From mboxrd@z Thu Jan  1 00:00:00 1970
From: Adolf Belka <adolf.belka@ipfire.org>
To: development@lists.ipfire.org
Subject: [PATCH 2/2] ipblocklist-sources: Update to include the Abuse.ch
 Botnet C2 ip blocklist
Date: Mon, 24 Jun 2024 17:10:39 +0200
Message-ID: <20240624151039.51194-2-adolf.belka@ipfire.org>
In-Reply-To: <20240624151039.51194-1-adolf.belka@ipfire.org>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============0658635373508384961=="
List-Id: <development.lists.ipfire.org>

--===============0658635373508384961==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable

- Blocklist addition was discussed and agreed at IPFire dev conf call in June=
 2024.
- Tested on vm system.

Tested-by: Adolf Belka <adolf.belka(a)ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
---
 config/ipblocklist/sources | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/config/ipblocklist/sources b/config/ipblocklist/sources
index 69f964dd9..1cef06dd1 100644
--- a/config/ipblocklist/sources
+++ b/config/ipblocklist/sources
@@ -142,5 +142,11 @@ our %sources =3D ( 'EMERGING_FWRULE' =3D> { 'name'     =
=3D> 'Emerging Threats Blocklis
 					 'info'     =3D> 'https://blacklist.3coresec.net',
 					 'parser'   =3D> 'ip-or-net-list',
 					 'rate'     =3D> '1d',
-					 'category' =3D> 'attacker' }
+					 'category' =3D> 'attacker' },
+	      'ABUSECH_BOTNETC2'  =3D> { 'name'	=3D> 'ABUSE.ch Botnet C2 IP Blockli=
st',
+					   'url'	=3D> 'https://sslbl.abuse.ch/blacklist/sslipblacklist.txt',
+					   'info'	=3D> 'https://sslbl.abuse.ch/blacklist#botnet-c2-ips-csv',
+					   'parser'	=3D> 'ip-or-net-list',
+					   'rate'	=3D> '5m',
+					   'category'	=3D> 'reputation' }
            );
--=20
2.45.2


--===============0658635373508384961==--