Friday, January 16, 2015

Clear the Blacklist in your IPFire Firewall

I have been running a linux based firewall at work and at home for years.  Started out with Smoothwall, then IPCop, then IPFire, then Sophos UTM 9, and now back to IPFire.

http://www.ipfire.org/


Of them all, Sophos is the most feature rich, however IPFire drew me back for some interesting features that I think no one else can beat.

The first of which is that it has a built in app for caching Windows Updates, A/V updates, Linux updates, etc. called Update Accelerator.  This is a big bandwidth and time saver.  Once the first computer requests an update file, it is stored on the firewall and any other computers will get the file directly from the firewall.  This all happens behind the scenes with noting to configure manually except to enable Update Accelerator.  You can check the status of this function and see the bandwidth savings as a result of using it.
Sophos UTM 9 didn't offer this and with Sophos UTM, I could not even increase the web cache max object size.

The second killer feature is that there is a port of IPFire for Arm processors.  This is the work that my Raspberry Pi has been looking for.  I previously posted about the Pi as an XBMC media streaming device, and it is passable for this, but performance was always lacking.  It would stream fine, but the interface was sluggish.
I have since moved on to a hacked Boxee running XBMC.  This works great and the Boxee remote is of course still awesome when running XBMC.  (XBMC is what the original Boxee was based upon anyways.)
The Raspberry Pi works acceptably as an IPfire firewall, but it does struggle at times.  See my next blog entry for how to configure your Pi as an IPfire firewall.  Next for me though is to use a Banana Pi as an IPfire firewall.  It has just enough additional horsepower that it might be the real answer.  To be continued...

The third killer feature is rolling your own web blocking blacklist.  Sophos had very nice web blocking built in, but again, it was lacking the pure flexibility that IPfire offers.

Now on to the meat of this post:
Why do you want to get rid of extra blacklists?  Well, if you are dumb like me, you are always running IPFire on some scrap hardware (Previous to the Raspberry Pi, mine was installed on an old fitPC with dual NICS, an AMD Geode processor @ 500MHz and 256 megs of RAM) and you have uploaded such a big blacklist that your scraps are tapped out.  Previously, I would backup and then wipe and reload my IPFire in order to start over with a smaller blacklist. 

We will discuss getting rid of old Blacklists and how to trim big blacklists of categories that you don't need before uploading.

To get rid of your installed blacklists, enable SSH and connect to your IPFire server.
I am lazy, so I use Filezilla to connect, browse and delete files.  I can commandline, but why bother.

Browse to: /var/ipfire/urlfilter/
Here you will see a directory called blacklists
It will have folders corresponding to your categories.  You can select and delete the categories that you do not want enabled, or delete every folder here and start from scratch.
Once you have deleted the non necessary categories, you are all set.  Save and restart URL Filter from the web interface and you are done.

Now, to keep these from re-popping on their own, disable automatic blacklist downloads.
You can also manually remove the unwanted categories from your blacklist file before uploading it.
I like the blacklist file provided here:
http://urlblacklist.com/?sec=download
It is big monster and maintained with categories for lots of crap.

Once you have the file, uncompress it it and remove the directories for the categories that you do not want, save and re-compress the file and then upload it to your IPFire.  (The free open source 7zip program will facilitate this uncompressing and recompressing if you are using Windows.)
See the categories .txt file for explanations as to what each category is blocking.  This is invaluable to keep you from unnecessarily enabling a category that seems helpful, but in reality is not.
Also note that you can see the size of each category in the blacklist file.  This allows you to understand which categories are the biggest and will take the most resources on your IPfire.  You should think twice about enabling that 20 meg category on a scrappy IPFire server with limited RAM and CPU.

That is all.

No comments:

Post a Comment