I use the blocklists from emergingthreats.net. Is already in a format
that Works wonderfully.
http://rules.emergingthreats.net/fwrules/emerging-PF-ALL.rules
Good to use HTTPS to avoid someone tampering with the list via DNS/etc..
Just fetch them through a cron job, include them in pf.conf and reload
pf.conf. And yes, you would have to trust...
Is a nice idea to whitelist the IP address/range where you connect from,
if loading external rules made by somebody else, so you do not get
locked out of your own box (happened once on a friday, not funny).
cheers.
x9p
