipfire.org> In-Reply-To: MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============3891260271327961978==" List-Id: --===============3891260271327961978== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Hello Rob, > On 9 Feb 2022, at 13:23, Rob Brewer wrote: >=20 > Hi Michael >=20 >=20 > Michael Tremer wrote: >=20 >> Hello Rob, >>=20 >> Thank you for your interest in working on this. >>=20 >> Yes, I always thought that there was great interest in moving this over >> the line. However, I could not find where we left off here. >>=20 >> There were a couple of outstanding issues that had to be resolved. I just >> couldn=E2=80=99t find my last emails. Are you aware of these? >>=20 >=20 > I'm pleased to say I have had an email from Tim and is supportive of my=20 > attempts to progress ipblacklist into IPFire. Tim however says "Between=20 > COVID, my taking on additional responsibilities and the code not being part= =20 > of ipfire, it's currently got a very low priority for me." Good to hear that you are in touch. I would like to invite Tim to join the co= nversation on here. I am sure he has a couple of thoughts to contribute and I= hope he can find the time. > Tim pointed me to his git pages where I was able to find most of the code=20 > that I thought was missing from patchwork and is all now installed on my=20 > firewall and is working extremely well. I assume you are talking about this here? https://git.ipfire.org/?p=3Dpeople/timf/ipfire-2.x.git;a=3Dshortlog;h=3Dref= s/heads/ipblacklist That would have been one of my first questions having looked at my emails aga= in: Get the code into some Git repository. This is a large patchset and it is very difficult to scroll up and down to re= view it. Uploading it to a Git repository that is browsable in a web browser = somewhere would be a lot better and we can put any patches on top of the bran= ch, so that we only will have smaller changes to review and not a whole patch= set again and again. Do you have a Git repository somewhere? Would you like me to set up your IPFi= re account so that you can use our servers? Do you have experience with Git? We would need to rebase the branch onto next (which Adolf has already pointed= out), but I don=E2=80=99t think this would be a problem because we are mainl= y adding new code and don=E2=80=99t modify too much existing stuff here. > You may be interested in one of the modification I have made to ipblacklist= ,=20 > is to add an additional local blacklist to the sources file to get a=20 > blocklist from a web server on my local network. This is populated by a=20 > script which greps the mail server logs for SMTP Auth attacks and has been = =20 > particularly useful in protecting the mail server from a recent botnet=20 > attack where the offending ip addresses have been recycled every one to=20 > three weeks. Currently the blocklist contains about 3000 ip addresses and=20 > has blocked nearly 2000 smtp auth attempts so far to-day. >=20 > I also use fail2ban and Banish to manage iptables blocks on the firewall. This is kind of a fail2ban but on the firewall. Since this patchset is alread= y so large and there has been a custom blocklist existing before which got re= moved, I would push this project back a little bit until we have a base that = we can add new features to. I am not entirely convinced that this functionality scales well across all us= ers. How would they move the logs to the firewall? We don=E2=80=99t have a si= mple API, but if we did, we would not have a system to authenticated other se= rvers. This would be a project that I would find a little bit more complicate= d and we would need a couple more pieces in the puzzle before we are ready fo= r it. > The last communication I could find between yourself and Tim was in May=20 > 2020. https://lists.ipfire.org/pipermail/development/2020-May/007822.html Thanks for finding this. Indeed the conversation just ended in nothingness du= e to lack of time of everybody I would suspect. I could not find anything on the list that I would consider a blocker. There = are however some smaller things like translations and probably there will be = a couple of minor bugs and some improvements to the look and feel. So, can we start with rebasing the Git branch, please? -Michael > Hope this is useful. >=20 > Rob >=20 >=20 --===============3891260271327961978==--