frdhlm
(frdhlm poehlmann)
31 December 2020 20:41
#1
Hello,
i am currently using ipfire together with the asn script from maloe maloe/ASN_IPFire_Script: IPFire network object creator for IPv4 addresses based on ASN information - NotABug.org: Free code hosting . I use it to block all the “Datenkraken” like oracle, google, facebook, amazon, acxiom, experian etc…
Re-reading the firewall rules now takes about half an hour. It is not fun to change the rules. Is there a way to optimise this?
Greetings Frdhlm
pavlos
(paul)
31 December 2020 22:07
#2
I tested this on a VM
time ./asn.sh --add “facebook” took 21.095s
time ./asn.sh --add “facebook,experian” took 31.403s
The code does a lot of wget to fetch info.
frdhlm
(frdhlm poehlmann)
1 January 2021 11:07
#3
Thank you, pavlos. Let’s not misunderstand each other. Is the code executed when the rules are updated?
For me, updating the firewall rules after changes takes an extremely long time. My problem is not related to the execution of the script.
Greetings frdhlm
hvacguy
(Shaun HVAC)
1 January 2021 15:42
#4
frdhlm
(frdhlm poehlmann)
2 January 2021 09:46
#5
Hi hvacguy,
I have already downloaded the ASN information and created network objects and groups from it. Like this: ASN-Skript: Datensammler haben ausgeschnüffelt – IPFire Teil3 ⋆ Kuketz IT-Security Blog .
The problem is that updating the firewall rules via the web interface takes a long time. The more network objects there are, the longer it takes.
I am looking for a solution to shorten this time. Maybe someone also uses this script and has optimised the process.
Greetings frdhlm
bbitsch
(Bernhard Bitsch)
2 January 2021 13:12
#6
How many rules do you have, generated by the script?
frdhlm
(frdhlm poehlmann)
4 January 2021 19:54
#7
Hi bbitsch,
The script does not generate any rules but almost only groups the networks together.
I’ve got a total of 39 rules, 15 of which refer to the network groups generated by the script.
Greetings frdhlm