Op 30-10-2017 om 22:37 schreef x9p: > >> I use the blocklists from emergingthreats.net. Is already in a format >> that Works wonderfully. >> >> http://rules.emergingthreats.net/fwrules/emerging-PF-ALL.rules > > Good to use HTTPS to avoid someone tampering with the list via DNS/etc..
So use https://rules.emergingthreats.net/fwrules/emerging-PF-ALL.rules instead... I won't stop you. :) What are the chances that someone will be able to realisticly tamper with the traffic? Very close to zero given the setup. The chances that the other side is tampered with are much, much higher. You might as well not rely on external sources. Of course you are running your own DNS resolver and not relying on your provider, are you? > >> Just fetch them through a cron job, include them in pf.conf and reload >> pf.conf. And yes, you would have to trust... > > Is a nice idea to whitelist the IP address/range where you connect > from, if loading external rules made by somebody else, so you do not > get locked out of your own box (happened once on a friday, not funny). Won't happen, thanks for the warning though. I connect from the inside (always access) to the outside, and when connecting from the outside it will be over IPv6. The list is IPv4. Erik
