diff --git a/firewall/master.go b/firewall/master.go
index 627dfe91..c84c12d0 100644
--- a/firewall/master.go
+++ b/firewall/master.go
@@ -619,6 +619,11 @@ matchLoop:
 }
 
 func checkCustomFilterList(_ context.Context, conn *network.Connection, p *profile.LayeredProfile, _ packet.Packet) bool {
+	// Check if any custom list is loaded at all.
+	if !customlists.IsLoaded() {
+		return false
+	}
+
 	// block if the domain name appears in the custom filter list (check for subdomains if enabled)
 	if conn.Entity.Domain != "" {
 		if ok, match := customlists.LookupDomain(conn.Entity.Domain, p.FilterSubDomains()); ok {
diff --git a/intel/customlists/lists.go b/intel/customlists/lists.go
index e0f14fdd..c13a8cd5 100644
--- a/intel/customlists/lists.go
+++ b/intel/customlists/lists.go
@@ -36,6 +36,25 @@ func initFilterLists() {
 	domainsFilterList = make(map[string]struct{})
 }
 
+// IsLoaded returns whether a custom filter list is loaded.
+func IsLoaded() bool {
+	filterListLock.RLock()
+	defer filterListLock.RUnlock()
+
+	switch {
+	case len(domainsFilterList) > 0:
+		return true
+	case len(ipAddressesFilterList) > 0:
+		return true
+	case len(countryCodesFilterList) > 0:
+		return true
+	case len(autonomousSystemsFilterList) > 0:
+		return true
+	default:
+		return false
+	}
+}
+
 func parseFile(filePath string) error {
 	// Reset all maps, previous (if any) settings will be lost.
 	for key := range countryCodesFilterList {