Re: ipblacklist V2

[Rob Brewer <ipfire-devel@grantura.co.uk>]

[-- Attachment #1: Type: text/plain, Size: 4909 bytes --]

Hi Stefan,

Thank you for your update.

As you probably realize I have ben using  Tim's IPblacklist software modified 
with the below changes for the past few weeks without problems so when it is 
released into IPFire, I wouldn't expect there to be any problems. Do you have an 
idea of the release issue you are aiming for for the IPFire version?

I have now integrated my ported Banish addon into IPblacklist which allows the 
user to maintain a personnel GUI based  Banish list through the IPBlacklist 
interface which I find extremely useful. It updates considerably faster now it 
is using ipset rather than the original IPTables. I'll add the details to my git 
pages in the next few days.


Rob


On Sunday 03 April 2022 10:16 Stefan Schantl wrote:

> Hello Rob and list,
> 
> sorry for the long delay. Finally all major problems around the
> latest IDS improvements and the release around them has passed, so
> let's get back to the ipblocklist feature.
> 
>> On Monday 07 March 2022 22:54 Rob Brewer wrote:
>> 
>> > On Monday 07 March 2022 20:39 Michael Tremer wrote:
>> > 
>> > > Hello Rob,
>> > > 
>> > > > On 5 Mar 2022, at 21:46, Rob Brewer <
>> > > > ipfire-devel(a)grantura.co.uk> wrote:
>> > > > 
>> > > > Hi Stefan
>> > > > 
>> > > > On Saturday 05 March 2022 18:52 Stefan Schantl wrote:
>> > > > 
>> > > > > Hello *,
>> > > > > 
>> > > > > I've made some development progress, which I want to share
>> > > > > here:
>> > > > > 
>> > > > > Most parts of the main backend script ("ipblacklist") from
>> > > > > Tim and Rob
>> > > > > are ported into a new functions library (ipblocklist-
>> > > > > functions.pl) and
>> > > > > into the main firewall script (rules.pl).
>> > > > > 
>> > > > Good
>> > > > > This process is almost finished and currently allows to
>> > > > > create the
>> > > > > firewall rules, download the blocklists and to convert them
>> > > > > into an
>> > > > > ipset compatible format.
>> > > > > 
>> > > > > Next step will be to import the frontend code (WUI) and
>> > > > > adjust it to
>> > > > > use the backend code (functions) from the "ipblocklist-
>> > > > > functions.pl".
>> > > > > 
>> > > > > At this time the blocklist feature should be in a use-able
>> > > > > state again
>> > > > > and I'll go to create an automatic update script and to
>> > > > > import all the
>> > > > > logging pages stuff etc.
>> > > > > 
>> > > > > The development progress and single commits can be found
>> > > > > here:
>> > > > > 
>> > > > > 
>> > > >  
>> > > > 
https://git.ipfire.org/?p=people/stevee/ipfire-2.x.git;a=shortlog;h=refs/heads/ipblocklist
>> > > > > 
>> > > > > As usual please feel free to ask any questions or to share
>> > > > > your opinion
>> > > > > here.
>> > > > > 
>> > > > > I wish you a nice day,
>> > > > > 
>> > > > > -Stefan
>> > > > Great progress. I did find a bug I introduced when I modified
>> > > > the
>> > > > ipblacklist V2 perl script to add a space after the log-prefix
>> > > > BLKLST entry
>> > > > to make the logs compatible with other log-prefixes.
>> > > > This affected showrequestfromblacklist.dat and the modified
>> > > > version
>> > > > 'modified regex for V3 log-prefix added space' should be used.
>> > > > 
>> > > >  
>> > > > 
https://git.ipfire.org/?p=people/helix/ipfire-2.x.git;a=commit;h=2ccc47f1944fcf1f8eec8ad132fa606081b21578
> 
> Thanks for the fix, I've picked it up and added it to the current
> development branch.
> 
> 
https://git.ipfire.org/?p=people/stevee/ipfire-2.x.git;a=commit;h=80a456334fb24059e1d3585b26318b1e6124aa6f
> 
>> > > 
>> > > Good catch, but wouldn’t it be helpful to add the space to all
>> > > log prefixes
>> > > so that it is always easily readable for humans, too?
>> > > 
>> > > -Michael
>> > > 
>> > 
>> > I think ipblocklist was the only logfile entry to have this
>> > problem.
>> > 
>> > Rob
>> 
>> I think there is a missing space in  rules.pl before tha last "\"
>> I think line 755 should be:
>> 
>> run("$IPTABLES -A ${blocklist}_DROP -j LOG -m limit --limit 10/second
>> --log-prefix \"BLKLST_$blocklist \"");
> 
> Thanks for pointing this out - see:
> 
> 
https://git.ipfire.org/?p=people/stevee/ipfire-2.x.git;a=commit;h=84642aadeb63eaa9c5da0e6b3236bc6731a63580
> 
>> 
>> 
>> and in my ipblocklists.dat I changed your line 298 to be compatible
>> with core 163 as I don't think you can change the 'theme' now
>> and produced an error.
>> 
>> from:
>> &General::readhash("/srv/web/ipfire/html/themes/".$mainsettings{'THE
>> ME'}."/include/colors.txt", \%color);
>> 
>> to:
>> &General::readhash("/srv/web/ipfire/html/themes/ipfire/include/color
>> s.txt", \%color);
> 
> 
> Fixed:
> 
> 
https://git.ipfire.org/?p=people/stevee/ipfire-2.x.git;a=commit;h=acf4a99d23576556727cffabc0089306d47b2b61
> 
>> 
>> 
>> Rob
>>