Motivation
Since firehol/blocklist-ipsets seems unmaintained - there's a number of issues with not-so-updated blocklists. This is an attempt to reuse as much as possible of the fantastic firehol with as little maintainence as possible
- Do not use blocklists blindly on
OUTGOING (DST) <=> LAN/WAN
- Do not use blocklists blindly on
OUTGOING (DST) <=> LAN/WAN
- Do not use blocklists blindly on
OUTGOING (DST) <=> LAN/WAN
- ...
- This automatically solves issues like this or this or this
- Rules are supposed to be applied on
INCOMING (SRC) => WAN
- Use a DNS-blocker if you want to block outgoing traffic instead of ips.
- If you block
OUTGOING (DST) => WAN/LAN
- you WILL have trouble when false positives mistakenly slips through. Shit happens ¯\ _ (ツ) _ /¯ - If you find any false-positives, please contact the maintainer of the actual blocklist.
- All credits goes to firehol and all the maintainers of blocklists.
- This repo is for my private purpose.
- Automatic removal of ipranges from legitimate sources like github.
- Automatic removal of private ipranges (this is a job for the router instead)
- Removal of unused blocklists
- Removal of non maintained blocklists
- Only reuse the most common lists with as few false-positive as possible.