Can I help progress version2 of ipblacklist addon

I have been using the extremely useful version 1 of the ipblacklist addon to drop connections from a botnet attack on my email server but I am getting problems because some of the blocklists which I am trying to use have too many entries for default ipset maxelem value of 65536 .

I can see that Tim FitzGeorge has a new version (2) which among numerous other improvements would increase the maxelem value to suit the blocklist size. (For instance I have tried to use IPSUM and FIREHOL_LEVEL_4 blocklists both of which exceed the default maxelem in version 1).

As Version 2 seems to have been dormant since last May is there anything I can do to help this version becoming available. I am more than willing to help if I can.

Rob

1 Like

hi @helix,

so let’s hope that @timf will answer you…

1 Like

I am rather disappointed that there hasn’t been any further response to this topic. I believe from the IPFire development lists that the code was sufficiently advanced for IPBlacklist V2 to be merged into IPFire in the middle of last year but then seems to have fallen into a black hole. I hope that this is still the intended plan but the lack of any visibility on any issues that could have held it back is worrying me that it might have been dropped from IPFire.
Perhaps someone can enlighten me on what are the plans for this delightful addon as it would be a great shame if it was lost to the community.

Rob.

1 Like

The response needs to come from @timf

A patch had been submitted in May 2020. There were some questions back and forth on that and in Dec 2020 the source was changed because of changes in iptables but an updated patch was not supplied.

In Feb 2021 an updated patch set was requested but no response has been forthcoming to that, neither on the forum or the development mailing list.

Since the patch to implement the addon was submitted there have been changes to the source code and to IPFire itself.

As the IPFire core devs team is quite small they require that if someone wants to have an addon implemented into IPFire that the originator of that code needs to be willing to support that addon on an ongoing basis to provide fixes, updates etc.

If you are able to pick up the addon from timf and progress it and support it’s inclusion into IPFire then that would be welcomed. The wiki has sections about how to access the git source to make any required additions and changes and then to submit patches for those.

Thank you so much for your reply Adolf

Sorry I incorrectly thought this was last years date, I now see as you stated it was 2020.

Yes I understand and I hope @timf is OK. I don’t think he has posted here since Dec 2020 and it looks like you haven’t heard from Tim since then?

Yes, I understand.

I have looked through the V2 patches Tim supplied in May 2020 and they don’t seem to apply to the V1 code Tim made available on his Github pages. For one thing the addon seems to have had an identity crisis and I’m not sure if it should be called IPBlocklist (V1) or IPBlacklist (V2). I’ll try and contact @timf and get some clarification. If I cannot contact him are the sources for V2 available on IPFire repositories ?

I do hope that @timf can submit V2 to yourselves and as I stated at the beginning of this topic that V1 has some issues particularly with the default maxelem value.
I am more than happy to help the development team to get this version available but I don’t want to tread on anyone’s toes in the process.

Rob

Hi Rob,

Effectively the last patch series that ended up in the IPFire patchwork is the source code of Tim’s addon into IPFire.
https://patchwork.ipfire.org/project/ipfire/list/?series=1215
IPFire doesn’t have anything additional to that. Those patches fitted into Core Update 153 or 154. I think the major differences are the files that are patched in the infrastructure patch v2, 8/8 as several of these files will be very different now compared to back then. If this is different from what is in Tim’s github pages then it would be good if you are able to make contact with him. As far as I am aware no one in the dev team has heard from Tim since Dec 2020.

I don’t think you will be treading on any toes from the IPFire dev team. They have more than enough other things to work on. If you can’t get hold of Tim and/or we don’t get any response from him to this thread then you are welcome to pick it up if you feel willing and able to do that. Let us know if you will be doing this and we will look to support you with how to submit things into IPFire.

Good luck Rob.