mbox

[v2,0/8] ipblacklist: IP Address Blacklists

Message ID 20200427143123.6378-1-ipfr@tfitzgeorge.me.uk
Headers

Message

Tim FitzGeorge April 27, 2020, 2:31 p.m. UTC
  Implements downloading of IP address blacklists and implementing
them as IPSets.  A separate IPSet is used for each blacklist; this
simplifies handling of overlaps between different lists.  Traffic
to or from the red0/ppp0 interface is checked against the IPSets.
The check is placed before the IPS check as the IPSet check is
much lighter on CPU use which means that overall CPU use is
reduced.

The available lists are defined in a separate file.  A WUI page
allows the desired lists to be enabled.  A minimum update check
interval is defined for each blacklist in the definition file.

Changes since Version 1:

- Changed Dshield download URL to preferred address.
- Removed Abuse.ch blacklist (discontinued).
- Removed Talos Malicious blacklist (not for production use).
- Added Feodo recommended blacklist.
- Added blocklist.de all blacklist.
- Updated ignored messages in logwatch.
- Modified sources file 'rate' to allow unit to be specified.
- Updated sources file 'disable' to allow list to be specified.
- Removed autoblacklist.
- Added WUI log pages.
- Removed status from settings WUI page.

Tim FitzGeorge (8):
  ipblacklist: Main script
  ipblacklist: WUI Settings page
  ipblacklist: WUI Log page
  ipblacklist: WUI Log details page
  ipblacklist: WUI menus, language file etc
  ipblacklist: Ancillary files
  ipblacklist: Modifications to system
  ipblacklist: Build infrastructure

 config/backup/backup.pl                            |    1 +
 config/backup/include                              |    2 +
 config/ipblacklist/sources                         |  138 ++
 config/logwatch/ipblacklist                        |  105 ++
 config/logwatch/ipblacklist.conf                   |   34 +
 config/menu/50-firewall.menu                       |    5 +
 config/menu/70-log.menu                            |    5 +
 config/rootfiles/common/aarch64/stage2             |    1 +
 config/rootfiles/common/configroot                 |    2 +
 config/rootfiles/common/ipblacklist-sources        |    1 +
 config/rootfiles/common/logwatch                   |    2 +
 config/rootfiles/common/misc-progs                 |    2 +
 config/rootfiles/common/stage2                     |    1 +
 config/rootfiles/common/web-user-interface         |    3 +
 config/rootfiles/common/x86_64/stage2              |    1 +
 html/cgi-bin/ipblacklist.cgi                       |  463 +++++++
 html/cgi-bin/logs.cgi/ipblacklists.dat             |  363 +++++
 html/cgi-bin/logs.cgi/log.dat                      |    2 +
 html/cgi-bin/logs.cgi/showrequestfromblacklist.dat |  415 ++++++
 langs/en/cgi-bin/en.pl                             |   27 +-
 lfs/configroot                                     |    4 +-
 lfs/ipblacklist-sources                            |   53 +
 lfs/logwatch                                       |    2 +
 make.sh                                            |    1 +
 src/initscripts/system/firewall                    |   12 +
 src/misc-progs/Makefile                            |    2 +-
 src/misc-progs/getipsetstat.c                      |   25 +
 src/misc-progs/ipblacklistctrl.c                   |   48 +
 src/scripts/ipblacklist                            | 1382 ++++++++++++++++++++
 29 files changed, 3098 insertions(+), 4 deletions(-)
 create mode 100644 config/ipblacklist/sources
 create mode 100644 config/logwatch/ipblacklist
 create mode 100644 config/logwatch/ipblacklist.conf
 create mode 100644 config/rootfiles/common/ipblacklist-sources
 create mode 100644 html/cgi-bin/ipblacklist.cgi
 create mode 100755 html/cgi-bin/logs.cgi/ipblacklists.dat
 create mode 100755 html/cgi-bin/logs.cgi/showrequestfromblacklist.dat
 create mode 100644 lfs/ipblacklist-sources
 create mode 100644 src/misc-progs/getipsetstat.c
 create mode 100644 src/misc-progs/ipblacklistctrl.c
 create mode 100755 src/scripts/ipblacklist