Just in case someone else may find this useful...

Scenario 1: You belong to a network but decide to drop it. You've sent your hub a netmail & email letting them know. Even though two years have gone by they constantly try to poll you.

You netmail and email again & again, never receiving a response yet they still poll your system, sometimes hundreds of times a day, each time with a password error.

Scenario 2: You no longer want one of your downlinks polling you. You've asked them to update their config but are unresponsive.

Solution? Block their ass(es)!

Create an IP set to store ip networks:
ipset -N block4 hash:net
ipset -N block6 hash:net family inet6

Add lines to firewall to block referenced IP sets:
iptables -A INPUT -p all -m set --match-set block4 src -j DROP
ip6tables -A INPUT -p all -m set --match-set block6 src -j DROP

Run this script each time you toss mail or at least once per day:

#!/bin/bash
BINKLOG="/path/to/binkd.log"

BLOCK=(
"ZYZ John Doe$"
"ZYZ Jane Doe$"
"ZYZ j0hnd03$"
"addr: 1:234/567@fidonet"
"addr: 21:3/999@fsxnet"
)

for i in "${BLOCK[@]}"; do

# Find the latest log entry matching the pattern
getpoll=$(tac "$BINKLOG" | grep -m 1 "$i")

if [[ -n $getpoll ]]; then
# Extract the PID from the log entry using bash string manipulation
pollpid="${getpoll#*[}"
pollpid="${pollpid%%]*}"

# Find the incoming session log entry associated with PID & extract IP address
poll=$(grep "\[$pollpid\] incoming session with" "$BINKLOG")
poll="${poll#*]}"
poll="${poll#*[}"

ip="${poll%%]*}"

# If IP is IPv4
if [[ "$ip" =~ ^([0-9]{1,3}\.){3}[0-9]{1,3}$ ]]; then

# Convert to CIDR format
cidr="${ip%.*}.0/24"

# Check if CIDR is already in the block4 IP set
if ! sudo ipset test block4 "$cidr" > /dev/null 2>&1; then
# Add the CIDR to the block4 IP set and save changes
sudo ipset add block4 "$cidr"
sudo sh -c "ipset save > /etc/iptables/ipsets"
fi
# If IP is IPv6
elif [[ "$ip" =~ ^([0-9a-fA-F]{1,4}:){7}[0-9a-fA-F]{1,4}$ || "$ip" == *"::"* ]]; then

# Convert to CIDR format
cidr="$(echo "$ip" | cut -d: -f1-4)::/64"

# Check if CIDR is already in the block6 IP set
if ! sudo ipset test block6 "$cidr" > /dev/null 2>&1; then
# Add the CIDR to the block6 IP set and save changes
sudo ipset add block6 "$cidr"
sudo sh -c "ipset save > /etc/iptables/ipsets"
fi
fi
fi
done

You can also find a copy here:
https://nrbbs.net/binkblock.sh.txt


Jay

... Anyone can get old. All you have to do is live long enough

--- Mystic BBS v1.12 A49 2024/05/29 (Linux/64)
* Origin: Northern Realms (618:400/23)

Hello Warpslide!

29 Nov 24 09:28, you wrote to all:

Solution? Block their ass(es)!

The only thing different I would do is not run this using sudo (as sudo has been having security issues lately) but as root in root's cron. I do that with several nightly processes and hourly processes, such as running the "subnet-recidive" fail2ban filter which is hourly and my two backup processes using rsync.net (rsync) and AWS S3 (s3cmd) which are nightly.

Running anything system-level as "sudo" can be problematic in my experience. Then again, in BSD, there is no "sudo" unless you add it to the system. In FreeBSD, just make a user a member of the wheel group and they have root access.

-- Sean

... Laugh and the world thinks you're an idiot.
--- GoldED+/LNX 1.1.5-b20240209
* Origin: Outpost BBS * Johnson City, TN (618:618/1)