Hello Rob and list,
sorry for the long delay. Finally all major problems around the latest IDS improvements and the release around them has passed, so let's get back to the ipblocklist feature.
On Monday 07 March 2022 22:54 Rob Brewer wrote:
On Monday 07 March 2022 20:39 Michael Tremer wrote:
Hello Rob,
On 5 Mar 2022, at 21:46, Rob Brewer < ipfire-devel@grantura.co.uk> wrote:
Hi Stefan
On Saturday 05 March 2022 18:52 Stefan Schantl wrote:
Hello *,
I've made some development progress, which I want to share here:
Most parts of the main backend script ("ipblacklist") from Tim and Rob are ported into a new functions library (ipblocklist- functions.pl) and into the main firewall script (rules.pl).
Good
This process is almost finished and currently allows to create the firewall rules, download the blocklists and to convert them into an ipset compatible format.
Next step will be to import the frontend code (WUI) and adjust it to use the backend code (functions) from the "ipblocklist- functions.pl".
At this time the blocklist feature should be in a use-able state again and I'll go to create an automatic update script and to import all the logging pages stuff etc.
The development progress and single commits can be found here:
https://git.ipfire.org/?p=people/stevee/ipfire-2.x.git;a=shortlog;h=refs/hea...
As usual please feel free to ask any questions or to share your opinion here.
I wish you a nice day,
-Stefan
Great progress. I did find a bug I introduced when I modified the ipblacklist V2 perl script to add a space after the log-prefix BLKLST entry to make the logs compatible with other log-prefixes. This affected showrequestfromblacklist.dat and the modified version 'modified regex for V3 log-prefix added space' should be used.
https://git.ipfire.org/?p=people/helix/ipfire-2.x.git;a=commit;h=2ccc47f1944...
Thanks for the fix, I've picked it up and added it to the current development branch.
https://git.ipfire.org/?p=people/stevee/ipfire-2.x.git;a=commit;h=80a456334f...
Good catch, but wouldn’t it be helpful to add the space to all log prefixes so that it is always easily readable for humans, too?
-Michael
I think ipblocklist was the only logfile entry to have this problem.
Rob
I think there is a missing space in rules.pl before tha last "" I think line 755 should be:
run("$IPTABLES -A ${blocklist}_DROP -j LOG -m limit --limit 10/second --log-prefix "BLKLST_$blocklist "");
Thanks for pointing this out - see:
https://git.ipfire.org/?p=people/stevee/ipfire-2.x.git;a=commit;h=84642aadeb...
and in my ipblocklists.dat I changed your line 298 to be compatible with core 163 as I don't think you can change the 'theme' now and produced an error.
from: &General::readhash("/srv/web/ipfire/html/themes/".$mainsettings{'THE ME'}."/include/colors.txt", %color);
to: &General::readhash("/srv/web/ipfire/html/themes/ipfire/include/color s.txt", %color);
Fixed:
https://git.ipfire.org/?p=people/stevee/ipfire-2.x.git;a=commit;h=acf4a99d23...
Rob