Home Setup Guides UniFi Gateway

UniFi Gateway IP Blocklist Setup

Block brute force attacks on your UniFi Dream Machine or Cloud Gateway VPN with ThreatListPro's automated IP blocklist. Complement UniFi Threat Management with proactive IP blocking.

Start Blocking Attacks -- $9.99/mo
2M+
Malicious IPs Tracked
60s
Update Frequency
10 min
Setup Time

UniFi VPN Is More Popular Than Ever

UniFi Dream Machines and Cloud Gateways now include built-in VPN servers (L2TP, WireGuard, OpenVPN). As adoption grows, so do brute force attacks targeting these endpoints.

Growing Attack Surface

UniFi's VPN features have made it a popular choice for small businesses and prosumers. But many deployments use default configurations with internet-facing VPN ports. Automated bots discover these endpoints via mass scanning and launch credential-stuffing attacks. UniFi's built-in Threat Management (IDS/IPS) helps, but it relies on signature matching -- it doesn't preemptively block known attackers.

Proactive Blocking with ThreatListPro

ThreatListPro provides a curated list of IPs observed attacking VPN endpoints worldwide. By importing this list into your UniFi Gateway via a simple script, you block known attackers before they can reach your VPN server. This complements UniFi's Threat Management: ThreatListPro handles known threats while IDS catches novel attack patterns.

Recommended by WillieHowe

WillieHowe, a leading UniFi specialist and YouTube creator, is a ThreatListPro partner. Check out his setup tutorials for step-by-step video walkthroughs of ThreatListPro on UniFi Dream Machine Pro and Cloud Gateway Ultra.

UniFi Gateway Blocklist Setup -- Step by Step

Add ThreatListPro to your UniFi Dream Machine, UDM Pro, UDM SE, UDR, or Cloud Gateway using SSH and a scheduled script.

01

Get Your ThreatListPro Feed URL

Sign up at threatlistpro.com and copy your unique feed URL from the dashboard:
https://feed.threatlistpro.com/v1/edl/YOUR_API_KEY

02

Enable SSH on Your UniFi Gateway

In the UniFi Network app, go to Settings > System > Advanced and enable SSH. Set a strong SSH password. Connect to your gateway via SSH:
ssh [email protected]

03

Install the ThreatListPro Script

Download and install the ThreatListPro UniFi integration script. This script creates an ipset table and an iptables rule to block all IPs in the list:

curl -sL https://threatlistpro.com/scripts/unifi-setup.sh | bash # Or manually: mkdir -p /data/threatlistpro cat > /data/threatlistpro/update.sh <<'SCRIPT' #!/bin/bash FEED_URL="https://feed.threatlistpro.com/v1/edl/YOUR_API_KEY" curl -sS "$FEED_URL" -o /tmp/tlp-blocklist.txt ipset flush tlp_blocklist 2>/dev/null || ipset create tlp_blocklist hash:ip maxelem 200000 while IFS= read -r ip; do ipset add tlp_blocklist "$ip" 2>/dev/null; done < /tmp/tlp-blocklist.txt iptables -C INPUT -m set --match-set tlp_blocklist src -j DROP 2>/dev/null || \ iptables -I INPUT -m set --match-set tlp_blocklist src -j DROP SCRIPT chmod +x /data/threatlistpro/update.sh
04

Schedule Automatic Updates

Add a cron job to update the blocklist every hour. On UniFi OS 3.x, use the built-in cron:
(crontab -l; echo "0 * * * * /data/threatlistpro/update.sh") | crontab -
For persistence across firmware updates, place the script in /data/ which survives reboots and updates.

05

Enable UniFi Threat Management (Recommended)

In the UniFi Network app, go to Settings > Security > Threat Management and enable IDS/IPS at level 3 or higher. This provides signature-based detection that complements ThreatListPro's IP-based blocking for layered defense.

06

Verify Blocking

Run the update script manually first:
/data/threatlistpro/update.sh
Then verify the ipset contains entries:
ipset list tlp_blocklist | head -20
Check iptables for the drop rule:
iptables -L INPUT -n | grep tlp_blocklist

ThreatListPro vs. Alternatives

Compare automated VPN-focused blocking against other approaches for protecting your UniFi gateway.

FeatureThreatListProManual BlockingEnterprise Threat Feeds
VPN brute-force focused
Real-time updates (60s)
Works with UniFi OS
Complements Threat Management
Survives firmware updates
Price$9.99/moStaff time$500+/mo

Frequently Asked Questions

How do I add an IP blocklist to my UniFi Dream Machine?

UniFi OS does not natively support external IP blocklist feeds in the GUI. However, you can use the UniFi Gateway's SSH access to create a cron job that downloads ThreatListPro's feed and applies it as an ipset or iptables rule. Alternatively, use the UniFi Network API to create firewall rules programmatically. A community script is available in the ThreatListPro documentation.

Does ThreatListPro work with UniFi Dream Machine Pro, SE, and Gateway models?

Yes. ThreatListPro works with all UniFi gateway models including UDM, UDM Pro, UDM SE, UDR, and the Cloud Gateway series. The blocklist is applied via SSH scripts or API calls that work across all UniFi OS versions 2.x and 3.x.

Can I use ThreatListPro with UniFi's built-in Threat Management (IPS/IDS)?

Yes, and you should. UniFi's built-in Threat Management uses Suricata signatures to detect attack patterns, while ThreatListPro preemptively blocks known attacker IPs. The two approaches complement each other: Threat Management catches new attack patterns, while ThreatListPro blocks IPs that have already been identified as attackers.

Protect Your UniFi Gateway Today

Layer ThreatListPro on top of Threat Management for complete VPN protection.

Get ThreatListPro -- $9.99/mo

Works With All Major Firewalls

ThreatListPro provides a standard IP blocklist feed compatible with any firewall that supports external lists.

Palo Alto FortiGate pfSense OPNsense SonicWall Cisco ASA Sophos XG UniFi

Related Resources

Learn more about IP blocklists, VPN security, and how ThreatListPro compares to alternatives.

What Is an External Dynamic List (EDL)? VPN Brute Force Attacks Explained IP Blocklist vs Enterprise Threat Feed Stop Account Lockouts from Brute Force ThreatListPro vs FireHOL ThreatListPro vs AbuseIPDB Best VPN Brute Force Protection 2026 All Firewall Setup Guides