On Wednesday 25 May 2022 16:27 Michael Tremer wrote: > Cool. Thank you for answering those questions for me. > > Is the source available in a Git repository somewhere? > > -Michael > Yes, I'll upload the source to my repository but have a look in the tar archive in the meantime, it will be much the same. Rob >> On 25 May 2022, at 13:42, Rob Brewer wrote: >> >> Hi Michael >> >> On Wednesday 25 May 2022 11:08 Michael Tremer wrote: >> >>> Hello Rob, >>> >>> Thanks for posting this. >>> >>> I do not quite understand at the moment what the role of this add-on >>> could/should be? >>> >> it adds a user configurable blocklist to the ipblocklist menu. The Banish >> blocklist is configured with ip-address information from a separate GUI >> menu in IPFire. >> >>> Does it complement the current IP blocklist feature that is in the >>> works, or is it an alternative implementation? >>> >> Yes it complements the ipblocklist feature as this version does not run >> without ipblocklist installed. >> >> This implementation was intended to be a 'light touch' on IPFire and the >> only a modified sources list is required to ipblocklist to introduce the >> new resource and modifications to the IPFire Menu items. >> >> Originally Banish generated numerous iptables entries and became very >> slow to update (I use a Banish blocklist list of about 250 cidr and >> ip-ranges entries). This version moves the Banish blocklist to ipset and >> is considerably faster to update than the IPTABLES version. >> >>> Does it have features that should be merged together with the IP >>> blocklist feature, or does it practically offer the same features and >>> you uploaded it for reference/inspiration - and because it works >>> already? :) >>> >>> -Michael >> >> I uploaded it because others may find it a useful addition to ipblocklist >> as I find it an invaluable feature. >> >> I use Banish as a personalized blocklist to prevent rouge domains from >> attacking my mail server. >> >> I could have made this version of Banish a stand alone ipset addon >> similar to the Location Block feature. However this would require >> significant changes to IPFire's infrastructure which may well be >> overwritten during upgrades. >> >> If there is a positive reception to Banish it may be worth considering >> merging it with ipblacklist or a stand alone feature. I find it very >> useful but others may be more skeptical, hopefully some users will try it >> and make their views known. >> >> Rob >> >> >>> >>>> On 24 May 2022, at 21:58, Rob Brewer >>>> wrote: >>>> >>>> Hi all, >>>> >>>> I have uploaded my new version of Banish as an add-on to ipblocklist >>>> which uses ipset from ipblocklist instead of the original iptables >>>> making updating large blocklists considerably faster. >>>> >>>> If you are new to Banish it allows you to maintain a personalized >>>> blocklist which can consist of ip-address, ip-address-ranges. cidr or >>>> fqdns. I have removed the facility of adding mac address to be >>>> compatible with ipblocklist. >>>> >>>> The use of fqdn should however be avoided as many abusive domains are >>>> now multi homed and evade simple dns lookup s to get ip ranges. I have >>>> been looking at using AS numbers for future issues, however I retained >>>> this facility in this version for backwards compatibility with my >>>> earlier version. >>>> >>>> I have been running this version with Tims original ipblacklist for >>>> several weeks now and have carried out some testing with ipblocklist >>>> and should be transparent between the 2 versions. >>>> >>>> In operation the Banish address list is converted to a net hash of >>>> individual ip address or cidrs and drops the processed banish_list into >>>> /srv/web/ipfire/html/ where it is collected by ipblocklist. In the >>>> current version of ipblocklist this may be a slow process as it can >>>> only update 1/hour. I believe this will be increased to 15 minutes in >>>> later versions. >>>> >>>> I have also included a Banish-functions.pl file which as a replacement >>>> for some of the functions in general-functions.pl as some of the >>>> functions in the ipfire version are broken. >>>> >>>> In operation I find Banish as a complement to Location Block in banning >>>> abusive domains such as spam domains and port scanners when banning >>>> complete countries isn't possible. >>>> >>>> This is an add-on for ipblocklist so make sure you load this first. >>>> https://people.ipfire.org/~stevee/ipblocklist/ipblocklist-001.tar.gz >>>> >>>> https://people.ipfire.org/~helix/banish/Banish-001.tar.gz >>>> https://people.ipfire.org/~helix/banish/README >>>> >>>> Rob >>>> >>>> >>