What's new
By:
Panelica Community Forum

Welcome to the official Panelica Community Forum — the central hub for server administrators, developers, and hosting professionals. Register a free account today to access technical discussions, product announcements, feature requests, and direct support from the Panelica team. Be part of the growing community shaping the future of server management.

[Feature Request] IPv4 Blocklist Implementation

R

rinjinx

New member
Beta Access
Feature: IP Blocklist Implementation
Problem / Use Case: There is curated IPv4 blocklist available on internet (such as Firehol, etc) which able to block known abusers and bots before they hitting web/application (mainly its implemented as ipset with drop as default action). In my opinion, its a critical proactive security measure for internet-facing servers. automatically blocking traffic from IP addresses known to be malicious, thus reducing the attack surface.
Proposed Solution: IP blocklist can be enabled on Firewall
Priority: Important

Some preferrable curated blocklist:
  1. Tor Exit Nodes
  2. Bruteforce Blocker
  3. Blocklist.de
  4. GreenSnow
  5. Firehol (they have some levels of blocklist - level 1 to 4)
  6. StopForumSpam
  7. AbuseIPDB (100% confidence blocklist available on some github repo)
  8. DuggyTuxy
  9. Custom URL IPv4 blocklist
  10. etc...
User can select whats blocklist to add to their firewall. In my experience added blocklists should be updated at least every 6 hrs (I highly recommended its auto updated every 4 hrs). If source URL has 4xx or 5xx response, its should be skipped - retry to fetch on next update process.

Thank you for the considerations. :)
 
rinjinx said:
Feature: IP Blocklist Implementation
Problem / Use Case: There is curated IPv4 blocklist available on internet (such as Firehol, etc) which able to block known abusers and bots before they hitting web/application (mainly its implemented as ipset with drop as default action). In my opinion, its a critical proactive security measure for internet-facing servers. automatically blocking traffic from IP addresses known to be malicious, thus reducing the attack surface.
Proposed Solution: IP blocklist can be enabled on Firewall
Priority: Important

Some preferrable curated blocklist:
  1. Tor Exit Nodes
  2. Bruteforce Blocker
  3. Blocklist.de
  4. GreenSnow
  5. Firehol (they have some levels of blocklist - level 1 to 4)
  6. StopForumSpam
  7. AbuseIPDB (100% confidence blocklist available on some github repo)
  8. DuggyTuxy
  9. Custom URL IPv4 blocklist
  10. etc...
User can select whats blocklist to add to their firewall. In my experience added blocklists should be updated at least every 6 hrs (I highly recommended its auto updated every 4 hrs). If source URL has 4xx or 5xx response, its should be skipped - retry to fetch on next update process.

Thank you for the considerations. :)
Click to expand...


Hello,

Thank you for the detailed and well-structured suggestion.

The IP blocklist implementation you described has been noted and added to our internal review list. We agree that leveraging curated blocklists as a proactive security layer can provide meaningful benefits in reducing attack surface, especially for internet-facing environments.

Your points regarding update frequency, source reliability (handling 4xx/5xx responses), and flexibility in selecting multiple blocklist providers are particularly valuable and will be considered during the evaluation process.

At this stage, the feature is under review by our team. We will share updates once the evaluation is complete and a clear direction is defined.

We appreciate your input and contribution.

Best regards,
Panelica Team
 
You must log in or register to reply here.
Back
Top