Tweet
We have been working on something for months that addresses a problem we have had for years: IPFire DBL (Domain Blocklist) - a comprehensive, community-driven domain blocking solution that gives you control over what gets blocked in your network.
For years, we have not been happy with what was available on the market - neither free nor commercial solutions give IPFire users what they actually need. The typical approach is one massive blocklist that tries to be everything to everyone. This is wasteful in terms of resources and memory consumption, and worse, it takes the decision-making power away from you.
We also noticed a troubling pattern: many sources aggregate data from various places without having the legal rights to redistribute them under new terms. We wanted to build something with real legal certainty.
IPFire DBL is our answer: give users the power to choose what fits their use case, and give them a way to work together to strengthen these lists over time.
We wanted to do better. So we built IPFire DBL from the ground up to solve these problems. Here's what makes it different:
IPFire DBL Is Built On These Core Principles
Categorization, Not Dictation
Instead of forcing you to accept someone else's blocking decisions, IPFire DBL organises millions of domains into specific categories. Want to block malware and advertising but allow gaming sites? No problem. Need to filter pornography and gambling in an educational environment? You choose exactly what fits your use case.
Currently we have curated the following categories:
- Malware - Block malicious domains before they deliver payloads or establish command-and-control connections
- Phishing - Stop credential theft by blocking fraudulent domains at the network level
- Advertising - Reclaim bandwidth and protect privacy by blocking tracking at the source
- Pornography - Network-wide content filtering across all devices
- Gambling - Prevent access to betting sites and online casinos
- Games - Focus by blocking gaming platforms
- DNS-over-HTTPS - Maintain network visibility and prevent DNS policy bypass
- ...and more
Open Standards - Built for Integration
IPFire DBL is not locked into one format or one way of doing things. We have built it on open standards so you can use it however works best for your setup:
- DNS Response Policy Zones (RPZ) - Industry-standard DNS blocking with full AXFR/IXFR zone transfer support, for instant updates
- Squidguard format - Ready for proxy-based filtering
- Direct HTTPS downloads - Multiple plaintext formats for maximum compatibility
- Adblock Plus format - Standard filter list syntax
Whether you are integrating into enterprise DNS infrastructure or a home network setup, the technical foundation is there.
Performance and Community Engagement
With hourly updates and millions of domains under active curation, IPFire DBL stays current with the ever-changing threat landscape. But what really sets us apart is our community reporting tool.
Found a false positive? Discovered a malicious domain we haven't caught yet? Our online reporting system lets you submit feedback directly, and we can push corrections fast. This is blocking powered by community intelligence.
Coming to IPFire Core Update 200
If you are an IPFire user, you will see IPFire DBL integration in the upcoming Core Update 200 through both the URL Filter and—here's where it gets exciting—Suricata.
We are testing a brand new way to apply domain intelligence through Suricata that will give you unprecedented visibility into your network activity while enforcing your blocking policies. We will be sharing much more about this Suricata integration in a follow-up post next week, but trust us: this is going to open up possibilities we have never had before in IPFire.
Available for Everyone
The code that is driving IPFire DBL is licensed under GPLv3+ and the currently available lists are released under the Creative Commons Attribution-ShareAlike 4.0 (CC BY-SA 4.0) license. This is a community resource, and we want everyone to benefit from it.
Because we have built IPFire DBL on industry-standard formats like RPZ, SquidGuard, and Adblock Plus syntax, you can integrate it into virtually any DNS resolver, firewall, or filtering solution. Whether you are using BIND, Unbound, PowerDNS, Pi-hole, browser extensions, or commercial firewall appliances—if it supports standard filtering formats, it supports IPFire DBL.
New to domain filtering? Check out our How to Use? guide for step-by-step integration instructions for popular DNS resolvers, browser extensions, and network filtering tools.
A Community Effort - and We Need You
This project represents months of development, but it's something the IPFire community has wanted for years. We've built the foundation, and now we need your help to take it further.
However, as an open-source project, we're limited by one crucial resource: time.
To take IPFire DBL to the next level—including features like DNS Response Policy Zones (RPZ) integration in IPFire—we need community support. We are launching a small fundraiser to help us dedicate the development time needed to build these advanced features.
Head over to www.ipfire.org/dbl to start using the lists today - and if IPFire DBL solves a problem for you, if it saves you time, or if you simply believe in community-driven security tools, please consider supporting this effort. Together, we can build something that does not just serve IPFire users - it serves everyone who believes in a safer, more controllable internet.
This is just the beginning - let's see what we can build together.
More...
