Hello Peter, I've updated the sources file with the corrected DShield url and added the blocklist.de list.  I've also fixed a minor bug preventing unblocking addresses in the automatic blacklist.  Since they're minor changes I'll wait before submitting updated patches in case there's anything else you spot. Tim On 25/11/2019 21:09, Peter Müller wrote: > Hello Tim, > > thank you very much for providing this patchset. After having read > through it, I consider this being an extremely helpful addition to > IPFire, especially when it comes to dropping bogon and unallocated > prefixes - which can be safely enabled by default as far as I am concerned. > > Unfortunately, I am currently busy, so please give me a few days for > having a closer look at all these patches. :-) > > Just a footnote: The DShield/ISC SANS feed is also available at > http://feeds.dshield.org/block.txt , which seems to be the preferred > location for fetching the file (I believe https://www.dshield.org/block.txt > exists for compatibility reasons). > > blocklist.de (https://lists.blocklist.de/lists/all.txt) might be another > interesting data feed; I will hand in patches for it as soon yours > were accepted. > > Many thanks again, and best regards, > Peter Müller > >> Implements downloading of IP address blacklists and implementing >> them as IPSets. A separate IPSet is used for each blacklist; this >> simplifies handling of overlaps between different lists. Traffic >> to or from the red0/ppp0 interface is checked against the IPSets. >> The check is placed before the IPS check as the IPSet check is >> much lighter on CPU use which means that overall CPU use is >> reduced. >> >> The available lists are defined in a separate file. A WUI page >> allows the desired lists to be enabled and the interval between >> checks for updates to be defined. A minimum update check interval >> is defined for each blacklist in the definition file. >> >> Optionally, an automatically updating blacklist can be enabled. >> This adds addresses to an IPSet if the rate of packets dropped by >> the default red0/ppp0 input policy exceeds a user defined threshold. >> The addresses are kept in the IPSet until a user defined period >> without packets from the blocked address has passed. >> >> Tim FitzGeorge (5): >> ipblacklist: Main script >> ipblacklist: WUI and language file >> ipblacklist: Ancillary files >> ipblacklist: Modifications to system >> ipblacklist: Build infrastructure >> >> config/backup/backup.pl | 1 + >> config/backup/include | 2 + >> config/firewall/firewall-policy | 5 + >> config/ipblacklist/sources | 151 +++ >> config/logwatch/ipblacklist | 103 ++ >> config/logwatch/ipblacklist.conf | 34 + >> config/menu/50-firewall.menu | 5 + >> config/rootfiles/common/aarch64/stage2 | 1 + >> config/rootfiles/common/configroot | 2 + >> config/rootfiles/common/ipblacklist-sources | 1 + >> config/rootfiles/common/logwatch | 2 + >> config/rootfiles/common/misc-progs | 2 + >> config/rootfiles/common/stage2 | 1 + >> config/rootfiles/common/web-user-interface | 1 + >> config/rootfiles/common/x86_64/stage2 | 1 + >> html/cgi-bin/ipblacklist.cgi | 725 +++++++++++++ >> html/cgi-bin/logs.cgi/log.dat | 2 + >> langs/en/cgi-bin/en.pl | 31 + >> lfs/configroot | 4 +- >> lfs/ipblacklist-sources | 53 + >> lfs/logwatch | 2 + >> make.sh | 11 +- >> src/initscripts/system/firewall | 20 + >> src/misc-progs/Makefile | 2 +- >> src/misc-progs/getipsetstat.c | 28 + >> src/misc-progs/ipblacklistctrl.c | 52 + >> src/scripts/ipblacklist | 1558 +++++++++++++++++++++++++++ >> 27 files changed, 2792 insertions(+), 8 deletions(-) >> create mode 100644 config/ipblacklist/sources >> create mode 100644 config/logwatch/ipblacklist >> create mode 100644 config/logwatch/ipblacklist.conf >> create mode 100644 config/rootfiles/common/ipblacklist-sources >> create mode 100644 html/cgi-bin/ipblacklist.cgi >> create mode 100644 lfs/ipblacklist-sources >> create mode 100644 src/misc-progs/getipsetstat.c >> create mode 100644 src/misc-progs/ipblacklistctrl.c >> create mode 100755 src/scripts/ipblacklist >>