From 4d0b4a1ff4137ae0b5508fb16428ac4da7205410 Mon Sep 17 00:00:00 2001 From: Christian Hesse Date: Tue, 11 Feb 2025 14:30:14 +0100 Subject: [PATCH] fw-addr-lists: these lists are deprecated and discontinued Any alternatives around? --- certs/GlobalSign.pem | 28 ---------------------------- certs/Makefile | 2 -- doc/fw-addr-lists.md | 6 +++--- global-config.rsc | 4 ---- 4 files changed, 3 insertions(+), 37 deletions(-) delete mode 100644 certs/GlobalSign.pem diff --git a/certs/GlobalSign.pem b/certs/GlobalSign.pem deleted file mode 100644 index 47035e4..0000000 --- a/certs/GlobalSign.pem +++ /dev/null @@ -1,28 +0,0 @@ -# Issuer: CN=GlobalSign O=GlobalSign OU=GlobalSign Root CA - R3 -# Subject: CN=GlobalSign O=GlobalSign OU=GlobalSign Root CA - R3 -# Label: "GlobalSign Root CA - R3" -# Serial: 4835703278459759426209954 -# MD5 Fingerprint: c5:df:b8:49:ca:05:13:55:ee:2d:ba:1a:c3:3e:b0:28 -# SHA1 Fingerprint: d6:9b:56:11:48:f0:1c:77:c5:45:78:c1:09:26:df:5b:85:69:76:ad -# SHA256 Fingerprint: cb:b5:22:d7:b7:f1:27:ad:6a:01:13:86:5b:df:1c:d4:10:2e:7d:07:59:af:63:5a:7c:f4:72:0d:c9:63:c5:3b ------BEGIN CERTIFICATE----- -MIIDXzCCAkegAwIBAgILBAAAAAABIVhTCKIwDQYJKoZIhvcNAQELBQAwTDEgMB4G -A1UECxMXR2xvYmFsU2lnbiBSb290IENBIC0gUjMxEzARBgNVBAoTCkdsb2JhbFNp -Z24xEzARBgNVBAMTCkdsb2JhbFNpZ24wHhcNMDkwMzE4MTAwMDAwWhcNMjkwMzE4 -MTAwMDAwWjBMMSAwHgYDVQQLExdHbG9iYWxTaWduIFJvb3QgQ0EgLSBSMzETMBEG -A1UEChMKR2xvYmFsU2lnbjETMBEGA1UEAxMKR2xvYmFsU2lnbjCCASIwDQYJKoZI -hvcNAQEBBQADggEPADCCAQoCggEBAMwldpB5BngiFvXAg7aEyiie/QV2EcWtiHL8 -RgJDx7KKnQRfJMsuS+FggkbhUqsMgUdwbN1k0ev1LKMPgj0MK66X17YUhhB5uzsT -gHeMCOFJ0mpiLx9e+pZo34knlTifBtc+ycsmWQ1z3rDI6SYOgxXG71uL0gRgykmm -KPZpO/bLyCiR5Z2KYVc3rHQU3HTgOu5yLy6c+9C7v/U9AOEGM+iCK65TpjoWc4zd -QQ4gOsC0p6Hpsk+QLjJg6VfLuQSSaGjlOCZgdbKfd/+RFO+uIEn8rUAVSNECMWEZ -XriX7613t2Saer9fwRPvm2L7DWzgVGkWqQPabumDk3F2xmmFghcCAwEAAaNCMEAw -DgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFI/wS3+o -LkUkrk1Q+mOai97i3Ru8MA0GCSqGSIb3DQEBCwUAA4IBAQBLQNvAUKr+yAzv95ZU -RUm7lgAJQayzE4aGKAczymvmdLm6AC2upArT9fHxD4q/c2dKg8dEe3jgr25sbwMp -jjM5RcOO5LlXbKr8EpbsU8Yt5CRsuZRj+9xTaGdWPoO4zzUhw8lo/s7awlOqzJCK -6fBdRoyV3XpYKBovHd7NADdBj+1EbddTKJd+82cEHhXXipa0095MJ6RMG3NzdvQX -mcIfeg7jLQitChws/zyrVQ4PkX4268NXSb7hLi18YIvDQVETI53O9zJrlAGomecs -Mx86OyXShkDOOyyGeMlhLxS67ttVb9+E7gUJTb0o2HLO02JQZR7rkpeDMdmztcpH -WD9f ------END CERTIFICATE----- diff --git a/certs/Makefile b/certs/Makefile index ba25303..4e252b4 100644 --- a/certs/Makefile +++ b/certs/Makefile @@ -23,12 +23,10 @@ DOMAINS_IPV4 = \ 8.8.8.8/GTS-Root-R1 \ 9.9.9.9/DigiCert-Global-Root-G3 \ api.mullvad.net/ISRG-Root-X1 \ - feodotracker.abuse.ch/GlobalSign \ ipv4.showipv6.de/ISRG-Root-X1 \ ipv4.tunnelbroker.net/Starfield-Root-Certificate-Authority-G2 \ mkcert.org/ISRG-Root-X1 \ ntfy.sh/ISRG-Root-X1 \ - sslbl.abuse.ch/GlobalSign \ www.dshield.org/ISRG-Root-X1 \ www.spamhaus.org/GTS-Root-R4 DOMAINS_IPV6 = \ diff --git a/doc/fw-addr-lists.md b/doc/fw-addr-lists.md index f581fd2..b888d4b 100644 --- a/doc/fw-addr-lists.md +++ b/doc/fw-addr-lists.md @@ -19,9 +19,9 @@ Description This script downloads, imports and updates firewall address-lists. Its main purpose is to block attacking ip addresses, spam hosts, command-and-control servers and similar malicious entities. The default configuration contains -lists from [abuse.ch](https://abuse.ch/), [dshield.org](https://dshield.org/) -and [blocklist.de](https://www.blocklist.de/), and -lists from [spamhaus.org](https://spamhaus.org/) are prepared. +lists from [dshield.org](https://dshield.org/) and +[blocklist.de](https://www.blocklist.de/), and lists from +[spamhaus.org](https://spamhaus.org/) are prepared. The address-lists are updated in place, so after initial import you will not see situation when the lists are not populated. diff --git a/global-config.rsc b/global-config.rsc index b0f0c64..2be4752 100644 --- a/global-config.rsc +++ b/global-config.rsc @@ -98,10 +98,6 @@ "block"={ # { url="https://rsc.eworm.de/main/fw-addr-lists.d/block"; # cert="ISRG Root X2" }; - { url="https://feodotracker.abuse.ch/downloads/ipblocklist_recommended.txt"; - cert="GlobalSign" }; - { url="https://sslbl.abuse.ch/blacklist/sslipblacklist.txt"; - cert="GlobalSign" }; { url="https://www.dshield.org/block.txt"; cidr="/24"; cert="ISRG Root X1" }; { url="https://lists.blocklist.de/lists/strongips.txt";