From mboxrd@z Thu Jan 1 00:00:00 1970 From: Adolf Belka To: development@lists.ipfire.org Subject: Re: ipblacklist V2 Date: Wed, 09 Feb 2022 15:29:32 +0100 Message-ID: <9596b5a7-762e-1cca-17ec-cc43b3d3053e@ipfire.org> In-Reply-To: MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============4617623875174135968==" List-Id: --===============4617623875174135968== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Hi Rob, Good to hear that you had some contact with Tim and he is supportive of you p= icking this up. Just to let you know that this ipblacklist was discussed at the monthly IPFir= e Development Conf call last Monday and your work on this was appreciated. Th= e decision was that it should be a core part of IPFire and not an addon. The = view is that IPFire as a firewall should have everything required for a firew= all available as default. The only things that should be addons are those tha= t are not a core part of a firewall. An ipblacklist is something that should = be available to the firewall as standard. It was also agreed that I should help support you in whatever way I can for t= he patch submission etc, if required. I will separately reply to your earlier e-mail about the various patches. Michael can give any comment he wants with regard to the earlier communicatio= ns. Regards, Adolf. On 09/02/2022 14:23, Rob Brewer wrote: > Hi Michael > > > Michael Tremer wrote: > >> Hello Rob, >> >> Thank you for your interest in working on this. >> >> Yes, I always thought that there was great interest in moving this over >> the line. However, I could not find where we left off here. >> >> There were a couple of outstanding issues that had to be resolved. I just >> couldn=E2=80=99t find my last emails. Are you aware of these? >> > I'm pleased to say I have had an email from Tim and is supportive of my > attempts to progress ipblacklist into IPFire. Tim however says "Between > COVID, my taking on additional responsibilities and the code not being part > of ipfire, it's currently got a very low priority for me." > > Tim pointed me to his git pages where I was able to find most of the code > that I thought was missing from patchwork and is all now installed on my > firewall and is working extremely well. > > You may be interested in one of the modification I have made to ipblacklist, > is to add an additional local blacklist to the sources file to get a > blocklist from a web server on my local network. This is populated by a > script which greps the mail server logs for SMTP Auth attacks and has been > particularly useful in protecting the mail server from a recent botnet > attack where the offending ip addresses have been recycled every one to > three weeks. Currently the blocklist contains about 3000 ip addresses and > has blocked nearly 2000 smtp auth attempts so far to-day. > > I also use fail2ban and Banish to manage iptables blocks on the firewall. > > The last communication I could find between yourself and Tim was in May > 2020. https://lists.ipfire.org/pipermail/development/2020-May/007822.html > > Hope this is useful. > > Rob > > --===============4617623875174135968==--