Congratulations to the authors of Libloc

I would like to congratulate @ms and all the people that have contributed to the libloc project, which is getting some overdue recognition from Debian and Fedora project. Hopefully sometime soon it will be in Arch Linux and all the other popular distributions.

6 Likes

Yes, I concur:

Yet, I am not really sure about how to use it. Blocking countries is already part of IPFire so I guess this may be for a more specialized and security related scenarioā€¦? Maybe if I have a server on DMZ?

Itā€™s a library that is built into IPFire.

It was just created in a way to make it a library that anyone that wanted to work with location information could use.

This replaced Maxmind geoip which used to provide that information but they changed their terms and conditions so that to get access to the maxmind geoip database you had to have an account with maxmind.

The IPFire devs created Libloc to overcome that issue and it is general enough that bothers are using it.

Here is the blog post about the changeover.
https://blog.ipfire.org/post/on-retiring-the-maxmind-geoip-database

and for those interested a blog post on how libloc works.
https://blog.ipfire.org/post/libloc-or-what-is-working-inside-it

Thereā€™s also an IPFire web page showing how to use it.
https://location.ipfire.org/how-to-use

3 Likes

Iā€™m wondering if thereā€™s anyone in our community who would be willing to submit a post to Hacker News about libloc, including links to both of those blog posts.

I donā€™t have an account on any social media platform, except for YouTube. I only follow Hacker News as a lurker, so Iā€™m unable to do this myself.

I already messaged a link of the blog entry to all my colleges who are using debian or fedora so it will spread and gets attention :slight_smile:

My latest version on Banish uses libloc to block on ASN as well as IP Address, CIDR and FQDN and adds a useful cgi set-up page to the IPFire menu and integrates into the IP Address Blocklists feature.

It is available from:
https://people.ipfire.org/~helix/banish/Banish-002.tar.gz

******* Banish-002.tar.gz ********

2022-12-27

Requirements IPFire 2.27 (x86_64) - Core-Update 170 or later.

This version of Banish adds the facility to block on Autonomous System
Number (ASN) as well as the earlier method of IP Address, CIDR or FQDN.

Banish-002 uses the location database to derive the ip address associated
with an ASN and combines these addresses with the other entries in the Banish
blocklist in an ipset to generate a blocklist for ipblocklist

This version is compatible with Banish-001 but make sure you backup:
/var/ipfire/Banish/Banish_config
/var/ipfire/ipblocklist/sources
if upgrading from Banish-001

As extraction of ip addresses from the location database is slow they are
cached in /var/ipfire/Banish/cache and the location database is checked hourly for
updates and if changed the banish blocklist is updated with any new entries. This
usually occurs once per week.

The ASN of a network can be found from a whois command or by interrogating
the location database from the command line with ā€œlocation lookup ip-addressā€.

The ASN can then be entered into ā€˜Banished Resourceā€™ window (as ASxxxxx)
along with any remark if required and will be entered into to the Banish blocklist
with the ā€˜add buttonā€™. The entry will become active on the next IP-blocklist update
which is run every 15 minutes.

Banish-002 will add the following new files to IPfire:

/srv/web/ipfire/cgi-bin/BanishGeo.cgi
/srv/web/ipfire/cgi-bin/logs.cgi/Banishlog.dat
/srv/web/ipfire/html/banish_list
/usr/local/bin/Banish_Sort.pl
/var/ipfire/Banish/Banish_config
/var/ipfire/Banish/Banish-functions.pl
/var/ipfire/Banish/Banish_settings
/var/ipfire/Banish/ip_Banishlist
/var/ipfire/addon-lang/Banish.de.pl
/var/ipfire/addon-lang/Banish.en.pl
/var/ipfire/addon-lang/Banish.es.pl
/var/ipfire/addon-lang/Banish.fr.pl
/var/ipfire/addon-lang/Banish.it.pl
/var/ipfire/addon-lang/Banish.nl.pl
/var/ipfire/addon-lang/Banish.pt.pl
/var/ipfire/menu.d/EX-Banishlog.menu
/var/ipfire/menu.d/EX-banish.menu

These IPFire files are modified:

/srv/web/ipfire/cgi-bin/logs.cgi/log.dat
/var/ipfire/ipblocklist/sources

To installā€¦ Download Banish-002.tar.gz to /tmp
Extract the tar file using ā€œtar -xvf banish-xxx.tar.gz -C /ā€
Regenerate the language cache with ā€œupdate-lang-cacheā€

Note 1: this is an add-on for IP Address Blocklists and the Banish
blocklist needs to be enabled in the IP Address Blocklists menu and the firewall
rule-set reloaded with the ā€œApply Changesā€ button in the ā€œFirewall Rulesā€ menu.

Note 2: Banish entries are are updated every 15 minutes when IP-based
blocking is updated.

Iā€™m not sure how useful the add-on will be to others but on my system it functions as a major spam blocking facility along with IP Address Blocklists and Location Block.

Rob

2 Likes