From e19e33d0a80fe1b4520fe9dab05f6f8a96d6c574 Mon Sep 17 00:00:00 2001 From: Christian Hesse Date: Wed, 31 May 2023 10:01:38 +0200 Subject: introduce fw-addr-lists --- global-config.rsc | 15 +++++++++++++++ 1 file changed, 15 insertions(+) (limited to 'global-config.rsc') diff --git a/global-config.rsc b/global-config.rsc index b17d25c..901c7b3 100644 --- a/global-config.rsc +++ b/global-config.rsc @@ -80,6 +80,21 @@ :global BackupUploadUser "mikrotik"; :global BackupUploadPass "v3ry-s3cr3t"; +# This defines the settings for firewall address-lists (fw-addr-lists). +:global FwAddrLists { +# "allow"={ +# { url="https://eworm.de/ros/fw-addr-lists/allow"; +# cert="R3" }; +# }; + "block"={ +# { url="https://eworm.de/ros/fw-addr-lists/block"; +# cert="R3" }; + { url="https://www.dshield.org/block.txt"; cidr="/24"; + cert="R3" }; + }; +}; +:global FwAddrListTimeOut 1d; + # This defines what log messages to filter or include by topic or message # text. Regular expressions are supported. Do *NOT* set an empty string, # that will filter or include everything! -- cgit v1.2.3-54-g00ecf From 53ad7b717d5e0dc4c9e40a9b24e64d5f933bf14c Mon Sep 17 00:00:00 2001 From: Christian Hesse Date: Fri, 9 Jun 2023 16:03:36 +0200 Subject: fw-addr-lists: add lists from abuse.ch in config --- doc/fw-addr-lists.md | 3 ++- global-config.rsc | 4 ++++ 2 files changed, 6 insertions(+), 1 deletion(-) (limited to 'global-config.rsc') diff --git a/doc/fw-addr-lists.md b/doc/fw-addr-lists.md index 98aedcc..4328776 100644 --- a/doc/fw-addr-lists.md +++ b/doc/fw-addr-lists.md @@ -12,7 +12,8 @@ Description This script downloads, imports and updates firewall address-lists. Its main purpose is to block attacking ip addresses, spam hosts, command-and-control servers and similar malicious entities. The default configuration contains -a list from [dshield.org](https://dshield.org/). +lists from [abuse.ch](https://abuse.ch/) and +[dshield.org](https://dshield.org/). The address-lists are updated in place, so after initial import you will not see situation when the lists are not populated. diff --git a/global-config.rsc b/global-config.rsc index 901c7b3..8fe4761 100644 --- a/global-config.rsc +++ b/global-config.rsc @@ -89,6 +89,10 @@ "block"={ # { url="https://eworm.de/ros/fw-addr-lists/block"; # cert="R3" }; + { url="https://feodotracker.abuse.ch/downloads/ipblocklist_recommended.txt"; + cert="GlobalSign Atlas R3 DV TLS CA 2022 Q3" }; + { url="https://sslbl.abuse.ch/blacklist/sslipblacklist.txt"; + cert="GlobalSign Atlas R3 DV TLS CA 2022 Q3" }; { url="https://www.dshield.org/block.txt"; cidr="/24"; cert="R3" }; }; -- cgit v1.2.3-54-g00ecf From 458fe7c08857afa841feb018ac29780b3e4496a9 Mon Sep 17 00:00:00 2001 From: Christian Hesse Date: Fri, 9 Jun 2023 16:03:45 +0200 Subject: fw-addr-lists: prepare lists from spamhaus.org in config --- doc/fw-addr-lists.md | 3 ++- global-config.rsc | 4 ++++ 2 files changed, 6 insertions(+), 1 deletion(-) (limited to 'global-config.rsc') diff --git a/doc/fw-addr-lists.md b/doc/fw-addr-lists.md index 4328776..5805905 100644 --- a/doc/fw-addr-lists.md +++ b/doc/fw-addr-lists.md @@ -13,7 +13,8 @@ This script downloads, imports and updates firewall address-lists. Its main purpose is to block attacking ip addresses, spam hosts, command-and-control servers and similar malicious entities. The default configuration contains lists from [abuse.ch](https://abuse.ch/) and -[dshield.org](https://dshield.org/). +[dshield.org](https://dshield.org/), and +lists from [spamhaus.org](https://spamhaus.org/) are prepared. The address-lists are updated in place, so after initial import you will not see situation when the lists are not populated. diff --git a/global-config.rsc b/global-config.rsc index 8fe4761..e82170c 100644 --- a/global-config.rsc +++ b/global-config.rsc @@ -95,6 +95,10 @@ cert="GlobalSign Atlas R3 DV TLS CA 2022 Q3" }; { url="https://www.dshield.org/block.txt"; cidr="/24"; cert="R3" }; +# { url="https://www.spamhaus.org/drop/drop.txt"; +# cert="Cloudflare Inc ECC CA-3" }; +# { url="https://www.spamhaus.org/drop/edrop.txt"; +# cert="Cloudflare Inc ECC CA-3" }; }; }; :global FwAddrListTimeOut 1d; -- cgit v1.2.3-54-g00ecf