Important: Any user that calls reload-blocklist-netset via cron and has any of the "firehol" blocklists enabled, you must take action to keep the blocklists updated.
For reference, here is our documentation for the "reload-blocklist-netset" feature: Firewall External Block List https://doc.astlinux-project.org/userdoc:tt_firewall_external_block_list The author and maintainer of FireHOL IP Lists is "Costa Tsaousis", who lives in Greece, has done an excellent job with this project, aggregating threats by IP address, that are freely available. Costa has 405 IP Lists (many of which are contained in the firehol_level1 and firehol_webclient lists), which for regular changes he committed to GitHub: https://github.com/firehol/blocklist-ipsets On Thu Sep 14, 2017, the GitHub folks temporarily disabled the blocklist-ipsets repository, no doubt to get Costa's attention, stating that he was using too much of their resources. Promptly later that day Costa switched from committing to GitHub to updating his own server, surround by Cloudflare's CDN proxy. Costa communicated these new local links are for the long term. Bottom Line... Old FireHOL URL prefix: https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/ New FireHOL URL prefix: https://iplists.firehol.org/files/ While the GitHub URL's still work (repository back online), they are stale as of Thu Sep 14, 2017. User Action Required: Choose either 1, 2 or 3 ... 1) New Pre-Release Version: astlinux-1.3-3433-7c9504 referenced at http://www.astlinux-project.org/dev.html is the easiest to upgrade, for ast11-firmware-1.x and ast13-firmware-1.x . 2) If you want to continue using your current AstLinux version, you can create the new script at /mnt/kd/bin/reload-blocklist-netset and edit your cron entry to use it instead of the system's reload-blocklist-netset -- I created a GitHub Gist that you can use as a script, but manual cron editing is still required. https://gist.github.com/abelbeck/981bcd0b50aa8de6eed623de19f401b1 Click on "Raw" to view a shell script you can execute to create /mnt/kd/bin/reload-blocklist-netset -- 3) Those of you that do custom builds of AstLinux, now is a good time to either "svn up" or "git pull" and create a fresh build containing the new system reload-blocklist-netset script. Note: a few new packages have been added, you will want to update your custom .config file, say "Yes" to BR2_PACKAGE_TARSNAP=y and the default "No" to the rest of the new packages. See the default astlinux-ast1[13].config config's for reference. For the future, the new reload-blocklist-netset script supports rc.conf variables to override the root URL's for the blocklists. Lonnie ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org.
