-
-
Notifications
You must be signed in to change notification settings - Fork 155
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
privoxy list #46
Comments
?? You mean this? http:https://andrwe.org/scripting/bash/privoxy-blocklist |
I'm actually working on another script to take all the bad ip's from Ultimate hosts and add them to iptables automatically once a day. But will look into this some time. |
@xxcriticxx must tell you @funilrys and I are like so close to final changes to funceble with a new travis autosave and continue mode. Once he has completed some refactoring and made final changes I will release it on this repo to find all the dead and inactive domains. you can see it action so far at: https://github.com/mitchellkrogza/The-Big-List-of-Hacked-Malware-Web-Sites/commits/master Gonne be awesome when funceble 2.0.0 merges into master. |
I also have a #slack channel for Ultimate hosts so shout if you want an invite to it |
#slack on irc? |
No Slack on https://cybersecurity-crew.slack.com |
Thats pass my paygrade I will hang out over here with you guys |
LOL ... no worries, much less noise here anyway as #Slack channels can get rather noisy |
@mitchellkrogza Was there any progress with the IPTALBES integration?
|
Hey @elico, As we decided to rewrite the whole structure in order to be more efficient and less passive with tests running for weeks, we are now working with a new layout. I still have to learn those format but it's not impossible (and maybe now easier) to port them to our system. From internal discussions, @mitchellkrogza had the idea of using https://github.com/funilrys/hosts2iptables for one of his other projects but we conclude (at the time) that it can be a starting point for future projects or improvement. |
@funilrys https://github.com/funilrys/hosts2iptables has some really nice points but most Linux distributions has ipset support built into them so it's better to use them to be more efficient and to allow a more static iptables rules set while dynamically change or update the ipset lists. May I ask how the 1GB file size got into your mind? even IPv4 BGP feeds are not that big and these should contain every single CIDR of the Internet. Specifically MikroTik has a "feature" named Access Lists which they didn't revealed to me and many others yet what is the storage backend inside their system but it's Linux kernel based.. so I believe it's IPSET. In Linux when you create an IPSET hash:ip or hash:net which can store either a single ip address or a cidr.
It's easy to create something like what MikroTik offers but it will probably use lots of DNS queries.
When you use a command like at: https://github.com/funilrys/hosts2iptables/blob/master/hosts2iptables#L137 I will try to dig(no promises) into my MikroTik scripts to find the right way to generate the creation of an address list on the fly.
I believe that for all these IP level routing devices the best way to block domains is using a combination of tools such as a proxy and\or dns interception and\or some layer 7 kernel module. |
@mitchellkrogza on vacation again? |
@xxcriticxx from his word: he is "leaving a week for some away time" 😄 @elico Interesting I did not know about ipset 👍 Thanks for letting me know 💯 I'll have to learn more about it. Taking it like you present it, ipset seems to be a real alternative to what I did with my script. We have 2M of domains and IP and to comment all of those may not be useful... But from your example, it's not that hard to generate that format 👍 To answer your question, you can not see it in the history anymore as I was obliged to clean it, but before I took the time to analyze and write the whole system behind the current repository structure, we had a When I proposed my vision to @mitchellkrogza we both agreed that I'm crazy but now it's a bit joyful now to maintain this repository as we only add input sources and the system work by itself in backend which was not the case before. So in the future, we want to avoid generating a directory or a file which is bigger than 1GB which is a limit for an easy to maintain and distribute Git repository... |
if you want to see crazy come to nyc |
@funilrys There are restrictions on comments and it's not a requirement, Also about ipset, there are two or more ways to export\pack or import\unpack an ipset "memory set". |
@mitchellkrogza "shouting" can you invite me to the #slack chat? |
@elico please can you drop me an email on [email protected] and then I can add you |
@mitchellkrogza You'v got mail
|
@funilrys I found a very good tech talk about ipset: |
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. |
maybe next project?
The text was updated successfully, but these errors were encountered: