Skip to content

Enclave Gateway and Pi-Hole DNS Filtering

Parties electing to self-host Enclave Gateway can follow the Internet Gateway setup instructions to run the popular open source DNS filtering software Pi-Hole alongside their Enclave Gateways to filter out harmful domains serving ads, malware and other online threats.

The Pi-hole integration is usually deployed as a self-hosted solution, but is also available as a co-managed or fully managed service. For more information about co-managed or managed deployments, please contact us.

Summary

Blocklist URL Blocklist description
https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts Pi-hole adware and malware
https://www.spamhaus.org/drop/drop.txt Spamhaus DROP list
https://threatfox.abuse.ch/downloads/hostfile ThreatFox and Spamhaus IOCs
https://cinsscore.com/list/ci-badguys.txt CINS Army list
https://rules.emergingthreats.net/fwrules/emerging-Block-IPs.txt Proofpoint Emerging Threats list

Detail

  1. Pi-Hole default blocklist: Composed of several curated and reputable source lists focused on blocking known-malicious domains categorised as adware and malware. Note that there are 31 variants of this list, allowing selective customisation and extension of the categories to include fakenews, social, gambling, and porn. The base list is remains composed of domains categorised adware and malware.

    URL: https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts (adware + malware)


  2. Spamhaus "Don't Route Or Peer Lists" (DROP): A list the worst of the worst IP traffic on the Internet at source the provider level, including providers intentionally tolerant of — or complicit in — illegal, unethical, or abusive content and activities. It is an advisory “drop all traffic”, containing IP ranges which are so dangerous to Internet users that Spamhaus provides access to anyone who wants to add an additional layer of protection, free of charge.

    URL: https://www.spamhaus.org/drop/drop.txt


  3. ThreatFox and Spamhaus IOCs: ThreatFox is a platform from abuse.ch and Spamhaus dedicated to sharing indicators of compromise (IOCs) associated with malware, with the infosec community, AV vendors and cyber threat intelligence providers, an actively maintained feed of malicious domains derived from community and partner reporting.

    URL: https://threatfox.abuse.ch/downloads/hostfile


  4. CINS Army list: A public blocklist of high-risk IP addresses flagged for malicious activity. Compiled and maintained by Nomic Networks, based on threat intelligence data collected by their Sentinel devices and other trusted InfoSec sources.

    URL: https://cinsscore.com/list/ci-badguys.txt


  5. Proofpoint Emerging Threats list: a public blocklist composed on data from spam nets identified by Spamhaus and top attackers listed by DShield, maintained by Proofpoint.

    URL: https://rules.emergingthreats.net/fwrules/emerging-Block-IPs.txt


Last updated April 04, 2025