[Savannah-register-public] [task #8847] Submission of IPQ BDB filter

[Alessandro Vesely]

URL:
  <http://savannah.gnu.org/task/?8847>

                 Summary: Submission of IPQ BDB filter
                 Project: Savannah Administration
            Submitted by: ale2003
            Submitted on: Sat 15 Nov 2008 01:10:33 PM CET
         Should Start On: Sat 15 Nov 2008 12:00:00 AM CET
   Should be Finished on: Tue 25 Nov 2008 12:00:00 AM CET
                Category: Project Approval
                Priority: 5 - Normal
                  Status: None
                 Privacy: Public
        Percent Complete: 0%
             Assigned to: None
             Open/Closed: Open
         Discussion Lock: Any
                  Effort: 0.00

    _______________________________________________________

Details:

A new project has been registered at Savannah 
This project account will remain inactive until a site admin approves or
discards the registration.


= Registration Administration =

While this item will be useful to track the registration process, *approving
or discarding the registration must be done using the specific Group
Administration
<https://savannah.gnu.org/siteadmin/groupedit.php?group_id=10071> page*,
accessible only to site administrators, effectively *logged as site
administrators* (superuser):

* Group Administration
<https://savannah.gnu.org/siteadmin/groupedit.php?group_id=10071>


= Registration Details =

* Name: *IPQ BDB filter*
* System Name:  *ipqbdb*
* Type: non-GNU software & documentation
* License: GNU General Public License v2 or later (The project license is
GPLv3.

There are no media files, so any statement about them is true.)

----

==== Description: ====
IPtables is a popular firewall on GNU/Linux systems. It features the ability
to queue IP addresses to a user space daemon that can issue a verdict for
blocking the packet being examined. The IPQ BDB filter provides such user
space program that looks up a Berkeley DB data base of IPv4 addresses.

The daemon is designed to block address in a fuzzy fashion, inspired by the
STOCKADE daemon (see link below.) Each record features a decay and a
probability. Banning an IP either inserts a new record with the given
probability, or doubles the probability of an existing record. Probabilities
define the likelihood that a packet will be blocked. They decrease
automatically: The decay is the time in which a probability halves. It is
possible to whitelist IP addresses in order to establish their initial decay.
The decay is increased whenever the probability passes a certain boundary, so
that repeatedly banned IPs end up with a slow decay.

Banning is accomplished by a command line utility, and by a log parsing
daemon. In that respect, ipqbdb is a light version of fail2ban (see link
below).

Programs are written in C.

Multiple DBs can be used for multiple netfilter queues.

stockade http://caia.swin.edu.au/stockade/
fail2ban http://www.fail2ban.org/wiki/index.php/Main_Page



==== Other Software Required: ====
Netfilter - GPLv2 or later http://www.netfilter.org/about.html
Berkeley DB - GPL and other
http://www.oracle.com/technology/software/products/berkeley-db/htdocs/licensing.html
PCRE - BSD http://www.pcre.org/
Popt - GNU http://directory.fsf.org/project/popt/



==== Other Comments: ====
The project is not yet finished. (I still have to code an utility to
list/delete records.)

I'm looking for an SVN server for this project. May I test svn at Savannah?

Thanks for your attention
Ale


==== Tarball URL: ====
http://www.ext.tana.it/ipqbdb-0.0.tar.gz






    _______________________________________________________

Reply to this item at:

  <http://savannah.gnu.org/task/?8847>

_______________________________________________
  Message sent via/by Savannah
  http://savannah.gnu.org/