From bd311cfb103467f66345abe5c91fb0fbd8809362 Mon Sep 17 00:00:00 2001
From: "Costa Tsaousis (ktsaou)" <costa@tsaousis.gr>
Date: Sun, 6 Dec 2015 15:43:52 +0200
Subject: [PATCH] added jigsaw lists firehol/blocklist-ipsets#7

---
 sbin/update-ipsets.in | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/sbin/update-ipsets.in b/sbin/update-ipsets.in
index 6803dcd..4dc3f11 100755
--- a/sbin/update-ipsets.in
+++ b/sbin/update-ipsets.in
@@ -5254,6 +5254,23 @@ merge cleantalk_30d ipv4 ip \
 	cleantalk_new_30d \
 	cleantalk_updated_30d
 
+# -----------------------------------------------------------------------------
+# http://www.jigsawsecurityenterprise.com/#!open-blacklist/kafsx
+
+update jigsaw_attacks $[24*60] 0 ipv4 ip \
+	"http://www.slcsecurity.com/feedspublic/IP/malicious-ip-src.txt" \
+	remove_comments \
+	"attacks" \
+	"[Jigsaw Security Enterprise](http://www.jigsawsecurityenterprise.com/#!open-blacklist/kafsx) IP Address Sources of Attack. Information on this blacklist is low fidelity meaning we do not update these indicators that often and there is no validation of the data. These are raw feeds that have not been processed. In order to get the most up to date data and to remove false positives you should consider subscribing to our Jigsaw Enterprise Solution." \
+	"Jigsaw Security Enterprise" "http://www.jigsawsecurityenterprise.com/#!open-blacklist/kafsx"
+
+update jigsaw_malware $[24*60] 0 ipv4 ip \
+	"http://www.slcsecurity.com/feedspublic/IP/malicious-ip-dst.txt" \
+	remove_comments \
+	"malware" \
+	"[Jigsaw Security Enterprise](http://www.jigsawsecurityenterprise.com/#!open-blacklist/kafsx) Malicious IP Destinations usually C2 or botnet activity or malicious payloads. Information on this blacklist is low fidelity meaning we do not update these indicators that often and there is no validation of the data. These are raw feeds that have not been processed. In order to get the most up to date data and to remove false positives you should consider subscribing to our Jigsaw Enterprise Solution." \
+	"Jigsaw Security Enterprise" "http://www.jigsawsecurityenterprise.com/#!open-blacklist/kafsx"
+	
 
 # -----------------------------------------------------------------------------
 # http://hosts-file.net/