Hey, > On 1 Dec 2018, at 20:18, Peter Müller wrote: > > Hello Tim, hello Michael, > >> >>> The second addon handles the setting up and updating of IP Address >>> Blocklists in the firewall. It includes options to select which lists >>> to use, and some control over how frequently to check for updates. >> >> I guess Peter might be quite excited about this :) > I _am_ excited about this indeed. Especially the "Emerging FW" combined > list sounds very interesting. Dropping bogon traffic is also a good > idea, as it prevents some hijacked BGP allocation stuff. > >> >> I personally do not have much use for this, but again, why should this not >> become part of IPFire? >> > @Michael: Why do you have no use for this? Speaking about the mentioned > Emerging FW list, enabling it as a default sounds reasonable to me. Networks > listed there usually are so bad one even does not want to route or peer > to it (DROP = Don't route or peer). :-) Well, that one maybe :) I forgot that we could use this on the IPFire Infrastructure… I am not sure if this should be enabled by default. We deliberately do not ship the firewall in the most secure way it is possible. Then, we would not allow any traffic to pass whatsoever, but it makes the setup rather difficult and you might be running into unexpected issues. But we should strongly recommend enabling this. > Could we enable the bogon list as a default for dial-up interfaces in > IPFire 3.x ? Not only dial-up, but this probably would not be a dynamic list, but rather a substantial part of the firewall. -Michael > Thanks, and best regards, > Peter Müller > -- > Microsoft DNS service terminates abnormally when it recieves a response > to a DNS query that was never made. Fix Information: Run your DNS > service on a different platform. > -- bugtraq