Firewall
UFW / iptables Blocklist Tutorial
Block VPN, proxy and Tor IPs at the Linux firewall level using UFW or iptables with an ipset loaded from AntiProxies TXT blocklist files.
Steps
- 1
Install ipset
ipset allows managing large IP sets efficiently in the kernel. Install it with apt install ipset or yum install ipset.
- 2
Create an ipset
Create a hash:net ipset named antiproxies that supports both single IPs and CIDR ranges.
- 3
Load the blocklist into ipset
Download the TXT blocklist and feed each line into ipset add antiproxies <IP>. A script automates this.
- 4
Add iptables / UFW rule
Add a DROP rule that matches the antiproxies set. This blocks matching traffic at the kernel level before it reaches your application.
- 5
Persist across reboots
Use ipset save to write the set to disk and ipset restore on boot (e.g. via /etc/rc.local) so rules survive a restart.
Need the blocklist files?
Download free sample data or subscribe for daily-updated lists.
Free SampleSetup script (one-time)
Create the ipset and iptables rule. Run once on setup.
#!/bin/bash
# One-time setup: create ipset and iptables rule
# Install ipset if missing
which ipset || apt-get install -y ipset
# Create set (hash:net supports CIDRs)
ipset create antiproxies hash:net maxelem 1000000 2>/dev/null || true
# Add DROP rule if not already present
if ! iptables -C INPUT -m set --match-set antiproxies src -j DROP 2>/dev/null; then
iptables -I INPUT -m set --match-set antiproxies src -j DROP
fi
echo "ipset and iptables rule configured."Frequently asked questions
Why use ipset instead of individual iptables rules?
Will this block UDP as well as TCP?
How do I unblock an IP temporarily?
Want to see what's in the database?
Download once, query as many times as you need. €99/year for all 22 databases, unlimited servers, and a full year of monthly updates. No usage limits, no per-query fees, no data leaving your servers.