Open aussyspitz opened 8 months ago
G'day. I just tested the install instructions in a fresh Ubuntu 22.04.3 VM with strict copy and paste from the readme instructions and can confirm everything is working as intended. Since you didn't report any errors, my suspicion is that the blocklist seedfile at /etc/ipsum.4.txt
is empty. My running router looks like this today (30 days uptime):
user@router:~$ ls -l /etc/ipsum.4.txt /etc/ufw/after.init /etc/cron.daily/ufw-blocklist-ipsum
-rwxr-xr-x 1 root root 3180 Sep 16 13:52 /etc/cron.daily/ufw-blocklist-ipsum
-rw-r----- 1 root root 87786 Jun 1 2023 /etc/ipsum.4.txt
-rwxr-x--- 1 root root 6501 Nov 14 22:19 /etc/ufw/after.init
user@router:~$ sudo head /etc/ipsum.4.txt
162.247.74.74
185.224.128.141
185.224.128.121
218.92.0.20
162.247.74.206
45.95.147.220
171.25.193.77
218.92.0.107
157.230.6.109
103.163.215.12
user@router:~$ sudo ipset list ufw-blocklist-ipsum | head
Name: ufw-blocklist-ipsum
Type: hash:net
Revision: 6
Header: family inet hashsize 8192 maxelem 65536
Size in memory: 536688
References: 3
Number of entries: 18250
Members:
43.153.215.85
118.194.251.63
user@router:~$ sudo iptables -L -nvx | grep blocklist
460321 25916043 ufw-blocklist-input all -- * * 0.0.0.0/0 0.0.0.0/0 match-set ufw-blocklist-ipsum src
298 40649 ufw-blocklist-forward all -- * * 0.0.0.0/0 0.0.0.0/0 match-set ufw-blocklist-ipsum dst
42 3724 ufw-blocklist-output all -- * * 0.0.0.0/0 0.0.0.0/0 match-set ufw-blocklist-ipsum dst
Chain ufw-blocklist-forward (1 references)
298 40649 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 /* ufw-blocklist-forward */
Chain ufw-blocklist-input (1 references)
460321 25916043 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 /* ufw-blocklist-input */
Chain ufw-blocklist-output (1 references)
42 3724 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 /* ufw-blocklist-output */
user@router:~$ uptime
09:38:34 up 30 days, 20:55, 4 users, load average: 0.26, 0.11, 0.03
user@router:~$ sudo /etc/ufw/after.init status
Name: ufw-blocklist-ipsum
Type: hash:net
Revision: 6
Header: family inet hashsize 8192 maxelem 65536
Size in memory: 536688
References: 3
Number of entries: 18250
460436 25922647 ufw-blocklist-input all -- * * 0.0.0.0/0 0.0.0.0/0 match-set ufw-blocklist-ipsum src
298 40649 ufw-blocklist-forward all -- * * 0.0.0.0/0 0.0.0.0/0 match-set ufw-blocklist-ipsum dst
42 3724 ufw-blocklist-output all -- * * 0.0.0.0/0 0.0.0.0/0 match-set ufw-blocklist-ipsum dst
Dec 26 06:25:01 truck ufw-blocklist-ipsum[2266870]: starting update of ufw-blocklist-ipsum with 18284 entries from https://raw.githubusercontent.com/stamparm/ipsum/master/levels/3.txt
Dec 26 06:26:39 truck ufw-blocklist-ipsum[2285156]: finished updating ufw-blocklist-ipsum. Old entry count: 18284 New count: 18250 of 18250
To fix your system, please try the following:
sudo /etc/ufw/after.init stop
curl -sS -f --compressed -o ipsum.4.txt 'https://raw.githubusercontent.com/stamparm/ipsum/master/levels/4.txt'
sudo chmod 640 ipsum.4.txt
sudo cp ipsum.4.txt /etc/ipsum.4.txt
sudo head /etc/ipsum.4.txt
sudo /etc/ufw/after.init start
sudo /etc/ufw/after.init status
Please let me know how you go and post any output from the above commands if you still can't get it going.
I'm going to mark this issue as a bug to highlight the need for blocklist input validation. Currently it only looks to see if the seedfile exists but should also test that it contains valid CIDR addresses.
Hey thanks for responding so quickly and I hope you had a Merry Christmas. I thought the instructions said chmod to 750 but your file lists ufw-blocklist-ipsum as 755 I think the real issue for me though was curl it never actually downloaded the ipsum.4.txt as you suspected. I had to manually downloaded it via the url the place it in the correct folder and give it the proper permissions however the file looks like it was uncompressed as my file was twice the size of yours at approx 173900. For now I just decided to go with Fail2Ban and it seems to be working well enough. But I still appreciate your prompt response and willingness to help.
Followed the install instructions everything seems to work up until I type insudo /etc/ufw/after.init start followed by sudo ipset list ufw-blocklist-ipsum -terse | grep 'Number of entries' Number of entries: 0 It never parses the ip list and I set/checked all file permissions per instructions any help appreciated.