My latest version on Banish uses libloc to block on ASN as well as IP Address, CIDR and FQDN and adds a useful cgi set-up page to the IPFire menu and integrates into the IP Address Blocklists feature.
It is available from:
https://people.ipfire.org/~helix/banish/Banish-002.tar.gz
******* Banish-002.tar.gz ********
2022-12-27
Requirements IPFire 2.27 (x86_64) - Core-Update 170 or later.
This version of Banish adds the facility to block on Autonomous System
Number (ASN) as well as the earlier method of IP Address, CIDR or FQDN.
Banish-002 uses the location database to derive the ip address associated
with an ASN and combines these addresses with the other entries in the Banish
blocklist in an ipset to generate a blocklist for ipblocklist
This version is compatible with Banish-001 but make sure you backup:
/var/ipfire/Banish/Banish_config
/var/ipfire/ipblocklist/sources
if upgrading from Banish-001
As extraction of ip addresses from the location database is slow they are
cached in /var/ipfire/Banish/cache and the location database is checked hourly for
updates and if changed the banish blocklist is updated with any new entries. This
usually occurs once per week.
The ASN of a network can be found from a whois command or by interrogating
the location database from the command line with “location lookup ip-address”.
The ASN can then be entered into ‘Banished Resource’ window (as ASxxxxx)
along with any remark if required and will be entered into to the Banish blocklist
with the ‘add button’. The entry will become active on the next IP-blocklist update
which is run every 15 minutes.
Banish-002 will add the following new files to IPfire:
/srv/web/ipfire/cgi-bin/BanishGeo.cgi
/srv/web/ipfire/cgi-bin/logs.cgi/Banishlog.dat
/srv/web/ipfire/html/banish_list
/usr/local/bin/Banish_Sort.pl
/var/ipfire/Banish/Banish_config
/var/ipfire/Banish/Banish-functions.pl
/var/ipfire/Banish/Banish_settings
/var/ipfire/Banish/ip_Banishlist
/var/ipfire/addon-lang/Banish.de.pl
/var/ipfire/addon-lang/Banish.en.pl
/var/ipfire/addon-lang/Banish.es.pl
/var/ipfire/addon-lang/Banish.fr.pl
/var/ipfire/addon-lang/Banish.it.pl
/var/ipfire/addon-lang/Banish.nl.pl
/var/ipfire/addon-lang/Banish.pt.pl
/var/ipfire/menu.d/EX-Banishlog.menu
/var/ipfire/menu.d/EX-banish.menu
These IPFire files are modified:
/srv/web/ipfire/cgi-bin/logs.cgi/log.dat
/var/ipfire/ipblocklist/sources
To install… Download Banish-002.tar.gz to /tmp
Extract the tar file using “tar -xvf banish-xxx.tar.gz -C /”
Regenerate the language cache with “update-lang-cache”
Note 1: this is an add-on for IP Address Blocklists and the Banish
blocklist needs to be enabled in the IP Address Blocklists menu and the firewall
rule-set reloaded with the “Apply Changes” button in the “Firewall Rules” menu.
Note 2: Banish entries are are updated every 15 minutes when IP-based
blocking is updated.
I’m not sure how useful the add-on will be to others but on my system it functions as a major spam blocking facility along with IP Address Blocklists and Location Block.
Rob