Hi all
Someone related to the Black Lives Matter organization mentioned that
the 'blacklist' term was offensive. That is not something that WASPs
should debate; offense is in the eye of the offended persons.
We could easily change to use block-list or better reject-list. And for
white-list we could use accept-list.
My son told me that I was not being logical. He is the one who had
previously called me racist! Logical or not, appearances count.
Sorry for hijacking the thread! Comments please -- Rick
On 6/10/20 4:59 PM, Ian! D. Allen wrote:
On Wed, Jun 10, 2020 at 01:19:01PM -0400, Brett Delmage wrote:
ipset-blacklist is "A Bash shell script which uses ipset and iptables to ban
a large number of IP addresses published in IP blacklists. ipset uses a
hashtable to store/fetch IP addresses and thus the IP lookup is a lot (!)
faster than thousands of sequentially parsed iptables ban rules."
Clear instructions and download at
https://github.com/trick77/ipset-blacklist
I've been using a home-grown script to do a similar thing, also using ipset.
[Blocking whole countries] is trivial to do by just adding the desired
country code e.g. .cn into a shell variable.
I didn't see this feature, though the ipset-blacklist.conf lets you
download country block lists using separate URLs each with a country code.
Something I didn't see:
I've found it helpful to have a white-list of addresses that never get
added to the block lists on my machines. The white-list includes all
my own servers and my current ISP DHCP internet assignments.
Since ipset-blacklist is only a 113-line bash script, adding a white-list
feature using "iprange --except" wouldn't be hard. Has anyone already
done this?
I note that there is an ugly bit in the script where various local IP
addresses are removed using "sed" with regexp patterns - this would look
much nicer using "iprange --except" as part of a generalized white-list
processing, if iprange were available.
Things in the script suggest the programmer hasn't had a lot of experience
writing scripts, e.g. using:
$(wc -l "$IP_BLACKLIST_TMP" | cut -d' ' -f1)
instead of simply:
$(wc -l <"$IP_BLACKLIST_TMP")
Also the script doesn't check the error codes of commands, has unnecessary
use of "command" in "command grep" everywhere, and doesn't use "sed -n"
or other things efficiently, among other things. But it's a good start.
To unsubscribe send a blank message to linux+unsubscribe [ at ] linux-ottawa [ dot ] org
To get help send a blank message to linux+help [ at ] linux-ottawa [ dot ] org
To visit the archives: https://lists.linux-ottawa.org