I installed and downloaded the blacklist from this URL: https://github.com/firehol/blocklist-ipsets, which resulted in 435 categories. When I select a few, and apply, they seem to work, but the screen that displays the 435 categories at the Nethserver screen here: .com:9090/nethserver#/applications/nethserver-blacklist , shows none enabled.
Checkboxs on left column is used to select items on the list and not to show theirs status, in fact the column Status do the job.
In each list, if you want to select an item or multiple items and do one or more multiple actions to the selected items, checkbox on left column resolves this behavior.
As you can see on Patternfly guidelines (the same used in NethServer Cockpit) here the checkbox are always present in list to permit selection and not to represent state.
Quite unfortunate trying to load the rules, the command echo '{"status":"enabled","Url":"https://github.com/firehol/blocklist-ipsets","Whitelist":[],"Categories":[]}' | /usr/bin/setsid /usr/bin/sudo /usr/libexec/nethserver/api/nethserver-blacklist/settings/update | jq seems unwillingly to end correctly.
I’m assuming that the crappy network connection has something to do with that…
(downloading rules from https://github.com/firehol/blocklist-ipsets ) or that maybe i’ve overloaded a bit too much my scapegoat.
Giacomo, I have been experimenting with several. I selected several ransomware ones, and a Firehol one, but before I was selecting some that, after reading (didn’t read the docs) I decided some were redundant.
There are a lot of things that could be done to improve the UI, but like the guest at the hostel getting free food, who is reluctant to complain about the taste, I appreciate how much work this stuff takes. It would be nice have an indicator of how many are active, and be able to see which ones are active without scrolling through, in the case of Firehol’s GitHub list, 400+. You guys are smart guys who have done a spectacular job taking advantage of Cockpit, I trust you know what to do and will get to it when you can.
Indeed the UI has been designed with few categories in mind, but after your suggestion, and @edoardo_spadoni explanation, I think we could improve a little bit more:
add a number of enabled categories
as default, order the list by status if any category is enabled
@pike, thank you. That is a perfectly reasonable suggestion. I had hoped Threat Shield would just use without reading any documentation or doing anything just installing and turning it on. I installed the 435 different categories when I pasted the GitHub repository URL Then, I browsed through the list, selected a bunch of different ones without reading any documentation. After a day or so i noticed some websites weren’t accessible, so i unchecked many of the ones I checked, and finally did about 5 minutes of reading.
I was hoping this was going to be a one click, set and forget. Some reading th, maybe you, might be thinking, what is this bozo fooling around with Nethserver in the first place? I am pretty technical, but the only hands-on experience I have with Linux is my Nethserver home router, I really appreciate how well built it is, but I have other priorities than learning how to use the packages.
BTW, I mostly have worked on big systems (database, networking, systems mgt). If you are curious, you can goggle: Harry packetpushers.net
and you can listen to an interview I did last summer.
I agree with you both, but the UI was built with the idea to have a very limited number of lists.
IMO, using firehol GitHub repository it’s not a good idea, you should craft your own subset as stated in the manual.
So, just to recap, we can improve the UI with the following modifications:
add a number of enabled categories
as default, order the list by status if any category is enabled
add a search filter
Since,this is not our usage scenario, I will add this request to our internal backlog, but with low priority.
AFAIK no, you need to carefully craft your own.
But I can tell you that SSLBL and DSHIELD are quite safe, while firehol_level 1 and 2, often block SMTP server of some Italian ISP (eg. Aruba).
Not really We will have a meeting this week to try to schedule the work, I will try to keep you informed