Reading in the firewall rules takes an incredibly long time

Hello,
i am currently using ipfire together with the asn script from maloe maloe/ASN_IPFire_Script: IPFire network object creator for IPv4 addresses based on ASN information - NotABug.org: Free code hosting. I use it to block all the “Datenkraken” like oracle, google, facebook, amazon, acxiom, experian etc…
Re-reading the firewall rules now takes about half an hour. It is not fun to change the rules. Is there a way to optimise this?

Greetings Frdhlm

I tested this on a VM

time ./asn.sh --add “facebook” took 21.095s
time ./asn.sh --add “facebook,experian” took 31.403s

The code does a lot of wget to fetch info.

Thank you, pavlos. Let’s not misunderstand each other. Is the code executed when the rules are updated?
For me, updating the firewall rules after changes takes an extremely long time. My problem is not related to the execution of the script.

Greetings frdhlm

Would this help?
https://wiki.ipfire.org/configuration/firewall/fwgroups/groups

Hi hvacguy,

I have already downloaded the ASN information and created network objects and groups from it. Like this: ASN-Skript: Datensammler haben ausgeschnüffelt – IPFire Teil3 ⋆ Kuketz IT-Security Blog .

The problem is that updating the firewall rules via the web interface takes a long time. The more network objects there are, the longer it takes.

I am looking for a solution to shorten this time. Maybe someone also uses this script and has optimised the process.

Greetings frdhlm

How many rules do you have, generated by the script?

Hi bbitsch,
The script does not generate any rules but almost only groups the networks together.
I’ve got a total of 39 rules, 15 of which refer to the network groups generated by the script.

Greetings frdhlm