Second build sold out. Message will appear here when store is ready for third build ordering.

Reloading the IP address blacklist from the Kiwi's command line

With 15+ public Kiwis to manage and defend against bot attacks, keeping the Kiws' blacklist tables up to date from the GUI page has become quite error prone for me. If there is a way to check for new blacklists and/or update the table from the Kiwi's command line, I could easily implement a script to do those updates for me.

I understand implementing such auto-reloads internally in the Kiwi is challenging, but are there Kiwi commands which I could use for that which I would execute from the wsprdaemon servers?

Comments

  • I'm download common blacklist in crontab task and then add IP addresses to IPSET with DROP action in IPTABLE. And I don't do this on every KiwiSDR, but on my frp server.

  • edited March 2022

    @rz3dvp. perhaps you could post some script snips to show how yo udo this

  • @WA2ZKD it's very simple bash script:

    #!/bin/bash
    ipset -N kiwiblacknets nethash
    wget -q http://kiwisdr.com/ip_blacklist/ip_blacklist2.cjson -O - | grep -o '".*"' | sed 's/"//g' | while read NET
    do
    ipset -A kiwiblacknets $NET
    done
    

    and this IPSET was dropped in IPTABLES

    iptables -I INPUT -m set --match-set kiwiblacknets src -j DROP
    
  • Fine. But if you're doing this on a Kiwi with all channels loaded with kiwirecorder connections, don't come complaining to me when you get audio glitches. Running random Linux commands completely violates the realtime prerequisites.

  • Yes, I think it's a bad idea to do this directly on KiwiSDR, but If you have a lot KiwiSDR in different places you come to idea for use a personal reverse proxy server and use it for management some common feature like blacklist. 😀

  • @rz3dvp thanks for the code.

    If it can run quickly, think I can avoid disturbing wsprdaemon wav file recordings by executing this script in the 10 seconds before minute 0 of each hour, a time when no WSPSR or FST4W packets should be transmitted.

Sign In or Register to comment.