This repository contains an index of various IP lists that can be used in firewalls/IDS/IPS to block or detect attacks and other problems. This repo also contains tools for downloading and processing them.
Lists have been divided in multiple files, one for each category:
- abuse
- anonymizers
- attacks
- geo
- malware
- organizations
- reputation
- scanners
- spam
- unroutable
Each entry in a category have some attributes (like update_every) that you can use to optimize the download.
The tools/ directory contains a Go project with utilities around IP lists: fetch, merge, analyze. They can prepare these lists you can import them in ipset or other tools. See the README inside the tools/ directory to discover how to use it. Some Go packages are available, shall you need to read these YAML/iplists in another way.
I started this repository from the FireHOL IP lists index, as the FireHOL project development seems to be on hiatus. Further details on differences between this index and FireHOL is in the FIREHOL.md file.
Each entry in the categories section has this structure:
tagname:
filter: filter-name
update_every: 1h
url: https://www.example.com/list-url
info: 'Some description'
maintainer: Acme corp
maintainer_url: https://www.example.com
disabled_reason: "Website is broken."- The
tagnameis the name of the list. It should be something compatible withipsetand filesystem names for better compatibility (so, the name should use characters in[a-zA-Z0-9_-]) - The
update_everyindicates the time of validity for a given IP list. Tools updating the blocklist should never refresh the blocklist in less than this period. It is expressed in a form that is compatible with Gotime.Durationformat. Example:1h30m10sfor 1 hour, 30 minutes and 10 seconds. - The
urlis the URL for the list. infocontains the description of the IP list.maintainerandmaintainer_urlare fields populated with the name and the URL of the maintainer.disabled_reason, if present and not empty, denote that the list should be temporarily skipped. The value of the key is the indication of why.- The
filteris the name of the filter used to process the IP list. It can be used to discriminate between different formats. See the source of the fetch tool intools/.
Contributions to this repository are welcome! If you want to add/remove/change some list, please follow the usual steps:
- Fork this repository and create a new branch for your contribution;
- Add/change the list entry in the relevant YAML file, and commit with descriptive commit messages;
- Push your changes to your forked repository;
- Submit a pull request from your branch to the main repository.
FireHOL is a powerful yet easy-to-use iptables/netfilter configuration tool. The update-ipsets script is a component of FireHOL that facilitates the automatic updating of IP sets, which are used in conjunction with iptables to allow or deny traffic based on IP addresses.
Unfortunately, FireHOL development seems to be stopped, and the index of blocklists in update-ipsets are not maintained anymore (although the script is still working). See firehol/blocklist-ipsets#263.
Please note that this repository is not the complete FireHOL project.