Suricata » Suricata-Update

Hello everyone,

at IPFire, we have recently launched our own domain blocklist free to use for anyone: https://www.ipfire.org/blog/introducing-ipfire-dbl-community-powered-domain-blocking-for-everyone

From the start, we have been thinking about how to integrate this list into Suricata as blocking using the old-fashioned web proxy, or even DNS filtering is not entirely bulletproof. With Suricata, we can filter any kind of DNS requests, HTTP requests, or attempts to open up a TLS/QUIC connection by simply matching the hostname/SNI against the domain list which is implemented as a dataset. There are more details about this on our blog:

https://www.ipfire.org/blog/beyond-dns-ipfire-dbl-suricata-close-the-filtering-gap

Since this domain blocklist is not only something for IPFire users, we have decided to make it available in various formats so that people can easily integrate it into their own software. Whatever they are using. And to make it even easier to use, we would like to add it to suricata-update, too. It should basically be one click away to enable the list.

We have tested this and it is working really well. However, the git history of the index.py file suggests that it is being auto-generated with some data from somewhere. I have a patch, but was not sure whether I should submit a PR. For reference, here is the patch:

https://git.ipfire.org/?p=people/ms/suricata-update.git;a=commitdiff;h=d9c7f9c42a6b23b38861c3c506ce91850c90c734

Would someone be able to guide me on how to get this little snippet into the next release of suricata-update, please?