On Wed, Mar 03, 2021 at 09:50:33AM +0000, David Pottage wrote: > Thanks for the tip on FireHOL, and all their block lists. I was using just > the blocklist.de list and updating it nightly. It looks like I should be > able to get better coverage by using more block lists. > > You say that you chose not to use FireHOL itself, but instead chose to roll > your own. Could I ask why? are there problems or downsides to FireHOL?
I don't have anything bad to say about their tooling. My quick glance at it, a couple of years ago, gave me the impression that it wanted to own more of the firewall configuration than I wanted to hand it. In particular, my goal was to build something usable both on Debian and on OpenWRT, the latter of which already has a fairly involved iptables configuration. So I built my own automation, and I'm entirely open to the possibility that this was a mistake. ;) You should probably start with the firehol tooling and stick with it until you have reason to switch. noah
