Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/scmmishra/ipshield

DNS based API for Firehol IP list
https://github.com/scmmishra/ipshield

bot-protection firehol firewall golang

Last synced: about 7 hours ago
JSON representation

DNS based API for Firehol IP list

Host: GitHub
URL: https://github.com/scmmishra/ipshield
Owner: scmmishra
Created: 2024-08-04T06:46:23.000Z (2 months ago)
Default Branch: main
Last Pushed: 2024-09-07T06:04:36.000Z (27 days ago)
Last Synced: 2024-09-16T05:55:20.122Z (18 days ago)
Topics: bot-protection, firehol, firewall, golang
Language: Go
Homepage: https://ipshield.dev
Size: 4.21 MB
Stars: 32
Watchers: 2
Forks: 0
Open Issues: 0
Metadata Files:
- Readme: README.md

Awesome Lists containing this project

README

# IPShield

A tiny Go service that provides a DNS server that checks IP addresses against the Firehol level 1 list, known data center IPs, Tor exit nodes and other publicly available lists, with responses indicating whether an IP is suspicious or not.

The DNS-based approach offers excellent performance in terms of latency. DNS queries are typically very fast, and the responses can be cached by clients and intermediate DNS servers, further reducing latency for repeated checks. This makes it an ideal solution for applications requiring quick and efficient IP reputation lookups.

To install it on a any VM, run `curl -fsSL https://dub.sh/ipshield | bash`, you can set this up as a service. I'll add more docs soon.

## Features

- Automatic downloading and parsing of the Firehol level 1 list
- Periodic updates of the blocklist every 6 hours
- DNS responses cached for 1 hour

### Responses

- `SAFE` for safe IPs
- `DATACENTER` if the IP is from a known data center
- `SUSPICIOUS` for malicious IPs
- `TOR_EXIT` for Tor exit nodes

### Try it out

```
dig @ipshield.dev TXT +short
```

## Security Considerations

You should probably use it within a private network if you really want to use it in production. Since the requests happen over DNS, it is not encrypted.

I could implement Transaction Signatures (TSIG) for secure DNS server communication when I get some time, if you're interested feel free to open a PR :)

## Why?

Just for fun, I have been trying Go for a while, and wanted to build a tiny service for bot protection for my side project [Picoletter](https://picoletter.com).

## Credits

- [jhassine/server-ip-addresses](https://github.com/jhassine/server-ip-addresses) for maintaining the datacenter IPs used.
- The inspiration for the DNS-based approach came from a friends project [dns.toys](https://www.dns.toys/)