Can you enable banning specific ip addresses?

Asked by kahrytan on 2008-06-30

Can you enable banning specific ip addresses?

if you can. Next logical step is perhaps parsing peerguardian lists and importing them. This would turn ufw into a powerful tool.

Question information

Language:
English Edit question
Status:
Answered
For:
Gufw Edit question
Assignee:
No assignee Edit question
Last query:
2008-07-02
Last reply:
2008-07-23
Vadim Peretokin (vperetokin) said : #1

You can, but you'd need to enter the number for every single port, which isn't practical yet. It shouldn't be too hard to do though - I'll write up a blueprint for this.

As for peerguardian, file a blueprint detailing what is it and how to use it. Also this would be gufw, not ufw - ufw won't have this functionality :)

kahrytan (kahrytan) said : #2

Vadim Peretokin wrote:
> Your question #37820 on Gufw changed:
> https://answers.launchpad.net/gui-ufw/+question/37820
>
> Status: Open => Answered
>
> Vadim Peretokin proposed the following answer:
> You can, but you'd need to enter the number for every single port, which
> isn't practical yet. It shouldn't be too hard to do though - I'll write
> up a blueprint for this.
>
> As for peerguardian, file a blueprint detailing what is it and how to
> use it. Also this would be gufw, not ufw - ufw won't have this
> functionality :)
>
>

Do you realize how many ip address are in peerguardian lists? There is
over 200,000 ip addresses in them. and the list comes in this format;
Company:IP then new line. Could ufw handle blocking hundreds of
thousands of ips? If it could, best way to do it is to perhaps use
external program to parse and display them. You'd need a progress bar
cuz it may take a awhile.

Vadim Peretokin (vperetokin) said : #3

Gufw, not ufw.

Gufw has it's own functionality that'll feed into ufw.

costales (costales) said : #4

Hi!
Where's the list of Peerguardian?

Soul-Sing (soulzing) said : #5

for linux it is called: IPlist. Iplist is a list based packet handler which uses the netfilter netlink-queue library (kernel 2.6.14 or later). It filters by IP-address and is optimized for thousands of IP-address ranges. : http://sourceforge.net/projects/iplist

Soul-Sing (soulzing) said : #6

additional info: installation for Hardy Heron:
wget http://internap.dl.sourceforge.net/sourceforge/iplist/iplist_0.19-0hardy2_i386.deb
sudo dpkg -i iplist_0.19-0hardy2_i386.deb

Soul-Sing (soulzing) said : #7

marcos, these lists are maintained by www.bluetack.co.uk. Custom p2p or dat lists can easily be added. Note that lists can optionally be compressed with gzip.

costales (costales) said : #8

You can enabled banning IP addresses in the 0.0.7 version ;D

thanks Marcos

Can you help with this problem?

Provide an answer of your own, or ask kahrytan for more information if necessary.

To post a message you must log in.