IPFire has launched IPFire DBL (Domain Blocklist), a community-driven system that lets administrators fine-tune network filtering policies.
IPFire DBL moves away from the old model of a single large list and instead uses categories. It groups millions of domains so administrators can choose only the categories that suit their needs.
Categories include Malware, Phishing, Advertising, Pornography, Gambling, Games, and DNS-over-HTTPS, among others. This method saves resources and gives operators more control over their policies.
The project was developed in response to longstanding concerns about existing blocklists. According to IPFire, many available lists aggregate third-party data without clear redistribution rights. The underlying code is licensed under GPLv3+, while the published lists are released under Creative Commons Attribution-ShareAlike 4.0 (CC BY-SA 4.0).
IPFire DBL uses open standards to work with many systems. It supports formats like DNS Response Policy Zones (RPZ) with AXFR/IXFR transfers, SquidGuard for proxy filtering, direct HTTPS downloads in several plaintext formats, and Adblock Plus syntax.
This means it can be used with IPFire and other DNS resolvers and filtering tools, including BIND, Unbound, PowerDNS, Pi-hole, browser extensions, and commercial firewalls that use standard formats.
The lists are updated every hour and are always being improved. Users can report false positives or new malicious domains through a built-in platform, which helps the community quickly fix and improve the lists.
IPFire will add DBL in Core Update 200. It will be available through the current URL Filter and will also work with Suricata. More technical details will be shared in a future update.
For more information, see the announcement.
Finally, keep in mind that even IPFire DBL was created for IPFire, but it is not limited to that system. Since it uses common standards like RPZ and Adblock syntax, the blocklists can be used with many different DNS and filtering setups.
