Re: ipblacklist V2

[Stefan Schantl <stefan.schantl@ipfire.org>]

[-- Attachment #1: Type: text/plain, Size: 3626 bytes --]

Hello *,

I've made some development progress, which I want to share here:

Most parts of the main backend script ("ipblacklist") from Tim and Rob
are ported into a new functions library (ipblocklist-functions.pl) and
into the main firewall script (rules.pl).

This process is almost finished and currently allows to create the
firewall rules, download the blocklists and to convert them into an
ipset compatible format.

Next step will be to import the frontend code (WUI) and adjust it to
use the backend code (functions) from the "ipblocklist-functions.pl".

At this time the blocklist feature should be in a use-able state again
and I'll go to create an automatic update script and to import all the
logging pages stuff etc.

The development progress and single commits can be found here:

https://git.ipfire.org/?p=people/stevee/ipfire-2.x.git;a=shortlog;h=refs/heads/ipblocklist

As usual please feel free to ask any questions or to share your opinion
here.

I wish you a nice day,

-Stefan
> Hello Rob, Hello Tim, Hello *,
> 
> as anounced on this list, I'm currently working on getting the
> ipblacklist feature as a core component into IPFire.
> 
> I already had a look on the code, which looks nice and very clean to
> me. As I'm currently also working on getting all ipset related set
> stuff and rule creation under one hood, this perfectly fits to this.
> 
> So my idea to put the ipblacklist feature over the line, was to split
> some parts of the ipblacklist "main script" (especially the ipset and
> iptables related stuff) into the perl-based script which is
> responsible
> for iptables rule creation.
> 
> In this case some other parts of the script (which where necessary in
> the past, because ipblacklist initial has been designed as an addon)
> also can be stipped.
> 
> Affected parts for example would be the "start", "stop", "enable" and
> "disable" code, which is not longer required and therefore safely can
> be dropped.
> 
> In the very end the main task for the script would be to download,
> update, convert and store the blacklists into an ipset compatible
> format.
> 
> Apart from this, I currently do not see any bigger changes for the
> WUI
> related stuff.
> 
> @Tim: I hope these changes are okay for you.
> 
> Getting started, I noticed, that there currently are two git
> repositories available, which contain the source for ipblacklist.
> 
> There is the origin one from Tim and a slightly modified (fixed) v3
> version from Rob. I' currently trying to determine, which one would
> be
> the best to start from - are there any deeper changes/differences
> between them?
> 
> Please feel free to ask any kind of questions or share you opinion.
> As
> usual, I'll share any progress here.
> 
> Best regards,
> 
> -Stefan 
> > Hi.
> > 
> > I have been looking at Tim FitzGeorge's code for ipblacklist v2 on 
> > https://patchwork.ipfire.org/project/ipfire/list/?series=1215 to
> > see
> > if I 
> > can help progress its incorporation into IPFire.
> > After I extracted the programs from Patchwork I have been able to
> > build them 
> > into my firewall where they are running very successfully.
> > The code on the server seems to be in good shape and apart from a
> > few
> > small 
> > patches and additions of a few missing scripts I think it could be 
> > successfully introduced into the IPFire code base.
> > I am more than happy to help in seeing this process carried out but
> > need to 
> > know if this is acceptable to yourselves.
> > 
> > Regards
> > Rob Brewer
> 
>