Banish add-on for ipblocklist.

Banish add-on for ipblocklist.

[Rob Brewer]

[-- Attachment #1: Type: text/plain, Size: 1900 bytes --]

Hi all,

I have uploaded my new version of Banish as an add-on to ipblocklist which 
uses ipset from ipblocklist instead of the original iptables making updating 
large blocklists considerably faster.

If you are new to Banish it allows you to maintain a personalized blocklist 
which can consist of ip-address, ip-address-ranges. cidr or fqdns. I have 
removed the facility of adding mac address to be compatible with 
ipblocklist.

The use of fqdn should however be avoided as many abusive domains are now 
multi homed and evade simple dns lookup s to get ip ranges. I have been 
looking at using AS numbers for future issues, however I retained this 
facility in this version for backwards compatibility with my earlier 
version.

I have been running this version with Tims original ipblacklist for several 
weeks now and have carried out some testing with ipblocklist and should be 
transparent between the 2 versions.

In operation the Banish address list is converted to a net hash of 
individual ip address or cidrs and drops the processed banish_list into 
/srv/web/ipfire/html/ where it is collected by ipblocklist. In the current 
version of ipblocklist this may be a slow process as it can only update 
1/hour. I believe this will be increased to 15 minutes in later versions.

I have also included a Banish-functions.pl file which as a replacement for 
some of the functions in general-functions.pl as some of the functions in 
the ipfire version are broken.

In operation I find Banish as a complement to Location Block in banning 
abusive domains such as spam domains and port scanners when banning complete 
countries isn't possible.

This is an add-on for ipblocklist so make sure you load this first.
https://people.ipfire.org/~stevee/ipblocklist/ipblocklist-001.tar.gz

https://people.ipfire.org/~helix/banish/Banish-001.tar.gz
https://people.ipfire.org/~helix/banish/README

Rob

Re: Banish add-on for ipblocklist.

[Michael Tremer]

[-- Attachment #1: Type: text/plain, Size: 2592 bytes --]

Hello Rob,

Thanks for posting this.

I do not quite understand at the moment what the role of this add-on could/should be?

Does it complement the current IP blocklist feature that is in the works, or is it an alternative implementation?

Does it have features that should be merged together with the IP blocklist feature, or does it practically offer the same features and you uploaded it for reference/inspiration - and because it works already? :)

-Michael

> On 24 May 2022, at 21:58, Rob Brewer <ipfire-devel(a)grantura.co.uk> wrote:
> 
> Hi all,
> 
> I have uploaded my new version of Banish as an add-on to ipblocklist which 
> uses ipset from ipblocklist instead of the original iptables making updating 
> large blocklists considerably faster.
> 
> If you are new to Banish it allows you to maintain a personalized blocklist 
> which can consist of ip-address, ip-address-ranges. cidr or fqdns. I have 
> removed the facility of adding mac address to be compatible with 
> ipblocklist.
> 
> The use of fqdn should however be avoided as many abusive domains are now 
> multi homed and evade simple dns lookup s to get ip ranges. I have been 
> looking at using AS numbers for future issues, however I retained this 
> facility in this version for backwards compatibility with my earlier 
> version.
> 
> I have been running this version with Tims original ipblacklist for several 
> weeks now and have carried out some testing with ipblocklist and should be 
> transparent between the 2 versions.
> 
> In operation the Banish address list is converted to a net hash of 
> individual ip address or cidrs and drops the processed banish_list into 
> /srv/web/ipfire/html/ where it is collected by ipblocklist. In the current 
> version of ipblocklist this may be a slow process as it can only update 
> 1/hour. I believe this will be increased to 15 minutes in later versions.
> 
> I have also included a Banish-functions.pl file which as a replacement for 
> some of the functions in general-functions.pl as some of the functions in 
> the ipfire version are broken.
> 
> In operation I find Banish as a complement to Location Block in banning 
> abusive domains such as spam domains and port scanners when banning complete 
> countries isn't possible.
> 
> This is an add-on for ipblocklist so make sure you load this first.
> https://people.ipfire.org/~stevee/ipblocklist/ipblocklist-001.tar.gz
> 
> https://people.ipfire.org/~helix/banish/Banish-001.tar.gz
> https://people.ipfire.org/~helix/banish/README
> 
> Rob
> 
> 

Re: Banish add-on for ipblocklist.

[Rob Brewer]

[-- Attachment #1: Type: text/plain, Size: 4106 bytes --]

Hi Michael

On Wednesday 25 May 2022 11:08 Michael Tremer wrote:

> Hello Rob,
> 
> Thanks for posting this.
> 
> I do not quite understand at the moment what the role of this add-on
> could/should be?
> 
it adds a user configurable blocklist to the ipblocklist menu. The Banish 
blocklist is configured with ip-address information from a separate GUI menu 
in IPFire.

> Does it complement the current IP blocklist feature that is in the works,
> or is it an alternative implementation?
> 
Yes it complements the ipblocklist feature as this version does not run 
without ipblocklist installed.

This implementation was intended to be a 'light touch' on IPFire and the 
only a modified sources list is required to ipblocklist to introduce the new 
resource and modifications to the IPFire Menu items.

Originally Banish generated numerous iptables entries and became very slow 
to update (I use a Banish blocklist list of about 250 cidr and ip-ranges 
entries). This version moves the Banish blocklist to ipset and is 
considerably faster to update than the IPTABLES version.

> Does it have features that should be merged together with the IP blocklist
> feature, or does it practically offer the same features and you uploaded
> it for reference/inspiration - and because it works already? :)
> 
> -Michael

I uploaded it because others may find it a useful addition to ipblocklist as 
I find it an invaluable feature.

I use Banish as a personalized blocklist to prevent rouge domains from 
attacking my mail server.

I could have made this version of Banish a stand alone ipset addon similar 
to the Location Block feature. However this would require significant 
changes to IPFire's infrastructure which may well be overwritten during 
upgrades.

If there is a positive reception to Banish it may be worth considering 
merging it with ipblacklist or a stand alone feature. I find it very useful 
but others may be more skeptical, hopefully some users will try it and make 
their views known.

Rob


> 
>> On 24 May 2022, at 21:58, Rob Brewer <ipfire-devel(a)grantura.co.uk> wrote:
>> 
>> Hi all,
>> 
>> I have uploaded my new version of Banish as an add-on to ipblocklist
>> which uses ipset from ipblocklist instead of the original iptables making
>> updating large blocklists considerably faster.
>> 
>> If you are new to Banish it allows you to maintain a personalized
>> blocklist which can consist of ip-address, ip-address-ranges. cidr or
>> fqdns. I have removed the facility of adding mac address to be compatible
>> with ipblocklist.
>> 
>> The use of fqdn should however be avoided as many abusive domains are now
>> multi homed and evade simple dns lookup s to get ip ranges. I have been
>> looking at using AS numbers for future issues, however I retained this
>> facility in this version for backwards compatibility with my earlier
>> version.
>> 
>> I have been running this version with Tims original ipblacklist for
>> several weeks now and have carried out some testing with ipblocklist and
>> should be transparent between the 2 versions.
>> 
>> In operation the Banish address list is converted to a net hash of
>> individual ip address or cidrs and drops the processed banish_list into
>> /srv/web/ipfire/html/ where it is collected by ipblocklist. In the
>> current version of ipblocklist this may be a slow process as it can only
>> update 1/hour. I believe this will be increased to 15 minutes in later
>> versions.
>> 
>> I have also included a Banish-functions.pl file which as a replacement
>> for some of the functions in general-functions.pl as some of the
>> functions in the ipfire version are broken.
>> 
>> In operation I find Banish as a complement to Location Block in banning
>> abusive domains such as spam domains and port scanners when banning
>> complete countries isn't possible.
>> 
>> This is an add-on for ipblocklist so make sure you load this first.
>> https://people.ipfire.org/~stevee/ipblocklist/ipblocklist-001.tar.gz
>> 
>> https://people.ipfire.org/~helix/banish/Banish-001.tar.gz
>> https://people.ipfire.org/~helix/banish/README
>> 
>> Rob
>> 
>>

Re: Banish add-on for ipblocklist.

[Michael Tremer]

[-- Attachment #1: Type: text/plain, Size: 4568 bytes --]

Cool. Thank you for answering those questions for me.

Is the source available in a Git repository somewhere?

-Michael

> On 25 May 2022, at 13:42, Rob Brewer <ipfire-devel(a)grantura.co.uk> wrote:
> 
> Hi Michael
> 
> On Wednesday 25 May 2022 11:08 Michael Tremer wrote:
> 
>> Hello Rob,
>> 
>> Thanks for posting this.
>> 
>> I do not quite understand at the moment what the role of this add-on
>> could/should be?
>> 
> it adds a user configurable blocklist to the ipblocklist menu. The Banish 
> blocklist is configured with ip-address information from a separate GUI menu 
> in IPFire.
> 
>> Does it complement the current IP blocklist feature that is in the works,
>> or is it an alternative implementation?
>> 
> Yes it complements the ipblocklist feature as this version does not run 
> without ipblocklist installed.
> 
> This implementation was intended to be a 'light touch' on IPFire and the 
> only a modified sources list is required to ipblocklist to introduce the new 
> resource and modifications to the IPFire Menu items.
> 
> Originally Banish generated numerous iptables entries and became very slow 
> to update (I use a Banish blocklist list of about 250 cidr and ip-ranges 
> entries). This version moves the Banish blocklist to ipset and is 
> considerably faster to update than the IPTABLES version.
> 
>> Does it have features that should be merged together with the IP blocklist
>> feature, or does it practically offer the same features and you uploaded
>> it for reference/inspiration - and because it works already? :)
>> 
>> -Michael
> 
> I uploaded it because others may find it a useful addition to ipblocklist as 
> I find it an invaluable feature.
> 
> I use Banish as a personalized blocklist to prevent rouge domains from 
> attacking my mail server.
> 
> I could have made this version of Banish a stand alone ipset addon similar 
> to the Location Block feature. However this would require significant 
> changes to IPFire's infrastructure which may well be overwritten during 
> upgrades.
> 
> If there is a positive reception to Banish it may be worth considering 
> merging it with ipblacklist or a stand alone feature. I find it very useful 
> but others may be more skeptical, hopefully some users will try it and make 
> their views known.
> 
> Rob
> 
> 
>> 
>>> On 24 May 2022, at 21:58, Rob Brewer <ipfire-devel(a)grantura.co.uk> wrote:
>>> 
>>> Hi all,
>>> 
>>> I have uploaded my new version of Banish as an add-on to ipblocklist
>>> which uses ipset from ipblocklist instead of the original iptables making
>>> updating large blocklists considerably faster.
>>> 
>>> If you are new to Banish it allows you to maintain a personalized
>>> blocklist which can consist of ip-address, ip-address-ranges. cidr or
>>> fqdns. I have removed the facility of adding mac address to be compatible
>>> with ipblocklist.
>>> 
>>> The use of fqdn should however be avoided as many abusive domains are now
>>> multi homed and evade simple dns lookup s to get ip ranges. I have been
>>> looking at using AS numbers for future issues, however I retained this
>>> facility in this version for backwards compatibility with my earlier
>>> version.
>>> 
>>> I have been running this version with Tims original ipblacklist for
>>> several weeks now and have carried out some testing with ipblocklist and
>>> should be transparent between the 2 versions.
>>> 
>>> In operation the Banish address list is converted to a net hash of
>>> individual ip address or cidrs and drops the processed banish_list into
>>> /srv/web/ipfire/html/ where it is collected by ipblocklist. In the
>>> current version of ipblocklist this may be a slow process as it can only
>>> update 1/hour. I believe this will be increased to 15 minutes in later
>>> versions.
>>> 
>>> I have also included a Banish-functions.pl file which as a replacement
>>> for some of the functions in general-functions.pl as some of the
>>> functions in the ipfire version are broken.
>>> 
>>> In operation I find Banish as a complement to Location Block in banning
>>> abusive domains such as spam domains and port scanners when banning
>>> complete countries isn't possible.
>>> 
>>> This is an add-on for ipblocklist so make sure you load this first.
>>> https://people.ipfire.org/~stevee/ipblocklist/ipblocklist-001.tar.gz
>>> 
>>> https://people.ipfire.org/~helix/banish/Banish-001.tar.gz
>>> https://people.ipfire.org/~helix/banish/README
>>> 
>>> Rob
>>> 
>>> 
> 

Re: Banish add-on for ipblocklist.

[Rob Brewer]

[-- Attachment #1: Type: text/plain, Size: 4749 bytes --]

On Wednesday 25 May 2022 16:27 Michael Tremer wrote:

> Cool. Thank you for answering those questions for me.
> 
> Is the source available in a Git repository somewhere?
> 
> -Michael
> 
Yes, I'll upload the source to my repository but have a look in the tar 
archive in the meantime, it will be much the same.

Rob

>> On 25 May 2022, at 13:42, Rob Brewer <ipfire-devel(a)grantura.co.uk> wrote:
>> 
>> Hi Michael
>> 
>> On Wednesday 25 May 2022 11:08 Michael Tremer wrote:
>> 
>>> Hello Rob,
>>> 
>>> Thanks for posting this.
>>> 
>>> I do not quite understand at the moment what the role of this add-on
>>> could/should be?
>>> 
>> it adds a user configurable blocklist to the ipblocklist menu. The Banish
>> blocklist is configured with ip-address information from a separate GUI
>> menu in IPFire.
>> 
>>> Does it complement the current IP blocklist feature that is in the
>>> works, or is it an alternative implementation?
>>> 
>> Yes it complements the ipblocklist feature as this version does not run
>> without ipblocklist installed.
>> 
>> This implementation was intended to be a 'light touch' on IPFire and the
>> only a modified sources list is required to ipblocklist to introduce the
>> new resource and modifications to the IPFire Menu items.
>> 
>> Originally Banish generated numerous iptables entries and became very
>> slow to update (I use a Banish blocklist list of about 250 cidr and
>> ip-ranges entries). This version moves the Banish blocklist to ipset and
>> is considerably faster to update than the IPTABLES version.
>> 
>>> Does it have features that should be merged together with the IP
>>> blocklist feature, or does it practically offer the same features and
>>> you uploaded it for reference/inspiration - and because it works
>>> already? :)
>>> 
>>> -Michael
>> 
>> I uploaded it because others may find it a useful addition to ipblocklist
>> as I find it an invaluable feature.
>> 
>> I use Banish as a personalized blocklist to prevent rouge domains from
>> attacking my mail server.
>> 
>> I could have made this version of Banish a stand alone ipset addon
>> similar to the Location Block feature. However this would require
>> significant changes to IPFire's infrastructure which may well be
>> overwritten during upgrades.
>> 
>> If there is a positive reception to Banish it may be worth considering
>> merging it with ipblacklist or a stand alone feature. I find it very
>> useful but others may be more skeptical, hopefully some users will try it
>> and make their views known.
>> 
>> Rob
>> 
>> 
>>> 
>>>> On 24 May 2022, at 21:58, Rob Brewer <ipfire-devel(a)grantura.co.uk>
>>>> wrote:
>>>> 
>>>> Hi all,
>>>> 
>>>> I have uploaded my new version of Banish as an add-on to ipblocklist
>>>> which uses ipset from ipblocklist instead of the original iptables
>>>> making updating large blocklists considerably faster.
>>>> 
>>>> If you are new to Banish it allows you to maintain a personalized
>>>> blocklist which can consist of ip-address, ip-address-ranges. cidr or
>>>> fqdns. I have removed the facility of adding mac address to be
>>>> compatible with ipblocklist.
>>>> 
>>>> The use of fqdn should however be avoided as many abusive domains are
>>>> now multi homed and evade simple dns lookup s to get ip ranges. I have
>>>> been looking at using AS numbers for future issues, however I retained
>>>> this facility in this version for backwards compatibility with my
>>>> earlier version.
>>>> 
>>>> I have been running this version with Tims original ipblacklist for
>>>> several weeks now and have carried out some testing with ipblocklist
>>>> and should be transparent between the 2 versions.
>>>> 
>>>> In operation the Banish address list is converted to a net hash of
>>>> individual ip address or cidrs and drops the processed banish_list into
>>>> /srv/web/ipfire/html/ where it is collected by ipblocklist. In the
>>>> current version of ipblocklist this may be a slow process as it can
>>>> only update 1/hour. I believe this will be increased to 15 minutes in
>>>> later versions.
>>>> 
>>>> I have also included a Banish-functions.pl file which as a replacement
>>>> for some of the functions in general-functions.pl as some of the
>>>> functions in the ipfire version are broken.
>>>> 
>>>> In operation I find Banish as a complement to Location Block in banning
>>>> abusive domains such as spam domains and port scanners when banning
>>>> complete countries isn't possible.
>>>> 
>>>> This is an add-on for ipblocklist so make sure you load this first.
>>>> https://people.ipfire.org/~stevee/ipblocklist/ipblocklist-001.tar.gz
>>>> 
>>>> https://people.ipfire.org/~helix/banish/Banish-001.tar.gz
>>>> https://people.ipfire.org/~helix/banish/README
>>>> 
>>>> Rob
>>>> 
>>>> 
>>