Skip to content

Ipset bootstrap#7

Open
TechnologyClassroom wants to merge 7 commits intohackman:masterfrom
TechnologyClassroom:ipset-bootstrap
Open

Ipset bootstrap#7
TechnologyClassroom wants to merge 7 commits intohackman:masterfrom
TechnologyClassroom:ipset-bootstrap

Conversation

@TechnologyClassroom
Copy link
Copy Markdown

@TechnologyClassroom TechnologyClassroom commented Apr 17, 2026
edited
Loading

This patch to fortress.pl solves #5 and was a collaboration with @mplscorwin and myself.

I wrote a generic installer file that should work for most Debian and Red Hat based systems without the need to install from a package.

While I was tinkering with the package, I made some other changes that are listed below.

  • I added an install category to the README.md file and wrapped lines at 80 characters.
  • excludes/
    • I updated the Googlebot excludes list with the values that Google reports today and shared the commands that I used to generate the list within that file. I do have a script that can generate CIDR lists for ASNs, but I am starting with this one.
    • Added loopback CIDR to my.txt list.
  • Licensing
    • I added standard license headers matching the LICENSE file in all .sh and .pl files throughout.
    • I added SPDX notation to the centos file.
    • I replaced the Adblock Plus (GPL-3.0-or-later) logo with a very similar CC0 image. The image is still a stop sign with a hand icon, but slightly different. The file size, image dimensions, and bitrate are all matching what was there before. I used GIMP.
  • I removed the TODO.md file and filed issues for all of those feature requests. I made a few feature requests that I noticed as well.
  • Ran shellcheck on the *.sh files and put more variables in double-quotes.
  • Fixed some typos.
  • Reduced long lines in bash scripts.
  • I removed trailing spaces and tabs.

I did not use generative AI. These code commits were written on a terminal by a human.

Edit: Added shellcheck commit and description.

Edit: GitHub does not really give the user making a pull request a clean preview of what all is being included in a pull request before making one. Sorry! If you want me to clean these up and resubmit as smaller discrete patches I can. Doing all of that without hearing from you would just be a bunch of noise at this point though. We are planning on using this on some production servers that are seeing SYN floods. I really appreciate your project.

Edit 2: This does not work yet. We're fixing.

Edit 3: This patch now works, but now I am not sure that reading from /proc/net/tcp is a method that works for this anymore.

Edit 4: I closed my other pull request and copied the text to this one since they are also included in this one. I can still separated it out into small parts if you want.

TechnologyClassroom and others added 7 commits April 15, 2026 21:37
@TechnologyClassroom
Upload installer and minor fixes.
90a1971
@TechnologyClassroom
shellcheck
e21529c
@TechnologyClassroom
Add comments with plan.
0ce0377
@mplscorwin
implement ipset bootstrapping
bd7fe2e 
first pass; this does nothing to "clean-up", for example if block_type is first set to ipset and then later changed the created ipset is abandoned and must be removed manually.

I included a bunch of comments but maybe those should be removed to better match the tighter style of the rest of the program.
@TechnologyClassroom
Change default ipset name to match reaction formatting.
f783349
@TechnologyClassroom
Merge pull request #1 from mplscorwin/patch-1
6d98a5d 
implement ipset bootstrapping
@TechnologyClassroom
Fix ipset setup.
b1e8361
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@TechnologyClassroom @mplscorwin