suricata: Add IPFire DNSBL to the rule sources

Although this is not the primary use-case, there is a lot of value by
adding the DNSBL to Suricata for secondary filtering. Anything that is
trying to circumvent any local policy will be caught at the edge of the
network and therfore we will even be able to block access to any listed
domains when people are using a private resolver.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

diff --git a/config/suricata/ruleset-sources b/config/suricata/ruleset-sources
index b843d3e4997b2cc8029e9d34786f3718edd48221..3ccb205a75b79bea4c862c5af95043a435a12eb2 100644 (file)
--- a/config/suricata/ruleset-sources
+++ b/config/suricata/ruleset-sources
@@ -141,4 +141,13 @@ our %Providers = (
                dl_url => "https://raw.githubusercontent.com/travisbgreen/hunting-rules/master/hunting.rules",
                dl_type => "plain",
        },
+
+       ipfire_dnsbl => {
+               summary => "IPFire DNSBL - Domain Blocklist",
+               website => "https://www.ipfire.org/dnsbl/",
+               tr_string => "ipfire dnsbl",
+               requires_subscription => "False",
+               dl_url => "https://dnsbl.ipfire.org/lists/suricata.tar.gz",
+               dl_type => "archive",
+       },
 );