Filterlists: add Firehol lists

Created on 14 Jun 2017  Â·  15Comments  Â·  Source: collinbarrett/FilterLists

Add lists from https://github.com/firehol .

Per #98.

directory-data

Most helpful comment

uBO and Nano (and probably AdGuard) supports list entries with single IPs as far as I can determine, but not IP ranges. I'd therefore personally give .ipset lists higher priority from now on, in part as I don't actually know of any software tools that accept IP ranges.

I'm currently taking a break week-ish from making pulls, to instead focus on exercising and on upgrading my apartment's electricity wiring. But I'll place it on my to-do list to spin off .netset lists into a new syntax ID.

All 15 comments

... For clarification, it's IP addresses so there wouldn't necessarily be overlap. Rather, I could see them be complementary. Like, IP blocklists are more for blocking known malicious IP addresses, spam mail servers, TOR exit nodes... Junk like that.

But, the format of their site is pretty neat. Where they compare how various IP blocklists overlap one another, compare update frequencies... stuff like that. I thought it would be interesting if they could do the same with unresolved domain names.

Personally, I use pfSense firewall at home with an add-on called pfBlocker which takes IP blocklists, DNS blocklists, and Easylist filters. Sort of a 3-pronged protection.

Hey, ok, thanks for the notes. I do index some "hosts lists" on FilterLists as well, which are all IPs. FilterLists is designed more for lists you can subscribe to in browser-based ad-blockers, but some of these do support subscribing to hosts lists as well.

I'll keep this issue open for the moment until I get a chance to explore the Firehol site. Maybe, as you say, there are some features that could be cool to port to FilterLists as well.

Thanks!

Some lists you may have in common are under the section:

malware

feodo
older feodo_badips
ransomware_cryptowall_ps
today ransomware_feed
this week ransomware_locky_c2
older ransomware_locky_ps
today ransomware_online
today ransomware_rw
older ransomware_teslacrypt_ps
today ransomware_torrentlocker_c2
older ransomware_torrentlocker_ps

Looking up https://github.com/firehol/blocklist-ipsets, it has _more than a thousand lists_. No way am I going to add all of them.

lol. I completely agree... trying to figure out if they have one or more "master" lists that would be worth indexing...

maybe these? https://github.com/firehol/blocklist-ipsets#which-ones-to-use

That's the mothership of all blacklists. The main one is firehol_level1 and its content is explained here

By now I've added Level 1 through 3, as well as the 30-day version of Stop Forum Spam. But while I often browse up and down through their repo, I almost never see any new lists that grabs my attention as being unique and useful, as it seems to me that ≥95% of their lists are either corporate-oriented, anti-corporate-oriented, or are about blocking pretty narrow categories of spam.

So I guess that I've now done what I could do in regards to solving this Issue report.

Works for me. Anyone, feel free to comment if you think there are more lists from firehol we should add. Closing for now.

Stop Forum Spam is intended for forum admins to block bots that spam the threads with targeted ads. Maybe something like normshield all attack could be more relevant?
It includes IPs that do bruteforce, ddosbot, dnsscan or webscan.

This is just a guess.

i like some of these lists show how dangerous the dark web and porn site the possibility of freedom will be exchanged for security

To Atavic (and possibly Collin): I've been tempted to create a new tag called _Corporate_, that'd include StopForumSpam, Semalt Blocked Domains, and most of the remaining ones of CHEF-KOCH and jmdugan's lists. But I couldn't agree with myself on whether it'd be right to both include sites that'd help corporate admins, and anti-corporate lists, into the same tag.

To tsugami1: I'd say that going to the wrong places on the internet are a pretty heavy security and/or privacy risk, regardless of their topics.

Hmm, yeah, those two categories sound deserving of two different tags. I'm certainly open/onboard to it. To preserve real-estate in the list table, its best to really push to keep tag names as short as possible. corporate is probably ok, but anti-corporate is getting to be too long. I'll be thinking on names for this...

@DandelionSprout Instead of Corporate it could be Server.

An .ipset is a list of single IPs.
A .netset is a list of IP ranges.

uBO and Nano (and probably AdGuard) supports list entries with single IPs as far as I can determine, but not IP ranges. I'd therefore personally give .ipset lists higher priority from now on, in part as I don't actually know of any software tools that accept IP ranges.

I'm currently taking a break week-ish from making pulls, to instead focus on exercising and on upgrading my apartment's electricity wiring. But I'll place it on my to-do list to spin off .netset lists into a new syntax ID.

Closing as complete enough for now.

Was this page helpful?
0 / 5 - 0 ratings

Related issues

gwarser picture gwarser  Â·  4Comments

DandelionSprout picture DandelionSprout  Â·  5Comments

DandelionSprout picture DandelionSprout  Â·  3Comments

badmojr picture badmojr  Â·  3Comments

DJCrashdummy picture DJCrashdummy  Â·  5Comments