firehol/blocklist-ipsets ↗
Created May 26, 2022 · View the firehol/blocklist-ipsets repository page
ipsets dynamically updated with firehol's update-ipsets.sh script
Want this for your repo?
Render a free sample of any GitHub repo in seconds.
Contributors
1
Lines of Code
1,349
From
May 26, 2022
To
May 26, 2022
About firehol/blocklist-ipsets
FireHOL Blocklist IPsets is a repository containing dynamically updated IP blocklists maintained by the FireHOL project. The repository aggregates IP blocklists from dozens of threat intelligence sources covering malware command-and-control servers, botnets, spam operations, brute-force attackers, and other known abusive IPs. These lists are automatically fetched, consolidated, and distributed through both a GitHub repository and a companion website at iplists.firehol.org, with updates occurring once daily due to GitHub's request to limit update frequency.
The project provides shell scripts, particularly the `update-ipsets.sh` utility, that manage these blocklists as ipsets (kernel data structures for efficient IP matching in Linux firewalls). Users can integrate these lists into firewall configurations, especially FireHOL itself, to block traffic from known malicious sources. The repository organizes lists into different trust levels and categories—such as blocklists from Spamhaus, Abuse.ch, DShield, and Blocklist.de—allowing administrators to choose which sources match their security requirements and acceptable false-positive rates.
The project is primarily aimed at Linux system administrators and firewall operators who need current threat intelligence feeds integrated directly into their network filtering infrastructure. The documentation emphasizes careful selection of lists and proper implementation to avoid blocking legitimate users, recommends maintaining whitelists alongside blacklists, and provides context on why various list types (including controversial ones like Tor network IPs and open proxy lists) are included. The entire project remains freely available to support collective internet security improvements through shared threat data.