Re: Banish add-on for ipblocklist.

[Michael Tremer <michael.tremer@ipfire.org>]

[-- Attachment #1: Type: text/plain, Size: 2592 bytes --]

Hello Rob,

Thanks for posting this.

I do not quite understand at the moment what the role of this add-on could/should be?

Does it complement the current IP blocklist feature that is in the works, or is it an alternative implementation?

Does it have features that should be merged together with the IP blocklist feature, or does it practically offer the same features and you uploaded it for reference/inspiration - and because it works already? :)

-Michael

> On 24 May 2022, at 21:58, Rob Brewer <ipfire-devel(a)grantura.co.uk> wrote:
> 
> Hi all,
> 
> I have uploaded my new version of Banish as an add-on to ipblocklist which 
> uses ipset from ipblocklist instead of the original iptables making updating 
> large blocklists considerably faster.
> 
> If you are new to Banish it allows you to maintain a personalized blocklist 
> which can consist of ip-address, ip-address-ranges. cidr or fqdns. I have 
> removed the facility of adding mac address to be compatible with 
> ipblocklist.
> 
> The use of fqdn should however be avoided as many abusive domains are now 
> multi homed and evade simple dns lookup s to get ip ranges. I have been 
> looking at using AS numbers for future issues, however I retained this 
> facility in this version for backwards compatibility with my earlier 
> version.
> 
> I have been running this version with Tims original ipblacklist for several 
> weeks now and have carried out some testing with ipblocklist and should be 
> transparent between the 2 versions.
> 
> In operation the Banish address list is converted to a net hash of 
> individual ip address or cidrs and drops the processed banish_list into 
> /srv/web/ipfire/html/ where it is collected by ipblocklist. In the current 
> version of ipblocklist this may be a slow process as it can only update 
> 1/hour. I believe this will be increased to 15 minutes in later versions.
> 
> I have also included a Banish-functions.pl file which as a replacement for 
> some of the functions in general-functions.pl as some of the functions in 
> the ipfire version are broken.
> 
> In operation I find Banish as a complement to Location Block in banning 
> abusive domains such as spam domains and port scanners when banning complete 
> countries isn't possible.
> 
> This is an add-on for ipblocklist so make sure you load this first.
> https://people.ipfire.org/~stevee/ipblocklist/ipblocklist-001.tar.gz
> 
> https://people.ipfire.org/~helix/banish/Banish-001.tar.gz
> https://people.ipfire.org/~helix/banish/README
> 
> Rob
> 
>