Re: [linux] ipset-blacklist: A bash script to ban large numbers of IP addresses published in blacklists
I guess I'm a nobody then. I've still a number of IDE drives, including optical ones. And then there's Integrated Development Environment. 'Dissing all those Eclipse and Rstudio and ... people. JN On 2020-09-08 9:17 a.m., John Brooks wrote: > On 2020-09-08 8:25 a.m., James Lockie wrote: >> On September 8, 2020 07:46:08 Vu Nguyen wrote: >>> The term Master and Slave for hard drives needs to be updated as well. >> Yep. >> Maybe "controller" and "client". >> Who is going to do this? >> > Nobody, because nobody uses IDE anymore :P To unsubscribe send a blank message to linux+unsubscr...@linux-ottawa.org To get help send a blank message to linux+h...@linux-ottawa.org To visit the archives: https://lists.linux-ottawa.org
Re: [linux] ipset-blacklist: A bash script to ban large numbers of IP addresses published in blacklists
Very interesting discussion on the use of the term "blacklist"! https://en.wikipedia.org/wiki/Whitelisting#Industry_trend_away_from_the_term_'whitelist' To unsubscribe send a blank message to linux+unsubscr...@linux-ottawa.org To get help send a blank message to linux+h...@linux-ottawa.org To visit the archives: https://lists.linux-ottawa.org
Re: [linux] ipset-blacklist: A bash script to ban large numbers of IP addresses published in blacklists
On 2020-09-08 8:25 a.m., James Lockie wrote: > On September 8, 2020 07:46:08 Vu Nguyen wrote: >> The term Master and Slave for hard drives needs to be updated as well. > Yep. > Maybe "controller" and "client". > Who is going to do this? > Nobody, because nobody uses IDE anymore :P
Re: [linux] ipset-blacklist: A bash script to ban large numbers of IP addresses published in blacklists
On September 8, 2020 07:46:08 Vu Nguyen wrote: The term Master and Slave for hard drives needs to be updated as well. Yep. Maybe "controller" and "client". Who is going to do this? On September 7, 2020 at 10:06:31 PM, Charles MacDonald (cm...@zeusprune.ca) wrote: On 2020-09-07 9:57 p.m., John Brooks wrote: On 2020-09-07 9:51 p.m., Charles MacDonald wrote: On 2020-09-07 7:31 p.m., James Lockie wrote: I agree. I didn't even think of that but I totally see it as racist now. which is why it is so important to notice these things even if the seem minor. they pervade the culture and folks don't notice them. People don't notice because the terms don't refer to race, and interpreting them as referring to race is no more than a spurious connection. who knows what they refer to in a given listeners mind. and that is psychology, not linux. :) as Dianne says best to use clear terminology. -- Charles MacDonald VA3CPY Stittsville Ontario cm...@zeusprune.ca Just Beyond the Fringe No Microsoft Products were used in sending this e-mail. To unsubscribe send a blank message to linux+unsubscr...@linux-ottawa.org To get help send a blank message to linux+h...@linux-ottawa.org To visit the archives: https://lists.linux-ottawa.org
Re: [linux] ipset-blacklist: A bash script to ban large numbers of IP addresses published in blacklists
On 2020-09-07 9:57 p.m., John Brooks wrote: On 2020-09-07 9:51 p.m., Charles MacDonald wrote: On 2020-09-07 7:31 p.m., James Lockie wrote: I agree. I didn't even think of that but I totally see it as racist now. which is why it is so important to notice these things even if the seem minor. they pervade the culture and folks don't notice them. People don't notice because the terms don't refer to race, and interpreting them as referring to race is no more than a spurious connection. who knows what they refer to in a given listeners mind. and that is psychology, not linux. :) as Dianne says best to use clear terminology. -- Charles MacDonald VA3CPY Stittsville Ontario cm...@zeusprune.ca Just Beyond the Fringe No Microsoft Products were used in sending this e-mail. To unsubscribe send a blank message to linux+unsubscr...@linux-ottawa.org To get help send a blank message to linux+h...@linux-ottawa.org To visit the archives: https://lists.linux-ottawa.org
Re: [linux] ipset-blacklist: A bash script to ban large numbers of IP addresses published in blacklists
On 2020-09-07 7:31 p.m., James Lockie wrote: I agree. I didn't even think of that but I totally see it as racist now. which is why it is so important to notice these things even if the seem minor. they pervade the culture and folks don't notice them. -- Charles MacDonald VA3CPY Stittsville Ontario cm...@zeusprune.ca Just Beyond the Fringe No Microsoft Products were used in sending this e-mail. To unsubscribe send a blank message to linux+unsubscr...@linux-ottawa.org To get help send a blank message to linux+h...@linux-ottawa.org To visit the archives: https://lists.linux-ottawa.org
Re: [linux] ipset-blacklist: A bash script to ban large numbers of IP addresses published in blacklists
I agree. I didn't even think of that but I totally see it as racist now. On September 7, 2020 19:27:25 Shawn H Corey wrote: On 2020-09-07 7:04 p.m., Rick Leir wrote: Someone related to the Black Lives Matter organization mentioned that the 'blacklist' term was offensive. That is not something that WASPs should debate; offense is in the eye of the offended persons. We could easily change to use block-list or better reject-list. And for white-list we could use accept-list. My son told me that I was not being logical. He is the one who had previously called me racist! Logical or not, appearances count. Sorry for hijacking the thread! Comments please -- Rick Other possibilities: allow-list, deny-list
Re: [linux] ipset-blacklist: A bash script to ban large numbers of IP addresses published in blacklists
On 2020-09-07 7:04 p.m., Rick Leir wrote: Someone related to the Black Lives Matter organization mentioned that the 'blacklist' term was offensive. That is not something that WASPs should debate; offense is in the eye of the offended persons. We could easily change to use block-list or better reject-list. And for white-list we could use accept-list. My son told me that I was not being logical. He is the one who had previously called me racist! Logical or not, appearances count. Sorry for hijacking the thread! Comments please -- Rick Other possibilities: allow-list, deny-list
Re: [linux] ipset-blacklist: A bash script to ban large numbers of IP addresses published in blacklists
Hi all Someone related to the Black Lives Matter organization mentioned that the 'blacklist' term was offensive. That is not something that WASPs should debate; offense is in the eye of the offended persons. We could easily change to use block-list or better reject-list. And for white-list we could use accept-list. My son told me that I was not being logical. He is the one who had previously called me racist! Logical or not, appearances count. Sorry for hijacking the thread! Comments please -- Rick On 6/10/20 4:59 PM, Ian! D. Allen wrote: On Wed, Jun 10, 2020 at 01:19:01PM -0400, Brett Delmage wrote: ipset-blacklist is "A Bash shell script which uses ipset and iptables to ban a large number of IP addresses published in IP blacklists. ipset uses a hashtable to store/fetch IP addresses and thus the IP lookup is a lot (!) faster than thousands of sequentially parsed iptables ban rules." Clear instructions and download at https://github.com/trick77/ipset-blacklist I've been using a home-grown script to do a similar thing, also using ipset. [Blocking whole countries] is trivial to do by just adding the desired country code e.g. .cn into a shell variable. I didn't see this feature, though the ipset-blacklist.conf lets you download country block lists using separate URLs each with a country code. Something I didn't see: I've found it helpful to have a white-list of addresses that never get added to the block lists on my machines. The white-list includes all my own servers and my current ISP DHCP internet assignments. Since ipset-blacklist is only a 113-line bash script, adding a white-list feature using "iprange --except" wouldn't be hard. Has anyone already done this? I note that there is an ugly bit in the script where various local IP addresses are removed using "sed" with regexp patterns - this would look much nicer using "iprange --except" as part of a generalized white-list processing, if iprange were available. Things in the script suggest the programmer hasn't had a lot of experience writing scripts, e.g. using: $(wc -l "$IP_BLACKLIST_TMP" | cut -d' ' -f1) instead of simply: $(wc -l <"$IP_BLACKLIST_TMP") Also the script doesn't check the error codes of commands, has unnecessary use of "command" in "command grep" everywhere, and doesn't use "sed -n" or other things efficiently, among other things. But it's a good start. To unsubscribe send a blank message to linux+unsubscr...@linux-ottawa.org To get help send a blank message to linux+h...@linux-ottawa.org To visit the archives: https://lists.linux-ottawa.org
Re: [linux] ipset-blacklist: A bash script to ban large numbers of IP addresses published in blacklists
On Wed, 10 Jun 2020, Ian! D. Allen wrote: Something I didn't see: Things in the script suggest the programmer hasn't had a lot of experience writing scripts, e.g. using: Also the script doesn't check the error codes of commands, has unnecessary use of "command" in "command grep" everywhere, and doesn't use "sed -n" or other things efficiently, among other things. But it's a good start. You're an expert in scripts! As this is open source github project, might you put some of these thoughts into code and contribute a patch or two? Or fork the project if PRs aren't accepted? Or maybe do a monthly linux-ottawa talk and share some of your ideas and experience on shell scripting! I've seen some of your excellent scripts before. Do you have a repository anywhere where we could learn from them ? I'd be there! Thanks for your insights. cheers Brett To unsubscribe send a blank message to linux+unsubscr...@linux-ottawa.org To get help send a blank message to linux+h...@linux-ottawa.org To visit the archives: https://lists.linux-ottawa.org
Re: [linux] ipset-blacklist: A bash script to ban large numbers of IP addresses published in blacklists
On Wed, Jun 10, 2020 at 01:19:01PM -0400, Brett Delmage wrote: > ipset-blacklist is "A Bash shell script which uses ipset and iptables to ban > a large number of IP addresses published in IP blacklists. ipset uses a > hashtable to store/fetch IP addresses and thus the IP lookup is a lot (!) > faster than thousands of sequentially parsed iptables ban rules." > Clear instructions and download at > https://github.com/trick77/ipset-blacklist I've been using a home-grown script to do a similar thing, also using ipset. > [Blocking whole countries] is trivial to do by just adding the desired > country code e.g. .cn into a shell variable. I didn't see this feature, though the ipset-blacklist.conf lets you download country block lists using separate URLs each with a country code. Something I didn't see: I've found it helpful to have a white-list of addresses that never get added to the block lists on my machines. The white-list includes all my own servers and my current ISP DHCP internet assignments. Since ipset-blacklist is only a 113-line bash script, adding a white-list feature using "iprange --except" wouldn't be hard. Has anyone already done this? I note that there is an ugly bit in the script where various local IP addresses are removed using "sed" with regexp patterns - this would look much nicer using "iprange --except" as part of a generalized white-list processing, if iprange were available. Things in the script suggest the programmer hasn't had a lot of experience writing scripts, e.g. using: $(wc -l "$IP_BLACKLIST_TMP" | cut -d' ' -f1) instead of simply: $(wc -l <"$IP_BLACKLIST_TMP") Also the script doesn't check the error codes of commands, has unnecessary use of "command" in "command grep" everywhere, and doesn't use "sed -n" or other things efficiently, among other things. But it's a good start. -- | Ian! D. Allen, BA, MMath - idal...@idallen.ca - Ottawa, Ontario, Canada | Home: www.idallen.com Contact Improvisation Dance: www.contactimprov.ca | Former college professor (Free/Libre GNU+Linux) at: teaching.idallen.com | Defend digital freedom: http://eff.org/ and have fun: http://fools.ca/ To unsubscribe send a blank message to linux+unsubscr...@linux-ottawa.org To get help send a blank message to linux+h...@linux-ottawa.org To visit the archives: https://lists.linux-ottawa.org
[linux] ipset-blacklist: A bash script to ban large numbers of IP addresses published in blacklists
At last week's online meeting I mentioned that I have been using a tool to block large numbers of undesired network accesses to my servers. ipset-blacklist is "A Bash shell script which uses ipset and iptables to ban a large number of IP addresses published in IP blacklists. ipset uses a hashtable to store/fetch IP addresses and thus the IP lookup is a lot (!) faster than thousands of sequentially parsed iptables ban rules." Clear instructions and download at https://github.com/trick77/ipset-blacklist I use this to block access from several countries I have no desired interactions with and from which the vast majority of logged access attempts originated. This is trivial to do by just adding the desired country code e.g. .cn into a shell variable. There are other blacklists maintained by third parties which can be easily loaded too. I currently have 16921 ipset blocking rules loaded, all by just selecting desired rulesets. I have been using ipset-blacklist for at least two years on multiple servers (in datacentres and on my home DSL connection) without issue. 100K or more attempted accesses on my DSL connection are blocked weekly. I just rebooted after a kernel update and 320 acceses were blocked just as I wrote this. Brett To unsubscribe send a blank message to linux+unsubscr...@linux-ottawa.org To get help send a blank message to linux+h...@linux-ottawa.org To visit the archives: https://lists.linux-ottawa.org