[v2,0/8] ipblacklist: IP Address Blacklists
Message ID | 20200427143123.6378-1-ipfr@tfitzgeorge.me.uk |
---|---|
Headers |
Return-Path: <development-bounces@lists.ipfire.org> Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384 client-signature ECDSA (P-384) client-digest SHA384) (Client CN "mail01.haj.ipfire.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 499nKh5GTDz3xQy for <patchwork@web04.haj.ipfire.org>; Mon, 27 Apr 2020 14:32:08 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail02.haj.ipfire.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 499nKf6wk3zXb; Mon, 27 Apr 2020 14:32:06 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 499nKf4hbNz2yVN; Mon, 27 Apr 2020 14:32:06 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384 client-signature ECDSA (P-384) client-digest SHA384) (Client CN "mail01.haj.ipfire.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 499nKc5ftSz2xnp for <development@lists.ipfire.org>; Mon, 27 Apr 2020 14:32:04 +0000 (UTC) Received: from smtp.hosts.co.uk (smtp.hosts.co.uk [85.233.160.19]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384) (Client did not present a certificate) by mail01.ipfire.org (Postfix) with ESMTPS id 499nKZ63cszg3 for <development@lists.ipfire.org>; Mon, 27 Apr 2020 14:32:02 +0000 (UTC) Received: from [95.149.142.196] (helo=aragorn.hosts.co.uk.tfitzgeorge.me.uk) by smtp.hosts.co.uk with esmtpa (Exim) (envelope-from <ipfr@tfitzgeorge.me.uk>) id 1jT4nb-0003Z9-6T; Mon, 27 Apr 2020 15:31:56 +0100 From: Tim FitzGeorge <ipfr@tfitzgeorge.me.uk> To: development@lists.ipfire.org Subject: [PATCH v2 0/8] ipblacklist: IP Address Blacklists Date: Mon, 27 Apr 2020 15:31:15 +0100 Message-Id: <20200427143123.6378-1-ipfr@tfitzgeorge.me.uk> X-Mailer: git-send-email 2.16.4 ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=lists.ipfire.org; s=202003rsa; t=1587997923; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc; bh=mw/y6OgFT/Km6IuFuVzWKaca22Vbl86YVckmxcOi0bs=; b=YNdUEwR5o8XyikuHjLholTJyBiej7sizeZknMH4AQGgE+Obd/eX6TYWCcNP/H1MYko1gqH uBREgb8wfcYuL85buvh+W8qVJiGH9kpc8DGSsQzRR2tiJiZEfYxTY2amPU4ht6QdeD+AMk CYk+6ZTysVsQgTdtwdLGAEnRNkD8BEmKOWl47qWcBfLxP/9AyEk9gdKhIisJGLQRu8K6R0 XkFsCDEUN+WSnvrvShyT+YbWqQd0zut72cJGGFHXAIf4whlITrRrSzFn0GoQkxLl7tYUrA ar0YajEBJ0JcVSANiu9hEfPxkWdrLA2oyxmdUJlb1heEEgJCv2d5piR6JVbizw== ARC-Seal: i=1; s=202003rsa; d=lists.ipfire.org; t=1587997923; a=rsa-sha256; cv=none; b=f4hQ/r0jja4OCqXnmW0jC9XoFCTJoz2gEgJCPF2FWFSfo3gLcumZu/GPAt5N7FBUIF7PYc Zyrw/Ny/sGo/ODn9F3HMzSB35IHmdp7fgsPdfQ9meKEiGKi4ezs0jUvlaeVl0FOgvoLXX3 f3/b71FfVNf0LX/QO+VKjcqv26ZJPdxe2A6nyJ5vnq9pBSO7yIrc8y9M8gmCcAwbFRzBS1 YOjDOOsLP71cbw3T2IJGJQ5I9GGqzdOzPc85dC61LNpp9O8h6z3GAZpLkkSa5Vn0xzXZQ2 /1bR3MlGiUwSnakVNOLlg9ofhUYwMoLLdsphy0N4T+uXGr+Z9PNzA2WBvnoNQg== ARC-Authentication-Results: i=1; mail01.ipfire.org; dkim=none; spf=pass (mail01.ipfire.org: domain of ipfr@tfitzgeorge.me.uk designates 85.233.160.19 as permitted sender) smtp.mailfrom=ipfr@tfitzgeorge.me.uk Authentication-Results: mail01.ipfire.org; dkim=none; dmarc=none; spf=pass (mail01.ipfire.org: domain of ipfr@tfitzgeorge.me.uk designates 85.233.160.19 as permitted sender) smtp.mailfrom=ipfr@tfitzgeorge.me.uk X-Rspamd-Queue-Id: 499nKZ63cszg3 X-Spamd-Result: default: False [-3.30 / 11.00]; RCVD_TLS_LAST(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; ARC_NA(0.00)[]; FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[]; RWL_MAILSPIKE_GOOD(0.00)[85.233.160.19:from]; R_SPF_ALLOW(-0.20)[+ip4:85.233.160.0/27]; MIME_GOOD(-0.10)[text/plain]; ARC_SIGNED(0.00)[i=1]; DMARC_NA(0.00)[tfitzgeorge.me.uk]; RECEIVED_SPAMHAUS_PBL(0.00)[95.149.142.196:received]; TO_MATCH_ENVRCPT_SOME(0.00)[]; MX_GOOD(-0.01)[]; RCPT_COUNT_TWO(0.00)[2]; MID_CONTAINS_FROM(1.00)[]; NEURAL_HAM(-0.93)[-0.935]; IP_REPUTATION_SPAM(0.01)[asn: 8622(0.00), country: GB(0.01), ip: 85.233.160.19(0.00)]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:8622, ipnet:85.233.160.0/19, country:GB]; RCVD_COUNT_TWO(0.00)[2]; BAYES_HAM(-2.96)[99.84%]; RCVD_IN_DNSWL_LOW(-0.10)[85.233.160.19:from] X-Rspamd-Server: mail01.haj.ipfire.org X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: IPFire development talk <development.lists.ipfire.org> List-Unsubscribe: <https://lists.ipfire.org/mailman/options/development>, <mailto:development-request@lists.ipfire.org?subject=unsubscribe> List-Archive: <http://lists.ipfire.org/pipermail/development/> List-Post: <mailto:development@lists.ipfire.org> List-Help: <mailto:development-request@lists.ipfire.org?subject=help> List-Subscribe: <https://lists.ipfire.org/mailman/listinfo/development>, <mailto:development-request@lists.ipfire.org?subject=subscribe> Errors-To: development-bounces@lists.ipfire.org Sender: "Development" <development-bounces@lists.ipfire.org> |
Message
Tim FitzGeorge
April 27, 2020, 2:31 p.m. UTC
Implements downloading of IP address blacklists and implementing them as IPSets. A separate IPSet is used for each blacklist; this simplifies handling of overlaps between different lists. Traffic to or from the red0/ppp0 interface is checked against the IPSets. The check is placed before the IPS check as the IPSet check is much lighter on CPU use which means that overall CPU use is reduced. The available lists are defined in a separate file. A WUI page allows the desired lists to be enabled. A minimum update check interval is defined for each blacklist in the definition file. Changes since Version 1: - Changed Dshield download URL to preferred address. - Removed Abuse.ch blacklist (discontinued). - Removed Talos Malicious blacklist (not for production use). - Added Feodo recommended blacklist. - Added blocklist.de all blacklist. - Updated ignored messages in logwatch. - Modified sources file 'rate' to allow unit to be specified. - Updated sources file 'disable' to allow list to be specified. - Removed autoblacklist. - Added WUI log pages. - Removed status from settings WUI page. Tim FitzGeorge (8): ipblacklist: Main script ipblacklist: WUI Settings page ipblacklist: WUI Log page ipblacklist: WUI Log details page ipblacklist: WUI menus, language file etc ipblacklist: Ancillary files ipblacklist: Modifications to system ipblacklist: Build infrastructure config/backup/backup.pl | 1 + config/backup/include | 2 + config/ipblacklist/sources | 138 ++ config/logwatch/ipblacklist | 105 ++ config/logwatch/ipblacklist.conf | 34 + config/menu/50-firewall.menu | 5 + config/menu/70-log.menu | 5 + config/rootfiles/common/aarch64/stage2 | 1 + config/rootfiles/common/configroot | 2 + config/rootfiles/common/ipblacklist-sources | 1 + config/rootfiles/common/logwatch | 2 + config/rootfiles/common/misc-progs | 2 + config/rootfiles/common/stage2 | 1 + config/rootfiles/common/web-user-interface | 3 + config/rootfiles/common/x86_64/stage2 | 1 + html/cgi-bin/ipblacklist.cgi | 463 +++++++ html/cgi-bin/logs.cgi/ipblacklists.dat | 363 +++++ html/cgi-bin/logs.cgi/log.dat | 2 + html/cgi-bin/logs.cgi/showrequestfromblacklist.dat | 415 ++++++ langs/en/cgi-bin/en.pl | 27 +- lfs/configroot | 4 +- lfs/ipblacklist-sources | 53 + lfs/logwatch | 2 + make.sh | 1 + src/initscripts/system/firewall | 12 + src/misc-progs/Makefile | 2 +- src/misc-progs/getipsetstat.c | 25 + src/misc-progs/ipblacklistctrl.c | 48 + src/scripts/ipblacklist | 1382 ++++++++++++++++++++ 29 files changed, 3098 insertions(+), 4 deletions(-) create mode 100644 config/ipblacklist/sources create mode 100644 config/logwatch/ipblacklist create mode 100644 config/logwatch/ipblacklist.conf create mode 100644 config/rootfiles/common/ipblacklist-sources create mode 100644 html/cgi-bin/ipblacklist.cgi create mode 100755 html/cgi-bin/logs.cgi/ipblacklists.dat create mode 100755 html/cgi-bin/logs.cgi/showrequestfromblacklist.dat create mode 100644 lfs/ipblacklist-sources create mode 100644 src/misc-progs/getipsetstat.c create mode 100644 src/misc-progs/ipblacklistctrl.c create mode 100755 src/scripts/ipblacklist