Menu
▾
▴
Re: [Astlinux-devel] Using APIBAN in Astlinux
|
From: Lonnie A. <li...@lo...> - 2021-10-15 14:21:04
|
OK, but if your concern is that "this is not for everyone IMHO" if it were under 'asterisk' apiban-netset would only be called if /mnt/kd/apiban.conf exists (without the key apiban doesn't work). The difference would be: 'asterisk.netset' -> blocklist_de_sip.ipset + apiban-netset (if apiban.conf exists) or 'asterisk.netset' -> blocklist_de_sip.ipset 'apiban.netset' -> apiban-netset (error if apiban.conf does not exists) I'm thinking keeping it under 'asterisk' is the least work for users. But I have no firm opinion either way. Lonnie > On Oct 15, 2021, at 9:01 AM, Michael Keuter <li...@mk...> wrote: > > I would prefer to keep it separated as "apiban.netset" (and an additional "apiban" parameter for "reload-blocklist-netset"), cause this is not for everyone IMHO. > On those systems where I want it, I will update it more often (let's say hourly) compared to the 2 times per day update of the other netsets. E.g. > > ---- > ## update blocklists > 45 03,15 * * * reload-blocklist-netset /mnt/kd/blocklists firehol_level1 firehol_webclient asterisk custom >/dev/null 2>&1 > ## Test apiban > 07 * * * * /mnt/kd/bin/apiban-netset > /mnt/kd/blocklists/apiban.netset; arno-iptables-firewall force-reload > ---- > >> Am 15.10.2021 um 15:09 schrieb Lonnie Abelbeck <li...@lo...>: >> >> Thanks Michael for testing. >> >> Yes, the 'apiban' IPs seem high quality, seemingly aged after 7 days or so, and regularly updated. >> >> If we were to incorporate apiban-netset into the reload-blocklist-netset script, should it be a new 'apiban' type or include it as part of the existing 'asterisk' type? >> >> Lonnie >> >> >>> On Oct 15, 2021, at 4:49 AM, Michael Keuter <li...@mk...> wrote: >>> >>> Hi Lonnie, >>> >>> thanks for your work! >>> The script works fine and the blocked addresses seem to be very precise. >>> >>> I verified a few of the addresses, that I saw in sngrep, and all addresses were already included in the apiban.netset. >>> >>>> Am 15.10.2021 um 00:26 schrieb Lonnie Abelbeck <li...@lo...>: >>>> >>>> I wrote a PHP script that retrieves all the APIBAN 'banned' IPs and runs them through iprange to generate a .netset file as stdout. >>>> >>>> https://gist.github.com/abelbeck/28bdea0d45be8bfcbf65bb34e57fd4d4 >>>> >>>> Remove the trailing .php and make apiban-netset executable. >>>> >>>> You must have an APIBAN Key, and place it by itself (no leading/trailing text) in '/mnt/kd/apiban.conf'. >>>> >>>> We can decide if we want this in production AstLinux. >>>> >>>> Lonnie >>>> >>>> >>>> >>>> >>>>> On Oct 14, 2021, at 9:27 AM, Lonnie Abelbeck <li...@lo...> wrote: >>>>> >>>>> Michael, thanks for bringing APIBAN to our attention. >>>>> >>>>> I re-looked at our /usr/sbin/reload-blocklist-netset script and the 'asterisk' URLs, turns out only "blocklist_de_sip.ipset" is actively updated. >>>>> >>>>> The 'voipbl' URL has only grown over time, no IPs have been removed, which makes false positives a problem. >>>>> >>>>> So, the APIBAN list may have a place, but requiring an access key and not a straight .ipset/.netset file download is a hurdle. >>>>> >>>>> Possibly there are other sip/asterisk related blocklists? >>>>> >>>>> Lonnie >>>>> >>>>> >>>>> >>>>>> On Oct 13, 2021, at 5:55 PM, Michael Knill <mic...@ip...> wrote: >>>>>> >>>>>> Yep it needs to go into a netset list aggregated with iprange. Note their client does actually work on Astlinux. >>>>>> Should be pretty easy to do! >>>>>> >>>>>> Regards >>>>>> Michael Knill >>>>>> >>>>>> From: Michael Keuter <li...@mk...> >>>>>> Reply to: AstLinux Developers Mailing List <ast...@li...> >>>>>> Date: Thursday, 14 October 2021 at 9:41 am >>>>>> To: AstLinux Developers Mailing List <ast...@li...> >>>>>> Subject: Re: [Astlinux-devel] Using APIBAN in Astlinux >>>>>> >>>>>> Quite interesting thread about apiban: >>>>>> >>>>>> https://community.freepbx.org/t/integrating-apiban-org-with-freepbx/69422/11 >>>>>> >>>>>> Sent from a mobile device. >>>>>> >>>>>> Michael Keuter >>>>>> >>>>>> >>>>>>> Am 13.10.2021 um 23:24 schrieb Michael Knill <mic...@ip...>: >>>>>>> >>>>>>> APIBAN looks very interesting. There will be a session on it at Astricon this year as well. >>>>>>> I assume that banned IP addresses could just be pulled into a netset list? >>>>>>> >>>>>>> https://apiban.org/doc.html >>>>>>> https://www.securevoip.io/48-hours-with-apiban/ >>>>>>> >>>>>>> Regards >>>>>>> >>>>>>> Michael Knill >>>>>>> Managing Director >>>>>>> >>>>>>> D: +61 2 6189 1360 >>>>>>> P: +61 2 6140 4656 >>>>>>> E: mic...@ip... >>>>>>> W: ipcsolutions.com.au >>>>>>> >>>>>>> >>>>>>> <image001.png> >>>>>>> Smarter Business Communications >>>>>>> >>>>>>> _______________________________________________ >>>>>>> Astlinux-devel mailing list >>>>>>> Ast...@li... >>>>>>> https://lists.sourceforge.net/lists/listinfo/astlinux-devel >>>>>> _______________________________________________ >>>>>> Astlinux-devel mailing list >>>>>> Ast...@li... >>>>>> https://lists.sourceforge.net/lists/listinfo/astlinux-devel >>>>> >>>>> >>>>> >>>>> _______________________________________________ >>>>> Astlinux-devel mailing list >>>>> Ast...@li... >>>>> https://lists.sourceforge.net/lists/listinfo/astlinux-devel >>>>> >>>>> >>>> >>>> >>>> >>>> _______________________________________________ >>>> Astlinux-devel mailing list >>>> Ast...@li... >>>> https://lists.sourceforge.net/lists/listinfo/astlinux-devel >>> >>> >>> Michael >>> >>> http://www.mksolutions.info >>> >>> >>> >>> >>> >>> _______________________________________________ >>> Astlinux-devel mailing list >>> Ast...@li... >>> https://lists.sourceforge.net/lists/listinfo/astlinux-devel >>> >>> >> >> >> >> _______________________________________________ >> Astlinux-devel mailing list >> Ast...@li... >> https://lists.sourceforge.net/lists/listinfo/astlinux-devel > > > Michael > > http://www.mksolutions.info > > > > > > _______________________________________________ > Astlinux-devel mailing list > Ast...@li... > https://lists.sourceforge.net/lists/listinfo/astlinux-devel > > |
