diff --git a/doc/fw-addr-lists.md b/doc/fw-addr-lists.md
index b888d4b..cb560d7 100644
--- a/doc/fw-addr-lists.md
+++ b/doc/fw-addr-lists.md
@@ -18,7 +18,8 @@ Description
 
 This script downloads, imports and updates firewall address-lists. Its main
 purpose is to block attacking ip addresses, spam hosts, command-and-control
-servers and similar malicious entities. The default configuration contains
+servers and similar malicious entities. The default configuration contains a
+[collective list by GitHub user @stamparm](https://github.com/stamparm/ipsum),
 lists from [dshield.org](https://dshield.org/) and
 [blocklist.de](https://www.blocklist.de/), and lists from
 [spamhaus.org](https://spamhaus.org/) are prepared.
diff --git a/global-config.rsc b/global-config.rsc
index 2be4752..b364a25 100644
--- a/global-config.rsc
+++ b/global-config.rsc
@@ -90,6 +90,7 @@
 :global BackupPartitionCopyBeforeFeatureUpdate false;
 
 # This defines the settings for firewall address-lists (fw-addr-lists).
+# Warning: Mind your device's resources - memory and processing!
 :global FwAddrLists {
 #  "allow"={
 #    { url="https://rsc.eworm.de/main/fw-addr-lists.d/allow";
@@ -98,6 +99,9 @@
   "block"={
 #    { url="https://rsc.eworm.de/main/fw-addr-lists.d/block";
 #      cert="ISRG Root X2" };
+    { url="https://raw.githubusercontent.com/stamparm/ipsum/refs/heads/master/levels/4.txt";
+#     # higher level (decrease the numerical value) for more addresses, and vice versa
+      cert="DigiCert Global Root G2" };
     { url="https://www.dshield.org/block.txt"; cidr="/24";
       cert="ISRG Root X1" };
     { url="https://lists.blocklist.de/lists/strongips.txt";
diff --git a/global-functions.rsc b/global-functions.rsc
index 13dca64..5996370 100644
--- a/global-functions.rsc
+++ b/global-functions.rsc
@@ -13,7 +13,7 @@
 :local ScriptName [ :jobname ];
 
 # expected configuration version
-:global ExpectedConfigVersion 132;
+:global ExpectedConfigVersion 133;
 
 # global variables not to be changed by user
 :global GlobalFunctionsReady false;
diff --git a/news-and-changes.rsc b/news-and-changes.rsc
index c7e566f..6f9e96e 100644
--- a/news-and-changes.rsc
+++ b/news-and-changes.rsc
@@ -57,6 +57,7 @@
   130="Dropped intermediate certificates, depending on just root certificates now.";
   131="Enhanced certificate download to fallback to mkcert.org, so all (commonly trusted) root certificates are available now.";
   132="Split off plugins from 'check-health', so the script works on all devices to monitor CPU and RAM. The supported plugins for sensors in hardware are installed automatically.";
+  133="Updated the default configuration for 'fw-addr-lists', deprecated lists were removed, a collective list was added.";
 };
 
 # Migration steps to be applied on script updates