Hi Tim, Good to see your posing here. On Saturday 12 February 2022 21:29 Tim FitzGeorge wrote: > This sounds as if it does the same sort of thing as something I had in my first patchset. I added an extra rule to the input policy chain that added the address to an ipset if the number of dropped packets exceeded a threshold. This runs completely within iptables/ipset. > > iptables( "-I ${autoblacklist}_BLOCK -m set --match-set $autoblacklist src -j SET --add-set $autoblacklist src --exist" ); > iptables( "-I ${autoblacklist}_BLOCK -m set --match-set $autoblacklist dst -j SET --add-set $autoblacklist dst --exist" ); > iptables( "-I POLICYIN 1 -i $red_iface -m hashlimit --hashlimit-mode srcip --hashlimit-above $settings{BLOCK_THRESHOLD}/hour --hashlimit-name $autoblacklist -j SET --add-set $autoblacklist src" ); > Aotoblacklist looks like a useful addition. Why did you drop t? >>>> >>> There are a couple of points we need to consider: >>> >>> 1) IPBlacklist does not work very well if Tim's ipfblocklist add-on is also >>> installed. My view is that the add-on should be removed before IPBlacklist >>> can be applied. Can the add-on be automatically removed on installaion and >>> should we transfer the settings info from ipfbocklist to ipblacklist? >> >> Yes, in theory we could remove any old files in the updater and install our own ones. >> There are a couple of errors on your uninstall-blocklist.sh script which leaves some files behind when it is run. I can send you a patch for this if it is of help. >>> 2) I added a init script to my firewall which doesn't seem to be present on >>> Tim's patches. I'm not sure if this is needed as it will be started by fcron >>> or changes made in the WUI but won't be instantly available on re-boot. Do >>> you have any thoughts on this? >> > > I don't think this is needed - the change to the firewall init script should call the ipblacklist script at the correct time. I hadn't noticed the last few lines in your firewall init script which my init script duplicates. So I agree my addition isn't needed. I have started producing the v3 patches requested by the devs, but apart from the couple of changes needed to ipblacklists.dat I think they will be almost identical to your v2 patches. Rob