Re: IPQueue blacklist file

IMO the easiest approach to "aging out" is to store everything with an expiry time in the future. The check whether an item is valid is then whether it matches and its expiry time is still in the future at the time of the check. You can easily implement different timeouts that way or even add accumulating timeouts for repeated transgressions (on other ports, for example). Also, by choosing a suitable point of time in the future, you can also ban IPs "forever".

As you seem to be doing stuff in parallel, I suggest you don't use a text file but a database (for example, DBD::SQLite for storing the information. Having a single file is important so you can just delete that file to reset the blacklist. Using a database is convenient as the database will handle all the necessary locking and retrying for you. Also, consider taking a look at the (not in Perl) fail2ban, which also does dynamic IP blocking.

Comment on Re: IPQueue blacklist file

Replies are listed 'Best First'.
Re^2: IPQueue blacklist file by adismaug (Acolyte) on May 25, 2009 at 12:20 UTC
Thanks for the replay. I solved the issue by using a database for the blacklist and inserting IP address, counter and tag value. The tag and counter are used for aging out the entry. This is done by this script: `#!/usr/bin/perl use DBI(); my $dbh = DBI->connect("DBI:mysql:database=xxxx;host=localhost", "xxx", "xxxxx", {'RaiseError' => 1}); my $i = 144; while ($i > -1) { print "$i\n"; $newCounter = $i - 12; $rows = $dbh->do("update blacklist set counter='$newCounter', tag= +'1' where counter = '$i' and tag = '0'"); $i = $i - 12; } $rows = $dbh->do("update blacklist set tag='0' where tag like '%%'"); $rows = $dbh->do("delete from blacklist where counter <= '0'"); $dbh->disconnect(); exit(0);` [download] The script runs every 5 minutes which gives each entry one hour to live (unless updated with a new counter) Still if any one have a better way I will be glad to know…..	[reply] [d/l]

Replies are listed 'Best First'.

Re^2: IPQueue blacklist file
by adismaug (Acolyte) on May 25, 2009 at 12:20 UTC

#!/usr/bin/perl
use DBI();

my $dbh = DBI->connect("DBI:mysql:database=xxxx;host=localhost",
                     "xxx", "xxxxx",
                     {'RaiseError' => 1});
my $i = 144;

while ($i > -1) {
    print "$i\n";
    $newCounter = $i - 12;
    $rows = $dbh->do("update blacklist set counter='$newCounter', tag=
+'1' where counter = '$i' and tag = '0'");
    $i = $i - 12;
}

$rows = $dbh->do("update blacklist set tag='0' where tag like '%%'");
$rows = $dbh->do("delete  from blacklist where counter <= '0'");

$dbh->disconnect();
exit(0);
[download]

[reply]
[d/l]