From: Michael Tremer Date: Sun, 8 Feb 2026 15:58:22 +0000 (+0000) Subject: dbl: Major refactor of the front page and "How To Use?" X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=99e870bb056fda95a866a020829ba79491b7436e;p=ipfire.org.git dbl: Major refactor of the front page and "How To Use?" Signed-off-by: Michael Tremer --- diff --git a/Makefile.am b/Makefile.am index 175cafde..102466f2 100644 --- a/Makefile.am +++ b/Makefile.am @@ -191,6 +191,7 @@ templates_blog_modules_DATA = \ templates_blog_modulesdir = $(templates_blogdir)/modules templates_dbl_DATA = \ + src/templates/dbl/how-to-use.html \ src/templates/dbl/index.html \ src/templates/dbl/search.html \ src/templates/dbl/search-not-found.html @@ -1129,6 +1130,7 @@ CLEANFILES += \ $(static_fonts_DATA) static_img_DATA = \ + src/static/img/adguard.svg \ src/static/img/apple-touch-icon-192x192-precomposed.png \ src/static/img/apple-touch-icon-180x180-precomposed.png \ src/static/img/apple-touch-icon-152x152-precomposed.png \ @@ -1138,15 +1140,24 @@ static_img_DATA = \ src/static/img/apple-touch-icon-72x72-precomposed.png \ src/static/img/apple-touch-icon-60x60-precomposed.png \ src/static/img/bash-logo.svg \ + src/static/img/bind.png \ src/static/img/debian-logo.svg \ src/static/img/default-avatar.jpg \ src/static/img/fdroid-logo.svg \ src/static/img/ipfire-tux.png \ src/static/img/iuse-not-found.png \ + src/static/img/knot.png \ src/static/img/kyberio-logo.svg \ src/static/img/lightningwirelabs-logo.svg \ + src/static/img/opnsense.svg \ + src/static/img/pfsense.png \ + src/static/img/pi-hole.png \ + src/static/img/powerdns.svg \ src/static/img/python-logo.svg \ - src/static/img/tor.svg + src/static/img/suricata.png \ + src/static/img/tor.svg \ + src/static/img/ublock-origin.svg \ + src/static/img/unbound.svg static_imgdir = $(staticdir)/img diff --git a/src/static/img/adguard.svg b/src/static/img/adguard.svg new file mode 100644 index 00000000..06dd3fdd --- /dev/null +++ b/src/static/img/adguard.svg @@ -0,0 +1,20 @@ + + + + logo@2x + Created with Sketch. + + \ No newline at end of file diff --git a/src/static/img/bind.png b/src/static/img/bind.png new file mode 100644 index 00000000..4d3748f1 Binary files /dev/null and b/src/static/img/bind.png differ diff --git a/src/static/img/knot.png b/src/static/img/knot.png new file mode 100644 index 00000000..49141e41 Binary files /dev/null and b/src/static/img/knot.png differ diff --git a/src/static/img/opnsense.svg b/src/static/img/opnsense.svg new file mode 100644 index 00000000..c406bf58 --- /dev/null +++ b/src/static/img/opnsense.svg @@ -0,0 +1,160 @@ + +OPNsense logoimage/svg+xmlOPNsense logo +OPNsense logo + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/src/static/img/pfsense.png b/src/static/img/pfsense.png new file mode 100644 index 00000000..9e9332ac Binary files /dev/null and b/src/static/img/pfsense.png differ diff --git a/src/static/img/pi-hole.png b/src/static/img/pi-hole.png new file mode 100644 index 00000000..7f3b65a3 Binary files /dev/null and b/src/static/img/pi-hole.png differ diff --git a/src/static/img/powerdns.svg b/src/static/img/powerdns.svg new file mode 100644 index 00000000..9b0b92df --- /dev/null +++ b/src/static/img/powerdns.svg @@ -0,0 +1,241 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/src/static/img/suricata.png b/src/static/img/suricata.png new file mode 100644 index 00000000..c20f9dd2 Binary files /dev/null and b/src/static/img/suricata.png differ diff --git a/src/static/img/ublock-origin.svg b/src/static/img/ublock-origin.svg new file mode 100644 index 00000000..e6b7ff9f --- /dev/null +++ b/src/static/img/ublock-origin.svg @@ -0,0 +1,15 @@ + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/src/static/img/unbound.svg b/src/static/img/unbound.svg new file mode 100644 index 00000000..d3033384 --- /dev/null +++ b/src/static/img/unbound.svg @@ -0,0 +1 @@ + \ No newline at end of file diff --git a/src/templates/base.html b/src/templates/base.html index 28a91cfa..17476461 100644 --- a/src/templates/base.html +++ b/src/templates/base.html @@ -111,6 +111,12 @@ {# DBL #} {% if request.path.startswith("/dbl") %} + + {{ _("How To Use?") }} + + diff --git a/src/templates/dbl/how-to-use.html b/src/templates/dbl/how-to-use.html new file mode 100644 index 00000000..454c942f --- /dev/null +++ b/src/templates/dbl/how-to-use.html @@ -0,0 +1,452 @@ +{% extends "../base.html" %} + +{% block head %} + {% module OpenGraph( + title=_("IPFire DBL - How To Use?"), + ) %} +{% end block %} + +{% block title %}{{ _("IPFire DBL - How To Use?") }}{% end block %} + +{% block container %} + {% import urllib.parse %} + +
+
+
+

+ How To Use IPFire DBL +

+ +

+ IPFire DBL works with virtually any network security tool or DNS resolver. + Choose the integration method that fits your infrastructure and start + blocking malicious domains in minutes. +

+
+
+
+ + {# RPZ #} +
+
+

+ {{ _("DNS Request Policy Zone (RPZ)") }} +

+ +
+
+
+ + {{ _("Compatible with:") }} + +
+ +
+ + {{ _("BIND") }} + +
+ +
+ + {{ _("Knot Resolver") }} + +
+ +
+ + {{ _("Pi-Hole") }} + +
+ +
+ + {{ _("PowerDNS Recursor") }} + +
+ +
+ + {{ _("Unbound") }} + +
+
+
+ +
+

+ The IPFire DBL is published as a Response Policy Zone (RPZ) and + can be consumed by many popular recursive DNS resolvers. +

+ +

+ Resolvers fetch the list via AXFR/IXFR, store it locally, and only + transfer updates when the zone changes — keeping bandwidth usage + low and resolution fast. + The primary to fetch the zones from is hosted at + primary.dbl.ipfire.org and TLS is available. +

+ +

+ If your DNS software does not allow to fetch the lists using + AXFR/IXFR, a HTTPS download is also available as a fallback. +

+
+ +
+ + {{ _("Configuration Examples") }} + + +
+
PowerDNS Recursor
+ + 
+recursor:
+  rpzs:
+  - name: NAME.rpz.ipfire.org
+    addresses:
+    - 'primary.dbl.ipfire.org'
+ +
Unbound
+ + 
+server:
+  module-config: "respip validator iterator"
+
+rpz:
+  name: NAME.rpz.ipfire.org
+  primary: primary.dbl.ipfire.org
+  zonefile: /var/cache/unbound/NAME.rpz.ipfire.org.zone
+ +

+ Ensure to replace NAME with the list you want to block: +

+ + + + + + + + + + + + + + {% for list in lists %} + + + + + + + + {% end %} + +
+ {{ _("List") }} + + {{ _("Zone") }} + + {{ _("Download") }} +
+ {{ list.name }} + + {{ "%s.rpz.ipfire.org" % list.slug }} + + + {{ _("Download") }} + +
+
+
+
+
+ + {# DBL #} +
+
+

+ {{ _("Query the list using DNS") }} +

+ +
+

+ IPFire DBL lists are also available as a regular blocklist in DNS. + That way, you can quickly check if a domain is listed in a specific + category without fetching the entire list. +

+ + 
+# dig +short A example.tld.NAME.dbl.ipfire.org
+127.0.0.2
+ +

+ The response will be 127.0.0.2 for any listed domains, + and NXDOMAIN otherwise. + Use DNSSEC to ensure the authenticity of the data. +

+
+ +
+ + {{ _("Zones") }} + + +
+ + + + + + + + + + + {% for list in lists %} + + + + + + {% end %} + +
+ {{ _("List") }} + + {{ _("Zone") }} +
+ {{ list.name }} + + {{ "%s.dbl.ipfire.org" % list.slug }} +
+
+
+
+
+ + {# Plaintext #} +
+
+

+ {{ _("Plaintext Formats") }} +

+ +
+

+ All IPFire DBL lists are also available as downloadable domain and hosts files. +

+ +

+ These formats are intended for setups where the lists are consumed directly, + for example by firewalls, filtering proxies, custom scripts, or systems using + hosts-file based blocking. The files can be fetched periodically and applied locally. +

+
+ +
+
+
+
+
+ +
+ + +
+
+ +
+
+
+ +
+ + +
+
+
+
+
+
+ + {# Suricata #} +
+
+

+ {{ _("Suricata") }} +

+ +
+

+ IPFire DBL lists are available as a ruleset for Suricata + which can filter: +

+ +
    +
  • + DNS Queries +
    • + +
  • + TLS and QUIC connections using SNI +
    • + +
  • + HTTP Requests +
    • +
+ + + + + + + + {{ _("Download Suricata Ruleset") }} + + +
+
+
+ + {# Browser Extensions #} +
+
+

+ {{ _("Browser Extensions") }} +

+ +
+
+
+ + {{ _("Compatible with:") }} + +
+ +
+ + {{ _("Adblock Plus") }} + +
+ +
+ + {{ _("AdGuard") }} + +
+ +
+ + {{ _("uBlock Origin") }} + +
+
+
+ +
+

+ Click below to automatically subscribe to our blocklist in compatible clients: +

+ +
+
+ +
+ + +
+
+
+
+ + {# IPFire #} +
+
+

+ {% module IPFireLogo() %} +

+ +
+

+ IPFire DBL is natively integrated into IPFire in the following features: +

+ + +
+
+
+{% end block %} diff --git a/src/templates/dbl/index.html b/src/templates/dbl/index.html index 8c581df0..5bac8c05 100644 --- a/src/templates/dbl/index.html +++ b/src/templates/dbl/index.html @@ -10,32 +10,202 @@ {% block title %}{{ _("Welcome to IPFire DBL") }}{% end block %} {% block container %} -
+ {% set total_domains = sum(list.total_domains for list in lists) %} + +

{{ _("IPFire Domain Blocklist") }}

-
- {{ _("Early threat mitigation, enforced over DNS") }} +
+ {{ _("Network Security Through Intelligent Domain Control") }}
-
+
+

+ IPFire DBL is a comprehensive, community-maintained domain + blocklist that protects your network from malware, phishing, + unwanted content, and emerging threats. + With millions of categorized domains across multiple + threat categories, IPFire DBL integrates seamlessly into DNS + servers, firewalls, IPS systems, and browser extensions. +

+ +

+ Built on open standards, actively maintained, and free for + everyone — IPFire DBL stops threats before they reach your + network, whether you are securing a home network, enterprise + infrastructure, or managed services for clients. +

+ +
+ + {{ _("View Available Lists") }} + + + + {{ _("How To Use?") }} + +
+ +

+ + + + + + + + Beta Available in IPFire 2.29 - Core Update 200 + + + +

+
+
+
+ +
+
+
+
+
+

+ {{ format_number(len(lists)) }} +

+ +

+ {{ _("Lists") }} +

+
+
+ +
+
+

+ {{ format_number(total_domains) }} +

+ +

+ {{ _("Domains") }} +

+
+
+ +
+
+

+ {{ format_percent(1) }} +

+ +

+ {{ _("Free") }} +

+
+
+
+
+
+
+ +
+
+
+

+ + + + + {{ _("What Gets Blocked?") }} +

+ +
+ IPFire DBL categorizes and blocks domains across different threat categories. + Choose which categories to block based on your security and content policies. +
+ +
+ {% for list in lists %} +
+
+
+

+ + {{ list.name }} + +

+
+ +
+ + {{ _("One Domain", "%(num)s Domains", list.total_domains) \ + % { "num" : format_number(list.total_domains) } }} + +
+
+
+ {% end %} +
+
+
+
+ +
+
+
+

+ The IPFire DBL Vision +

+ +
+

+ The IPFire team has spent years protecting networks at the edge — + we understand threats, filtering, and what it takes to keep systems + secure. + Combined with our community's expertise, we are building a blocklist + that is not just comprehensive, but extremely accurate through + continuous refinement and real-world feedback. +

+ +

+ What sets DBL apart is how we deliver it. + Beyond traditional filtering methods, we have implemented DNS + Response Policy Zones (RPZ) with IXFR for lightning-fast incremental + updates — your resolver only downloads what has changed. + We provide Suricata rulesets for deep packet inspection across + DNS, TLS, HTTP, and QUIC — catching threats that bypass simple + domain matching. + And we support standard formats like domain lists and hosts files + for maximum compatibility. +

+ +

+ This is our contribution to the open-source security community: + a blocklist built by firewall experts, maintained by practitioners, + and engineered for the real world. + Transparent, collaborative, and designed to evolve with every + threat we face together. +

+
+ +
- +
-

{{ _("Accuracy First, Always") }}

+

+ {{ _("Category-Based Filtering") }} +

- We prioritise high-confidence, well-verified data over raw volume. - Every listed domain must meet clear criteria, be reviewed continuously, - and be removed quickly when it no longer poses a threat. - The goal is trustworthy blocking with minimal false positives, suitable - for production networks. + Block entire categories of domains including malware, + phishing, adult content, social media, gambling, and more. + Exercise granular control over what content reaches + your network.

@@ -45,17 +215,20 @@
- +
-

{{ _("Privacy-Respecting Operation") }}

+

+ {{ _("Deep Packet Inspection") }} +

- The service is operated without tracking users or collecting - resolver telemetry. DNS security should improve safety without - introducing new privacy risks. + Integrates with Suricata IDS/IPS to analyze DNS, + TLS, HTTP, and QUIC traffic. + Blocks malicious domains at multiple network layers + for comprehensive protection.

@@ -65,19 +238,22 @@
- +
-

{{ _("Built on DNS Standards and Best Practices") }}

+

+ {{ _("Open & Community-Driven") }} +

- These blocklists are developed with a deep understanding of DNS - infrastructure. They integrate naturally with technologies like - Response Policy Zones (RPZ), follow established standards, and - are operated with stability and long-term reliability in mind - — even at scale. + Built and maintained by the IPFire community with + full transparency and a commitment to long-term + sustainability. + Continuously updated with emerging threats, completely + open-source, and welcoming community contributions + — you are in control of your security.

@@ -87,19 +263,22 @@
- +
-

{{ _("Open, Inclusive, and Free Software") }}

+

+ {{ _("Works Everywhere") }} +

- The IPFire DNS blocklists are built as a public good: - open, transparent, and free to use. - They are available to anyone, regardless of platform or vendor, - and developed in the open so the wider community can inspect, - contribute, and benefit. + Built directly into IPFire's Web Proxy and + Intrusion Prevention System. + Also designed to work with other firewall and + filtering solutions. + Open standards mean you can use IPFire DBL + wherever you need domain-based protection.

@@ -110,17 +289,238 @@
+
+
+
+

+ {{ _("Works With Your Existing Infrastructure") }} +

+ +
+ IPFire DBL integrates seamlessly with popular DNS servers, firewalls, + IPS systems, and browser extensions +
+ +
+
+ +
+ {{ _( +
+ +
+ +
+ +
+ {{ _( +
+ +
+ +
+ +
+ {{ _( +
+ +
+ +
+ +
+ {{ _( +
+ +
+ +
+ +
+ {{ _( +
+ +
+ +
+ +
+ {{ _( +
+ +
+ +
+ +
+ {{ _( +
+ +
+ +
+ +
+ {{ _( +
+ +
+ +
+ +
+ {{ _( +
+ +
+ +
+ +
+ {{ _( +
+ +
+ +
+

+ {% module IPFireLogo() %} +

+
+ +
+
+

+ ...and any system that supports RPZ, domain lists, + hosts files, or Suricata rulesets +

+
+ + + {{ _("See All Integration Methods") }} + +
+
+
+
+
+ +
+
+
+

+ {{ _("Perfect For...") }} +

+ +
+
+

+ + + + + Corporate Networks +

+ +
+

+ Enforce acceptable use policies by blocking social media, + gambling, or adult content. + Protect employees from phishing and malware sites at the + network edge. +

+
+
+ +
+

+ + + + + Educational Institutions +

+ +
+

+ Create safe browsing environments for students. + Filter inappropriate content and ensure compliance with + child safety regulations across the entire campus network. +

+
+
+ +
+

+ + + + + Home Networks +

+ +
+

+ Protect family members from malicious sites, phishing attempts, + and inappropriate content. + Set up parental controls with category-based filtering. +

+
+
+ +
+

+ + + + + Managed Service Providers +

+ +
+

+ Deploy consistent, reliable domain filtering across multiple + client firewalls. + Reduce attack surface with actively maintained threat intelligence. +

+
+
+
+
+
+
+
- - - - - - Help keep the Internet safe and free — support IPFire DBL today - - +
+
+
+

+ {{ _("Want More Network Intelligence? Try IPFire Location") }} +

+ +
+

+ Need to know where network traffic is coming from? + IPFire Location provides lightning-fast IP geolocation data + with country codes, ASN information, and network flags — + perfect for geo-blocking, compliance, and traffic analysis. +

+ +

+ Built with the same commitment to quality as DBL: + open-source, actively maintained, and trusted by + enterprises worldwide. +

+ + + Learn More About IPFire Location + +
+
+
+
diff --git a/src/templates/dbl/lists/show.html b/src/templates/dbl/lists/show.html index e9de1789..37716bba 100644 --- a/src/templates/dbl/lists/show.html +++ b/src/templates/dbl/lists/show.html @@ -114,179 +114,4 @@
- - {# How To Use? #} -
-
-
- {{ _("How To Use?") }} -
- -
- -
- -
-
-

- In IPFire, all blocklists are already included and integrated into the following features: -

- -
    -
  • - {{ _("URL Filter")}} -
    • - -
  • - {{ _("Intrusion Prevention System") }} -
    • -
-
-
- - - - - - - - -
-
{% end block %} diff --git a/src/web/__init__.py b/src/web/__init__.py index d856235a..065e9bfd 100644 --- a/src/web/__init__.py +++ b/src/web/__init__.py @@ -217,7 +217,8 @@ class Application(tornado.web.Application): (r"/location/lookup/(.+)", location.LookupHandler), # DBL - (r"/dbl/?", StaticHandler, { "template" : "dbl/index.html" }), + (r"/dbl/?", dbl.IndexHandler), + (r"/dbl/how\-to\-use", dbl.HowToUseHandler), (r"/dbl/lists", dbl.ListsHandler), (r"/dbl/lists/([\w\-]+)", dbl.ListHandler), (r"/dbl/lists/([\w\-]+)/domains/(.*)", dbl.ListDomainHandler), diff --git a/src/web/dbl.py b/src/web/dbl.py index 550d58d9..d7a511a8 100644 --- a/src/web/dbl.py +++ b/src/web/dbl.py @@ -12,6 +12,24 @@ class BaseHandler(base.BaseHandler): return await self.backend.dbl.get_list(slug) +class IndexHandler(base.AnalyticsMixin, BaseHandler): + async def get(self): + # Fetch all lists + lists = await self.backend.dbl.get_lists() + + # Render the page + self.render("dbl/index.html", lists=lists) + + +class HowToUseHandler(base.AnalyticsMixin, BaseHandler): + async def get(self): + # Fetch all lists + lists = await self.backend.dbl.get_lists() + + # Render the page + self.render("dbl/how-to-use.html", lists=lists) + + class ListsHandler(base.AnalyticsMixin, BaseHandler): async def get(self): # Fetch all lists