Hello Rob,
On 8 Mar 2022, at 10:59, Rob Brewer ipfire-devel@grantura.co.uk wrote:
On Monday 07 March 2022 22:54 Rob Brewer wrote:
On Monday 07 March 2022 20:39 Michael Tremer wrote:
Hello Rob,
On 5 Mar 2022, at 21:46, Rob Brewer ipfire-devel@grantura.co.uk wrote:
Hi Stefan
On Saturday 05 March 2022 18:52 Stefan Schantl wrote:
Hello *,
I've made some development progress, which I want to share here:
Most parts of the main backend script ("ipblacklist") from Tim and Rob are ported into a new functions library (ipblocklist-functions.pl) and into the main firewall script (rules.pl).
Good
This process is almost finished and currently allows to create the firewall rules, download the blocklists and to convert them into an ipset compatible format.
Next step will be to import the frontend code (WUI) and adjust it to use the backend code (functions) from the "ipblocklist-functions.pl".
At this time the blocklist feature should be in a use-able state again and I'll go to create an automatic update script and to import all the logging pages stuff etc.
The development progress and single commits can be found here:
https://git.ipfire.org/?p=people/stevee/ipfire-2.x.git;a=shortlog;h=refs/hea...
As usual please feel free to ask any questions or to share your opinion here.
I wish you a nice day,
-Stefan
Great progress. I did find a bug I introduced when I modified the ipblacklist V2 perl script to add a space after the log-prefix BLKLST entry to make the logs compatible with other log-prefixes. This affected showrequestfromblacklist.dat and the modified version 'modified regex for V3 log-prefix added space' should be used.
https://git.ipfire.org/?p=people/helix/ipfire-2.x.git;a=commit;h=2ccc47f1944...
Good catch, but wouldn’t it be helpful to add the space to all log prefixes so that it is always easily readable for humans, too?
-Michael
I think ipblocklist was the only logfile entry to have this problem.
Rob
I think there is a missing space in rules.pl before tha last "" I think line 755 should be:
run("$IPTABLES -A ${blocklist}_DROP -j LOG -m limit --limit 10/second --log-prefix "BLKLST_$blocklist "");
Yes, that is the space character I am talking about.
and in my ipblocklists.dat I changed your line 298 to be compatible with core 163 as I don't think you can change the 'theme' now and produced an error.
from: &General::readhash("/srv/web/ipfire/html/themes/".$mainsettings{'THEME'}."/include/colors.txt", %color);
to: &General::readhash("/srv/web/ipfire/html/themes/ipfire/include/colors.txt", %color);
No, this has indeed been dropped and needs to be updated in the CGI. Let’s leave that to Stefan :)
-Michael
Rob