Banish add-on for ipblocklist.

[Rob Brewer <ipfire-devel@grantura.co.uk>]

[-- Attachment #1: Type: text/plain, Size: 1900 bytes --]

Hi all,

I have uploaded my new version of Banish as an add-on to ipblocklist which 
uses ipset from ipblocklist instead of the original iptables making updating 
large blocklists considerably faster.

If you are new to Banish it allows you to maintain a personalized blocklist 
which can consist of ip-address, ip-address-ranges. cidr or fqdns. I have 
removed the facility of adding mac address to be compatible with 
ipblocklist.

The use of fqdn should however be avoided as many abusive domains are now 
multi homed and evade simple dns lookup s to get ip ranges. I have been 
looking at using AS numbers for future issues, however I retained this 
facility in this version for backwards compatibility with my earlier 
version.

I have been running this version with Tims original ipblacklist for several 
weeks now and have carried out some testing with ipblocklist and should be 
transparent between the 2 versions.

In operation the Banish address list is converted to a net hash of 
individual ip address or cidrs and drops the processed banish_list into 
/srv/web/ipfire/html/ where it is collected by ipblocklist. In the current 
version of ipblocklist this may be a slow process as it can only update 
1/hour. I believe this will be increased to 15 minutes in later versions.

I have also included a Banish-functions.pl file which as a replacement for 
some of the functions in general-functions.pl as some of the functions in 
the ipfire version are broken.

In operation I find Banish as a complement to Location Block in banning 
abusive domains such as spam domains and port scanners when banning complete 
countries isn't possible.

This is an add-on for ipblocklist so make sure you load this first.
https://people.ipfire.org/~stevee/ipblocklist/ipblocklist-001.tar.gz

https://people.ipfire.org/~helix/banish/Banish-001.tar.gz
https://people.ipfire.org/~helix/banish/README

Rob