IP sets for external services typically whitelisted on a web server (payment providers, etc.) Consumable by FirewallD/fds/NGINX (planned). Delivered as noarch RPM packages for easy updating on CentOS/RHEL-like systems.
Install the PayPal IP set:
dnf -y install https://extras.getpagespeed.com/release-latest.rpm
dnf -y install firewalld-ipset-paypalNow, FirewallD knows about the new IP set named paypal.
It will appear in the list of known IP sets provided by firewall-cmd --get-ipsets output.
Trust it like so:
firewall-cmd --permanent --zone=trusted --add-source=ipset:paypal
firewall-cmd --reloadYou can set the respective package firewalld-ipset-paypal to automatically update via dnf
in order to ensure trust of updated PayPal IP addresses.
firewalld-ipset-twitterfirewalld-ipset-stripe- Stripe Webhooksfirewalld-ipset-paypal- PayPal IPNfirewalld-ipset-metabasefirewalld-ipset-cloudflare-v6firewalld-ipset-cloudflare-v4firewalld-ipset-circlecifirewalld-ipset-braintree
firewalld-ipset-<name>for FirewallD IP sets- (Planned)
nginx-whitelist-<name>for NGINX conf file withallowdirectives
- Optimize IP sets with https://github.com/firehol/iprange/wiki
- Install to
/usr/share/trusted-lists/plain/<name>.txtand/usr/share/trusted-lists/nginx/<name>.conf
This project is to be complemented by another, e.g. server-lists.
The idea is that you reduce bot traffic by blocking all remote servers in server-lists project, while whitelisting the ones from trusted-lists.