---
title: "Add Dozor: threat feed aggregator for Suricata blocklist rules"
date: 2026-02-14T15:36:58+01:00
draft: false
tags: ["commit", "bojemoi", "feature", "stack", "config"]
categories: ["Git Activity"]
summary: "Commit d23f0d2 par Betty — 11 fichier(s) modifié(s)"
author: "Betty"
---

## Commit `d23f0d2`

| | |
|---|---|
| **Repository** | bojemoi |
| **Branch** | `main` |
| **Auteur** | Betty |
| **Hash** | `d23f0d240bda978db8bbb97a55dc3a1dad915513` |
| **Date** | 2026-02-14 |

### Description

Downloads IPs/CIDRs from FireHOL L1/L2, abuse.ch ThreatFox, URLhaus,
and Feodo C2 feeds. Generates chunked Suricata drop rules (200 IPs per
rule) and writes blocklist.rules for automatic loading. Exposes
Prometheus metrics on port 9302. Also fixes suricata default-rule-path
to match the actual bind mount at /etc/suricata/rules.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

### Fichiers modifiés

```
A	dozor/Dockerfile.dozor
A	dozor/dozor/__init__.py
A	dozor/dozor/__main__.py
A	dozor/dozor/config.py
A	dozor/dozor/feeds.py
A	dozor/dozor/main.py
A	dozor/dozor/metrics.py
A	dozor/dozor/rules.py
A	dozor/requirements.txt
A	stack/48-service-dozor.yml
M	volumes/suricata/suricata.yaml
```

### Statistiques

```
 11 files changed, 432 insertions(+), 2 deletions(-)
```