From: Michael Tremer <michael.tremer@ipfire.org>
To: development@lists.ipfire.org
Subject: Re: Status emails and IP Blocklists
Date: Sun, 02 Dec 2018 11:12:55 +0000 [thread overview]
Message-ID: <C0C38A41-47DB-46E9-A177-38886D5F95FA@ipfire.org> (raw)
In-Reply-To: <9ebbbe98-98a8-03af-9de4-f2e5ff999fce@link38.eu>
[-- Attachment #1: Type: text/plain, Size: 1855 bytes --]
Hey,
> On 1 Dec 2018, at 20:18, Peter Müller <peter.mueller(a)link38.eu> wrote:
>
> Hello Tim, hello Michael,
>
>>
>>> The second addon handles the setting up and updating of IP Address
>>> Blocklists in the firewall. It includes options to select which lists
>>> to use, and some control over how frequently to check for updates.
>>
>> I guess Peter might be quite excited about this :)
> I _am_ excited about this indeed. Especially the "Emerging FW" combined
> list sounds very interesting. Dropping bogon traffic is also a good
> idea, as it prevents some hijacked BGP allocation stuff.
>
>>
>> I personally do not have much use for this, but again, why should this not
>> become part of IPFire?
>>
> @Michael: Why do you have no use for this? Speaking about the mentioned
> Emerging FW list, enabling it as a default sounds reasonable to me. Networks
> listed there usually are so bad one even does not want to route or peer
> to it (DROP = Don't route or peer). :-)
Well, that one maybe :) I forgot that we could use this on the IPFire
Infrastructure…
I am not sure if this should be enabled by default. We deliberately do not
ship the firewall in the most secure way it is possible. Then, we would not
allow any traffic to pass whatsoever, but it makes the setup rather difficult
and you might be running into unexpected issues.
But we should strongly recommend enabling this.
> Could we enable the bogon list as a default for dial-up interfaces in
> IPFire 3.x ?
Not only dial-up, but this probably would not be a dynamic list, but
rather a substantial part of the firewall.
-Michael
> Thanks, and best regards,
> Peter Müller
> --
> Microsoft DNS service terminates abnormally when it recieves a response
> to a DNS query that was never made. Fix Information: Run your DNS
> service on a different platform.
> -- bugtraq
next prev parent reply other threads:[~2018-12-02 11:12 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <1c66503b47593dd61f22167c559fe81cde60bf5c.camel@ipfire.org>
2018-12-01 20:18 ` Peter Müller
2018-12-02 11:12 ` Michael Tremer [this message]
2018-12-02 12:08 ` Peter Müller
2018-12-02 12:10 ` Michael Tremer
[not found] <c4c6137e-5f6a-8ee7-c36e-8deded18f28a@tfitzgeorge.me.uk>
2019-04-01 11:07 ` Michael Tremer
[not found] <745dc6bc-4ac4-8b43-415b-17c35d2fb219@tfitzgeorge.me.uk>
2018-12-01 19:46 ` Michael Tremer
2018-11-29 21:11 Tim FitzGeorge
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=C0C38A41-47DB-46E9-A177-38886D5F95FA@ipfire.org \
--to=michael.tremer@ipfire.org \
--cc=development@lists.ipfire.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox