The Data-Shield IPv4 Blocklist Community provides an official, curated registry of IPv4 addresses identified as malicious. Updated continuously, this resource offers vital threat intelligence to bolster your Firewall and WAF instances, delivering a robust, additional layer of security for your infrastructure.
-
Proactive Defense & Reduced Attack Surface The Data-Shield IPv4 Blocklist Community Community serves as an essential protective layer for your exposed assets (Web Apps, WordPress, Websites, VPS with Apache, Nginx). By blocking malicious traffic early, it significantly reduces the reconnaissance phase and lowers visibility on scanners like Shodan.
-
High-Fidelity, Centralized Intelligence Data is aggregated from a single, verified source fed by global probes and processed via a self-hosted HIDS/SIEM stack. We prioritize data reliability to minimize false positives, ensuring your legitimate traffic remains uninterrupted.
-
Seamless Compatibility & Integration Designed for universal deployment:
- Universal Format: Easily integrates via a single RAW link into most Firewalls and WAFs.
- Vendor-Agnostic: Includes split-list logic to accommodate hardware vendors with strict entry-count limitations.
- CTI Ready: Fully portable for enrichment in Threat Intelligence platforms like OpenCTI and MISP.
-
Freshness & Performance
- Updates: Refreshed every 6 hours to counter immediate threats.
- Retention: A 15-day rolling window ensures we track short-lived malicious IPs without bloating your rulesets with obsolete data.
- Efficiency: Delivers enterprise-grade performance comparable to commercial solutions.
-
Open Source & Community Driven Accessible to anyone—from hobbyists to enterprise admins. The project is proudly distributed under the GNU GPLv3 license, fostering a transparent and collaborative security ecosystem.
-
Drastic Noise Reduction & Streamlined Response By filtering out approximately 95% of malicious bot traffic, we reduce overall log noise by up to 50%. This significantly improves the signal-to-noise ratio, allowing Cybersecurity Incident Responders (CIRs) to focus on genuine anomalies and critical alerts rather than sifting through automated background noise.
-
Optimized Resource Consumption Blocking threats at the perimeter prevents them from reaching your application logic. This leads to a direct reduction in CPU, RAM, and bandwidth usage, preserving your server resources for legitimate user traffic and reducing infrastructure costs.
-
Automated, Multi-Channel Delivery Ensure your defense is always active without manual intervention. Blocklists are automatically updated and distributed via high-availability networks including GitHub, JSdelivr CDN, BitBucket, Codeberg, and GitLab, guaranteeing reliable access through standard Raw URLs.
For Web Apps, WordPress, Websites, VPS with Apache, Nginx
To guarantee high availability and resilience, the Data-Shield IPv4 Blocklist Community is deployed across a robust multi-cloud infrastructure. The data is synchronized every 6 hours across multiple repositories and a global CDN.
-
Which list should I use?
- Full List: Recommended for most modern Firewalls, WAFs, and SIEMs.
- Split Lists (A/B/C): Designed for legacy hardware or vendors with strict entry limits per object (e.g., max 30k IPs). If used, ensure all 3 parts are ingested.
| Dataset Variant | Entry Cap | Raw Link |
|---|---|---|
| Full List | ~100k IPs | prod_data-shield_ipv4_blocklist.txt |
| Split List A | 30k IPs | prod_aa_data-shield_ipv4_blocklist.txt |
| Split List B | 30k IPs | prod_ab_data-shield_ipv4_blocklist.txt |
| Split List C | 30k IPs | prod_ac_data-shield_ipv4_blocklist.txt |
| Dataset Variant | Entry Cap | Raw Link |
|---|---|---|
| Full List | ~100k IPs | prod_data-shield_ipv4_blocklist.txt |
| Split List A | 30k IPs | prod_aa_data-shield_ipv4_blocklist.txt |
| Split List B | 30k IPs | prod_ab_data-shield_ipv4_blocklist.txt |
| Split List C | 30k IPs | prod_ac_data-shield_ipv4_blocklist.txt |
| Dataset Variant | Entry Cap | Raw Link |
|---|---|---|
| Full List | ~100k IPs | prod_data-shield_ipv4_blocklist.txt |
| Split List A | 30k IPs | prod_aa_data-shield_ipv4_blocklist.txt |
| Split List B | 30k IPs | prod_ab_data-shield_ipv4_blocklist.txt |
| Split List C | 30k IPs | prod_ac_data-shield_ipv4_blocklist.txt |
| Dataset Variant | Entry Cap | Raw Link |
|---|---|---|
| Full List | ~100k IPs | prod_data-shield_ipv4_blocklist.txt |
| Split List A | 30k IPs | prod_aa_data-shield_ipv4_blocklist.txt |
| Split List B | 30k IPs | prod_ab_data-shield_ipv4_blocklist.txt |
| Split List C | 30k IPs | prod_ac_data-shield_ipv4_blocklist.txt |
| Dataset Variant | Entry Cap | Raw Link |
|---|---|---|
| Full List | ~100k IPs | prod_data-shield_ipv4_blocklist.txt |
| Split List A | 30k IPs | prod_aa_data-shield_ipv4_blocklist.txt |
| Split List B | 30k IPs | prod_ab_data-shield_ipv4_blocklist.txt |
| Split List C | 30k IPs | prod_ac_data-shield_ipv4_blocklist.txt |
For DMZs, critical assets, exposed infrastructure, and APIs
- Critical Infrastructure & Specialized Lists Tailored for SMBs and enterprise environments, we provide 5 dedicated lists specifically designed to protect high-value targets such as DMZs, critical assets, exposed infrastructure, and APIs. This expanded coverage offers granular protection suited for complex environments, ensuring your most sensitive components remain secure.
| Dataset Variant | Entry Cap | Raw Link |
|---|---|---|
| Full List | ~100k IPs | prod_critical_data-shield_ipv4_blocklist.txt |
| Split List A | 30k IPs | prod_critical_aa_data-shield_ipv4_blocklist.txt |
| Split List B | 30k IPs | prod_critical_ab_data-shield_ipv4_blocklist.txt |
| Split List C | 30k IPs | prod_critical_ac_data-shield_ipv4_blocklist.txt |
| Split List D | 30k IPs | prod_critical_ad_data-shield_ipv4_blocklist.txt |
| Dataset Variant | Entry Cap | Raw Link |
|---|---|---|
| Full List | ~100k IPs | prod_critical_data-shield_ipv4_blocklist.txt |
| Split List A | 30k IPs | prod_critical_aa_data-shield_ipv4_blocklist.txt |
| Split List B | 30k IPs | prod_critical_ab_data-shield_ipv4_blocklist.txt |
| Split List C | 30k IPs | prod_critical_ac_data-shield_ipv4_blocklist.txt |
| Split List D | 30k IPs | prod_critical_ad_data-shield_ipv4_blocklist.txt |
| Dataset Variant | Entry Cap | Raw Link |
|---|---|---|
| Full List | ~100k IPs | prod_critical_data-shield_ipv4_blocklist.txt |
| Split List A | 30k IPs | prod_critical_aa_data-shield_ipv4_blocklist.txt |
| Split List B | 30k IPs | prod_critical_ab_data-shield_ipv4_blocklist.txt |
| Split List C | 30k IPs | prod_critical_ac_data-shield_ipv4_blocklist.txt |
| Split List D | 30k IPs | prod_critical_ad_data-shield_ipv4_blocklist.txt |
| Dataset Variant | Entry Cap | Raw Link |
|---|---|---|
| Full List | ~100k IPs | prod_critical_data-shield_ipv4_blocklist.txt |
| Split List A | 30k IPs | prod_critical_aa_data-shield_ipv4_blocklist.txt |
| Split List B | 30k IPs | prod_critical_ab_data-shield_ipv4_blocklist.txt |
| Split List C | 30k IPs | prod_critical_ac_data-shield_ipv4_blocklist.txt |
| Split List D | 30k IPs | prod_critical_ad_data-shield_ipv4_blocklist.txt |
| Dataset Variant | Entry Cap | Raw Link |
|---|---|---|
| Full List | ~100k IPs | prod_critical_data-shield_ipv4_blocklist.txt |
| Split List A | 30k IPs | prod_critical_aa_data-shield_ipv4_blocklist.txt |
| Split List B | 30k IPs | prod_critical_ab_data-shield_ipv4_blocklist.txt |
| Split List C | 30k IPs | prod_critical_ac_data-shield_ipv4_blocklist.txt |
| Split List D | 30k IPs | prod_critical_ad_data-shield_ipv4_blocklist.txt |
To ensure the Data-Shield IPv4 Blocklist Community is operational and effective, it is crucial to apply the filtering rules in the correct direction of traffic flow.
✅ Correct Usage: WAN to LAN (Inbound Traffic) The blocklist is designed to stop threats entering your network from the Internet.
⛔ Restricted Usage: LAN to WAN (Outbound Traffic) Do not apply these rules to outgoing traffic (from your internal network to the Internet).
A non-exhaustive collection of guides to facilitate integration across various environments.
| Vendor / Platform | Resource Type | Capacity Note |
|---|---|---|
| BunkerWeb | Official Documentation | ≥ 100k IPs |
| Fortinet | Official Guide | ≥ 100k IPs |
| Checkpoint | Manufacturer's Guide | TBC |
| Palo Alto | EDL Overview | TBC |
| F5 BIG-IP | Official Guide | TBC |
| Stormshield | Official Video | TBC |
| OPNsense | Slash-Root Guide | ≥ 100k IPs |
| Synology NAS | MyOwnServer Guide | ≥ 100k IPs |
-
Governance & Operational Efficiency The solution reduces operational noise by up to 50% and blocks 95% of malicious bot traffic, significantly freeing up server resources (CPU, RAM). It enforces a strict WAN-to-LAN configuration to guarantee system effectiveness while offering 5 official lists (up to 120,000 IPs) adapted to hardware limitations.
-
Regulatory Alignment (ISO 27001 & NIS2) Integration directly supports ISO 27001:2022 controls (A.8.20 Network Security, A.5.7 Threat Intelligence) by automating perimeter defense against known attacks. It also meets NIS2 Directive requirements for essential entities by providing structured risk management and proportionate technical measures to ensure service resilience.
-
GDPR & Privacy Standards When correctly configured (WAN-to-LAN only), the blocklist operates outside the scope of GDPR, as blocked IPs belong to external malicious actors with no contractual relationship to your organization. This ensures a compliance-friendly integration without the need for complex personal data processing documentation.
-
Risk Management & Reliability We utilize a rigorous behavioral analysis methodology to minimize false positives, targeting a rate of less than 2 occurrences per month. High availability is guaranteed via 4 independent download sources (GitHub, BitBucket, Codeberg, GitLab), ensuring continuous protection even during host incidents.
-
Structured Deployment & Community Feedback Adoption follows a secure, phased approach—from Observation (logging only) to Activation—ensuring non-regression on critical flows. The project fosters transparency with a clear process for reporting false positives via GitHub, aiming for collective improvement and resolution within 48 hours.
Download the complete GRC Compliance Model to modify it if necessary and insert it into your information systems security policy, in accordance with your GRC officer Docx and PDF formats.
| Objective | Target Date |
|---|---|
| Q1 2026 | |
| Q2 2026 | |
| API v2 | Q3 2026 |
Help keep the project alive Developing and maintaining a high-fidelity, real-time blocklist requires significant infrastructure resources and dedicated time. Your contributions are vital to ensure the project remains sustainable, up-to-date, and free for the community. If you find this project useful, consider supporting its ongoing development:
- ☕ Ko-Fi: https://ko-fi.com/laurentmduggytuxy
- Data-Shield IPv4 Blocklist Community © 2023–2026
- Developed by Duggy Tuxy (Laurent Minne).
"This project is open-source software licensed under the GNU GPLv3 License."
