fw-addr-lists: add a collective list in default configuration

2025-08-15 07:22:33 +02:00 · 2025-02-12 12:13:17 +01:00 · 2025-02-12 12:13:17 +01:00 · df631b987d
commit df631b987d
parent c8759381e9
4 changed files with 8 additions and 2 deletions
--- a/doc/fw-addr-lists.md
+++ b/doc/fw-addr-lists.md
@ -18,7 +18,8 @@ Description
 This script downloads, imports and updates firewall address-lists. Its main
 purpose is to block attacking ip addresses, spam hosts, command-and-control
-servers and similar malicious entities. The default configuration contains
+servers and similar malicious entities. The default configuration contains a
 [collective list by GitHub user @stamparm](https://github.com/stamparm/ipsum),
 lists from [dshield.org](https://dshield.org/) and
 [blocklist.de](https://www.blocklist.de/), and lists from
 [spamhaus.org](https://spamhaus.org/) are prepared.
--- a/global-config.rsc
+++ b/global-config.rsc
@ -90,6 +90,7 @@
 :global BackupPartitionCopyBeforeFeatureUpdate false;
 # This defines the settings for firewall address-lists (fw-addr-lists).
 # Warning: Mind your device's resources - memory and processing!
 :global FwAddrLists {
 #  "allow"={
 #    { url="https://rsc.eworm.de/main/fw-addr-lists.d/allow";
@ -98,6 +99,9 @@
  "block"={
 #    { url="https://rsc.eworm.de/main/fw-addr-lists.d/block";
 #      cert="ISRG Root X2" };
    { url="https://raw.githubusercontent.com/stamparm/ipsum/refs/heads/master/levels/4.txt";
 #     # higher level (decrease the numerical value) for more addresses, and vice versa
      cert="DigiCert Global Root G2" };
    { url="https://www.dshield.org/block.txt"; cidr="/24";
      cert="ISRG Root X1" };
    { url="https://lists.blocklist.de/lists/strongips.txt";
--- a/global-functions.rsc
+++ b/global-functions.rsc
@ -13,7 +13,7 @@
 :local ScriptName [ :jobname ];
 # expected configuration version
-:global ExpectedConfigVersion 132;
+:global ExpectedConfigVersion 133;
 # global variables not to be changed by user
 :global GlobalFunctionsReady false;
--- a/news-and-changes.rsc
+++ b/news-and-changes.rsc
@ -57,6 +57,7 @@
  130="Dropped intermediate certificates, depending on just root certificates now.";
  131="Enhanced certificate download to fallback to mkcert.org, so all (commonly trusted) root certificates are available now.";
  132="Split off plugins from 'check-health', so the script works on all devices to monitor CPU and RAM. The supported plugins for sensors in hardware are installed automatically.";
  133="Updated the default configuration for 'fw-addr-lists', deprecated lists were removed, a collective list was added.";
 };
 # Migration steps to be applied on script updates