From mboxrd@z Thu Jan 1 00:00:00 1970 From: Rob Brewer To: development@lists.ipfire.org Subject: Re: ipblocklist - Call for testers (disable attribute in sources) Date: Sun, 10 Apr 2022 23:39:50 +0100 Message-ID: In-Reply-To: <7ddd588a-e82f-814f-b8cc-8a80c823a2f0@yahoo.com> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============7027989889341177446==" List-Id: --===============7027989889341177446== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Hi Charles On Sunday 10 April 2022 19:21 Charles Brown wrote: > Tim, Stefan, >=20 > I have installed the ipblocklist feature. It looks great. >=20 > I=E2=80=99m curious about the disable attribute in the sources file. >=20 > I have all the lists enabled, I would have thought enabling > EMERGING_FWRULE would have the DSHIELD list automatically disabled. > However, I am showing several hits on DSHIELD and I see 20 entries in > ipset for DSHIELD. Is the disable attribute in sources there for > informational purposes only? >=20 > Thanks for your excellent work on this feature, > Charles Brown I have been running Tim's original ipbl?list for about 2 months now and find = I=20 only need a few Bl?cklists enabled. I am mainly interrest in protecting port = 25=20 and find the most effective list is BLOCKLIST_DE. CIARMY is very good at catching port scanners. I also run a locally sourced blocklist and Banish which are optimised for por= t=20 25. I don't think it is a good idea to enable all of the lists and conflicting li= sts=20 should be disabled by the original Attributes feature which you have noticed. This was from my logs yesterday: Blacklist Category Packets Dropped In Packets Dropped Out Count Percentage Count Percentage BANISH Attacker 74 0% 7 100% BLOCKLIST_DE Attacker 3615 8% 0 0% CIARMY Reputation 35598 77% 0 0% EMERGING_COMPROMISED Attacker 248 1% 0 0% EMERGING_FWRULE Composite 6235 13% 0 0% LOCAL_BLOCKLIST Attacker 575 1% 0 0% SHODAN Scanner 0 0% 0 0% SPAMHAUS_EDROP Reputation 4 0% 0 0% Rob --===============7027989889341177446==--