Banish-002 add-on for IPblocklist now include blocking on ASN

[Rob Brewer <ipfire-devel@grantura.co.uk>]

[-- Attachment #1: Type: text/plain, Size: 2894 bytes --]

This is my latest version of my Banish add-on for IPblockist which adds 
the facility to block by ASN as well as IP Address, CIDR and FQDN. 

Please let me have your comments if you find this useful.

https://people.ipfire.org/~helix/banish/Banish-002.tar.gz



******* Banish-002.tar.gz ********

2022-12-27

Requirements IPFire 2.27 (x86_64) - Core-Update 170 or later.

This version of Banish adds the facility to block on Autonomous System 
Number 
(ASN) as well as the earlier method of IP Address, CIDR or FQDN. 

Banish-002 uses the location database to derive the ip address associated 
with 
an ASN and combines these addresses with the other entries in the Banish 
blocklist in an ipset to generate a blocklist for ipblocklist 

This version is compatible with Banish-001 but make sure you backup: 
/var/ipfire/Banish/Banish_config 
/var/ipfire/ipblocklist/sources 
if upgrading from Banish-001

As extraction of ip addresses from the location database is slow they are 
cached in 
/var/ipfire/Banish/cache and the location database is checked hourly for 
updates 
and if changed the banish blocklist is updated with any new entries. This 
usually occurs once per week.

The ASN of a network can be found from a whois command or by interrogating 
the 
location database from the command line with "location lookup ip-address".

The ASN can then be entered into 'Banished Resource' window (as ASxxxxx) 
along with 
any remark if required and will be entered into to the Banish blocklist 
with the 
'add button'. The entry will become active on the next IP-blocklist update 
which 
is run every 15 minutes. 

Banish-002 will add the following new files to IPfire:

/srv/web/ipfire/cgi-bin/BanishGeo.cgi 
/srv/web/ipfire/cgi-bin/logs.cgi/Banishlog.dat /srv/web/ipfire/html/
banish_list 
/usr/local/bin/Banish_Sort.pl /var/ipfire/Banish/Banish_config 
/var/ipfire/Banish/Banish-functions.pl /var/ipfire/Banish/Banish_settings 
/var/ipfire/Banish/ip_Banishlist /var/ipfire/addon-lang/Banish.de.pl 
/var/ipfire/addon-lang/Banish.en.pl /var/ipfire/addon-lang/Banish.es.pl 
/var/ipfire/addon-lang/Banish.fr.pl /var/ipfire/addon-lang/Banish.it.pl 
/var/ipfire/addon-lang/Banish.nl.pl /var/ipfire/addon-lang/Banish.pt.pl 
/var/ipfire/menu.d/EX-Banishlog.menu /var/ipfire/menu.d/EX-banish.menu

These IPFire files are modified:

/srv/web/ipfire/cgi-bin/logs.cgi/log.dat 
/var/ipfire/ipblocklist/sources

To install.. Download Banish-002.tar.gz to /tmp 
Extract the tar file using "tar -xvf banish-xxx.tar.gz -C /" 
Regenerate the language cache with "update-lang-cache"

Note 1: this is an addon for IP Address Blocklists and the Banish 
blocklist 
needs to be enabled in the IP Address Blocklists menu and the firewall 
ruleset 
reloaded with the "Apply Changes" button in the "Firewall Rules" menu.

Note 2: Banish entries are are updated every 15 minutes when IP-based 
blocking 
is updated.