I created a test version of a RPZ add-on and I am looking for feedback

jon · 4 November 2024 15:06

I think this is what you are looking for:

rpz-config
rpz-make
rpz-metrics

All of them grab data from the /etc/unbound/zonefiles/ folder.

tphz · 4 November 2024 15:09

Thank you @jon

jon · 5 November 2024 15:10

here is the latest:

rpz-beta-0.1.15-15.ipfire on 2024-11-04
rpz.cgi:

feature: added new language file for Turkish (thank you Peppe)

rpz-make:

bug: corrected empty allow/block list issue. An empty allow/block list will now remove contents of allow/block.rpz files and remove unneeded allow/block.conf file. (thank you iptom)

rpz-beta-0.1.15-15.ipfire.tar (40 KB)

jon · 5 November 2024 15:14

@Roberto - were you able to find a different TIF list?
Did that stop the OOM errors and the Unbound has died error?

Jon

bbitsch · 5 November 2024 17:49

I’ve just tried with the big TIF RPZ file. Same effect.
At Hagezi’s page are smaller lists also.
Another idea. The Multi lists include parts of the TIF lists. They are smaller, maybe they they are sufficient.

tphz · 6 November 2024 20:10

I wonder if it should work like this
What effect does this have on the continued operation of IPFire

If someone accidentally deletes and leaves two blank lines
After clicking Save then Apply, one blank line is left in the window but two blank lines remain in the file

obraz

View after clicking Save then Apply.
obraz

obraz

edit:
Also applies to the Allow list

jon · 6 November 2024 21:14

Blank lines are usually OK.

Just so I understand, is it causing missing domain names?

tphz · 6 November 2024 22:42

nteresting point. On a computer on the green network, I made pings to two addresses allegro.pl and allegro.com. I received responses from the two addresses.
Then I put the above addresses on the blocked list. I clicked Save then Apply.

obraz

The result:

obraz

The first address was blocked only after a long while.

Maybe someone can repeat this behavior.

bbitsch · 6 November 2024 22:48

I have verified your test.
An empty line is deleted by save.
A line consisting of a number of blanks is rejected with RPZ Error: invalid entry in blocklist, line 1, no apply possible.

I use the newest version

EDIT:
blanking out two lines, leaves one blank line.
But ping isn’t possible, due to failing name resolution.
A second save deletes the blank line.

luani · 6 November 2024 23:48

That’s on me!

This happens because HTML automatically removes the first empty linebreak at the start of a textarea. I overlooked that. Good news is, this only drops empty lines not domain entries.

That is correct, a line may only contain nothing at all, a valid domain name or a comment starting with “;”. Maybe we should allow blank space before the comment?

jon · 7 November 2024 03:15

keep in mind this info may be temporarily stored in a local DNS cache.

And that DNS cache may need to be cleared out or left to expire before it works.

jon · 7 November 2024 03:17

I cannot make this happen. Can you supply more detailed steps or some images so I can replicate?

jon · 7 November 2024 03:25

~~found an issue…~~

~~The custom lists do not like trailing spaces after a domain.~~

The code is doing the right thing. The code does not format or re-format the custom lists. It is finding a bad line that will cause issues and it is flagging it for the user to fix.

jon · 7 November 2024 17:50

If I do not do this first:

Instead I do this first:

All works as it should:

[root@ipfire ~] # ping allegro.pl 
ping: allegro.pl: Name or service not known
[root@ipfire ~] # ping allegro.com
ping: allegro.com: Name or service not known
[root@ipfire ~] #

@iptom - Does this help??

tphz · 9 November 2024 14:05

In that order, it works.

mumpitz · 10 November 2024 14:19

Is there a short guide on how to remove the package completely? I would like to perform a new installation.

jon · 10 November 2024 14:29

If the `rpz-beta-0.1.nn-nn.ipfire` file still exists at `/opt/pakfire/tmp/`

#   go to this directory:
cd /opt/pakfire/tmp/

#   run the install
NAME=rpz ./uninstall.sh

If the `rpz-beta-0.1.nn-nn.ipfire` file is missing at `/opt/pakfire/tmp/`

Copy the rpz-beta-0.1.nn-nn.ipfire file to the /opt/pakfire/tmp/ directory. (Speak up if you need assistance with this!)

#   go to this directory:
cd /opt/pakfire/tmp/

#   uncompress the file:
tar xvf rpz-beta-0.1.nn-nn.ipfire

#   check to make sure there are files there:
ls -l /opt/pakfire/tmp

#   copy this one file to a new location
cp -v ROOTFILES /opt/pakfire/db/rootfiles/rpz

#   run the install
NAME=rpz ./uninstall.sh

peppetech · 14 November 2024 01:07

Successfully updated to v.15

# NAME=rpz ./update.sh
Extracting backup includes...
var/ipfire/backup/addons/includes/
var/ipfire/backup/addons/includes/rpz
...Finished.
Stopping Unbound DNS Proxy...                                                                                                                                  [  OK  ]
Creating Backup...
tar: Removing leading `//' from member names
//etc/unbound/local.d/00-rpz.conf
tar: Removing leading `//' from hard link targets
//etc/unbound/zonefiles/allow.rpz
//etc/unbound/zonefiles/block.rpz
//var/ipfire/rpz/allowlist
//var/ipfire/rpz/blocklist
...Finished.
Removing files...
removed '/etc/unbound/local.d/00-rpz.conf'
removed '/etc/unbound/zonefiles/block.urlhaus.rpz.zone'
removed '/etc/unbound/zonefiles/block.threatfox.rpz.zone'
removed '/etc/unbound/zonefiles/block.rpz'
removed '/etc/unbound/zonefiles/allow.rpz'
removed directory '/etc/unbound/zonefiles'
removed '/usr/sbin/rpz-config'
removed '/usr/sbin/rpz-metrics'
removed '/usr/sbin/rpz-sleep'
removed '/var/ipfire/backup/addons/includes/rpz'
removed '/var/ipfire/rpz/blocklist'
removed '/var/ipfire/rpz/allowlist'
removed directory '/var/ipfire/rpz'
...Finished.
Extracting files...
etc/
etc/unbound/
etc/unbound/zonefiles/
etc/unbound/zonefiles/block.rpz
etc/unbound/zonefiles/allow.rpz
etc/unbound/local.d/
etc/unbound/local.d/00-rpz.conf
usr/
usr/sbin/
usr/sbin/rpz-sleep
usr/sbin/rpz-metrics
usr/sbin/rpz-config
var/
var/ipfire/
var/ipfire/rpz/
var/ipfire/rpz/blocklist
var/ipfire/rpz/allowlist
var/ipfire/backup/
var/ipfire/backup/addons/
var/ipfire/backup/addons/includes/
var/ipfire/backup/addons/includes/rpz
...Finished.
Restoring Backup...
etc/unbound/local.d/00-rpz.conf
etc/unbound/zonefiles/allow.rpz
etc/unbound/zonefiles/block.rpz
var/ipfire/rpz/allowlist
var/ipfire/rpz/blocklist
...Finished.
Starting Unbound DNS Proxy...

jon · 19 November 2024 22:42

some small changes…

rpz-beta-0.1.6-16.ipfire on 2024-11-18
rpz-make:

feature: updated validation regex

bug: moved validation to beginning of process. Now we validate before creating config files.

rpz.cgi:

feature: use CSS color variables of the main ipfire theme

bug: empty zonefile remarks were stored as “undef” and caused a warning

bug: HTML textarea removes the first empty line in a custom list

thank you Leo!

rpz-beta-0.1.16-16.ipfire.tar (40 KB)

tphz · 26 November 2024 10:02

After placing an entry in the field “Custom allowlist”

If we first click apply - the entry disappears , no allow.rpz file is created
If we first click save - the entry stays and is saved in the allow.rpz file

I created a test version of a RPZ add-on and I am looking for feedback

If the rpz-beta-0.1.nn-nn.ipfire file still exists at /opt/pakfire/tmp/

If the rpz-beta-0.1.nn-nn.ipfire file is missing at /opt/pakfire/tmp/

If the `rpz-beta-0.1.nn-nn.ipfire` file still exists at `/opt/pakfire/tmp/`

If the `rpz-beta-0.1.nn-nn.ipfire` file is missing at `/opt/pakfire/tmp/`