Releases: kshartman/ipset-blacklist-python
v1.0.3 - Easy Deployment Release
Release Notes:
Version 1.0.3 - Combines all improvements since v1.0.1
This release includes all enhancements from the unreleased v1.0.2 plus deployment improvements.
New Features (v1.0.2 + v1.0.3)
- deploy.sh - Complete automated deployment script
- Verifies Python 3.7+ installed
- Checks ipset/iptables are installed AND working
- Installs executable and man page
- Tests the installation
- Provides ready-to-use cron configuration
- Production hardened - Running nightly with 65k+ entries
Bug Fixes
- Fixed config parser handling of inline comments in BLACKLISTS array
- Comments after URLs no longer parsed as separate sources
- Enhanced error handling throughout
Improvements
- Deployment script verifies kernel modules loaded
- Changed warnings to errors for missing dependencies
- Better user feedback during installation
Production Status
- Processing 82,000+ entries from 14 sources
- Optimizing to 65,000 entries (21% reduction)
- Running nightly in production environments
Quick Install
git clone https://github.com/kshartman/ipset-blacklist-python.git
cd ipset-blacklist-python
sudo ./deploy.shCompatibility
Drop-in replacement for trick77/ipset-blacklist - uses same config format
Since v1.0.2 was never released, v1.0.3 includes all work since v1.0.1!
v1.0.1 - Code Quality Release
Code Quality Improvements
- Pylint score improved from 8.05 to 9.76/10
- Fixed duplicate function definitions
- Removed unused imports
- Cleaned up trailing whitespace
- Added pylint pragmas with justifications
- Added missing docstrings
No Functional Changes
This is a code quality release with no changes to functionality.
All features from v1.0.0 remain the same.
v1.0.0 - High-Performance IP Blacklist Manager
Release Notes for v1.0.0
🚀 Production-Ready Python Implementation
First stable release of the Python ipset-blacklist manager, tested in production with 65,000+ entries.
✨ Key Features
- Advanced Subnet Optimization: O(N·P) algorithm removes covered subnets, reducing entries by 15-20%
- Full IPv6 Support: Dual-stack handling with automatic family detection
- Analysis Mode: Audit existing ipsets for duplicates and optimization opportunities
- Drop-in Replacement: Uses same config format as original trick77/ipset-blacklist
- Network Resilience: Automatic retry with exponential backoff for failed sources
- Private IP Filtering: Configurable RFC1918/reserved range filtering
- Safe Testing: --dry-run mode to preview changes without applying
📊 Performance
- Processes 80,000+ entries in seconds
- Reduces ipset size by ~20% through intelligent optimization
- Memory usage: ~280MB for 800k entries
- Production tested: Currently managing 65k+ entries on live systems
🔧 Installation
sudo install -m 0755 update_blacklist.py /usr/local/sbin/
sudo update_blacklist.py --conf /etc/ipset-blacklist/ipset-blacklist.conf --apply --ipv4-only
📝 Requirements
- Python 3.7+
- No external Python packages (stdlib only)
- ipset v6+
- iptables/ip6tables
🙏 Credits
- Inspired by https://github.com/trick77/ipset-blacklist
- Implementation: Kenneth Shane Hartman, ChatGPT (OpenAI), Claude (Anthropic)
📄 License
MIT License
Full documentation: See https://github.com/kshartman/ipset-blacklist-python/blob/main/README.md