IPFire DBL is a comprehensive, community-maintained domain blocklist that protects your network from malware, phishing, unwanted content, and emerging threats. With millions of categorized domains across multiple threat categories, IPFire DBL integrates seamlessly into DNS servers, firewalls, IPS systems, and browser extensions.
What Gets Blocked?
IPFire DBL categorizes and blocks domains across different threat categories. Choose which categories to block based on your security and content policies.
38,835 Domains
1,011 Domains
3,671 Domains
55,352 Domains
18,896 Domains
346,640 Domains
215,923 Domains
1,454 Domains
421,556 Domains
21 Domains
323 Domains
237 Domains
The IPFire DBL Vision
The IPFire team has spent years protecting networks at the edge — we understand threats, filtering, and what it takes to keep systems secure. Combined with our community's expertise, we are building a blocklist that is not just comprehensive, but extremely accurate through continuous refinement and real-world feedback.
What sets DBL apart is how we deliver it. Beyond traditional filtering methods, we have implemented DNS Response Policy Zones (RPZ) with IXFR for lightning-fast incremental updates — your resolver only downloads what has changed. We provide Suricata rulesets for deep packet inspection across DNS, TLS, HTTP, and QUIC — catching threats that bypass simple domain matching. And we support standard formats like domain lists and hosts files for maximum compatibility.
This is our contribution to the open-source security community: a blocklist built by firewall experts, maintained by practitioners, and engineered for the real world. Transparent, collaborative, and designed to evolve with every threat we face together.
Category-Based Filtering
Block entire categories of domains including malware, phishing, adult content, social media, gambling, and more. Exercise granular control over what content reaches your network.
Deep Packet Inspection
Integrates with Suricata IDS/IPS to analyze DNS, TLS, HTTP, and QUIC traffic. Blocks malicious domains at multiple network layers for comprehensive protection.
Open & Community-Driven
Built and maintained by the IPFire community with full transparency and a commitment to long-term sustainability. Continuously updated with emerging threats, completely open-source, and welcoming community contributions — you are in control of your security.
Works Everywhere
Built directly into IPFire's Web Proxy and Intrusion Prevention System. Also designed to work with other firewall and filtering solutions. Open standards mean you can use IPFire DBL wherever you need domain-based protection.
Works With Your Existing Infrastructure
IPFire DBL integrates seamlessly with popular DNS servers, firewalls, IPS systems, and browser extensions
IPFire_
...and any system that supports RPZ, domain lists, hosts files, or Suricata rulesets
Perfect For...
Corporate Networks
Enforce acceptable use policies by blocking social media, gambling, or adult content. Protect employees from phishing and malware sites at the network edge.
Educational Institutions
Create safe browsing environments for students. Filter inappropriate content and ensure compliance with child safety regulations across the entire campus network.
Home Networks
Protect family members from malicious sites, phishing attempts, and inappropriate content. Set up parental controls with category-based filtering.
Managed Service Providers
Deploy consistent, reliable domain filtering across multiple client firewalls. Reduce attack surface with actively maintained threat intelligence.
Want More Network Intelligence? Try IPFire Location
Need to know where network traffic is coming from? IPFire Location provides lightning-fast IP geolocation data with country codes, ASN information, and network flags — perfect for geo-blocking, compliance, and traffic analysis.
Built with the same commitment to quality as DBL: open-source, actively maintained, and trusted by enterprises worldwide.
Learn More About IPFire Location