gandalf/secubox-openwrt
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
9c4d8dcdfd
secubox-openwrt/package/secubox/secubox-app-ipblocklist/Makefile
CyberMind-FR cec4893db9 feat(security): Implement SysWarden Evolution #1-3 security enhancements 
Evolution #1 - IP Blocklist (secubox-app-ipblocklist, luci-app-ipblocklist):
- Pre-emptive blocking layer with ipset (~100k IPs)
- Default sources: Data-Shield, Firehol Level 1
- Supports nftables (fw4) and iptables backends
- LuCI KISS dashboard with sources/whitelist management

Evolution #2 - AbuseIPDB Reporter (luci-app-crowdsec-dashboard v0.8.0):
- New "AbuseIPDB" tab in CrowdSec Dashboard
- crowdsec-reporter.sh CLI for reporting blocked IPs
- RPCD handler luci.crowdsec-abuseipdb with 9 methods
- Cron job for automatic reporting every 15 minutes
- IP reputation checker in dashboard

Evolution #3 - Log Denoising (luci-app-system-hub v0.5.2):
- Three modes: RAW, SMART (noise ratio), SIGNAL_ONLY (filter known IPs)
- Integrates with IP Blocklist ipset + CrowdSec decisions
- RPCD methods: get_denoised_logs, get_denoise_stats
- Denoise mode selector panel with noise ratio indicator

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-02-20 20:11:24 +01:00

46 lines
1.4 KiB
Makefile
Raw Blame History

include $(TOPDIR)/rules.mk
PKG_NAME:=secubox-app-ipblocklist
PKG_VERSION:=1.0.0
PKG_RELEASE:=1
PKG_MAINTAINER:=Gandalf <gandalf@cybermind.fr>
PKG_LICENSE:=Apache-2.0
include $(INCLUDE_DIR)/package.mk
define Package/secubox-app-ipblocklist
SECTION:=secubox
CATEGORY:=SecuBox
TITLE:=SecuBox IP Blocklist - Static threat defense layer
DEPENDS:=+ipset +wget-ssl +ca-bundle
PKGARCH:=all
endef
define Package/secubox-app-ipblocklist/description
Pre-emptive IP blocklist defense layer for SecuBox.
Downloads and maintains static blocklists (~100k IPs) from community sources
(Data-Shield, Firehol) and applies them via kernel ipset for immediate DROP.
This provides Layer 1 protection before CrowdSec reactive blocking.
endef
define Package/secubox-app-ipblocklist/conffiles
/etc/config/ipblocklist
/etc/ipblocklist/whitelist.txt
endef
define Package/secubox-app-ipblocklist/install
$(INSTALL_DIR) $(1)/etc/config
$(INSTALL_CONF) ./files/etc/config/ipblocklist $(1)/etc/config/ipblocklist
$(INSTALL_DIR) $(1)/etc/cron.d
$(INSTALL_DATA) ./files/etc/cron.d/ipblocklist $(1)/etc/cron.d/ipblocklist
$(INSTALL_DIR) $(1)/etc/ipblocklist
$(INSTALL_DATA) ./files/etc/ipblocklist/whitelist.txt $(1)/etc/ipblocklist/whitelist.txt
$(INSTALL_DIR) $(1)/usr/sbin
$(INSTALL_BIN) ./files/usr/sbin/ipblocklist-update.sh $(1)/usr/sbin/ipblocklist-update.sh
endef
$(eval $(call BuildPackage,secubox-app-ipblocklist))
Reference in New Issue View Git Blame Copy Permalink