The GPF DNS Block List

Export

This page lets you export the entire GPF DNS Block List in one of a number of different formats. Most formats include a comment section at the top that includes the time and date the file was generated and the time stamp of the last entry. Currently, these files are regenerated automatically each time a new IP is added to the list, so you should be getting the latest version every time. Please note that some of these formats are the exact ones we use ourselves, so you may need to make slight modifications before using them on your own system. Our policy is to completely ban offending IPs from all access, so you may also need to modify these files if you wish to be less restrictive. Please see the documentation for applications such as iptables, hosts.deny, BIND, and mod_rewrite for the proper use of these files.

Please note that for various reasons, IPv4 addresses and IPv6 addresses are presented as separate lists during export. This is largely because certain tools like iptables separate IPv4 and IPv6 into different operations (iptables vs. ip6tables). If you require both lists, you can export both individually using the drop-down list below.

Export Entries

Simple Text List
This is a very simple list of all IPs in the database, one IP per line. This is a great format for simply getting the list and loading it into a script that subsequently processes the IPs further. There is a small header section up at the top that includes the date the file was generated and the date of the last addition to the system; this header can easily be removed or ignored by scripts that may process the file.
CSV Dump
A comma-separated value dump of the database including for each IP: the IP itself, the short reason for inclusion, the date added in RFC-1123 format, and any comments attached to the IP. There is a header row at the top. This is great for loading the data into a spreadsheet for analysis and sorting. Please note that comments may include HTML tags since their intended destination is our Web interface.
iptables Drop List (We use this!)
This option creates a list suitable for including into an iptables configuration file or rule chain. Each line contains a DROP rule that drops all packets for the given IP, making it appear that your machine does not even exist on the Internet. Rules are in the format -A INPUT -s [IP] -j DROP. This should be included before most of your other iptables rules to make sure packets for these IPs are dropped immediately and are not processed any further. Note that we use the default INPUT chain here; you should be able to substitute another chain fairly easily using a global search and replace.
iptables Drop List with Range Support (We use this!)
This is nearly identical to the iptables export above, only we attempt to compress the list somewhat by blocking ranges of consecutive IPs where appropriate. The compression isn't very much as consecutive malicious IPs by practice seem to be rare; that said, it can shave as many as a couple thousand individual records from the list and make the resulting file a bit smaller. Note that to take advantage of this version, you must have range support compiled into iptables or included as a module. In other words, if you can safely include -m iprange --src-range as part of your iptables rule set, you can use this version in lieu of the one above. Also note that there is no IPv6 version of this list; range support only applies to IPv4 addresses for now.
hosts.deny List (We use this!)
This option creates a list of rules which would be useful in an /etc/hosts.deny file on a UN*X style machine. Each rule is in the format ALL: [IP] DENY. Services that use /etc/hosts.deny for access control should completely ignore IPs in this list.
BIND DNS Configuration (Experimental, Untested)
This option creates a BIND-style DNS zone file. In fact, this will (eventually) create the zone file we use for the GPF DNS BL. IPs are listed as domain names and modified in the following way: periods/dots and colons are replaced with hyphens, then the modified IP has the rest of the domain name appended. For example, 192.168.13.1 becomes 192-168-13-1.dnsbl.gpf-comics.com, while fdb4:6272:183f:95f2::13 becomes fdb4-6272-183f-95f2--13.dnsbl.gpf-comics.com. Each domain name is then assigned a 127.0.0.* IP for IPv4 addresses or fdb4:6272:183f:95f2::* IP for IPv6, where the final digits indicates the reason code assigned in the database. If an IP is in this zone, it is listed in the database; otherwise, BIND should return an error stating the domain does not exist. An additional TXT record lists the simple reason for addition and time stamp when the IP was added. Setting up the actual zone in BIND is considered out of scope here, and anyone wishing to mirror this zone should obviously change the domain names to match their own fully qualified domains. Please note that we're still working on the format for this file, so it may produce errors. Feedback is appreciated.
Apache mod_rewrite Rule Set (We use this!)
This file contains a set of Apache mod_rewrite rules that return a 403 Forbidden error for all HTTP requests from IPs in the block list. Obviously, it requires mod_rewrite to be enabled in Apache in order for this to work. The IPs are listed as a long string of RewriteCond directives, with the actual RewriteRule that bans the IPs at the bottom. You can easily modify this RewriteRule to change the behavior of these rule set depending on how you wish to handle requests from these IPs. You can easily include this into an existing Apache configuration file using the Include directive. The best place to include this file would be in the global Apache configuration, where it is only read and processed once; however, this usually requires admin access to the server configuration files. Those with more restricted access should be able to include this file using an .htaccess file in the root of the directory tree which you wish to restrict access to.

Home | Bulk Query | FAQ | Worst Networks | Reason Key | Reason Rankings | Export

This site and its contents are © Copyright 2011-2024, Jeffrey T. Darlington. All rights reserved. It is provided as a service to the Internet community at large and is for informational purposes only. This site and its owner cannot be held responsible for any actions taken by others based on the data contained herein.