Text only | Text with Images

OPNsense Forum

English Forums => General Discussion => Topic started by: Donbruno on March 07, 2025, 09:58:33 AM

Title: which filterlists aka spamhaus do you use?
Post by: Donbruno on March 07, 2025, 09:58:33 AM
Hello

which alias/ filterlist aka, spamhaus, do you use for IPv6?

I use geoip too.

Which list are "good"?

greetings
Thomas
Title: Re: which filterlists aka spamhaus do you use?
Post by: Patrick M. Hausen on March 07, 2025, 10:16:30 AM
I use FireHOL level 1, 2 and 3.
Title: Re: which filterlists aka spamhaus do you use?
Post by: Donbruno on March 07, 2025, 10:43:08 AM
Quote from: Patrick M. Hausen on March 07, 2025, 10:16:30 AMI use FireHOL level 1, 2 and 3.

but it is only ipv4 right?
Title: Re: which filterlists aka spamhaus do you use?
Post by: Patrick M. Hausen on March 07, 2025, 10:56:59 AM
I thought it was mixed, sorry. Need to check myself.
Title: Re: which filterlists aka spamhaus do you use?
Post by: dan786 on March 07, 2025, 03:05:15 PM
There isn't many list that can do ipv6 . I have used Blocklist de and Dan.me.uk tor lists the other is the matrail scanner list that i'm aware of. But there crowdsec witch kind like a blocklist. I had the same question when i was trying pfsense.   
Title: Re: which filterlists aka spamhaus do you use?
Post by: Patrick M. Hausen on March 07, 2025, 04:12:58 PM
Yeah, Spamhaus DROPv6 seems to be the only one.

One contributing factor might be that port scans via IPv6 are still rare and possible will be forever. Other than a targeted attack e.g. via the public list of issued certificates you simply cannot scan the IPv6 address space.

While IPv4 space is scanned exhaustively 24x7 IPv6 is legacy address space squared (!) networks (/64) with again legacy address space squared possible hosts in each. And if you don't number your hosts e.g.

<prefix>::1
<prefix>::2
<prefix>::3
...

but use e.g. SLAAC or even randomly generated addresses, that vast space is populated really sparse.
Text only | Text with Images