From patchwork Mon Nov 25 20:13:09 2019
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Tim FitzGeorge <ipfr@tfitzgeorge.me.uk>
X-Patchwork-Id: 2612
Return-Path: <development-bounces@lists.ipfire.org>
Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature ECDSA (P-384)
	 client-signature ECDSA (P-384))
	(Client CN "mail01.haj.ipfire.org",
 Issuer "Let's Encrypt Authority X3" (verified OK))
	by web04.haj.ipfire.org (Postfix) with ESMTPS id 47MJDB2dZFz43WL
	for <patchwork@web04.haj.ipfire.org>; Mon, 25 Nov 2019 20:14:50 +0000 (UTC)
Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384
	 client-signature ECDSA (P-384) client-digest SHA384)
	(Client CN "mail02.haj.ipfire.org",
 Issuer "Let's Encrypt Authority X3" (verified OK))
	by mail01.ipfire.org (Postfix) with ESMTPS id 47MJD96zNzz2bZ;
	Mon, 25 Nov 2019 20:14:49 +0000 (UTC)
Received: from mail02.haj.ipfire.org (localhost [127.0.0.1])
	by mail02.haj.ipfire.org (Postfix) with ESMTP id 47MJD95sx0z2yYg;
	Mon, 25 Nov 2019 20:14:49 +0000 (UTC)
Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature ECDSA (P-384)
 client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org",
 Issuer "Let's Encrypt Authority X3" (verified OK))
 by mail02.haj.ipfire.org (Postfix) with ESMTPS id 47MJD82XfQz2xlf
 for <development@lists.ipfire.org>; Mon, 25 Nov 2019 20:14:48 +0000 (UTC)
Received: from smtp.hosts.co.uk (smtp.hosts.co.uk [85.233.160.19])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384)
 (Client did not present a certificate)
 by mail01.ipfire.org (Postfix) with ESMTPS id 47MJD76QpMz2M5
 for <development@lists.ipfire.org>; Mon, 25 Nov 2019 20:14:47 +0000 (UTC)
Received: from [95.149.142.227] (helo=aragorn.tfitzgeorge.me.uk)
 by smtp.hosts.co.uk with esmtpa (Exim)
 (envelope-from <ipfr@tfitzgeorge.me.uk>)
 id 1iZKkw-0004iW-9s; Mon, 25 Nov 2019 20:14:47 +0000
From: Tim FitzGeorge <ipfr@tfitzgeorge.me.uk>
To: development@lists.ipfire.org
Subject: [PATCH 5/5] ipblacklist: Build infrastructure
Date: Mon, 25 Nov 2019 20:13:09 +0000
Message-Id: <20191125201309.10840-6-ipfr@tfitzgeorge.me.uk>
X-Mailer: git-send-email 2.16.4
In-Reply-To: <20191125201309.10840-1-ipfr@tfitzgeorge.me.uk>
References: <20191125201309.10840-1-ipfr@tfitzgeorge.me.uk>
Authentication-Results: mail01.ipfire.org; dkim=none; dmarc=none;
 spf=pass (mail01.ipfire.org: domain of ipfr@tfitzgeorge.me.uk designates
 85.233.160.19 as permitted sender) smtp.mailfrom=ipfr@tfitzgeorge.me.uk
X-Rspamd-Queue-Id: 47MJD76QpMz2M5
X-Spamd-Result: default: False [-2.41 / 11.00]; RCVD_VIA_SMTP_AUTH(0.00)[];
 ARC_NA(0.00)[]; RCVD_IN_DNSWL_LOW(-0.10)[85.233.160.19:from];
 FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[];
 RWL_MAILSPIKE_GOOD(0.00)[85.233.160.19:from];
 R_SPF_ALLOW(-0.20)[+ip4:85.233.160.0/27];
 MIME_GOOD(-0.10)[text/plain];
 SENDER_REP_HAM(0.00)[asn: 8622(0.00), country: GB(-0.01), ip:
 85.233.160.19(0.00)]; DMARC_NA(0.00)[tfitzgeorge.me.uk];
 RECEIVED_SPAMHAUS_PBL(0.00)[95.149.142.227:received];
 TO_MATCH_ENVRCPT_SOME(0.00)[];
 MX_GOOD(-0.01)[cached: mx1.ukservers.net];
 RCPT_COUNT_TWO(0.00)[2]; MID_CONTAINS_FROM(1.00)[];
 FROM_EQ_ENVFROM(0.00)[]; RCVD_TLS_LAST(0.00)[];
 R_DKIM_NA(0.00)[];
 ASN(0.00)[asn:8622, ipnet:85.233.160.0/19, country:GB];
 MIME_TRACE(0.00)[0:+]; BAYES_HAM(-3.00)[99.99%];
 RCVD_COUNT_TWO(0.00)[2]
X-Rspamd-Server: mail01.haj.ipfire.org
X-BeenThere: development@lists.ipfire.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IPFire development talk <development.lists.ipfire.org>
List-Unsubscribe: <https://lists.ipfire.org/mailman/options/development>,
 <mailto:development-request@lists.ipfire.org?subject=unsubscribe>
List-Archive: <http://lists.ipfire.org/pipermail/development/>
List-Post: <mailto:development@lists.ipfire.org>
List-Help: <mailto:development-request@lists.ipfire.org?subject=help>
List-Subscribe: <https://lists.ipfire.org/mailman/listinfo/development>,
 <mailto:development-request@lists.ipfire.org?subject=subscribe>
Errors-To: development-bounces@lists.ipfire.org
Sender: "Development" <development-bounces@lists.ipfire.org>

Signed-off-by: Tim FitzGeorge <ipfr@tfitzgeorge.me.uk>
---
 config/rootfiles/common/aarch64/stage2      |  1 +
 config/rootfiles/common/configroot          |  2 ++
 config/rootfiles/common/ipblacklist-sources |  1 +
 config/rootfiles/common/logwatch            |  2 ++
 config/rootfiles/common/misc-progs          |  2 ++
 config/rootfiles/common/stage2              |  1 +
 config/rootfiles/common/web-user-interface  |  1 +
 config/rootfiles/common/x86_64/stage2       |  1 +
 lfs/configroot                              |  4 +--
 lfs/ipblacklist-sources                     | 53 +++++++++++++++++++++++++++++
 lfs/logwatch                                |  2 ++
 make.sh                                     | 11 +++---
 src/misc-progs/Makefile                     |  2 +-
 13 files changed, 75 insertions(+), 8 deletions(-)
 create mode 100644 config/rootfiles/common/ipblacklist-sources
 create mode 100644 lfs/ipblacklist-sources

diff --git a/config/rootfiles/common/aarch64/stage2 b/config/rootfiles/common/aarch64/stage2
index 366ab2bb0..5a598e3b1 100644
--- a/config/rootfiles/common/aarch64/stage2
+++ b/config/rootfiles/common/aarch64/stage2
@@ -93,6 +93,7 @@ usr/local/bin/connscheduler
 usr/local/bin/consort.sh
 usr/local/bin/convert-ovpn
 usr/local/bin/hddshutdown
+usr/local/bin/ipblacklist
 usr/local/bin/ipsec-interfaces
 usr/local/bin/makegraphs
 usr/local/bin/qosd
diff --git a/config/rootfiles/common/configroot b/config/rootfiles/common/configroot
index 56b0257bc..2f0e2440a 100644
--- a/config/rootfiles/common/configroot
+++ b/config/rootfiles/common/configroot
@@ -81,6 +81,8 @@ var/ipfire/geoip-functions.pl
 var/ipfire/graphs.pl
 var/ipfire/header.pl
 var/ipfire/ids-functions.pl
+var/ipfire/ipblacklist
+#var/ipfire/ipblacklist/settings
 var/ipfire/isdn
 #var/ipfire/isdn/settings
 var/ipfire/key
diff --git a/config/rootfiles/common/ipblacklist-sources b/config/rootfiles/common/ipblacklist-sources
new file mode 100644
index 000000000..7f54b1bbf
--- /dev/null
+++ b/config/rootfiles/common/ipblacklist-sources
@@ -0,0 +1 @@
+var/ipfire/ipblacklist/sources
diff --git a/config/rootfiles/common/logwatch b/config/rootfiles/common/logwatch
index c47fb4199..8b4810d97 100644
--- a/config/rootfiles/common/logwatch
+++ b/config/rootfiles/common/logwatch
@@ -192,6 +192,7 @@ usr/share/logwatch/default.conf/services/zz-sys.conf
 usr/share/logwatch/dist.conf/logfiles
 usr/share/logwatch/dist.conf/services
 usr/share/logwatch/dist.conf/services/dialup.conf
+usr/share/logwatch/dist.conf/services/ipblacklist.conf
 #usr/share/logwatch/lib
 usr/share/logwatch/lib/Logwatch.pm
 #usr/share/logwatch/scripts
@@ -256,6 +257,7 @@ usr/share/logwatch/scripts/services/http
 usr/share/logwatch/scripts/services/imapd
 #usr/share/logwatch/scripts/services/in.qpopper
 usr/share/logwatch/scripts/services/init
+usr/share/logwatch/scripts/services/ipblacklist
 usr/share/logwatch/scripts/services/ipop3d
 usr/share/logwatch/scripts/services/iptables
 usr/share/logwatch/scripts/services/kernel
diff --git a/config/rootfiles/common/misc-progs b/config/rootfiles/common/misc-progs
index c48a474b2..d17f3dd80 100644
--- a/config/rootfiles/common/misc-progs
+++ b/config/rootfiles/common/misc-progs
@@ -10,8 +10,10 @@ usr/local/bin/extrahdctrl
 usr/local/bin/fireinfoctrl
 usr/local/bin/firewallctrl
 usr/local/bin/getconntracktable
+usr/local/bin/getipsetstat
 usr/local/bin/getipstat
 #usr/local/bin/iowrap
+usr/local/bin/ipblacklistctrl
 usr/local/bin/ipfirereboot
 usr/local/bin/ipsecctrl
 usr/local/bin/launch-ether-wake
diff --git a/config/rootfiles/common/stage2 b/config/rootfiles/common/stage2
index d9068415b..a558050a7 100644
--- a/config/rootfiles/common/stage2
+++ b/config/rootfiles/common/stage2
@@ -92,6 +92,7 @@ usr/local/bin/connscheduler
 usr/local/bin/consort.sh
 usr/local/bin/convert-ovpn
 usr/local/bin/hddshutdown
+usr/local/bin/ipblacklist
 usr/local/bin/ipsec-interfaces
 usr/local/bin/makegraphs
 usr/local/bin/qosd
diff --git a/config/rootfiles/common/web-user-interface b/config/rootfiles/common/web-user-interface
index a88dd8770..da4fcde77 100644
--- a/config/rootfiles/common/web-user-interface
+++ b/config/rootfiles/common/web-user-interface
@@ -35,6 +35,7 @@ srv/web/ipfire/cgi-bin/hardwaregraphs.cgi
 srv/web/ipfire/cgi-bin/hosts.cgi
 srv/web/ipfire/cgi-bin/ids.cgi
 srv/web/ipfire/cgi-bin/index.cgi
+srv/web/ipfire/cgi-bin/ipblacklist.cgi
 srv/web/ipfire/cgi-bin/ipinfo.cgi
 srv/web/ipfire/cgi-bin/iptables.cgi
 srv/web/ipfire/cgi-bin/logs.cgi
diff --git a/config/rootfiles/common/x86_64/stage2 b/config/rootfiles/common/x86_64/stage2
index d90e3d70a..9c9b6c756 100644
--- a/config/rootfiles/common/x86_64/stage2
+++ b/config/rootfiles/common/x86_64/stage2
@@ -94,6 +94,7 @@ usr/local/bin/connscheduler
 usr/local/bin/consort.sh
 usr/local/bin/convert-ovpn
 usr/local/bin/hddshutdown
+usr/local/bin/ipblacklist
 usr/local/bin/ipsec-interfaces
 usr/local/bin/makegraphs
 usr/local/bin/qosd
diff --git a/lfs/configroot b/lfs/configroot
index 227d09239..4a4c919de 100644
--- a/lfs/configroot
+++ b/lfs/configroot
@@ -51,7 +51,7 @@ $(TARGET) :
 
 	# Create all directories
 	for i in addon-lang auth backup ca captive certs connscheduler crls ddns dhcp dhcpc dns dnsforward \
-			ethernet extrahd/bin fwlogs fwhosts firewall isdn key langs logging mac main \
+			ethernet extrahd/bin fwlogs fwhosts firewall ipblacklist isdn key langs logging mac main \
 			menu.d modem optionsfw \
 			ovpn patches pakfire portfw ppp private proxy/advanced/cre \
 			proxy/calamaris/bin qos/bin red remote sensors suricata time \
@@ -65,7 +65,7 @@ $(TARGET) :
 	    captive/settings captive/agb.txt captive/clients captive/voucher_out certs/index.txt certs/index.txt.attr ddns/config ddns/settings ddns/ipcache dhcp/settings \
 	    dhcp/fixleases dhcp/advoptions dhcp/dhcpd.conf.local dns/settings dnsforward/config ethernet/aliases ethernet/settings ethernet/known_nics ethernet/scanned_nics \
 	    ethernet/wireless extrahd/scan extrahd/devices extrahd/partitions extrahd/settings firewall/settings firewall/config firewall/geoipblock firewall/input firewall/outgoing \
-	    fwhosts/customnetworks fwhosts/customhosts fwhosts/customgroups fwhosts/customservicegrp fwhosts/customgeoipgrp fwlogs/ipsettings fwlogs/portsettings \
+	    fwhosts/customnetworks fwhosts/customhosts fwhosts/customgroups fwhosts/customservicegrp fwhosts/customgeoipgrp fwlogs/ipsettings fwlogs/portsettings ipblacklist/settings \
 	    isdn/settings mac/settings main/hosts main/routing main/security main/settings optionsfw/settings \
 	    ovpn/ccd.conf ovpn/ccdroute ovpn/ccdroute2 pakfire/settings portfw/config ppp/settings-1 ppp/settings-2 ppp/settings-3 ppp/settings-4 \
 	    ppp/settings-5 ppp/settings proxy/settings proxy/squid.conf proxy/advanced/settings proxy/advanced/cre/enable remote/settings qos/settings qos/classes qos/subclasses qos/level7config qos/portconfig \
diff --git a/lfs/ipblacklist-sources b/lfs/ipblacklist-sources
new file mode 100644
index 000000000..c9431285d
--- /dev/null
+++ b/lfs/ipblacklist-sources
@@ -0,0 +1,53 @@
+###############################################################################
+#                                                                             #
+# IPFire.org - A linux based firewall                                         #
+# Copyright (C) 2007  Michael Tremer & Christian Schmidt                      #
+#                                                                             #
+# This program is free software: you can redistribute it and/or modify        #
+# it under the terms of the GNU General Public License as published by        #
+# the Free Software Foundation, either version 3 of the License, or           #
+# (at your option) any later version.                                         #
+#                                                                             #
+# This program is distributed in the hope that it will be useful,             #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of              #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the               #
+# GNU General Public License for more details.                                #
+#                                                                             #
+# You should have received a copy of the GNU General Public License           #
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.       #
+#                                                                             #
+###############################################################################
+
+###############################################################################
+# Definitions
+###############################################################################
+
+include Config
+
+VER        = ipfire
+
+THISAPP    = ipblacklist-sources
+TARGET     = $(DIR_INFO)/$(THISAPP)
+
+###############################################################################
+# Top-level Rules
+###############################################################################
+
+install : $(TARGET)
+
+check :
+
+download :
+
+md5 :
+
+###############################################################################
+# Installation Details
+###############################################################################
+
+$(TARGET) :
+	@$(PREBUILD)
+	mkdir -p /var/ipfire/ipblacklist
+	install -v -m 0644 $(DIR_SRC)/config/ipblacklist/sources /var/ipfire/ipblacklist
+
+	@$(POSTBUILD)
diff --git a/lfs/logwatch b/lfs/logwatch
index eb576717c..368a6b6bf 100644
--- a/lfs/logwatch
+++ b/lfs/logwatch
@@ -93,6 +93,8 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
 	#  done
 	cp -f $(DIR_SRC)/config/logwatch/dialup /usr/share/logwatch/scripts/services/dialup
 	cp -f $(DIR_SRC)/config/logwatch/dialup.conf /usr/share/logwatch/dist.conf/services/dialup.conf
+	cp -f $(DIR_SRC)/config/logwatch/ipblacklist /usr/share/logwatch/scripts/services/ipblacklist
+	cp -f $(DIR_SRC)/config/logwatch/ipblacklist.conf /usr/share/logwatch/dist.conf/services/ipblacklist.conf
 	
 	-mkdir -p /var/cache/logwatch
 	chmod -v 777 /var/cache/logwatch
diff --git a/make.sh b/make.sh
index 771c5ff89..207ca331b 100755
--- a/make.sh
+++ b/make.sh
@@ -1631,6 +1631,7 @@ buildipfire() {
   lfsmake2 tshark
   lfsmake2 geoip-generator
   lfsmake2 speedtest-cli
+  lfsmake2 ipblacklist-sources
 }
 
 buildinstaller() {
@@ -1648,7 +1649,7 @@ buildpackages() {
   export LOGFILE
   echo "... see detailed log in _build.*.log files" >> $LOGFILE
 
-  
+
   # Generating list of packages used
   print_line "Generating packages list from logs"
   rm -f $BASEDIR/doc/packages-list
@@ -1663,7 +1664,7 @@ buildpackages() {
   rm -f $BASEDIR/doc/packages-list
   # packages-list.txt is ready to be displayed for wiki page
   print_status DONE
-  
+
   # Update changelog
   cd $BASEDIR
   [ -z $GIT_TAG ]  || LAST_TAG=$GIT_TAG
@@ -1738,7 +1739,7 @@ while [ $# -gt 0 ]; do
 done
 
 # See what we're supposed to do
-case "$1" in 
+case "$1" in
 build)
 	START_TIME=$(now)
 
@@ -1777,7 +1778,7 @@ build)
 
 	print_build_stage "Building packages"
 	buildpackages
-	
+
 	print_build_stage "Checking Logfiles for new Files"
 
 	cd $BASEDIR
@@ -1842,7 +1843,7 @@ downloadsrc)
 	FINISHED=0
 	cd $BASEDIR/lfs
 	for c in `seq $MAX_RETRIES`; do
-		if (( FINISHED==1 )); then 
+		if (( FINISHED==1 )); then
 			break
 		fi
 		FINISHED=1
diff --git a/src/misc-progs/Makefile b/src/misc-progs/Makefile
index bea54e773..60b3965e0 100644
--- a/src/misc-progs/Makefile
+++ b/src/misc-progs/Makefile
@@ -32,7 +32,7 @@ SUID_PROGS = squidctrl sshctrl ipfirereboot \
 	smartctrl clamavctrl addonctrl pakfire mpfirectrl wlanapctrl \
 	setaliases urlfilterctrl updxlratorctrl fireinfoctrl rebuildroutes \
 	getconntracktable wirelessclient torctrl ddnsctrl unboundctrl \
-	captivectrl
+	captivectrl ipblacklistctrl getipsetstat
 SUID_UPDX = updxsetperms
 
 OBJS = $(patsubst %,%.o,$(PROGS) $(SUID_PROGS))