On Wednesday 25 May 2022 16:27 Michael Tremer wrote:
Cool. Thank you for answering those questions for me.
Is the source available in a Git repository somewhere?
-Michael
Yes, I'll upload the source to my repository but have a look in the tar archive in the meantime, it will be much the same.
Rob
On 25 May 2022, at 13:42, Rob Brewer ipfire-devel@grantura.co.uk wrote:
Hi Michael
On Wednesday 25 May 2022 11:08 Michael Tremer wrote:
Hello Rob,
Thanks for posting this.
I do not quite understand at the moment what the role of this add-on could/should be?
it adds a user configurable blocklist to the ipblocklist menu. The Banish blocklist is configured with ip-address information from a separate GUI menu in IPFire.
Does it complement the current IP blocklist feature that is in the works, or is it an alternative implementation?
Yes it complements the ipblocklist feature as this version does not run without ipblocklist installed.
This implementation was intended to be a 'light touch' on IPFire and the only a modified sources list is required to ipblocklist to introduce the new resource and modifications to the IPFire Menu items.
Originally Banish generated numerous iptables entries and became very slow to update (I use a Banish blocklist list of about 250 cidr and ip-ranges entries). This version moves the Banish blocklist to ipset and is considerably faster to update than the IPTABLES version.
Does it have features that should be merged together with the IP blocklist feature, or does it practically offer the same features and you uploaded it for reference/inspiration - and because it works already? :)
-Michael
I uploaded it because others may find it a useful addition to ipblocklist as I find it an invaluable feature.
I use Banish as a personalized blocklist to prevent rouge domains from attacking my mail server.
I could have made this version of Banish a stand alone ipset addon similar to the Location Block feature. However this would require significant changes to IPFire's infrastructure which may well be overwritten during upgrades.
If there is a positive reception to Banish it may be worth considering merging it with ipblacklist or a stand alone feature. I find it very useful but others may be more skeptical, hopefully some users will try it and make their views known.
Rob
On 24 May 2022, at 21:58, Rob Brewer ipfire-devel@grantura.co.uk wrote:
Hi all,
I have uploaded my new version of Banish as an add-on to ipblocklist which uses ipset from ipblocklist instead of the original iptables making updating large blocklists considerably faster.
If you are new to Banish it allows you to maintain a personalized blocklist which can consist of ip-address, ip-address-ranges. cidr or fqdns. I have removed the facility of adding mac address to be compatible with ipblocklist.
The use of fqdn should however be avoided as many abusive domains are now multi homed and evade simple dns lookup s to get ip ranges. I have been looking at using AS numbers for future issues, however I retained this facility in this version for backwards compatibility with my earlier version.
I have been running this version with Tims original ipblacklist for several weeks now and have carried out some testing with ipblocklist and should be transparent between the 2 versions.
In operation the Banish address list is converted to a net hash of individual ip address or cidrs and drops the processed banish_list into /srv/web/ipfire/html/ where it is collected by ipblocklist. In the current version of ipblocklist this may be a slow process as it can only update 1/hour. I believe this will be increased to 15 minutes in later versions.
I have also included a Banish-functions.pl file which as a replacement for some of the functions in general-functions.pl as some of the functions in the ipfire version are broken.
In operation I find Banish as a complement to Location Block in banning abusive domains such as spam domains and port scanners when banning complete countries isn't possible.
This is an add-on for ipblocklist so make sure you load this first. https://people.ipfire.org/~stevee/ipblocklist/ipblocklist-001.tar.gz
https://people.ipfire.org/~helix/banish/Banish-001.tar.gz https://people.ipfire.org/~helix/banish/README
Rob