From: Rob Brewer <ipfire-devel@grantura.co.uk>
To: development@lists.ipfire.org
Subject: Re: Banish add-on for ipblocklist.
Date: Wed, 25 May 2022 13:42:05 +0100 [thread overview]
Message-ID: <t6l86t$pfp$1@tuscan3.grantura.co.uk> (raw)
In-Reply-To: <585544CB-388A-4175-9CF9-4361F57DCAF9@ipfire.org>
[-- Attachment #1: Type: text/plain, Size: 4106 bytes --]
Hi Michael
On Wednesday 25 May 2022 11:08 Michael Tremer wrote:
> Hello Rob,
>
> Thanks for posting this.
>
> I do not quite understand at the moment what the role of this add-on
> could/should be?
>
it adds a user configurable blocklist to the ipblocklist menu. The Banish
blocklist is configured with ip-address information from a separate GUI menu
in IPFire.
> Does it complement the current IP blocklist feature that is in the works,
> or is it an alternative implementation?
>
Yes it complements the ipblocklist feature as this version does not run
without ipblocklist installed.
This implementation was intended to be a 'light touch' on IPFire and the
only a modified sources list is required to ipblocklist to introduce the new
resource and modifications to the IPFire Menu items.
Originally Banish generated numerous iptables entries and became very slow
to update (I use a Banish blocklist list of about 250 cidr and ip-ranges
entries). This version moves the Banish blocklist to ipset and is
considerably faster to update than the IPTABLES version.
> Does it have features that should be merged together with the IP blocklist
> feature, or does it practically offer the same features and you uploaded
> it for reference/inspiration - and because it works already? :)
>
> -Michael
I uploaded it because others may find it a useful addition to ipblocklist as
I find it an invaluable feature.
I use Banish as a personalized blocklist to prevent rouge domains from
attacking my mail server.
I could have made this version of Banish a stand alone ipset addon similar
to the Location Block feature. However this would require significant
changes to IPFire's infrastructure which may well be overwritten during
upgrades.
If there is a positive reception to Banish it may be worth considering
merging it with ipblacklist or a stand alone feature. I find it very useful
but others may be more skeptical, hopefully some users will try it and make
their views known.
Rob
>
>> On 24 May 2022, at 21:58, Rob Brewer <ipfire-devel(a)grantura.co.uk> wrote:
>>
>> Hi all,
>>
>> I have uploaded my new version of Banish as an add-on to ipblocklist
>> which uses ipset from ipblocklist instead of the original iptables making
>> updating large blocklists considerably faster.
>>
>> If you are new to Banish it allows you to maintain a personalized
>> blocklist which can consist of ip-address, ip-address-ranges. cidr or
>> fqdns. I have removed the facility of adding mac address to be compatible
>> with ipblocklist.
>>
>> The use of fqdn should however be avoided as many abusive domains are now
>> multi homed and evade simple dns lookup s to get ip ranges. I have been
>> looking at using AS numbers for future issues, however I retained this
>> facility in this version for backwards compatibility with my earlier
>> version.
>>
>> I have been running this version with Tims original ipblacklist for
>> several weeks now and have carried out some testing with ipblocklist and
>> should be transparent between the 2 versions.
>>
>> In operation the Banish address list is converted to a net hash of
>> individual ip address or cidrs and drops the processed banish_list into
>> /srv/web/ipfire/html/ where it is collected by ipblocklist. In the
>> current version of ipblocklist this may be a slow process as it can only
>> update 1/hour. I believe this will be increased to 15 minutes in later
>> versions.
>>
>> I have also included a Banish-functions.pl file which as a replacement
>> for some of the functions in general-functions.pl as some of the
>> functions in the ipfire version are broken.
>>
>> In operation I find Banish as a complement to Location Block in banning
>> abusive domains such as spam domains and port scanners when banning
>> complete countries isn't possible.
>>
>> This is an add-on for ipblocklist so make sure you load this first.
>> https://people.ipfire.org/~stevee/ipblocklist/ipblocklist-001.tar.gz
>>
>> https://people.ipfire.org/~helix/banish/Banish-001.tar.gz
>> https://people.ipfire.org/~helix/banish/README
>>
>> Rob
>>
>>
next prev parent reply other threads:[~2022-05-25 12:42 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-05-24 20:58 Rob Brewer
2022-05-25 10:08 ` Michael Tremer
2022-05-25 12:42 ` Rob Brewer [this message]
2022-05-25 15:27 ` Michael Tremer
2022-05-25 15:41 ` Rob Brewer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='t6l86t$pfp$1@tuscan3.grantura.co.uk' \
--to=ipfire-devel@grantura.co.uk \
--cc=development@lists.ipfire.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox