Re: ipblacklist V2

[Adolf Belka <adolf.belka@ipfire.org>]

[-- Attachment #1: Type: text/plain, Size: 2722 bytes --]

Hi Rob,
Good to hear that you had some contact with Tim and he is supportive of you picking this up.

Just to let you know that this ipblacklist was discussed at the monthly IPFire Development Conf call last Monday and your work on this was appreciated. The decision was that it should be a core part of IPFire and not an addon. The view is that IPFire as a firewall should have everything required for a firewall available as default. The only things that should be addons are those that are not a core part of a firewall. An ipblacklist is something that should be available to the firewall as standard.
It was also agreed that I should help support you in whatever way I can for the patch submission etc, if required.
I will separately reply to your earlier e-mail about the various patches.
Michael can give any comment he wants with regard to the earlier communications.

Regards,

Adolf.


On 09/02/2022 14:23, Rob Brewer wrote:
> Hi Michael
>
>
> Michael Tremer wrote:
>
>> Hello Rob,
>>
>> Thank you for your interest in working on this.
>>
>> Yes, I always thought that there was great interest in moving this over
>> the line. However, I could not find where we left off here.
>>
>> There were a couple of outstanding issues that had to be resolved. I just
>> couldn’t find my last emails. Are you aware of these?
>>
> I'm pleased to say I have had an email from Tim and is supportive of my
> attempts to progress ipblacklist into IPFire. Tim however says "Between
> COVID, my taking on additional responsibilities and the code not being part
> of ipfire, it's currently got a very low priority for me."
>
> Tim pointed me to his git pages where I was able to find most of the code
> that I thought was missing from patchwork and is all now installed on my
> firewall and is working extremely well.
>
> You may be interested in one of the modification I have made to ipblacklist,
> is to add an additional local blacklist to the sources file to get a
> blocklist from a web server on my local network.  This is populated by a
> script which greps the mail server logs for SMTP Auth attacks and has been
> particularly useful in protecting the mail server from a recent botnet
> attack where the offending ip addresses have been recycled every one to
> three weeks. Currently the blocklist contains about 3000 ip addresses and
> has blocked nearly 2000 smtp auth attempts so far to-day.
>
> I also use fail2ban and Banish to manage iptables blocks on the firewall.
>
> The last communication I could find between yourself and Tim was in May
> 2020. https://lists.ipfire.org/pipermail/development/2020-May/007822.html
>
> Hope this is useful.
>
> Rob
>
>