Gufw

Can you enable banning specific ip addresses?

Asked by kahrytan

Can you enable banning specific ip addresses?

if you can. Next logical step is perhaps parsing peerguardian lists and importing them. This would turn ufw into a powerful tool.

Question information

Language:
English Edit question
Status:
Answered
For:
Gufw Edit question
Assignee:
No assignee Edit question
Last query:
Last reply:
Revision history for this message
Vadim Peretokin (vperetokin) said : 		#1

You can, but you'd need to enter the number for every single port, which isn't practical yet. It shouldn't be too hard to do though - I'll write up a blueprint for this.

As for peerguardian, file a blueprint detailing what is it and how to use it. Also this would be gufw, not ufw - ufw won't have this functionality :)

Revision history for this message
kahrytan (kahrytan) said : 		#2

Vadim Peretokin wrote:
> Your question #37820 on Gufw changed:
> https://answers.launchpad.net/gui-ufw/+question/37820
>
> Status: Open => Answered
>
> Vadim Peretokin proposed the following answer:
> You can, but you'd need to enter the number for every single port, which
> isn't practical yet. It shouldn't be too hard to do though - I'll write
> up a blueprint for this.
>
> As for peerguardian, file a blueprint detailing what is it and how to
> use it. Also this would be gufw, not ufw - ufw won't have this
> functionality :)
>
>

Do you realize how many ip address are in peerguardian lists? There is
over 200,000 ip addresses in them. and the list comes in this format;
Company:IP then new line. Could ufw handle blocking hundreds of
thousands of ips? If it could, best way to do it is to perhaps use
external program to parse and display them. You'd need a progress bar
cuz it may take a awhile.

Revision history for this message
Vadim Peretokin (vperetokin) said : 		#3

Gufw, not ufw.

Gufw has it's own functionality that'll feed into ufw.

Revision history for this message
costales (costales) said : 		#4

Hi!
Where's the list of Peerguardian?

Revision history for this message
Soul-Sing (soulzing) said : 		#5

for linux it is called: IPlist. Iplist is a list based packet handler which uses the netfilter netlink-queue library (kernel 2.6.14 or later). It filters by IP-address and is optimized for thousands of IP-address ranges. : http://sourceforge.net/projects/iplist

Revision history for this message
Soul-Sing (soulzing) said : 		#6

additional info: installation for Hardy Heron:
wget http://internap.dl.sourceforge.net/sourceforge/iplist/iplist_0.19-0hardy2_i386.deb
sudo dpkg -i iplist_0.19-0hardy2_i386.deb

Revision history for this message
Soul-Sing (soulzing) said : 		#7

marcos, these lists are maintained by www.bluetack.co.uk. Custom p2p or dat lists can easily be added. Note that lists can optionally be compressed with gzip.

Revision history for this message
costales (costales) said : 		#8

You can enabled banning IP addresses in the 0.0.7 version ;D

Revision history for this message
TuniX12 (tunix12-deactivatedaccount) said : 		#9

thanks Marcos

Can you help with this problem?

Provide an answer of your own, or ask kahrytan for more information if necessary.

To post a message you must log in.