mirror of
https://github.com/C24Be/AS_Network_List.git
synced 2026-03-31 22:58:51 +03:00
+ routes
This commit is contained in:
C24Be
@@ -1,109 +0,0 @@
|
||||
# IPTables/IPSet Blacklist Configurations
|
||||
|
||||
Auto-generated ipset configuration files for blocking networks and IP addresses with iptables/ip6tables.
|
||||
|
||||
## Available Files
|
||||
|
||||
### IPv4 Only
|
||||
|
||||
- **`blacklist-v4.ipset`** - Contains only IPv4 networks (806 entries)
|
||||
|
||||
### IPv6 Only
|
||||
|
||||
- **`blacklist-v6.ipset`** - Contains only IPv6 networks (3 entries)
|
||||
|
||||
### Mixed IPv4/IPv6
|
||||
|
||||
- **`blacklist.ipset`** - Contains both IPv4 and IPv6 sets (809 total entries)
|
||||
|
||||
## Usage
|
||||
|
||||
### 1. Load the IPSet
|
||||
|
||||
```bash
|
||||
# For IPv4 only
|
||||
ipset restore < blacklist-v4.ipset
|
||||
|
||||
# For IPv6 only
|
||||
ipset restore < blacklist-v6.ipset
|
||||
|
||||
# For both IPv4 and IPv6 (loads both sets)
|
||||
ipset restore < blacklist.ipset
|
||||
```
|
||||
|
||||
### 2. Apply IPTables Rules
|
||||
|
||||
```bash
|
||||
# For IPv4
|
||||
iptables -I INPUT -m set --match-set blacklist-v4 src -j DROP
|
||||
iptables -I FORWARD -m set --match-set blacklist-v4 src -j DROP
|
||||
|
||||
# For IPv6
|
||||
ip6tables -I INPUT -m set --match-set blacklist-v6 src -j DROP
|
||||
ip6tables -I FORWARD -m set --match-set blacklist-v6 src -j DROP
|
||||
```
|
||||
|
||||
### 3. Persist Rules (Optional)
|
||||
|
||||
To make the rules persistent across reboots:
|
||||
|
||||
**On Debian/Ubuntu:**
|
||||
|
||||
```bash
|
||||
# Save iptables rules
|
||||
iptables-save > /etc/iptables/rules.v4
|
||||
ip6tables-save > /etc/iptables/rules.v6
|
||||
|
||||
# Save ipset
|
||||
ipset save > /etc/ipset.conf
|
||||
```
|
||||
|
||||
**On RHEL/CentOS:**
|
||||
|
||||
```bash
|
||||
# Save iptables rules
|
||||
service iptables save
|
||||
service ip6tables save
|
||||
|
||||
# Save ipset
|
||||
ipset save > /etc/sysconfig/ipset
|
||||
```
|
||||
|
||||
### 4. Update Existing Sets
|
||||
|
||||
To update the blacklist without restarting iptables:
|
||||
|
||||
```bash
|
||||
# Flush and reload
|
||||
ipset flush blacklist-v4
|
||||
ipset restore < blacklist-v4.ipset
|
||||
```
|
||||
|
||||
### 5. Remove Sets
|
||||
|
||||
```bash
|
||||
# Remove IPv4 set
|
||||
ipset flush blacklist-v4
|
||||
ipset destroy blacklist-v4
|
||||
|
||||
# Remove IPv6 set
|
||||
ipset flush blacklist-v6
|
||||
ipset destroy blacklist-v6
|
||||
```
|
||||
|
||||
## Performance Benefits
|
||||
|
||||
IPSet uses hash tables for O(1) lookup performance, making it ideal for large blacklists:
|
||||
|
||||
- Much faster than individual iptables rules
|
||||
- Minimal CPU overhead
|
||||
- Supports up to 65536 entries per set (configurable)
|
||||
- Kernel-level implementation for maximum efficiency
|
||||
|
||||
## Automatic Updates
|
||||
|
||||
These files are automatically regenerated when the blacklists are updated via the GitHub Actions workflow.
|
||||
|
||||
## Source
|
||||
|
||||
Generated from the blacklist files in the `blacklists/` directory.
|
||||
Reference in New Issue
Block a user