From mboxrd@z Thu Jan 1 00:00:00 1970 From: Michael Tremer To: development@lists.ipfire.org Subject: Re: Banish add-on for ipblocklist. Date: Wed, 25 May 2022 11:08:01 +0100 Message-ID: <585544CB-388A-4175-9CF9-4361F57DCAF9@ipfire.org> In-Reply-To: MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============5525053417756666628==" List-Id: --===============5525053417756666628== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Hello Rob, Thanks for posting this. I do not quite understand at the moment what the role of this add-on could/sh= ould be? Does it complement the current IP blocklist feature that is in the works, or = is it an alternative implementation? Does it have features that should be merged together with the IP blocklist fe= ature, or does it practically offer the same features and you uploaded it for= reference/inspiration - and because it works already? :) -Michael > On 24 May 2022, at 21:58, Rob Brewer wrote: >=20 > Hi all, >=20 > I have uploaded my new version of Banish as an add-on to ipblocklist which = > uses ipset from ipblocklist instead of the original iptables making updatin= g=20 > large blocklists considerably faster. >=20 > If you are new to Banish it allows you to maintain a personalized blocklist= =20 > which can consist of ip-address, ip-address-ranges. cidr or fqdns. I have=20 > removed the facility of adding mac address to be compatible with=20 > ipblocklist. >=20 > The use of fqdn should however be avoided as many abusive domains are now=20 > multi homed and evade simple dns lookup s to get ip ranges. I have been=20 > looking at using AS numbers for future issues, however I retained this=20 > facility in this version for backwards compatibility with my earlier=20 > version. >=20 > I have been running this version with Tims original ipblacklist for several= =20 > weeks now and have carried out some testing with ipblocklist and should be = > transparent between the 2 versions. >=20 > In operation the Banish address list is converted to a net hash of=20 > individual ip address or cidrs and drops the processed banish_list into=20 > /srv/web/ipfire/html/ where it is collected by ipblocklist. In the current = > version of ipblocklist this may be a slow process as it can only update=20 > 1/hour. I believe this will be increased to 15 minutes in later versions. >=20 > I have also included a Banish-functions.pl file which as a replacement for = > some of the functions in general-functions.pl as some of the functions in=20 > the ipfire version are broken. >=20 > In operation I find Banish as a complement to Location Block in banning=20 > abusive domains such as spam domains and port scanners when banning complet= e=20 > countries isn't possible. >=20 > This is an add-on for ipblocklist so make sure you load this first. > https://people.ipfire.org/~stevee/ipblocklist/ipblocklist-001.tar.gz >=20 > https://people.ipfire.org/~helix/banish/Banish-001.tar.gz > https://people.ipfire.org/~helix/banish/README >=20 > Rob >=20 >=20 --===============5525053417756666628==--