From: Matthias Fischer <matthias.fischer@ipfire.org>
To: development@lists.ipfire.org
Subject: Re: ipblocklist - Call for testers (disable attribute in sources)
Date: Sun, 10 Apr 2022 20:53:59 +0200 [thread overview]
Message-ID: <2e625c36-5c95-5741-801d-1650a6267259@ipfire.org> (raw)
In-Reply-To: <7ddd588a-e82f-814f-b8cc-8a80c823a2f0@yahoo.com>
[-- Attachment #1: Type: text/plain, Size: 700 bytes --]
Hi Stefan, hi Tim,
I hadn't the time to test yet - but found a small typo.
Patch is attached.
Great work!
Best,
Matthias
On 10.04.2022 20:21, Charles Brown wrote:
> Tim, Stefan,
>
> I have installed the ipblocklist feature. It looks great.
>
> I’m curious about the disable attribute in the sources file.
>
> I have all the lists enabled, I would have thought enabling
> EMERGING_FWRULE would have the DSHIELD list automatically disabled.
> However, I am showing several hits on DSHIELD and I see 20 entries in
> ipset for DSHIELD. Is the disable attribute in sources there for
> informational purposes only?
>
> Thanks for your excellent work on this feature,
> Charles Brown
>
>
[-- Attachment #2: fix_aggresive.patch --]
[-- Type: text/plain, Size: 1683 bytes --]
diff -U 3 a/var/ipfire/ipblocklist/sources b/var/ipfire/ipblocklist/sources
--- a/var/ipfire/ipblocklist/sources Sun Apr 3 13:22:06 2022
+++ b/var/ipfire/ipblocklist/sources Sun Apr 10 20:48:08 2022
@@ -42,7 +42,7 @@
'parser' => 'ip-or-net-list',
'rate' => '1h',
'category' => 'composite',
- 'disable' => ['FEODO_RECOMMENDED', 'FEODO_IP', 'FEODO_AGGRESIVE', 'SPAMHAUS_DROP', 'DSHIELD'] },
+ 'disable' => ['FEODO_RECOMMENDED', 'FEODO_IP', 'FEODO_AGGRESSIVE', 'SPAMHAUS_DROP', 'DSHIELD'] },
'EMERGING_COMPROMISED' => { 'name' => 'Emerging Threats Compromised IPs',
'url' => 'https://rules.emergingthreats.net/blockrules/compromised-ips.txt',
'info' => 'https://doc.emergingthreats.net/bin/view/Main/CompromisedHost',
@@ -80,7 +80,7 @@
'rate' => '5m',
'category' => 'c and c',
'disable' => 'FEODO_RECOMMENDED' },
- 'FEODO_AGGRESIVE' => { 'name' => 'Feodo Trojan IP Blocklist (Aggresive)',
+ 'FEODO_AGGRESSIVE' => { 'name' => 'Feodo Trojan IP Blocklist (Aggressive)',
'url' => 'https://feodotracker.abuse.ch/downloads/ipblocklist_aggressive.txt',
'info' => 'https://feodotracker.abuse.ch/blocklist',
'parser' => 'ip-or-net-list',
next prev parent reply other threads:[~2022-04-10 18:53 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <7ddd588a-e82f-814f-b8cc-8a80c823a2f0@yahoo.com>
2022-04-10 18:47 ` Stefan Schantl
2022-04-10 18:53 ` Matthias Fischer [this message]
2022-04-10 22:39 ` Rob Brewer
2022-04-11 21:51 Tim FitzGeorge
2022-04-12 4:12 ` Stefan Schantl
2022-04-12 16:46 ` Rob Brewer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=2e625c36-5c95-5741-801d-1650a6267259@ipfire.org \
--to=matthias.fischer@ipfire.org \
--cc=development@lists.ipfire.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox