Regarding IPFire DBL

I enabled the rules in Suricata

But the lists sometimes cover entire domains, which occasionally causes problems

Examples:
In ads → proxad.net, it blocks Debian 13 updates from debian.proxad.net
In Games → nvidia.com, it blocks Nvidia driver updates

I was also blocked from logging into my health insurance website because of a domain registered in ads (appsgrowthpromo-pa.googleapis.com)

So I had to disable all the ads and games rules.

I submitted a report using the form www.ipfire.org - IPFire DBL Report A Domain, but how do I track the requests?
Edit : I found the history button

Wouldn’t it be possible to create domain whitelists, similar to the ones used for IP addresses?

Hello Phil,

These are just the issues that you are getting with blocking things like this. Some websites might fall into multiple categories.

There would be however some way to investigate what domains actually contain gaming stuff compared to driver downloads in case of nVidia.

From just looking at it, this seems to be something advertising-related.

You will receive emails.

We are currently running a fundraising for proper DNS filtering, the IPS is not supposed to do this job. As I stated in my blog article, it is a backstop.

For the proper DNS firewall, there is a roadmap item here:

www.ipfire.org - DNS Firewall

It is not on the mockup screenshot, but you will have the option to whitelist anything custom, as well as creating your own blocks, or only enable certain lists for certain zones or hosts.

Thanks, Michael.

So, in the meantime, it’s best to use these lists in URL Filter (which allows you to declare whitelists).