Skip to main content

Creating a Blocklist

Follow these steps to create a Blocklist in NxtFireGuard.

📝 Creating a Blocklist

  1. Navigate to Blocklists: Start by clicking Blocklists in the main menu.
  2. Click the "+" Button: Press the + button to create a new Blocklist.
  3. Name Your Blocklist: Enter a name for your Blocklist. Choose something descriptive so it’s easy to recognize at a glance.

⚙️ Blocklist Management Options

Once your Blocklist is created, you’ll see several management options. Here’s what each one does:

Blocklist Options

  • View Button 🔍: Click this to dive deeper into the details of the Blocklist.

  • Re-validation Interval 🔄: Set how often your Blocklist is re-evaluated. During re-validation, IP addresses are re-classified and may be removed from the Blocklist if they’re no longer deemed malicious.

  • Associate Hosts 📡: Choose which hosts’ logs will contribute to this Blocklist. Logs from the selected hosts will be analyzed, and if deemed necessary, the source IPs will be automatically added to your Blocklist.

Blocklist Associate Hosts

Example: In this example, threat logs sent by the hosts "docs-firepower" and "docs-paloalto" will contribute to the Blocklist.


Once you’ve configured your Blocklist settings, it will be actively managed according to your choices. To make adjustments later, simply return to this menu.

🔗 Accessing Your Blocklist

Your Blocklist is accessible via a unique URL, which you can find within the Blocklists tab.

Blocklist URL

If your Blocklist becomes too large for your firewall to manage or if you want to avoid performance issues caused by constant data retrieval, you can limit the number of entries in your Blocklist by using the &entries=x URL parameter. Here, x represents the maximum number of IPs you want to include.

Important: This parameter does not stop IPs from being added to the Blocklist; it simply truncates the Blocklist at the specified number.

Example URL:
https://blocklist.nxtfireguard.de/cf20ee97a7a49396dd7f3626289f17886bc130f91631beff51f25ff213c7f487?blocklist=Demo-Blocklist&license=KWPHKY3K-9RWJQKD3-VKLAFG96-E7N7AFMF&entries=50
In this example, the URL will return only the first 50 IPs.

🔌 Firewall Integration

The Blocklist URL enables easy integration with almost any firewall. Here are a few integration tutorials:

  • -PaloAlto NGFW and Panorama
  • -PFsense: Note that PFsense supports IP lists up to 3,000 entries, so you may want to use the entries parameter as described above to keep your list within this limit.

If you have questions or need further help, our support team is available: Contact Support.