From patchwork Wed Mar 12 11:03:22 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Adolf Belka X-Patchwork-Id: 8518 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mail01.haj.ipfire.org", Issuer "R10" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4ZCSRR5M7Bz3xDX for ; Wed, 12 Mar 2025 11:03:31 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) client-signature ECDSA (secp384r1)) (Client CN "mail02.haj.ipfire.org", Issuer "E5" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4ZCSRR21wNz7hs for ; Wed, 12 Mar 2025 11:03:31 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4ZCSRR1Kggz34b3 for ; Wed, 12 Mar 2025 11:03:31 +0000 (UTC) X-Original-To: development@lists.ipfire.org Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mail01.haj.ipfire.org", Issuer "R10" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4ZCSRN0Lhsz2yXJ for ; Wed, 12 Mar 2025 11:03:28 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4ZCSRM3MXpz1x3; Wed, 12 Mar 2025 11:03:27 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1741777407; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=+nGPGKCIsFPW9wW4DPeG3c397I2aZFDY1dNbaAAxPuo=; b=p2pjgdGBi0KVwAowofkTVRZgKupCHDcOskdlyrX2SvXSW6mkl3xa2KoYBCKJblla7oMRdz 5k8aE0SgjqnndQAQ== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1741777407; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=+nGPGKCIsFPW9wW4DPeG3c397I2aZFDY1dNbaAAxPuo=; b=cQPzmu+n7O9t1fkqiMaIhIFGRY6fq0pmcWq7CCA10Ns/qzsXEgtS7r1xvHWFx5+W+yVNIQ 7+OSuC1r8ZiAtrEXtq5Jz1xUHFw2GRoCbuc18BvRA+qVi39ImDIejMa9wK6Vl5+5RWWM6Q U4svtmDC+cq2KyQlXKJLSv1oYG8NuL3plaUlfFJpzteu3ps308fhS65tr/p4SgQ7z5VrQ5 Jn5d7Dwx5nYuyJv0/+d1Me9/KNcqI6zUQkSg596DUcNydEDEaa9zBFqcgy2ngxq56uat8C O84WCJAbBEMFBeRAqy+XwU1JzBC1zC4Kh44RqlYBqOhgPs+8gXpq90dqwNCZ7w== From: Adolf Belka To: development@lists.ipfire.org Cc: Adolf Belka Subject: [PATCH] sources: Update ipblocklist with Threatview.io IP list Date: Wed, 12 Mar 2025 12:03:22 +0100 Message-ID: <20250312110322.6328-1-adolf.belka@ipfire.org> Precedence: list List-Id: List-Subscribe: , List-Unsubscribe: , List-Post: List-Help: Sender: Mail-Followup-To: MIME-Version: 1.0 - Blocklist addition was discussed and agreed at IPFire dev conf call in March 2025. - Tested on vm system. - Adjusted the entry alignment for the three 3coresec entries as they had used tabs and all the rest used spaces for alignment. Now all entries are lined up the same. Tested-by: Adolf Belka Signed-off-by: Adolf Belka --- config/ipblocklist/sources | 36 +++++++++++++++++++++--------------- 1 file changed, 21 insertions(+), 15 deletions(-) diff --git a/config/ipblocklist/sources b/config/ipblocklist/sources index a25353528..0e26792d6 100644 --- a/config/ipblocklist/sources +++ b/config/ipblocklist/sources @@ -112,21 +112,27 @@ our %sources = ( 'EMERGING_FWRULE' => { 'name' => 'Emerging Threats Blocklis 'rate' => '30m', 'category' => 'attacker' }, '3CORESEC_SSH' => { 'name' => '3CORESec SSH Activity Blocklist', - 'url' => 'https://blacklist.3coresec.net/lists/ssh.txt', - 'info' => 'https://blacklist.3coresec.net', - 'parser' => 'ip-or-net-list', - 'rate' => '1d', - 'category' => 'attacker' }, + 'url' => 'https://blacklist.3coresec.net/lists/ssh.txt', + 'info' => 'https://blacklist.3coresec.net', + 'parser' => 'ip-or-net-list', + 'rate' => '1d', + 'category' => 'attacker' }, '3CORESEC_SCAN' => { 'name' => '3CORESec Scan and IDS Blocklist', - 'url' => 'https://blacklist.3coresec.net/lists/misc.txt', - 'info' => 'https://blacklist.3coresec.net', - 'parser' => 'ip-or-net-list', - 'rate' => '1d', - 'category' => 'reputation' }, + 'url' => 'https://blacklist.3coresec.net/lists/misc.txt', + 'info' => 'https://blacklist.3coresec.net', + 'parser' => 'ip-or-net-list', + 'rate' => '1d', + 'category' => 'reputation' }, '3CORESEC_WEB' => { 'name' => '3CORESec Web Server Activity Blocklist', - 'url' => 'https://blacklist.3coresec.net/lists/http.txt', - 'info' => 'https://blacklist.3coresec.net', - 'parser' => 'ip-or-net-list', - 'rate' => '1d', - 'category' => 'attacker' } + 'url' => 'https://blacklist.3coresec.net/lists/http.txt', + 'info' => 'https://blacklist.3coresec.net', + 'parser' => 'ip-or-net-list', + 'rate' => '1d', + 'category' => 'attacker' }, + 'THREATVIEW_IO_IP' => { 'name' => 'Threatview.io Malicious IP Blocklist for known Bad IP addresses', + 'url' => 'https://threatview.io/Downloads/IP-High-Confidence-Feed.txt', + 'info' => 'https://threatview.io/#services', + 'parser' => 'ip-or-net-list', + 'rate' => '1d', + 'category' => 'reputation' } );