Hello *,
I've made some development progress, which I want to share here:
Most parts of the main backend script ("ipblacklist") from Tim and Rob are ported into a new functions library (ipblocklist-functions.pl) and into the main firewall script (rules.pl).
This process is almost finished and currently allows to create the firewall rules, download the blocklists and to convert them into an ipset compatible format.
Next step will be to import the frontend code (WUI) and adjust it to use the backend code (functions) from the "ipblocklist-functions.pl".
At this time the blocklist feature should be in a use-able state again and I'll go to create an automatic update script and to import all the logging pages stuff etc.
The development progress and single commits can be found here:
https://git.ipfire.org/?p=people/stevee/ipfire-2.x.git;a=shortlog;h=refs/hea...
As usual please feel free to ask any questions or to share your opinion here.
I wish you a nice day,
-Stefan
Hello Rob, Hello Tim, Hello *,
as anounced on this list, I'm currently working on getting the ipblacklist feature as a core component into IPFire.
I already had a look on the code, which looks nice and very clean to me. As I'm currently also working on getting all ipset related set stuff and rule creation under one hood, this perfectly fits to this.
So my idea to put the ipblacklist feature over the line, was to split some parts of the ipblacklist "main script" (especially the ipset and iptables related stuff) into the perl-based script which is responsible for iptables rule creation.
In this case some other parts of the script (which where necessary in the past, because ipblacklist initial has been designed as an addon) also can be stipped.
Affected parts for example would be the "start", "stop", "enable" and "disable" code, which is not longer required and therefore safely can be dropped.
In the very end the main task for the script would be to download, update, convert and store the blacklists into an ipset compatible format.
Apart from this, I currently do not see any bigger changes for the WUI related stuff.
@Tim: I hope these changes are okay for you.
Getting started, I noticed, that there currently are two git repositories available, which contain the source for ipblacklist.
There is the origin one from Tim and a slightly modified (fixed) v3 version from Rob. I' currently trying to determine, which one would be the best to start from - are there any deeper changes/differences between them?
Please feel free to ask any kind of questions or share you opinion. As usual, I'll share any progress here.
Best regards,
-Stefan
Hi.
I have been looking at Tim FitzGeorge's code for ipblacklist v2 on https://patchwork.ipfire.org/project/ipfire/list/?series=1215%C2%A0to see if I can help progress its incorporation into IPFire. After I extracted the programs from Patchwork I have been able to build them into my firewall where they are running very successfully. The code on the server seems to be in good shape and apart from a few small patches and additions of a few missing scripts I think it could be successfully introduced into the IPFire code base. I am more than happy to help in seeing this process carried out but need to know if this is acceptable to yourselves.
Regards Rob Brewer