some fixes

blacklists_nftables/blacklist-v4.nft

@@ -1,7 +1,14 @@
 # Autogenerated nftables blacklist
-# Generated: 2026-03-26T08:29:31.547137Z
+# Generated: 2026-03-26T08:32:56.419478Z
 # Source: /tmp/blacklist-v4.txt
 # IPv4: 804, IPv6: 0
+#
+# Usage:
+#   sudo nft -f <this-file>
+#   # VM protection from incoming blacklist sources
+#   sudo nft add chain inet filter input '{ type filter hook input priority 0; policy accept; }'
+#   sudo nft add rule inet filter input ip saddr @blacklist_v4 counter reject
+#   sudo nft add rule inet filter input ip6 saddr @blacklist_v6 counter reject
 
 table inet filter {
 

blacklists_nftables/blacklist-v6.nft

@@ -1,7 +1,14 @@
 # Autogenerated nftables blacklist
-# Generated: 2026-03-26T08:29:31.582581Z
+# Generated: 2026-03-26T08:32:56.467121Z
 # Source: /tmp/blacklist-v6.txt
 # IPv4: 0, IPv6: 17
+#
+# Usage:
+#   sudo nft -f <this-file>
+#   # VM protection from incoming blacklist sources
+#   sudo nft add chain inet filter input '{ type filter hook input priority 0; policy accept; }'
+#   sudo nft add rule inet filter input ip saddr @blacklist_v4 counter reject
+#   sudo nft add rule inet filter input ip6 saddr @blacklist_v6 counter reject
 
 table inet filter {
 

blacklists_nftables/blacklist-vk-v4.nft

@@ -1,7 +1,14 @@
 # Autogenerated nftables blacklist
-# Generated: 2026-03-26T08:29:31.614243Z
-# Source: /home/runner/work/AS_Network_List/AS_Network_List/blacklists/blacklist-vk-v4.txt
-# IPv4: 92, IPv6: 0
+# Generated: 2026-03-26T08:32:56.513020Z
+# Source: /Users/oleg/DocsOS/C24Be/AS_Network_List/blacklists/blacklist-vk-v4.txt
+# IPv4: 86, IPv6: 0
+#
+# Usage:
+#   sudo nft -f <this-file>
+#   # VK egress blocking for VPN clients via NAT/FORWARD
+#   sudo nft add chain inet filter forward '{ type filter hook forward priority 0; policy accept; }'
+#   sudo nft add rule inet filter forward iifname "<VPN_IFACE>" ip daddr @blacklist_v4 counter reject
+#   sudo nft add rule inet filter forward iifname "<VPN_IFACE>" ip6 daddr @blacklist_v6 counter reject
 
 table inet filter {
 
@@ -49,7 +56,6 @@ table inet filter {
             90.156.212.0/22,
             90.156.216.0/22,
             90.156.232.0/21,
-            91.219.224.0/22,
             91.231.132.0/22,
             91.237.76.0/24,
             93.153.255.84/30,
@@ -91,11 +97,6 @@ table inet filter {
             193.203.40.0/22,
             194.84.16.12/30,
             195.211.20.0/22,
-            212.111.84.0/22,
-            212.233.72.0/21,
-            212.233.88.0/21,
-            212.233.96.0/22,
-            212.233.120.0/22,
             213.219.212.0/22,
             217.16.16.0/20,
             217.20.144.0/20,

blacklists_nftables/blacklist-vk-v6.nft

@@ -1,7 +1,14 @@
 # Autogenerated nftables blacklist
-# Generated: 2026-03-26T08:29:31.643517Z
-# Source: /home/runner/work/AS_Network_List/AS_Network_List/blacklists/blacklist-vk-v6.txt
+# Generated: 2026-03-26T08:32:56.555261Z
+# Source: /Users/oleg/DocsOS/C24Be/AS_Network_List/blacklists/blacklist-vk-v6.txt
 # IPv4: 0, IPv6: 1
+#
+# Usage:
+#   sudo nft -f <this-file>
+#   # VK egress blocking for VPN clients via NAT/FORWARD
+#   sudo nft add chain inet filter forward '{ type filter hook forward priority 0; policy accept; }'
+#   sudo nft add rule inet filter forward iifname "<VPN_IFACE>" ip daddr @blacklist_v4 counter reject
+#   sudo nft add rule inet filter forward iifname "<VPN_IFACE>" ip6 daddr @blacklist_v6 counter reject
 
 table inet filter {