[Feature request] Malicious IP blocklist #1414
Comments
|
Yeah, they're quite similar. So if you want you can go ahead and close this issue and I'll just watch the ones you mentioned 👀👌 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
DNS block lists are great, but some apps are hell-bent on bypassing them by connecting to IPs directly, which can be prevented with the universal rule, but then we'd need to manually allow them and even then we wouldn't know if the IPs are to be trusted, which I guess also applies to IPs resolved by a hostname that hasn't been blocked.
There are several collections/databases that use multiple sources, like this one:
https://github.com/stamparm/ipsum
IPs are grouped into "levels", which indicate the number of sources in which the IP has been reported, so perhaps ReThink could also have an option to set the level to weed out possible false positives or just improve performance if this causes too much overhead.
Also, it would be neat to get notified before ReThink attempts to connect to an IP that's been flagged, even if the hostname has been allowed.
The text was updated successfully, but these errors were encountered: