Hello all,
where is the best way to store external IP addresses in ipfire from which no connection may be accepted or clients may send data.
I am concerned about this Artiekle here and the mentioned IP list.
Totgesagte leben länger: Emotet ist zurück
Browse Botnet C&Cs
Paul
Hi Paul,
i use IPSet → wiki.ipfire.org - IPset for stuff like this but since those lists are not that extensive you can may also integrate it in the FW groups but take care to update it since those IPs won´t last long…
Best,
Erik
Hi,
just for the sake of completeness: If you are using the IPS, at least the ET community ruleset contains the C&C servers tracked by FeodoTracker:
True, this is a rather costly way to block things, but at least you are safe from these C&C servers without leaving IPFire’s web interface. 
Thanks, and best regards,
Peter Müller
What kind of rule sets do they recommend when operating at home?
This is what I currently have activated.
My Options:
MfG Paul
Hi,
unfortunately, there is no general answer to your question.
Looking at the screenshots you provided, two aspects come to my mind:
drop.rules (contains hostile networks safe to drop)emerging-dns.rules (since you are using DNS, and it is an important, yet often underestimated attack vector)emerging-exploit_kits.rules (in addition to emerging-exploit.rules)emerging-voip.rules (if you have VoIP clients behind your IPFire)emerging-web_clients.rules (applies to attacks against web browsers)Please refer to this blog post for a more general advice.
Thanks, and best regards,
Peter Müller