ipblocklist-sources: Update to include the 3CORESec ip blocklists

- The patch for this was created by Stefan Schantl
- Blocklist addition was discussed and agreed at IPFire dev conf call in June 2024.
- Tested on vm system.
- The combined list was removed because it is just the three others which can be selected
   in the WUI to give the equivalent result.

Created-by: Stefan Schantl <stefan.schantl@ipfire.org>
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

diff --git a/config/ipblocklist/sources b/config/ipblocklist/sources
index 0835c0f9c316ffdb251772e275ecfbe6f3bf22e4..69f964dd9da311eb8044eacfce5f8e19f5c17f15 100644 (file)
--- a/config/ipblocklist/sources
+++ b/config/ipblocklist/sources
@@ -124,5 +124,23 @@ our %sources = ( 'EMERGING_FWRULE' => { 'name'     => 'Emerging Threats Blocklis
                                     'info'     => 'https://www.blocklist.de',
                                     'parser'   => 'ip-or-net-list',
                                     'rate'     => '30m',
-                                    'category' => 'attacker' }
+                                    'category' => 'attacker' },
+             '3CORESEC_SSH'    => { 'name'     => '3CORESec SSH Activity Blocklist',
+                                        'url'      => 'https://blacklist.3coresec.net/lists/ssh.txt',
+                                        'info'     => 'https://blacklist.3coresec.net',
+                                        'parser'   => 'ip-or-net-list',
+                                        'rate'     => '1d',
+                                        'category' => 'attacker' },
+             '3CORESEC_SCAN'   => { 'name'     => '3CORESec Scan and IDS Blocklist',
+                                        'url'      => 'https://blacklist.3coresec.net/lists/misc.txt',
+                                        'info'     => 'https://blacklist.3coresec.net',
+                                        'parser'   => 'ip-or-net-list',
+                                        'rate'     => '1d',
+                                        'category' => 'reputation' },
+             '3CORESEC_WEB'    => { 'name'     => '3CORESec Web Server Activity Blocklist',
+                                        'url'      => 'https://blacklist.3coresec.net/lists/http.txt',
+                                        'info'     => 'https://blacklist.3coresec.net',
+                                        'parser'   => 'ip-or-net-list',
+                                        'rate'     => '1d',
+                                        'category' => 'attacker' }
            );