Regarding the global feature of lists - I use it to manage a list of IPs I wish to block, because they showed attack activity.
I wish to make this list more “live”, not static, since things may change on the Internet and these IPs may be “good” again, or at least “not bad”.
- Please add to the list a column of “Last Seen” with a date and time stamp and by which CF feature (from my view - mostly the Firewall feature and it will good to also mention the specific sub-feature (e.g. managed rule, custom rule, zone lockdown, etc.).
Also enable to filter and sort by this field.
This will enable us to learn how this list is aligned, or not, with our traffic reality, and possibly we will decide that an IP was not triggered for a long time, so we may wish to remove it from the list
Add an option for managing rules for a list, to automate the above, like “If an IP object in list Y was not triggered by any/specific-feature-of-CF for the last X minutes/days/weeks/etc. - disable/remove it from the list”
Add an option to add a rule to add an IP (or other traffic attribute, e.g. subnet, asn, country, user-agent, etc.) to a list if it trigger a custom threshold
Add an option to Disable a list item. Today we can only remove it.
Next to the list show to us where is it used in our CF configuration, so we can know what will be affected if we change/remove this list