ipblocklist - Call for testers

ipblocklist - Call for testers

[Stefan Schantl]

[-- Attachment #1: Type: text/plain, Size: 773 bytes --]

Hello mailing list followers,

it has been done - the port of the well known (ipblacklist) feature
from Tim FitzGeorge has been finished.

Now it's time for the final steps. For this I need your help, in
testing and giving feedback and/or bug reports.

I've backed and uploaded a test version, which contains all necessary
files and modifications. There is also a README file available which
gives further details and how to install the test version on your
sytems.

This all can be found here:

https://people.ipfire.org/~stevee/ipblocklist/

For those of you which are interested in the source code:

https://git.ipfire.org/?p=people/stevee/ipfire-2.x.git;a=shortlog;h=refs/heads/ipblocklist-rbsed
 

Best regards and a happy testing,

-Stefan

Re: ipblocklist - Call for testers

[Rob Brewer]

[-- Attachment #1: Type: text/plain, Size: 1252 bytes --]

Hi Stefan

On Sunday 10 April 2022 12:09 Stefan Schantl wrote:

> Hello mailing list followers,
> 
> it has been done - the port of the well known (ipblacklist) feature
> from Tim FitzGeorge has been finished.
> 
> Now it's time for the final steps. For this I need your help, in
> testing and giving feedback and/or bug reports.
> 
> I've backed and uploaded a test version, which contains all necessary
> files and modifications. There is also a README file available which
> gives further details and how to install the test version on your
> sytems.
> 
> This all can be found here:
> 
> https://people.ipfire.org/~stevee/ipblocklist/
> 
> For those of you which are interested in the source code:
> 
> 
https://git.ipfire.org/?p=people/stevee/ipfire-2.x.git;a=shortlog;h=refs/heads/ipblocklist-rbsed
>  
> 
> Best regards and a happy testing,
> 
> -Stefan

I'll have to uninstall Tim's original before I can test your code but looking 
through your file list, I think you missed the logwatch files:

/usr/share/logwatch/scripts/services/ipbl?cklist
/usr/share/logwatch/dist.conf/services/ipbl?cklist.conf

Logwatch shows some quite useful update data from the blocklists in the Log 
Summary.


Rob


 

Re: ipblocklist - Call for testers

[Rob Brewer]

[-- Attachment #1: Type: text/plain, Size: 564 bytes --]

On Monday 11 April 2022 09:25 Rob Brewer wrote:

> I'll have to uninstall Tim's original before I can test your code but looking
> through your file list, I think you missed the logwatch files:
> 
> /usr/share/logwatch/scripts/services/ipbl?cklist
> /usr/share/logwatch/dist.conf/services/ipbl?cklist.conf
> 
> Logwatch shows some quite useful update data from the blocklists in the Log
> Summary.
> 
> 
Sorry I missed off the link.

https://git.ipfire.org/?p=people/helix/ipfire-2.x.git;a=commit;h=cdcfb6171a6e27e7b26412c4d5b68b29193ac0e4


Rob

Re: ipblocklist - Call for testers

[Stefan Schantl]

[-- Attachment #1: Type: text/plain, Size: 1806 bytes --]

Hello list followers,

today I've uploaded a new ipblocklist test version (ipblocklist-002).

It has been rebased to work with core update 168 and also contains some
bugfixes and new features:

* The update interval now is set to 15 minutes
* The WUI now displays the "Firewall reload hint" as notice instead of
an error.
* The logging of the ipblocklist-update script has been improved.
* Support for logwatch has been added.
* A bug which sometimes prevents from reloading a blocklist after an
update has been performed has been fixed.

HINT: The update instructions are the same than for installing.

WARNING: Any taken settings from previous test versions will be lost,
when updating! (Please backup your "/var/ipfire/ipblocklist/settings"
file in that case.)

I'm planing to submit this addon to be merged and released with core
update 170 so, please heavily test and report any kind of remaining
issues.

A big thanks in advance,

-Stefan
 
> Hello mailing list followers,
> 
> it has been done - the port of the well known (ipblacklist) feature
> from Tim FitzGeorge has been finished.
> 
> Now it's time for the final steps. For this I need your help, in
> testing and giving feedback and/or bug reports.
> 
> I've backed and uploaded a test version, which contains all necessary
> files and modifications. There is also a README file available which
> gives further details and how to install the test version on your
> sytems.
> 
> This all can be found here:
> 
> https://people.ipfire.org/~stevee/ipblocklist/
> 
> For those of you which are interested in the source code:
> 
> https://git.ipfire.org/?p=people/stevee/ipfire-2.x.git;a=shortlog;h=refs/heads/ipblocklist-rbsed
>  
> 
> Best regards and a happy testing,
> 
> -Stefan
> 

Re: ipblocklist - Call for testers

[Rob Brewer]

[-- Attachment #1: Type: text/plain, Size: 2404 bytes --]

Hi Stefan ++

On Tuesday 21 June 2022 18:21 Stefan Schantl wrote:

> Hello list followers,
> 
> today I've uploaded a new ipblocklist test version (ipblocklist-002).
> 
> It has been rebased to work with core update 168 and also contains some
> bugfixes and new features:
> 
> * The update interval now is set to 15 minutes
> * The WUI now displays the "Firewall reload hint" as notice instead of
> an error.
> * The logging of the ipblocklist-update script has been improved.
> * Support for logwatch has been added.
> * A bug which sometimes prevents from reloading a blocklist after an
> update has been performed has been fixed.
> 
> HINT: The update instructions are the same than for installing.
> 
> WARNING: Any taken settings from previous test versions will be lost,
> when updating! (Please backup your "/var/ipfire/ipblocklist/settings"
> file in that case.)
> 
> I'm planing to submit this addon to be merged and released with core
> update 170 so, please heavily test and report any kind of remaining
> issues.
> 
> A big thanks in advance,
> 
> -Stefan
> 

I have installed -002 on my test system along with Jay's fcrontab fix and 
from initial results seems to be working the same as Tim's original addon.

The 'Log Summary' now shows the IP Blocklist correctly and the blocklist 
update looks OK.

I'll run -002 on my test system for a few days and if it looks OK I'll run 
it on my production box where it will be exposed to the internet.

Thank you for all your work on this.

Rob

 
>> Hello mailing list followers,
>> 
>> it has been done - the port of the well known (ipblacklist) feature
>> from Tim FitzGeorge has been finished.
>> 
>> Now it's time for the final steps. For this I need your help, in
>> testing and giving feedback and/or bug reports.
>> 
>> I've backed and uploaded a test version, which contains all necessary
>> files and modifications. There is also a README file available which
>> gives further details and how to install the test version on your
>> sytems.
>> 
>> This all can be found here:
>> 
>> https://people.ipfire.org/~stevee/ipblocklist/
>> 
>> For those of you which are interested in the source code:
>> 
>> 
https://git.ipfire.org/?p=people/stevee/ipfire-2.x.git;a=shortlog;h=refs/heads/ipblocklist-rbsed
>> 
>> 
>> Best regards and a happy testing,
>> 
>> -Stefan
>>

Re: ipblocklist - Call for testers

[Rob Brewer]

[-- Attachment #1: Type: text/plain, Size: 2365 bytes --]

Hi Stefan

On Tuesday 21 June 2022 18:21 Stefan Schantl wrote:

> Hello list followers,
> 
> today I've uploaded a new ipblocklist test version (ipblocklist-002).
> 
> It has been rebased to work with core update 168 and also contains some
> bugfixes and new features:
> 
> * The update interval now is set to 15 minutes
> * The WUI now displays the "Firewall reload hint" as notice instead of
> an error.
> * The logging of the ipblocklist-update script has been improved.
> * Support for logwatch has been added.
> * A bug which sometimes prevents from reloading a blocklist after an
> update has been performed has been fixed.
> 
> HINT: The update instructions are the same than for installing.
> 
> WARNING: Any taken settings from previous test versions will be lost,
> when updating! (Please backup your "/var/ipfire/ipblocklist/settings"
> file in that case.)
> 
> I'm planing to submit this addon to be merged and released with core
> update 170 so, please heavily test and report any kind of remaining
> issues.
> 
> A big thanks in advance,
> 
> -Stefan
>  

There seems to be a problem with the 'disable' function in the sources list. 
For instance if I enable the BOGON list and the attempt to enable the 
BOGON_FULL list in IPBlacklist I see the error message "Disabling BOGON 
because it is included in BOGON_FULL" after selecting 'save' and the 'enable 
box' would be un-ticked. This isn't happening in -002 and I can select both 
BOGON lists.

Rob
 

>> Hello mailing list followers,
>> 
>> it has been done - the port of the well known (ipblacklist) feature
>> from Tim FitzGeorge has been finished.
>> 
>> Now it's time for the final steps. For this I need your help, in
>> testing and giving feedback and/or bug reports.
>> 
>> I've backed and uploaded a test version, which contains all necessary
>> files and modifications. There is also a README file available which
>> gives further details and how to install the test version on your
>> sytems.
>> 
>> This all can be found here:
>> 
>> https://people.ipfire.org/~stevee/ipblocklist/
>> 
>> For those of you which are interested in the source code:
>> 
>> 
https://git.ipfire.org/?p=people/stevee/ipfire-2.x.git;a=shortlog;h=refs/heads/ipblocklist-rbsed
>> 
>> 
>> Best regards and a happy testing,
>> 
>> -Stefan
>>

Re: ipblocklist - Call for testers

[Matthias Fischer]

[-- Attachment #1: Type: text/plain, Size: 2545 bytes --]

Hi,

On 25.06.2022 16:18, Rob Brewer wrote:
> Hi Stefan
> 
> On Tuesday 21 June 2022 18:21 Stefan Schantl wrote:
> 
>> Hello list followers,
>> 
>> today I've uploaded a new ipblocklist test version (ipblocklist-002).
>> 
>> It has been rebased to work with core update 168 and also contains some
>> bugfixes and new features:
>> 
>> * The update interval now is set to 15 minutes
>> * The WUI now displays the "Firewall reload hint" as notice instead of
>> an error.
>> * The logging of the ipblocklist-update script has been improved.
>> * Support for logwatch has been added.
>> * A bug which sometimes prevents from reloading a blocklist after an
>> update has been performed has been fixed.
>> 
>> HINT: The update instructions are the same than for installing.
>> 
>> WARNING: Any taken settings from previous test versions will be lost,
>> when updating! (Please backup your "/var/ipfire/ipblocklist/settings"
>> file in that case.)
>> 
>> I'm planing to submit this addon to be merged and released with core
>> update 170 so, please heavily test and report any kind of remaining
>> issues.
>> 
>> A big thanks in advance,
>> 
>> -Stefan
>>  
> 
> There seems to be a problem with the 'disable' function in the sources list. 
> For instance if I enable the BOGON list and the attempt to enable the 
> BOGON_FULL list in IPBlacklist I see the error message "Disabling BOGON 
> because it is included in BOGON_FULL" after selecting 'save' and the 'enable 
> box' would be un-ticked. This isn't happening in -002 and I can select both 
> BOGON lists.

I can confirm with -002.

Matthias

> 
> Rob
>  
> 
>>> Hello mailing list followers,
>>> 
>>> it has been done - the port of the well known (ipblacklist) feature
>>> from Tim FitzGeorge has been finished.
>>> 
>>> Now it's time for the final steps. For this I need your help, in
>>> testing and giving feedback and/or bug reports.
>>> 
>>> I've backed and uploaded a test version, which contains all necessary
>>> files and modifications. There is also a README file available which
>>> gives further details and how to install the test version on your
>>> sytems.
>>> 
>>> This all can be found here:
>>> 
>>> https://people.ipfire.org/~stevee/ipblocklist/
>>> 
>>> For those of you which are interested in the source code:
>>> 
>>> 
> https://git.ipfire.org/?p=people/stevee/ipfire-2.x.git;a=shortlog;h=refs/heads/ipblocklist-rbsed
>>> 
>>> 
>>> Best regards and a happy testing,
>>> 
>>> -Stefan
>>>
> 

Re: ipblocklist - Call for testers

[Matthias Fischer]

[-- Attachment #1: Type: text/plain, Size: 867 bytes --]

On 10.04.2022 13:09, Stefan Schantl wrote:
> Hello mailing list followers,

Hi Stefan,

> it has been done - the port of the well known (ipblacklist) feature
> from Tim FitzGeorge has been finished.
> 
> Now it's time for the final steps. For this I need your help, in
> testing and giving feedback and/or bug reports.
> ...

I took a closer look at 'ipblocklist' in the last week and I noticed a
few things. Everything seems to work, I'm just curious:

E.g., 'ipblocklist.dat' (IP Address Blocklist Logs) shows a total number
of "168 hits" for today (July 21). These are "150 hits" for BLOCKLIST_DE
and "18 hits" for SHODAN.

When I look at the IPTables "BLOCKLISTIN" chain I find "614 pkts" for
BLOCKLIST_DE_DROP (match-set BLOCKLIST_DE src) and "95 pkts" for
SHODAN_DROP (match-set SHODAN src).

Why do these numbers differ? Different time slots?

Best,
Matthias

Re: ipblocklist - Call for testers

[Matthias Fischer]

[-- Attachment #1: Type: text/plain, Size: 3231 bytes --]

Hi,

I just had the time to test a bit.

One glitch:

'ipblocklist.cgi' refused to start:

...
Unable to read file /srv/web/ipfire/html/themes//include/colors.txt at
/var/ipfire/general-functions.pl line 219.
...

I had to change line 65 from:

...
&General::readhash(
"/srv/web/ipfire/html/themes/".$mainsettings{'THEME'}."/include/colors.txt",
\%color );
...

To:

...
&General::readhash("/srv/web/ipfire/html/themes/ipfire/include/colors.txt",
\%color);
...

Best,
Matthias

On 14.07.2022 16:13, Stefan Schantl wrote:
> Hello Jay,
> 
> until ipblocklist has been  released as regular feature (will be with core 
> update 170) you have to reinstall it each time you perform a core update.
> 
> The (re)install/update process is always the same. Please keep in mind to 
> backup and restore your "/var/ipfire/ipblocklist/settinngs" file or you 
> will loose your settings.
> 
> 
> Best regards,
> 
> -Stefan
> 
> Am 14. Juli 2022 14:27:26 schrieb Jay Lubomirski <jaylubo(a)gmail.com>:
>> Hi Stefan,
>>
>> I've updated to Core Update 169 and the ip block list menus are all 
>> "blanked" out. Do I need to reinstall the patch to restore them?
>>
>> Jay
>>
>> On Tue, Jun 21, 2022 at 1:22 PM Stefan Schantl <stefan.schantl(a)ipfire.org> 
>> wrote:
>> Hello list followers,
>>
>> today I've uploaded a new ipblocklist test version (ipblocklist-002).
>>
>> It has been rebased to work with core update 168 and also contains some
>> bugfixes and new features:
>>
>> * The update interval now is set to 15 minutes
>> * The WUI now displays the "Firewall reload hint" as notice instead of
>> an error.
>> * The logging of the ipblocklist-update script has been improved.
>> * Support for logwatch has been added.
>> * A bug which sometimes prevents from reloading a blocklist after an
>> update has been performed has been fixed.
>>
>> HINT: The update instructions are the same than for installing.
>>
>> WARNING: Any taken settings from previous test versions will be lost,
>> when updating! (Please backup your "/var/ipfire/ipblocklist/settings"
>> file in that case.)
>>
>> I'm planing to submit this addon to be merged and released with core
>> update 170 so, please heavily test and report any kind of remaining
>> issues.
>>
>> A big thanks in advance,
>>
>> -Stefan
>>
>>> Hello mailing list followers,
>>>
>>> it has been done - the port of the well known (ipblacklist) feature
>>> from Tim FitzGeorge has been finished.
>>>
>>> Now it's time for the final steps. For this I need your help, in
>>> testing and giving feedback and/or bug reports.
>>>
>>> I've backed and uploaded a test version, which contains all necessary
>>> files and modifications. There is also a README file available which
>>> gives further details and how to install the test version on your
>>> sytems.
>>>
>>> This all can be found here:
>>>
>>> https://people.ipfire.org/~stevee/ipblocklist/
>>>
>>> For those of you which are interested in the source code:
>>>
>>> https://git.ipfire.org/?p=people/stevee/ipfire-2.x.git;a=shortlog;h=refs/heads/ipblocklist-rbsed
>>>
>>>
>>> Best regards and a happy testing,
>>>
>>> -Stefan
>>>
> 
>