https://github.com/dvershinin/trusted-lists

IP sets for external services typically whitelisted on a web server
https://github.com/dvershinin/trusted-lists

firewalld ipset

Last synced: about 1 year ago
JSON representation

IP sets for external services typically whitelisted on a web server

• Host: GitHub
• URL: https://github.com/dvershinin/trusted-lists
• Owner: dvershinin
• Created: 2021-05-16T09:59:49.000Z (about 5 years ago)
• Default Branch: main
• Last Pushed: 2025-04-16T02:33:40.000Z (about 1 year ago)
• Last Synced: 2025-04-30T09:16:37.466Z (about 1 year ago)
• Topics: firewalld, ipset
• Language: Python
• Homepage: https://www.getpagespeed.com/server-setup/firewalld-and-trusted-ip-addresses
• Size: 121 KB
• Stars: 1
• Watchers: 1
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • Funding: .github/FUNDING.yml

Awesome Lists containing this project

README

          
# trusted-lists

IP sets for external services typically whitelisted on a web server (payment providers, etc.)

Consumable by FirewallD/[fds](https://fds.getpagespeed.com/)/NGINX (planned).

Delivered as *noarch* RPM packages for easy updating on CentOS/RHEL-like systems. 

## Usage

### Example. Trusting PayPal Webhook IP addresses

Install the PayPal IP set:

```console

dnf -y install https://extras.getpagespeed.com/release-latest.rpm

dnf -y install firewalld-ipset-paypal

```

Now, FirewallD knows about the new IP set named `paypal`. 

It will appear in the list of known IP sets provided by `firewall-cmd --get-ipsets` output.

Trust it like so:

```console

firewall-cmd --permanent --zone=trusted --add-source=ipset:paypal

firewall-cmd --reload

```

You can set the respective package `firewalld-ipset-paypal` to automatically update via `dnf`

in order to ensure trust of updated PayPal IP addresses.

## Available IP set packages

* `firewalld-ipset-twitter`

* `firewalld-ipset-stripe` - [Stripe Webhooks](https://stripe.com/files/ips/ips_webhooks.txt) 

* `firewalld-ipset-paypal` - [PayPal IPN](https://www.paypal.com/mn/smarthelp/article/what-are-the-ip-addresses-for-live-paypal-servers-ts1056)

* `firewalld-ipset-metabase`

* `firewalld-ipset-cloudflare-v6`

* `firewalld-ipset-cloudflare-v4`

* `firewalld-ipset-circleci`

* `firewalld-ipset-braintree`

## Package naming

* `firewalld-ipset-` for FirewallD IP sets

* (Planned) `nginx-whitelist-` for NGINX conf file with `allow` directives

## TODO

* Optimize IP sets with https://github.com/firehol/iprange/wiki

* Install to `/usr/share/trusted-lists/plain/.txt` and `/usr/share/trusted-lists/nginx/.conf`

## Future

This project is to be complemented by another, e.g. [server-lists](https://github.com/dvershinin/server-lists).

The idea is that you reduce bot traffic by blocking all remote servers in `server-lists` project, while whitelisting the ones from `trusted-lists`.