This is my latest version of my Banish add-on for IPblockist which adds the facility to block by ASN as well as IP Address, CIDR and FQDN.
Please let me have your comments if you find this useful.
https://people.ipfire.org/~helix/banish/Banish-002.tar.gz
******* Banish-002.tar.gz ********
2022-12-27
Requirements IPFire 2.27 (x86_64) - Core-Update 170 or later.
This version of Banish adds the facility to block on Autonomous System Number (ASN) as well as the earlier method of IP Address, CIDR or FQDN.
Banish-002 uses the location database to derive the ip address associated with an ASN and combines these addresses with the other entries in the Banish blocklist in an ipset to generate a blocklist for ipblocklist
This version is compatible with Banish-001 but make sure you backup: /var/ipfire/Banish/Banish_config /var/ipfire/ipblocklist/sources if upgrading from Banish-001
As extraction of ip addresses from the location database is slow they are cached in /var/ipfire/Banish/cache and the location database is checked hourly for updates and if changed the banish blocklist is updated with any new entries. This usually occurs once per week.
The ASN of a network can be found from a whois command or by interrogating the location database from the command line with "location lookup ip-address".
The ASN can then be entered into 'Banished Resource' window (as ASxxxxx) along with any remark if required and will be entered into to the Banish blocklist with the 'add button'. The entry will become active on the next IP-blocklist update which is run every 15 minutes.
Banish-002 will add the following new files to IPfire:
/srv/web/ipfire/cgi-bin/BanishGeo.cgi /srv/web/ipfire/cgi-bin/logs.cgi/Banishlog.dat /srv/web/ipfire/html/ banish_list /usr/local/bin/Banish_Sort.pl /var/ipfire/Banish/Banish_config /var/ipfire/Banish/Banish-functions.pl /var/ipfire/Banish/Banish_settings /var/ipfire/Banish/ip_Banishlist /var/ipfire/addon-lang/Banish.de.pl /var/ipfire/addon-lang/Banish.en.pl /var/ipfire/addon-lang/Banish.es.pl /var/ipfire/addon-lang/Banish.fr.pl /var/ipfire/addon-lang/Banish.it.pl /var/ipfire/addon-lang/Banish.nl.pl /var/ipfire/addon-lang/Banish.pt.pl /var/ipfire/menu.d/EX-Banishlog.menu /var/ipfire/menu.d/EX-banish.menu
These IPFire files are modified:
/srv/web/ipfire/cgi-bin/logs.cgi/log.dat /var/ipfire/ipblocklist/sources
To install.. Download Banish-002.tar.gz to /tmp Extract the tar file using "tar -xvf banish-xxx.tar.gz -C /" Regenerate the language cache with "update-lang-cache"
Note 1: this is an addon for IP Address Blocklists and the Banish blocklist needs to be enabled in the IP Address Blocklists menu and the firewall ruleset reloaded with the "Apply Changes" button in the "Firewall Rules" menu.
Note 2: Banish entries are are updated every 15 minutes when IP-based blocking is updated.