Re: firewall - blocklist

morena <morena@morena.rip> wrote:

Brave heroes of Plan 9,
 
Is there some simple way to make kind of firewall thing, specifically
just to block incoming connections sources from some IP block list I
will make?

On the firewall, the answer is “not really”. You could manually route the
offending IPs to nothing using ip(3), but there’s no tooling to facilitate
that and it would be kind of hackish. However…

Currently bots hitting my Plan 9 smtpd server practically every second.
I am not looking  for more features, filters, ports. What practically
always worked for me, is just huge IP block list. That will include
probably tens thousand of IP addresses.

If this is just about smtpd, see its -k option. There’s still no way to
point to a list, you can repeat the option.

Other thing I am not sure about, how much resources does it takes if
those bots connecting and "ehlo" to smtpd. If eventual "firewall" will
not waste the same resources.
 
I have pretty hard time to get information about actual resources of any
process. There is that stats graph which tells me nothing, ps gives me
some number, but that is not much helpful. Something like htop would be
cool ;/

I don’t know htop, but there is a top and gtop. Both are mediocre in
different ways, but still sometimes useful.

See top by noselasd and gtop by zwansch, both in sources/contrib.

I run Plan 9 on Raspberry Pi 4. ISP router with modem in one piece. So
my options outside of Plan 9 machine are, ask to put ISP router into
bridge mode and put behind it own router, or not ask anything and jut
put some firewall machine between router and Plan 9 RPi. Not really
excited about last two options, as it would require probably even more
powerful machine than actual server on RPi 4.
 
May we boot again dear heroes