Hi all,
I have uploaded my new version of Banish as an add-on to ipblocklist which uses ipset from ipblocklist instead of the original iptables making updating large blocklists considerably faster.
If you are new to Banish it allows you to maintain a personalized blocklist which can consist of ip-address, ip-address-ranges. cidr or fqdns. I have removed the facility of adding mac address to be compatible with ipblocklist.
The use of fqdn should however be avoided as many abusive domains are now multi homed and evade simple dns lookup s to get ip ranges. I have been looking at using AS numbers for future issues, however I retained this facility in this version for backwards compatibility with my earlier version.
I have been running this version with Tims original ipblacklist for several weeks now and have carried out some testing with ipblocklist and should be transparent between the 2 versions.
In operation the Banish address list is converted to a net hash of individual ip address or cidrs and drops the processed banish_list into /srv/web/ipfire/html/ where it is collected by ipblocklist. In the current version of ipblocklist this may be a slow process as it can only update 1/hour. I believe this will be increased to 15 minutes in later versions.
I have also included a Banish-functions.pl file which as a replacement for some of the functions in general-functions.pl as some of the functions in the ipfire version are broken.
In operation I find Banish as a complement to Location Block in banning abusive domains such as spam domains and port scanners when banning complete countries isn't possible.
This is an add-on for ipblocklist so make sure you load this first. https://people.ipfire.org/~stevee/ipblocklist/ipblocklist-001.tar.gz
https://people.ipfire.org/~helix/banish/Banish-001.tar.gz https://people.ipfire.org/~helix/banish/README
Rob