Threat Shield Behavior - Is this correct?

I installed and downloaded the blacklist from this URL: https://github.com/firehol/blocklist-ipsets, which resulted in 435 categories. When I select a few, and apply, they seem to work, but the screen that displays the 435 categories at the Nethserver screen here: .com:9090/nethserver#/applications/nethserver-blacklist , shows none enabled.

Is this correct?

Enabled categories should have the status field marked as green, something like this:

which list do you use?

@giacomo is “souspicious” correct? I remember “suspicious”.

Those are paid lists for NethServer Enterprise. I hope also subscription members will have access to them.

You remember right! I have to fix it :persevere:

Actually that display is a bit misleading.
One expects that the selected lists will be left with the active check on the left column.

I agree with you: it’s quite misleading.

@andre8244 @edoardo_spadoni I know this interface is becoming a pain, but is there any chance to have the category ticked if enabled?

Checkboxs on left column is used to select items on the list and not to show theirs status, in fact the column Status do the job.

In each list, if you want to select an item or multiple items and do one or more multiple actions to the selected items, checkbox on left column resolves this behavior.

As you can see on Patternfly guidelines (the same used in NethServer Cockpit) here the checkbox are always present in list to permit selection and not to represent state.

2 Likes

Quite unfortunate trying to load the rules, the command echo '{"status":"enabled","Url":"https://github.com/firehol/blocklist-ipsets","Whitelist":[],"Categories":[]}' | /usr/bin/setsid /usr/bin/sudo /usr/libexec/nethserver/api/nethserver-blacklist/settings/update | jq seems unwillingly to end correctly.
I’m assuming that the crappy network connection has something to do with that…
(downloading rules from https://github.com/firehol/blocklist-ipsets ) or that maybe i’ve overloaded a bit too much my scapegoat.

Giacomo, I have been experimenting with several. I selected several ransomware ones, and a Firehol one, but before I was selecting some that, after reading (didn’t read the docs) I decided some were redundant.

There are a lot of things that could be done to improve the UI, but like the guest at the hostel getting free food, who is reluctant to complain about the taste, I appreciate how much work this stuff takes. It would be nice have an indicator of how many are active, and be able to see which ones are active without scrolling through, in the case of Firehol’s GitHub list, 400+. You guys are smart guys who have done a spectacular job taking advantage of Cockpit, I trust you know what to do and will get to it when you can.

pike, I think you know how to use this, but I am not sure from your post. All I did was to copy/paste the GitHub URL https://github.com/firehol/blocklist-ipsets

and I was presented with 435 separate categories to activate.

Thank you for your appreciation!

Indeed the UI has been designed with few categories in mind, but after your suggestion, and @edoardo_spadoni explanation, I think we could improve a little bit more:

  • add a number of enabled categories
  • as default, order the list by status if any category is enabled
3 Likes

May i suggest a filter for narrow the category list if needed?

2 Likes

@pike, thank you. That is a perfectly reasonable suggestion. I had hoped Threat Shield would just use without reading any documentation or doing anything just installing and turning it on. I installed the 435 different categories when I pasted the GitHub repository URL Then, I browsed through the list, selected a bunch of different ones without reading any documentation. After a day or so i noticed some websites weren’t accessible, so i unchecked many of the ones I checked, and finally did about 5 minutes of reading.

I was hoping this was going to be a one click, set and forget. Some reading th, maybe you, might be thinking, what is this bozo fooling around with Nethserver in the first place? I am pretty technical, but the only hands-on experience I have with Linux is my Nethserver home router, I really appreciate how well built it is, but I have other priorities than learning how to use the packages.

BTW, I mostly have worked on big systems (database, networking, systems mgt). If you are curious, you can goggle: Harry packetpushers.net

and you can listen to an interview I did last summer.

I agree with you both, but the UI was built with the idea to have a very limited number of lists.
IMO, using firehol GitHub repository it’s not a good idea, you should craft your own subset as stated in the manual.

So, just to recap, we can improve the UI with the following modifications:

  • add a number of enabled categories
  • as default, order the list by status if any category is enabled
  • add a search filter

Since,this is not our usage scenario, I will add this request to our internal backlog, but with low priority.

Would be great! :+1: :smiley: Any timeline?

@harry As long as the paid lists are not available for subscription, I’m using the firehol github repo and followed the advice of the author: GitHub - firehol/blocklist-ipsets: ipsets dynamically updated with firehol's update-ipsets.sh script with good result for me. So about 18 lists (out of 435) are enabled and no problems so far.

The possibility to sort the status column would be great to see how many lists are enabled.

1 Like

Are there more open rule lists to access without the obbligation to subscribe a license?

Some of those lists blocked my access to let’s encrypt servers one day, so… be careful

Which one were that? Any of the advised?

AFAIK no, you need to carefully craft your own.
But I can tell you that SSLBL and DSHIELD are quite safe, while firehol_level 1 and 2, often block SMTP server of some Italian ISP (eg. Aruba).

Not really :frowning: We will have a meeting this week to try to schedule the work, I will try to keep you informed :slight_smile:

1 Like