Re: Banish add-on for ipblocklist.

[Rob Brewer <ipfire-devel@grantura.co.uk>]

[-- Attachment #1: Type: text/plain, Size: 4749 bytes --]

On Wednesday 25 May 2022 16:27 Michael Tremer wrote:

> Cool. Thank you for answering those questions for me.
> 
> Is the source available in a Git repository somewhere?
> 
> -Michael
> 
Yes, I'll upload the source to my repository but have a look in the tar 
archive in the meantime, it will be much the same.

Rob

>> On 25 May 2022, at 13:42, Rob Brewer <ipfire-devel(a)grantura.co.uk> wrote:
>> 
>> Hi Michael
>> 
>> On Wednesday 25 May 2022 11:08 Michael Tremer wrote:
>> 
>>> Hello Rob,
>>> 
>>> Thanks for posting this.
>>> 
>>> I do not quite understand at the moment what the role of this add-on
>>> could/should be?
>>> 
>> it adds a user configurable blocklist to the ipblocklist menu. The Banish
>> blocklist is configured with ip-address information from a separate GUI
>> menu in IPFire.
>> 
>>> Does it complement the current IP blocklist feature that is in the
>>> works, or is it an alternative implementation?
>>> 
>> Yes it complements the ipblocklist feature as this version does not run
>> without ipblocklist installed.
>> 
>> This implementation was intended to be a 'light touch' on IPFire and the
>> only a modified sources list is required to ipblocklist to introduce the
>> new resource and modifications to the IPFire Menu items.
>> 
>> Originally Banish generated numerous iptables entries and became very
>> slow to update (I use a Banish blocklist list of about 250 cidr and
>> ip-ranges entries). This version moves the Banish blocklist to ipset and
>> is considerably faster to update than the IPTABLES version.
>> 
>>> Does it have features that should be merged together with the IP
>>> blocklist feature, or does it practically offer the same features and
>>> you uploaded it for reference/inspiration - and because it works
>>> already? :)
>>> 
>>> -Michael
>> 
>> I uploaded it because others may find it a useful addition to ipblocklist
>> as I find it an invaluable feature.
>> 
>> I use Banish as a personalized blocklist to prevent rouge domains from
>> attacking my mail server.
>> 
>> I could have made this version of Banish a stand alone ipset addon
>> similar to the Location Block feature. However this would require
>> significant changes to IPFire's infrastructure which may well be
>> overwritten during upgrades.
>> 
>> If there is a positive reception to Banish it may be worth considering
>> merging it with ipblacklist or a stand alone feature. I find it very
>> useful but others may be more skeptical, hopefully some users will try it
>> and make their views known.
>> 
>> Rob
>> 
>> 
>>> 
>>>> On 24 May 2022, at 21:58, Rob Brewer <ipfire-devel(a)grantura.co.uk>
>>>> wrote:
>>>> 
>>>> Hi all,
>>>> 
>>>> I have uploaded my new version of Banish as an add-on to ipblocklist
>>>> which uses ipset from ipblocklist instead of the original iptables
>>>> making updating large blocklists considerably faster.
>>>> 
>>>> If you are new to Banish it allows you to maintain a personalized
>>>> blocklist which can consist of ip-address, ip-address-ranges. cidr or
>>>> fqdns. I have removed the facility of adding mac address to be
>>>> compatible with ipblocklist.
>>>> 
>>>> The use of fqdn should however be avoided as many abusive domains are
>>>> now multi homed and evade simple dns lookup s to get ip ranges. I have
>>>> been looking at using AS numbers for future issues, however I retained
>>>> this facility in this version for backwards compatibility with my
>>>> earlier version.
>>>> 
>>>> I have been running this version with Tims original ipblacklist for
>>>> several weeks now and have carried out some testing with ipblocklist
>>>> and should be transparent between the 2 versions.
>>>> 
>>>> In operation the Banish address list is converted to a net hash of
>>>> individual ip address or cidrs and drops the processed banish_list into
>>>> /srv/web/ipfire/html/ where it is collected by ipblocklist. In the
>>>> current version of ipblocklist this may be a slow process as it can
>>>> only update 1/hour. I believe this will be increased to 15 minutes in
>>>> later versions.
>>>> 
>>>> I have also included a Banish-functions.pl file which as a replacement
>>>> for some of the functions in general-functions.pl as some of the
>>>> functions in the ipfire version are broken.
>>>> 
>>>> In operation I find Banish as a complement to Location Block in banning
>>>> abusive domains such as spam domains and port scanners when banning
>>>> complete countries isn't possible.
>>>> 
>>>> This is an add-on for ipblocklist so make sure you load this first.
>>>> https://people.ipfire.org/~stevee/ipblocklist/ipblocklist-001.tar.gz
>>>> 
>>>> https://people.ipfire.org/~helix/banish/Banish-001.tar.gz
>>>> https://people.ipfire.org/~helix/banish/README
>>>> 
>>>> Rob
>>>> 
>>>> 
>>