From: Rob Brewer <ipfire-devel@grantura.co.uk>
To: development@lists.ipfire.org
Subject: Re: ipblocklist - Call for testers (disable attribute in sources)
Date: Sun, 10 Apr 2022 23:39:50 +0100 [thread overview]
Message-ID: <t2vmbm$u50$1@tuscan3.grantura.co.uk> (raw)
In-Reply-To: <7ddd588a-e82f-814f-b8cc-8a80c823a2f0@yahoo.com>
[-- Attachment #1: Type: text/plain, Size: 1548 bytes --]
Hi Charles
On Sunday 10 April 2022 19:21 Charles Brown wrote:
> Tim, Stefan,
>
> I have installed the ipblocklist feature. It looks great.
>
> I’m curious about the disable attribute in the sources file.
>
> I have all the lists enabled, I would have thought enabling
> EMERGING_FWRULE would have the DSHIELD list automatically disabled.
> However, I am showing several hits on DSHIELD and I see 20 entries in
> ipset for DSHIELD. Is the disable attribute in sources there for
> informational purposes only?
>
> Thanks for your excellent work on this feature,
> Charles Brown
I have been running Tim's original ipbl?list for about 2 months now and find I
only need a few Bl?cklists enabled. I am mainly interrest in protecting port 25
and find the most effective list is BLOCKLIST_DE.
CIARMY is very good at catching port scanners.
I also run a locally sourced blocklist and Banish which are optimised for port
25.
I don't think it is a good idea to enable all of the lists and conflicting lists
should be disabled by the original Attributes feature which you have noticed.
This was from my logs yesterday:
Blacklist Category Packets Dropped In Packets Dropped Out
Count Percentage Count Percentage
BANISH Attacker 74 0% 7 100%
BLOCKLIST_DE Attacker 3615 8% 0 0%
CIARMY Reputation 35598 77% 0 0%
EMERGING_COMPROMISED Attacker 248 1% 0 0%
EMERGING_FWRULE Composite 6235 13% 0 0%
LOCAL_BLOCKLIST Attacker 575 1% 0 0%
SHODAN Scanner 0 0% 0 0%
SPAMHAUS_EDROP Reputation 4 0% 0 0%
Rob
next prev parent reply other threads:[~2022-04-10 22:39 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <7ddd588a-e82f-814f-b8cc-8a80c823a2f0@yahoo.com>
2022-04-10 18:47 ` Stefan Schantl
2022-04-10 18:53 ` Matthias Fischer
2022-04-10 22:39 ` Rob Brewer [this message]
2022-04-11 21:51 Tim FitzGeorge
2022-04-12 4:12 ` Stefan Schantl
2022-04-12 16:46 ` Rob Brewer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='t2vmbm$u50$1@tuscan3.grantura.co.uk' \
--to=ipfire-devel@grantura.co.uk \
--cc=development@lists.ipfire.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox