Menu
▾
▴
Re: [Astlinux-devel] Using APIBAN in Astlinux
|
From: Michael K. <li...@mk...> - 2021-10-15 14:01:39
|
I would prefer to keep it separated as "apiban.netset" (and an additional "apiban" parameter for "reload-blocklist-netset"), cause this is not for everyone IMHO. On those systems where I want it, I will update it more often (let's say hourly) compared to the 2 times per day update of the other netsets. E.g. ---- ## update blocklists 45 03,15 * * * reload-blocklist-netset /mnt/kd/blocklists firehol_level1 firehol_webclient asterisk custom >/dev/null 2>&1 ## Test apiban 07 * * * * /mnt/kd/bin/apiban-netset > /mnt/kd/blocklists/apiban.netset; arno-iptables-firewall force-reload ---- > Am 15.10.2021 um 15:09 schrieb Lonnie Abelbeck <li...@lo...>: > > Thanks Michael for testing. > > Yes, the 'apiban' IPs seem high quality, seemingly aged after 7 days or so, and regularly updated. > > If we were to incorporate apiban-netset into the reload-blocklist-netset script, should it be a new 'apiban' type or include it as part of the existing 'asterisk' type? > > Lonnie > > >> On Oct 15, 2021, at 4:49 AM, Michael Keuter <li...@mk...> wrote: >> >> Hi Lonnie, >> >> thanks for your work! >> The script works fine and the blocked addresses seem to be very precise. >> >> I verified a few of the addresses, that I saw in sngrep, and all addresses were already included in the apiban.netset. >> >>> Am 15.10.2021 um 00:26 schrieb Lonnie Abelbeck <li...@lo...>: >>> >>> I wrote a PHP script that retrieves all the APIBAN 'banned' IPs and runs them through iprange to generate a .netset file as stdout. >>> >>> https://gist.github.com/abelbeck/28bdea0d45be8bfcbf65bb34e57fd4d4 >>> >>> Remove the trailing .php and make apiban-netset executable. >>> >>> You must have an APIBAN Key, and place it by itself (no leading/trailing text) in '/mnt/kd/apiban.conf'. >>> >>> We can decide if we want this in production AstLinux. >>> >>> Lonnie >>> >>> >>> >>> >>>> On Oct 14, 2021, at 9:27 AM, Lonnie Abelbeck <li...@lo...> wrote: >>>> >>>> Michael, thanks for bringing APIBAN to our attention. >>>> >>>> I re-looked at our /usr/sbin/reload-blocklist-netset script and the 'asterisk' URLs, turns out only "blocklist_de_sip.ipset" is actively updated. >>>> >>>> The 'voipbl' URL has only grown over time, no IPs have been removed, which makes false positives a problem. >>>> >>>> So, the APIBAN list may have a place, but requiring an access key and not a straight .ipset/.netset file download is a hurdle. >>>> >>>> Possibly there are other sip/asterisk related blocklists? >>>> >>>> Lonnie >>>> >>>> >>>> >>>>> On Oct 13, 2021, at 5:55 PM, Michael Knill <mic...@ip...> wrote: >>>>> >>>>> Yep it needs to go into a netset list aggregated with iprange. Note their client does actually work on Astlinux. >>>>> Should be pretty easy to do! >>>>> >>>>> Regards >>>>> Michael Knill >>>>> >>>>> From: Michael Keuter <li...@mk...> >>>>> Reply to: AstLinux Developers Mailing List <ast...@li...> >>>>> Date: Thursday, 14 October 2021 at 9:41 am >>>>> To: AstLinux Developers Mailing List <ast...@li...> >>>>> Subject: Re: [Astlinux-devel] Using APIBAN in Astlinux >>>>> >>>>> Quite interesting thread about apiban: >>>>> >>>>> https://community.freepbx.org/t/integrating-apiban-org-with-freepbx/69422/11 >>>>> >>>>> Sent from a mobile device. >>>>> >>>>> Michael Keuter >>>>> >>>>> >>>>>> Am 13.10.2021 um 23:24 schrieb Michael Knill <mic...@ip...>: >>>>>> >>>>>> APIBAN looks very interesting. There will be a session on it at Astricon this year as well. >>>>>> I assume that banned IP addresses could just be pulled into a netset list? >>>>>> >>>>>> https://apiban.org/doc.html >>>>>> https://www.securevoip.io/48-hours-with-apiban/ >>>>>> >>>>>> Regards >>>>>> >>>>>> Michael Knill >>>>>> Managing Director >>>>>> >>>>>> D: +61 2 6189 1360 >>>>>> P: +61 2 6140 4656 >>>>>> E: mic...@ip... >>>>>> W: ipcsolutions.com.au >>>>>> >>>>>> >>>>>> <image001.png> >>>>>> Smarter Business Communications >>>>>> >>>>>> _______________________________________________ >>>>>> Astlinux-devel mailing list >>>>>> Ast...@li... >>>>>> https://lists.sourceforge.net/lists/listinfo/astlinux-devel >>>>> _______________________________________________ >>>>> Astlinux-devel mailing list >>>>> Ast...@li... >>>>> https://lists.sourceforge.net/lists/listinfo/astlinux-devel >>>> >>>> >>>> >>>> _______________________________________________ >>>> Astlinux-devel mailing list >>>> Ast...@li... >>>> https://lists.sourceforge.net/lists/listinfo/astlinux-devel >>>> >>>> >>> >>> >>> >>> _______________________________________________ >>> Astlinux-devel mailing list >>> Ast...@li... >>> https://lists.sourceforge.net/lists/listinfo/astlinux-devel >> >> >> Michael >> >> http://www.mksolutions.info >> >> >> >> >> >> _______________________________________________ >> Astlinux-devel mailing list >> Ast...@li... >> https://lists.sourceforge.net/lists/listinfo/astlinux-devel >> >> > > > > _______________________________________________ > Astlinux-devel mailing list > Ast...@li... > https://lists.sourceforge.net/lists/listinfo/astlinux-devel Michael http://www.mksolutions.info |
