IP Address Blacklists

cbrown · 11 August 2020 22:31

Haven’t heard any news of this feature for a while. Has it been abandoned?

ms · 12 August 2020 09:33

I think it looks like it.

Tim, who developed this, has not been responding to any emails recently. Nobody of the other developers was involved in this to carry this forward.

It would have been a great feature.

timf · 12 August 2020 19:23

Hi,
I’m still about (although I have been busy with COVID-19 related stuff). I don’t recall having received any emails about this recently, but I’m happy to do the work to get it into IPFire.

jesreal · 11 November 2020 21:12

Please do we will love this feature

trish · 22 November 2020 18:43

This looks like it will be awesome.

pmueller · 26 November 2020 09:10

Hi Tim,

no rush intended, but are you working on this or happen to have an ETA? With regards to events such as this one, the IP address blacklist feature would be very nice to have in IPFire, but we need a maintainer for it.

https://www.spamhaus.org/news/article/802/suspicious-network-resurrections

Thanks, and best regards,
Peter Müller

timf · 6 December 2020 18:54

The code I submitted in may (I think) is complete. It needs a slight modification for the latest version of IPFire, because the IPTables in the main chains have changed recently. I’m going to try to push the code changes to my repository in the next couple of weeks. Obviously, since the code is not in IPFire, it’s not at the top of my list of priorities, given all the extra work that COVID-19 seems to be putting in my direction. However if the code makes it in, I would intend to make sure it’s properly maintained.

pmueller · 7 December 2020 16:37

Hi,

great to hear that. Could you drop me/us a line in case you have done so?

I believe this is the message we have been waiting for. If there is some spare time left on tonight’s telephone conference, I will bring that up once more, and hope to finally make this land in IPFire.

Thanks, and best regards,
Peter Müller

anon65703081 · 19 December 2020 14:15

1 Hopefully it finds its way into ipfire by default as long as again here the installation works without problems GitHub - timfprogs/ipfblocklist: IP Blocklists for IPFire also with Core 153 testing.

roberto · 21 December 2020 07:30

Hi.

I have encountered a problem with this addon. If I check the group BOGON_FULL, for example, it blocks my communications from Green to Red because it denies me two-way communications. If I uncheck the BOGON_FULL group in the IP Blocklist module, this filtering does not disappear.

Even if I disable the module:

The rules keep popping up.

How to fix it?

Regards.

timf · 21 December 2020 16:08

The BOGON lists will cause problems if your red interface has a private IP address (usually 192.168.x.x).

To try to fix the problem log into the command line and try the following:

Is ipblocklist running? (pgrep ipblocklist).
If it is, kill it.
Look at the settings file /var/ipfire/ipblocklist/settings.
Is BOGON_FULL set to ‘on’ or ‘off’ (should be ‘off’).
If it’s set to off:
1. Have a look in /var/log/httpd/error_log
  Are there any error messages in there that look relevant?
2. Using a text editor change the setting to ‘off’.
Run ipblocklist.pl.
Are there any error messages?
As a last resort enter the following commands:

iptables -D INPUT -i red0 -j BOGON_FULL
iptables -D FORWARD -i red0 -j BOGON_FULL
iptables -F BOGON_FULL
iptables -F BOGON_FULL_BLOCK
iptables -X BOGON_FULL
iptables -X BOGON_FULL_BLOCK
ipset flush BOGON_FULL
ipset destroy BOGON_FULL

It’s important to get the order right.

There will also be a file in /etc/ipset/blocklist that you can delete.

roberto · 21 December 2020 19:27

Thanks Tim for this.

Is solved.

But it would be great if the uninstaller removed all the entries from iptables.

Thanks again.

Regards.

timf · 28 December 2020 18:45

I’ve now pushed the updated code to my repository; it’s been running for a few days on one of my systems without problems.

The only changes from the patches I submitted earlier this year are in src/initscripts/system/firewall and make.sh.

Tim

peppetech · 9 February 2021 07:56

Hello Tim,

Great work on this Add-on

is this Add-On and you repository for public use or is it for private use only?

bonnietwin · 17 February 2021 09:13

Hi @peppetech

This addon is not yet part of IPFire.

bonnietwin · 17 February 2021 09:19

Hi @timf

With the changes in IPFire since May 2020 and the newer fixes you have made, I think it would be good if you could submit a new version of your patches. Core Update 154 is in testing now so Core Update 155 has just started being merged so it would be a good point in time to get involved again.

peppetech · 17 February 2021 17:06

Thank you for letting me know @bonniewin

friseer · 22 March 2021 11:11

Hello
first I would say, that is the best coming addon for ipfire, that I was waiting for since core86.
Now I’m using it since core153 without major Problems. I integrated some more lists for me, but I will share with you all if you like. I also fixed some things like urls they did not work. One of them is obsolete, cause the service of it exists no more.
I can create lists in most used formats not only cidr for ipfire. So I will share this with you in future. This service runs only for me lokal at the moment. But I will tell you the url if someone has interests. But keep in mind that traffic is limited. Perhaps someone will take my lists and provide them on a more efficient system.
But one thing I do not understand with ipBlacklist for now is:
in source with ‘rate’ . What is the meening of 24? Is this 24 times a day? (every hour)
In WUI dropdown is at slow. What is the diffrence of that three positions(slow,medium,fast)?
In the beginning, I set all to 1, and nevertheless some lists has blocked my ip. For some services I think the update where too often. May someone explain me that especially?

And:
Whats the trick that some lists starts its update? Some lists do never start there update and I dont understand why. They added correctly First listload and iptables load is all correct. All works fine. IPs where blocked and visible in log. The lists are not ever the same and they are changing like other lists. Headers are or not will not make a difference. First line changing also. So I see not what makes the difference that I can make a change too work. Thanks for your help. Friseersources.zip (2,3 KB)

specfire · 19 March 2022 21:57

This post is a year old and it has been 15 months since Tim FitzGeorge provided an update to this post. I am very interested in this feature. Does anyone have an update?

bonnietwin · 19 March 2022 22:16

Please see thread https://community.ipfire.org/t/can-i-help-progress-version2-of-ipblacklist-addon/6998
@helix has submitted a patch for implementing the ipblocklists as a core item and it is being integrated into the wui.

If you want to see more of the communications beyond the end of that thread then you can look through the dev mailing list https://lists.ipfire.org/pipermail/development/ - sort by subject and look for “ipblacklist V2”