Check for malicious IPs using DNS
ipshield.devI am not familiar with Firehol, so I might be missing something, but isn't this already solved in a (potentially) more powerful, mature and standardized way by DNS RPZ (Response Policy Zones, [1])? Well-established resolvers like Unbound fully support integrating multiple block lists (like oisd.nl, energized.pro, abuse.ch, etc), keeping them up-to-date via zone transfers or HTTPS download, see [2].
[1] https://www.isc.org/rpz/ [2] https://unbound.docs.nlnetlabs.nl/en/latest/topics/filtering...
Yeah, it’s just a toy project, nothing much! Thanks for the references though, I’ll read it up :)
But why? Firehol seems entirely dead at this point.
Take a look at the bug reports on github, on the IP address change metric, and research the people behind it. They seem to have moved on. It's not being maintained, and still pulls from defunct lists, dead lists, and so on.
I found no better alternative as the source of data TBH. Open to suggestions. This is a toy project anyway, It won’t be exhaustive for sure and I don’t expect anyone to use it in production.
Thanks for the info though, I didn’t know firehol was in such a bad state
It's really sad, I like you, have no where to turn.
Interesting. Why not offer the db as files to download for faster local lookup though? That's what geoip databases do (for a price).
firehol seems to be unmaintained, running on auto, see my other post. However just google 'firehol', and you can download the lists.
(Such lists are trivial to use with ipset + linux, for example.)
As someone else pointed out, yeah its free to download anyway.
dig 199.195.253.247 @ipshield.dev +short
Apparently, Tor Exit nodes are under safe category.
Oops, the list isn’t meant to be exhaustive, just a toy project I built for fun. I really don’t expect anyone to use it
I would rather have a API than digging around to find out abusive IPs