Tim, Stefan,
I have installed the ipblocklist feature. It looks great.
I’m curious about the disable attribute in the sources file.
I have all the lists enabled, I would have thought enabling EMERGING_FWRULE would have the DSHIELD list automatically disabled. However, I am showing several hits on DSHIELD and I see 20 entries in ipset for DSHIELD. Is the disable attribute in sources there for informational purposes only?
Thanks for your excellent work on this feature, Charles Brown
Hello Charles,
thanks for a first look and your feedback.
Now after you have put my attention to those "disable" value in the sources file, I have to admit I totally have overseen this.
When interpreting this field and the values, it seems has been designed to automatically disable conflicting/obsolete sets in case such a set is enabled.
So for this feature I have go back to the drawing board and put some attention to it.
In the meantime please go on with testing and report any other issues.
Best regards,
-Stefan
Tim, Stefan, I have installed the ipblocklist feature. It looks great. I’m curious about the disable attribute in the sources file. I have all the lists enabled, I would have thought enabling EMERGING_FWRULE would have the DSHIELD list automatically disabled. However, I am showing several hits on DSHIELD and I see 20 entries in ipset for DSHIELD. Is the disable attribute in sources there for informational purposes only? Thanks for your excellent work on this feature, Charles Brown
Hi Stefan, hi Tim,
I hadn't the time to test yet - but found a small typo.
Patch is attached.
Great work!
Best, Matthias
On 10.04.2022 20:21, Charles Brown wrote:
Tim, Stefan,
I have installed the ipblocklist feature. It looks great.
I’m curious about the disable attribute in the sources file.
I have all the lists enabled, I would have thought enabling EMERGING_FWRULE would have the DSHIELD list automatically disabled. However, I am showing several hits on DSHIELD and I see 20 entries in ipset for DSHIELD. Is the disable attribute in sources there for informational purposes only?
Thanks for your excellent work on this feature, Charles Brown
Hi Charles
On Sunday 10 April 2022 19:21 Charles Brown wrote:
Tim, Stefan,
I have installed the ipblocklist feature. It looks great.
I’m curious about the disable attribute in the sources file.
I have all the lists enabled, I would have thought enabling EMERGING_FWRULE would have the DSHIELD list automatically disabled. However, I am showing several hits on DSHIELD and I see 20 entries in ipset for DSHIELD. Is the disable attribute in sources there for informational purposes only?
Thanks for your excellent work on this feature, Charles Brown
I have been running Tim's original ipbl?list for about 2 months now and find I only need a few Bl?cklists enabled. I am mainly interrest in protecting port 25 and find the most effective list is BLOCKLIST_DE. CIARMY is very good at catching port scanners. I also run a locally sourced blocklist and Banish which are optimised for port 25.
I don't think it is a good idea to enable all of the lists and conflicting lists should be disabled by the original Attributes feature which you have noticed.
This was from my logs yesterday:
Blacklist Category Packets Dropped In Packets Dropped Out Count Percentage Count Percentage
BANISH Attacker 74 0% 7 100% BLOCKLIST_DE Attacker 3615 8% 0 0% CIARMY Reputation 35598 77% 0 0% EMERGING_COMPROMISED Attacker 248 1% 0 0% EMERGING_FWRULE Composite 6235 13% 0 0% LOCAL_BLOCKLIST Attacker 575 1% 0 0% SHODAN Scanner 0 0% 0 0% SPAMHAUS_EDROP Reputation 4 0% 0 0%
Rob
-
Charles Brown -
Matthias Fischer -
Rob Brewer -
Stefan Schantl