firehol/blocklist-ipsets

Created May 26, 2022 · View the firehol/blocklist-ipsets repository page

ipsets dynamically updated with firehol's update-ipsets.sh script

Want this for your repo?

Render a free sample of any GitHub repo in seconds.

Visualize your own →

Contributors

1

Lines of Code

1,349

From

May 26, 2022

To

May 26, 2022

About firehol/blocklist-ipsets

FireHOL Blocklist IPsets is a repository containing dynamically updated IP blocklists maintained by the FireHOL project. The repository aggregates IP blocklists from dozens of threat intelligence sources covering malware command-and-control servers, botnets, spam operations, brute-force attackers, and other known abusive IPs. These lists are automatically fetched, consolidated, and distributed through both a GitHub repository and a companion website at iplists.firehol.org, with updates occurring once daily due to GitHub's request to limit update frequency.

The project provides shell scripts, particularly the `update-ipsets.sh` utility, that manage these blocklists as ipsets (kernel data structures for efficient IP matching in Linux firewalls). Users can integrate these lists into firewall configurations, especially FireHOL itself, to block traffic from known malicious sources. The repository organizes lists into different trust levels and categories—such as blocklists from Spamhaus, Abuse.ch, DShield, and Blocklist.de—allowing administrators to choose which sources match their security requirements and acceptable false-positive rates.

The project is primarily aimed at Linux system administrators and firewall operators who need current threat intelligence feeds integrated directly into their network filtering infrastructure. The documentation emphasizes careful selection of lists and proper implementation to avoid blocking legitimate users, recommends maintaining whitelists alongside blacklists, and provides context on why various list types (including controversial ones like Tor network IPs and open proxy lists) are included. The entire project remains freely available to support collective internet security improvements through shared threat data.

Share this video