Important:

Any user that calls reload-blocklist-netset via cron and has any of the 
"firehol" blocklists enabled, you must take action to keep the blocklists 
updated.

For reference, here is our documentation for the "reload-blocklist-netset" 
feature:
Firewall External Block List
https://doc.astlinux-project.org/userdoc:tt_firewall_external_block_list

The author and maintainer of FireHOL IP Lists is "Costa Tsaousis", who lives in 
Greece, has done an excellent job with this project, aggregating threats by IP 
address, that are freely available.

Costa has 405 IP Lists (many of which are contained in the firehol_level1 and 
firehol_webclient lists), which for regular changes he committed to GitHub: 
https://github.com/firehol/blocklist-ipsets

On Thu Sep 14, 2017, the GitHub folks temporarily disabled the blocklist-ipsets 
repository, no doubt to get Costa's attention, stating that he was using too 
much of their resources.

Promptly later that day Costa switched from committing to GitHub to updating 
his own server, surround by Cloudflare's CDN proxy.  Costa communicated these 
new local links are for the long term.

Bottom Line...
Old FireHOL URL prefix: 
https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/
New FireHOL URL prefix: https://iplists.firehol.org/files/

While the GitHub URL's still work (repository back online), they are stale as 
of Thu Sep 14, 2017.


User Action Required:
Choose either 1, 2 or 3 ...

1) New Pre-Release Version: astlinux-1.3-3433-7c9504 referenced at 
http://www.astlinux-project.org/dev.html is the easiest to upgrade, for 
ast11-firmware-1.x and ast13-firmware-1.x .


2) If you want to continue using your current AstLinux version, you can create 
the new script at /mnt/kd/bin/reload-blocklist-netset and edit your cron entry 
to use it instead of the system's reload-blocklist-netset
--
I created a GitHub Gist that you can use as a script, but manual cron editing 
is still required.

https://gist.github.com/abelbeck/981bcd0b50aa8de6eed623de19f401b1

Click on "Raw" to view a shell script you can execute to create 
/mnt/kd/bin/reload-blocklist-netset
--

3) Those of you that do custom builds of AstLinux, now is a good time to either 
"svn up" or "git pull" and create a fresh build containing the new system 
reload-blocklist-netset script.
Note: a few new packages have been added, you will want to update your custom 
.config file, say "Yes" to BR2_PACKAGE_TARSNAP=y and the default "No" to the 
rest of the new packages.  See the default astlinux-ast1[13].config config's 
for  reference.

For the future, the new reload-blocklist-netset script supports rc.conf 
variables to override the root URL's for the blocklists.

Lonnie




------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Astlinux-users mailing list
Astlinux-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/astlinux-users

Donations to support AstLinux are graciously accepted via PayPal to 
pay...@krisk.org.

Reply via email to