Hello Peter,
I've updated the sources file with the corrected DShield url and added the blocklist.de list. I've also fixed a minor bug preventing unblocking addresses in the automatic blacklist. Since they're minor changes I'll wait before submitting updated patches in case there's anything else you spot.
Tim
On 25/11/2019 21:09, Peter Müller wrote:
Hello Tim,
thank you very much for providing this patchset. After having read through it, I consider this being an extremely helpful addition to IPFire, especially when it comes to dropping bogon and unallocated prefixes - which can be safely enabled by default as far as I am concerned.
Unfortunately, I am currently busy, so please give me a few days for having a closer look at all these patches. :-)
Just a footnote: The DShield/ISC SANS feed is also available at http://feeds.dshield.org/block.txt , which seems to be the preferred location for fetching the file (I believe https://www.dshield.org/block.txt exists for compatibility reasons).
blocklist.de (https://lists.blocklist.de/lists/all.txt) might be another interesting data feed; I will hand in patches for it as soon yours were accepted.
Many thanks again, and best regards, Peter Müller
Implements downloading of IP address blacklists and implementing them as IPSets. A separate IPSet is used for each blacklist; this simplifies handling of overlaps between different lists. Traffic to or from the red0/ppp0 interface is checked against the IPSets. The check is placed before the IPS check as the IPSet check is much lighter on CPU use which means that overall CPU use is reduced.
The available lists are defined in a separate file. A WUI page allows the desired lists to be enabled and the interval between checks for updates to be defined. A minimum update check interval is defined for each blacklist in the definition file.
Optionally, an automatically updating blacklist can be enabled. This adds addresses to an IPSet if the rate of packets dropped by the default red0/ppp0 input policy exceeds a user defined threshold. The addresses are kept in the IPSet until a user defined period without packets from the blocked address has passed.
Tim FitzGeorge (5): ipblacklist: Main script ipblacklist: WUI and language file ipblacklist: Ancillary files ipblacklist: Modifications to system ipblacklist: Build infrastructure
config/backup/backup.pl | 1 + config/backup/include | 2 + config/firewall/firewall-policy | 5 + config/ipblacklist/sources | 151 +++ config/logwatch/ipblacklist | 103 ++ config/logwatch/ipblacklist.conf | 34 + config/menu/50-firewall.menu | 5 + config/rootfiles/common/aarch64/stage2 | 1 + config/rootfiles/common/configroot | 2 + config/rootfiles/common/ipblacklist-sources | 1 + config/rootfiles/common/logwatch | 2 + config/rootfiles/common/misc-progs | 2 + config/rootfiles/common/stage2 | 1 + config/rootfiles/common/web-user-interface | 1 + config/rootfiles/common/x86_64/stage2 | 1 + html/cgi-bin/ipblacklist.cgi | 725 +++++++++++++ html/cgi-bin/logs.cgi/log.dat | 2 + langs/en/cgi-bin/en.pl | 31 + lfs/configroot | 4 +- lfs/ipblacklist-sources | 53 + lfs/logwatch | 2 + make.sh | 11 +- src/initscripts/system/firewall | 20 + src/misc-progs/Makefile | 2 +- src/misc-progs/getipsetstat.c | 28 + src/misc-progs/ipblacklistctrl.c | 52 + src/scripts/ipblacklist | 1558 +++++++++++++++++++++++++++ 27 files changed, 2792 insertions(+), 8 deletions(-) create mode 100644 config/ipblacklist/sources create mode 100644 config/logwatch/ipblacklist create mode 100644 config/logwatch/ipblacklist.conf create mode 100644 config/rootfiles/common/ipblacklist-sources create mode 100644 html/cgi-bin/ipblacklist.cgi create mode 100644 lfs/ipblacklist-sources create mode 100644 src/misc-progs/getipsetstat.c create mode 100644 src/misc-progs/ipblacklistctrl.c create mode 100755 src/scripts/ipblacklist