From mboxrd@z Thu Jan  1 00:00:00 1970
From: Michael Tremer <michael.tremer@ipfire.org>
To: development@lists.ipfire.org
Subject: Re: [PATCH v2 0/8] ipblacklist: IP Address Blacklists
Date: Sat, 16 May 2020 10:40:32 +0100
Message-ID: <B9BF1608-6C23-43FE-A4EE-6BE8CC9AE8BD@ipfire.org>
In-Reply-To: <20200427143123.6378-1-ipfr@tfitzgeorge.me.uk>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============1247106986592085024=="
List-Id: <development.lists.ipfire.org>

--===============1247106986592085024==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable

Hi Tim,

This has now been sitting in my inbox for almost a month. Nobody else has com=
mented on it.

I tried a couple of times to review this, but I do not even know where to sta=
rt. This patch is just too large.

First of all, although it is split across multiple patches, it is one large p=
atch. It is not split by changes that belong together, but just one patch per=
 file.

I have no idea what has changed since I last time looked at the code. It has =
been months since the previous patchset and I do not remember each individual=
 line.

You Git repository also does not have any changes any more. The branch has be=
en reset.

Are you able to send a diff with the changes since the first patchset?

How can we finally bring this into the distribution?

Best,
-Michael

> On 27 Apr 2020, at 15:31, Tim FitzGeorge <ipfr(a)tfitzgeorge.me.uk> wrote:
>=20
> Implements downloading of IP address blacklists and implementing
> them as IPSets.  A separate IPSet is used for each blacklist; this
> simplifies handling of overlaps between different lists.  Traffic
> to or from the red0/ppp0 interface is checked against the IPSets.
> The check is placed before the IPS check as the IPSet check is
> much lighter on CPU use which means that overall CPU use is
> reduced.
>=20
> The available lists are defined in a separate file.  A WUI page
> allows the desired lists to be enabled.  A minimum update check
> interval is defined for each blacklist in the definition file.
>=20
> Changes since Version 1:
>=20
> - Changed Dshield download URL to preferred address.
> - Removed Abuse.ch blacklist (discontinued).
> - Removed Talos Malicious blacklist (not for production use).
> - Added Feodo recommended blacklist.
> - Added blocklist.de all blacklist.
> - Updated ignored messages in logwatch.
> - Modified sources file 'rate' to allow unit to be specified.
> - Updated sources file 'disable' to allow list to be specified.
> - Removed autoblacklist.
> - Added WUI log pages.
> - Removed status from settings WUI page.
>=20
> Tim FitzGeorge (8):
>  ipblacklist: Main script
>  ipblacklist: WUI Settings page
>  ipblacklist: WUI Log page
>  ipblacklist: WUI Log details page
>  ipblacklist: WUI menus, language file etc
>  ipblacklist: Ancillary files
>  ipblacklist: Modifications to system
>  ipblacklist: Build infrastructure
>=20
> config/backup/backup.pl                            |    1 +
> config/backup/include                              |    2 +
> config/ipblacklist/sources                         |  138 ++
> config/logwatch/ipblacklist                        |  105 ++
> config/logwatch/ipblacklist.conf                   |   34 +
> config/menu/50-firewall.menu                       |    5 +
> config/menu/70-log.menu                            |    5 +
> config/rootfiles/common/aarch64/stage2             |    1 +
> config/rootfiles/common/configroot                 |    2 +
> config/rootfiles/common/ipblacklist-sources        |    1 +
> config/rootfiles/common/logwatch                   |    2 +
> config/rootfiles/common/misc-progs                 |    2 +
> config/rootfiles/common/stage2                     |    1 +
> config/rootfiles/common/web-user-interface         |    3 +
> config/rootfiles/common/x86_64/stage2              |    1 +
> html/cgi-bin/ipblacklist.cgi                       |  463 +++++++
> html/cgi-bin/logs.cgi/ipblacklists.dat             |  363 +++++
> html/cgi-bin/logs.cgi/log.dat                      |    2 +
> html/cgi-bin/logs.cgi/showrequestfromblacklist.dat |  415 ++++++
> langs/en/cgi-bin/en.pl                             |   27 +-
> lfs/configroot                                     |    4 +-
> lfs/ipblacklist-sources                            |   53 +
> lfs/logwatch                                       |    2 +
> make.sh                                            |    1 +
> src/initscripts/system/firewall                    |   12 +
> src/misc-progs/Makefile                            |    2 +-
> src/misc-progs/getipsetstat.c                      |   25 +
> src/misc-progs/ipblacklistctrl.c                   |   48 +
> src/scripts/ipblacklist                            | 1382 +++++++++++++++++=
+++
> 29 files changed, 3098 insertions(+), 4 deletions(-)
> create mode 100644 config/ipblacklist/sources
> create mode 100644 config/logwatch/ipblacklist
> create mode 100644 config/logwatch/ipblacklist.conf
> create mode 100644 config/rootfiles/common/ipblacklist-sources
> create mode 100644 html/cgi-bin/ipblacklist.cgi
> create mode 100755 html/cgi-bin/logs.cgi/ipblacklists.dat
> create mode 100755 html/cgi-bin/logs.cgi/showrequestfromblacklist.dat
> create mode 100644 lfs/ipblacklist-sources
> create mode 100644 src/misc-progs/getipsetstat.c
> create mode 100644 src/misc-progs/ipblacklistctrl.c
> create mode 100755 src/scripts/ipblacklist
>=20
> --=20
> 2.16.4
>=20


--===============1247106986592085024==--