Enclave Gateway and Pi-Hole DNS Filtering¶
Parties electing to self-host Enclave Gateway can follow the Internet Gateway setup instructions to run the popular open source DNS filtering software Pi-Hole alongside their Enclave Gateways to filter out harmful domains serving ads, malware and other online threats.
The Pi-hole integration is usually deployed as a self-hosted solution, but is also available as a co-managed or fully managed service. For more information about co-managed or managed deployments, please contact us.
Pi-Hole recommended blocklists¶
Summary¶
Blocklist URL | Blocklist description |
---|---|
https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts | Pi-hole adware and malware |
https://www.spamhaus.org/drop/drop.txt | Spamhaus DROP list |
https://threatfox.abuse.ch/downloads/hostfile | ThreatFox and Spamhaus IOCs |
https://cinsscore.com/list/ci-badguys.txt | CINS Army list |
https://rules.emergingthreats.net/fwrules/emerging-Block-IPs.txt | Proofpoint Emerging Threats list |
Detail¶
-
Pi-Hole default blocklist: Composed of several curated and reputable source lists focused on blocking known-malicious domains categorised as
adware
andmalware
. Note that there are 31 variants of this list, allowing selective customisation and extension of the categories to includefakenews
,social
,gambling
, andporn
. The base list is remains composed of domains categorisedadware
andmalware
.URL: https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts (
adware
+malware
)
-
Spamhaus "Don't Route Or Peer Lists" (DROP): A list the worst of the worst IP traffic on the Internet at source the provider level, including providers intentionally tolerant of — or complicit in — illegal, unethical, or abusive content and activities. It is an advisory “drop all traffic”, containing IP ranges which are so dangerous to Internet users that Spamhaus provides access to anyone who wants to add an additional layer of protection, free of charge.
URL: https://www.spamhaus.org/drop/drop.txt
-
ThreatFox and Spamhaus IOCs: ThreatFox is a platform from abuse.ch and Spamhaus dedicated to sharing indicators of compromise (IOCs) associated with malware, with the infosec community, AV vendors and cyber threat intelligence providers, an actively maintained feed of malicious domains derived from community and partner reporting.
URL: https://threatfox.abuse.ch/downloads/hostfile
-
CINS Army list: A public blocklist of high-risk IP addresses flagged for malicious activity. Compiled and maintained by Nomic Networks, based on threat intelligence data collected by their Sentinel devices and other trusted InfoSec sources.
URL: https://cinsscore.com/list/ci-badguys.txt
-
Proofpoint Emerging Threats list: a public blocklist composed on data from spam nets identified by Spamhaus and top attackers listed by DShield, maintained by Proofpoint.
URL: https://rules.emergingthreats.net/fwrules/emerging-Block-IPs.txt
Last updated April 04, 2025