ipblocklist-sources: Update to include the Abuse.ch Botnet C2 ip blocklist

- Blocklist addition was discussed and agreed at IPFire dev conf call in June 2024.
- Tested on vm system.

Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

diff --git a/config/ipblocklist/sources b/config/ipblocklist/sources
index 69f964dd9da311eb8044eacfce5f8e19f5c17f15..1cef06dd1251e71e60f5d8c1623c35a0d6049ec4 100644 (file)
--- a/config/ipblocklist/sources
+++ b/config/ipblocklist/sources
@@ -142,5 +142,11 @@ our %sources = ( 'EMERGING_FWRULE' => { 'name'     => 'Emerging Threats Blocklis
                                         'info'     => 'https://blacklist.3coresec.net',
                                         'parser'   => 'ip-or-net-list',
                                         'rate'     => '1d',
-                                        'category' => 'attacker' }
+                                        'category' => 'attacker' },
+             'ABUSECH_BOTNETC2'  => { 'name'   => 'ABUSE.ch Botnet C2 IP Blocklist',
+                                          'url'        => 'https://sslbl.abuse.ch/blacklist/sslipblacklist.txt',
+                                          'info'       => 'https://sslbl.abuse.ch/blacklist#botnet-c2-ips-csv',
+                                          'parser'     => 'ip-or-net-list',
+                                          'rate'       => '5m',
+                                          'category'   => 'reputation' }
            );