ioc2rpz community is a portal which provides open source DNS Firewall / RPZ feeds. The DNS Firewall feeds are based on publicly available threat intelligence(TI). The TI feeds are maintained by 3rd party communities or companies and only a limited number of indicators were whitelisted. Note that ioc2rpz do not validate the TI feeds on false positives.
How to utilize the RPZ in EfficientIP:
1. Sign up on ioc2rpz site: https://ioc2rpz.net/
2. Once you verified your email you can login to your account.
3. Click RPZ feeds.
4. From the RPZ list select the RPZ you want to export.
5. Click export, ISC BIND.
6. Open the downloaded file, example:
options {
#This is just options for RPZs. Add other options as required
recursion yes;
response-policy {
####FQDN whitelists
####FQDN only zones
####IP whitelists
####Mixed zones
zone "adultfree.ioc2rpz" policy nxdomain;
####IP only zones
} qname-wait-recurse no break-dnssec yes;
};
key "ioc2rpz.net-b402c2e63f0443e31e3e"{
algorithm hmac-sha256; secret "252MZn84c1ajO7ZxDzEA6A==";
};
zone "adultfree.ioc2rpz" {
type slave;
file "/var/cache/bind/adultfree.ioc2rpz";
masters {94.130.30.123 key "ioc2rpz.net-b402c2e63f0443e31e3e";};
};
7. login to EfficientIP, DNS guardian smart architecture, properties, keys:
create new key:
key name: ioc2rpz.net-b402c2e63f0443e31e3e
key algorithm: hmac-sha256
TSIG key value: 252MZn84c1ajO7ZxDzEA6A==
8. create new slave RPZ, DNS guardian smart architecture, All RPZ zones.
DNS zone type: slave
Name: adultfree.ioc2rpz
Overriding rule: given
select the order
Master IP address: 94.130.30.123
TSIG key: ioc2rpz.net-b402c2e63f0443e31e3e
9. Now the RPZ is created check the log for the zone transfer and you can confirm that it is working by nslookup some of the domain you can find her:
https://raw.githubusercontent.com/blocklistproject/Lists/master/porn.txt