Can someone please advise as to where the blacklist information is stored within the NAS? I would like to be able to modify this file directly because the list of IPs I wish to add to the list is much larger than I would like to undertake manually. If I am unable to modify the configuration file directly, I would love to write a bash script to execute the update instead (assuming I am pointed to the file to execute against). Regardless of the means in which to update the file, a manual, web based process is unacceptable.
Suffice it to say, I want to blacklist all IP blocks that are not assigned to the United States. I have no doubt that the only remote users that I want to service will be US based.
As you can imagine, the list of IPs to be added to this blacklist will be huge.
For those that are going to recommend that a white list would be better, I disagree.
Firstly, I am not about to white list the entire set of US IP ranges. they are not all trusted. White lists are designed to be used explicitly with trusted people/companies.
Secondly, when a white list is used, the attack logic (automatic blacklisting) is disabled.
Thirdly, using a white list does not simplify my situation because to manually enter all of the US IP blocks would still be a large manual effort. Even if I were to take this route (and I'm not), I would want another automated method to make the configuration updates.
Please advise.
Automated Blacklist Creation
- forkless
- Experience counts
- Posts: 1907
- Joined: Mon Nov 23, 2009 6:52 am
- Location: The Netherlands
Re: Automated Blacklist Creation
You should be able to find what you want here;
/etc/config/ipsec_allow.conf (whitelist)
/etc/config/ipsec_deny.conf (blacklist)
I don't think this implementation of white/blacklisting support net blocks though.
Hope that helps,
fork
/etc/config/ipsec_allow.conf (whitelist)
/etc/config/ipsec_deny.conf (blacklist)
I don't think this implementation of white/blacklisting support net blocks though.
Hope that helps,
fork
-
- New here
- Posts: 2
- Joined: Thu Sep 29, 2011 4:03 am
Re: Automated Blacklist Creation
I had previously added some entries via the web interface and can see that it is possible to block an network range. At this time I am not sure what the fourth value represents.
I have figured out what most of the variables represent.
First variable: Definition Type
Fifth Variable: Duration to block, in seconds. 13177444815 = indefinitely
Sample net range block from my ipsec_deny.conf file.
2:0.0.0.0:2.255.255.255:0:1317444815
I have figured out what most of the variables represent.
First variable: Definition Type
- 0: Specific IP
- 1: Network
- 2: IP Range
- (Type 0) Specific IP address
- (Type 1) Network IP
- (Type 2) IP Address start range
- (Type 0) Blank
- (Type 1) Subnet mask
- (Type 2) IP Address stop range
Fifth Variable: Duration to block, in seconds. 13177444815 = indefinitely
Sample net range block from my ipsec_deny.conf file.
2:0.0.0.0:2.255.255.255:0:1317444815
-
- New here
- Posts: 3
- Joined: Sat May 19, 2012 12:10 am
- Location: Denmark
Re: Automated Blacklist Creation
Nice finding, I have a few additions
Kind regards
Lars Betak
Number of minute to block, 0 = for everFourth Variable: Unknown
That one you got wrong, it is the system time when the block started. As from a ssh shellFifth Variable: Duration to block, in seconds. 13177444815 = indefinitely
Code: Select all
[~] # date +%s
Lars Betak
- KillerDAN
- Starting out
- Posts: 27
- Joined: Tue Oct 25, 2011 9:45 pm
Re: Automated Blacklist Creation
Why are ipsec_allow.conf and ipsec_deny.conf equal ?!
-
- Know my way around
- Posts: 123
- Joined: Tue Jul 14, 2015 5:44 am
Re: Automated Blacklist Creation
i was wondering the same.
I'm also wndering if you fill in the blacklist and the white list both at the same time, which list will superceed the other ?
Will a witelist valuue override a blacklist or is it the way arround?
I'm also wndering if you fill in the blacklist and the white list both at the same time, which list will superceed the other ?
Will a witelist valuue override a blacklist or is it the way arround?
- schumaku
- Guru
- Posts: 43578
- Joined: Mon Jan 21, 2008 4:41 pm
- Location: Kloten (Zurich), Switzerland -- Skype: schumaku
- Contact:
Re: Automated Blacklist Creation
QNAP does either allow to enable the white list or the black list ... never both (hm, prolly a white list and a fail2ban updated one - don't know, never used...). Pretty crappy specs.