Spamhaus ASN Drop list - json format #8391
Comments
|
Tried opening this as a feature request...doesn't seem to have worked. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Important notices
Before you add a new report, we ask you kindly to acknowledge the following:
Is your feature request related to a problem? Please describe.
Spamhaus DROP ASN announcement
Describe the solution you like
Adding support for this ASN list presents a double opportunity for OPNsense CE and BE.
In the first stage, the new functionality is announced - hopefully in a yy.m.x release - users can start using it.
In the second stage, new yy.m releases start presenting the users with a new screen in the initial setup wizard where the users are being prompted to enable this ASN list as a Floating rule on LAN - "Reject Source any Destination ASNdrop any". A floating rule can then be modified easily to add additional VLANs when they're deployed.
Implementing the second stage raises the bar of the default security posture and is a mitigating factor for the default Allow Any Outbound IPv4+IPv6 rules that may allow for unwanted data exfiltration when new deployments happen on compromised networks.
Describe alternatives you considered
There's always the manual option, which is error prone, untimely and time consuming: collecting the ~300 ASNs and adding it to a ASN alias.
Additional context
DROP ASN json
Thank you.
The text was updated successfully, but these errors were encountered: