Updated lists and just discovered firehol



  • I recently updated some blocklists. I removed a few from iblocklist, as it appears the ones from Bluetack are obsolete. That being said, I kept the ones from EDU and ads because I detest college security researchers and ads are ads. Colleges don't change IP addresses often.

    I discovered firehol (http://iplists.firehol.org/)  while looking up better lists. I'm importing firehol 1,2, and 3. I set them to block both in and out on pfBlockerNG. It blocked a few 224.0.0.0/24 addresses, which I put in a passlist using pfBlocker custom lists. It seems to work ok. (Nice feature … just figured it out.)

    My questions:

    blocking 224.0.0.0/24 is bad since all are non-routable. I set up exceptions for those that were blocked. OK?

    In general, blocked both in and out ok?

    Any others with experience with firehol ... anything else I should take into consideration?



  • firhol is bomb, donate to their mission:

    Costa:  donations - | a | t | - firehol - dot - org

    PFB is bomb, donate to their mission:

    BBCan:  bbcan177 - | a | t | - gmail - dot - com

    The ONLY thing I'd say about FH is that on occasion you'll find some IP's on the private side that shouldn't be blocked but get into the list.  I've had to parse those out but it's not that big of a deal (like 192.168.x.x stuff or 172.x.x.x & 10.x.x.x that are reserved private for NAT).

    The best thing you can do is donate to those two projects via paypal to the above ^ email addresses to keep them both motivated :)


  • Moderator

    Its not recommended to use the LVL1 feed to block Outbound since it contains Bogons. Also IBlock doesn't seem to be maintained very well… I'd not recommend to use Feeds that are not maintained.