diff --git a/blacklists/blacklist-vk-v4.txt b/blacklists/blacklist-vk-v4.txt index f5dcbc3..8e5bafa 100644 --- a/blacklists/blacklist-vk-v4.txt +++ b/blacklists/blacklist-vk-v4.txt @@ -49,7 +49,6 @@ 185.241.192.0/23 185.241.194.0/23 185.29.128.0/22 -185.29.130.0/24 185.32.248.0/22 185.32.248.0/23 185.32.250.0/23 @@ -74,11 +73,6 @@ 195.211.20.0/22 195.211.22.0/24 195.211.23.0/24 -212.111.84.0/22 -212.233.120.0/22 -212.233.72.0/21 -212.233.88.0/21 -212.233.96.0/22 213.219.212.0/22 213.219.212.0/23 213.219.214.0/23 @@ -212,7 +206,6 @@ 90.156.216.0/23 90.156.218.0/23 90.156.232.0/21 -91.219.224.0/22 91.231.132.0/22 91.237.76.0/24 93.153.255.84/30 diff --git a/blacklists/blacklist-vk.txt b/blacklists/blacklist-vk.txt index 1e3ed71..914c9e4 100644 --- a/blacklists/blacklist-vk.txt +++ b/blacklists/blacklist-vk.txt @@ -49,7 +49,6 @@ 185.241.192.0/23 185.241.194.0/23 185.29.128.0/22 -185.29.130.0/24 185.32.248.0/22 185.32.248.0/23 185.32.250.0/23 @@ -74,11 +73,6 @@ 195.211.20.0/22 195.211.22.0/24 195.211.23.0/24 -212.111.84.0/22 -212.233.120.0/22 -212.233.72.0/21 -212.233.88.0/21 -212.233.96.0/22 213.219.212.0/22 213.219.212.0/23 213.219.214.0/23 @@ -213,7 +207,6 @@ 90.156.216.0/23 90.156.218.0/23 90.156.232.0/21 -91.219.224.0/22 91.231.132.0/22 91.237.76.0/24 93.153.255.84/30 diff --git a/blacklists_iptables/blacklist-v4.ipset b/blacklists_iptables/blacklist-v4.ipset index 02be534..e1badf7 100644 --- a/blacklists_iptables/blacklist-v4.ipset +++ b/blacklists_iptables/blacklist-v4.ipset @@ -1,6 +1,6 @@ # IPSet blacklist configuration (IPv4 only) # Auto-generated from blacklist-v4.txt -# Last updated: 2026-03-24 18:07:55 UTC +# Last updated: 2026-03-24 18:20:34 UTC # # Usage: # 1. Load the ipset: diff --git a/blacklists_iptables/blacklist-v6.ipset b/blacklists_iptables/blacklist-v6.ipset index 2281986..1a6379b 100644 --- a/blacklists_iptables/blacklist-v6.ipset +++ b/blacklists_iptables/blacklist-v6.ipset @@ -1,14 +1,14 @@ # IPSet blacklist configuration (IPv6 only) # Auto-generated from blacklist-v6.txt -# Last updated: 2026-03-24 18:07:55 UTC +# Last updated: 2026-03-24 18:20:34 UTC # # Usage: # 1. Load the ipset: # ipset restore < blacklist-v6.ipset # # 2. Use with iptables/ip6tables: -# iptables -I INPUT -m set --match-set blacklist-v6 src -m conntrack --ctstate NEW -j DROP -# iptables -I FORWARD -m set --match-set blacklist-v6 src -m conntrack --ctstate NEW -j DROP +# ip6tables -I INPUT -m set --match-set blacklist-v6 src -m conntrack --ctstate NEW -j DROP +# ip6tables -I FORWARD -m set --match-set blacklist-v6 src -m conntrack --ctstate NEW -j DROP # # 3. To flush/delete the set: # ipset flush blacklist-v6 diff --git a/blacklists_iptables/blacklist-vk-v4.ipset b/blacklists_iptables/blacklist-vk-v4.ipset index 8ef3ba3..137b6ef 100644 --- a/blacklists_iptables/blacklist-vk-v4.ipset +++ b/blacklists_iptables/blacklist-vk-v4.ipset @@ -1,21 +1,21 @@ # IPSet blacklist configuration (VK names, IPv4 only) # Auto-generated from blacklist-vk-v4.txt -# Last updated: 2026-03-24 18:07:55 UTC +# Last updated: 2026-03-24 18:20:34 UTC # # Usage: # 1. Load the ipset: # ipset restore < blacklist-vk-v4.ipset # # 2. Use with iptables/ip6tables: -# iptables -I INPUT -m set --match-set blacklist-vk-v4 src -m conntrack --ctstate NEW -j DROP -# iptables -I FORWARD -m set --match-set blacklist-vk-v4 src -m conntrack --ctstate NEW -j DROP +# iptables -I OUTPUT -m set --match-set blacklist-vk-v4 dst -m conntrack --ctstate NEW -j REJECT + # # 3. To flush/delete the set: # ipset flush blacklist-vk-v4 # ipset destroy blacklist-vk-v4 # -create blacklist-vk-v4 hash:net family inet hashsize 1024 maxelem 532 +create blacklist-vk-v4 hash:net family inet hashsize 1024 maxelem 518 add blacklist-vk-v4 109.120.180.0/22 add blacklist-vk-v4 109.120.180.0/23 add blacklist-vk-v4 109.120.182.0/23 @@ -67,7 +67,6 @@ add blacklist-vk-v4 185.241.192.0/22 add blacklist-vk-v4 185.241.192.0/23 add blacklist-vk-v4 185.241.194.0/23 add blacklist-vk-v4 185.29.128.0/22 -add blacklist-vk-v4 185.29.130.0/24 add blacklist-vk-v4 185.32.248.0/22 add blacklist-vk-v4 185.32.248.0/23 add blacklist-vk-v4 185.32.250.0/23 @@ -92,11 +91,6 @@ add blacklist-vk-v4 194.84.16.12/30 add blacklist-vk-v4 195.211.20.0/22 add blacklist-vk-v4 195.211.22.0/24 add blacklist-vk-v4 195.211.23.0/24 -add blacklist-vk-v4 212.111.84.0/22 -add blacklist-vk-v4 212.233.120.0/22 -add blacklist-vk-v4 212.233.72.0/21 -add blacklist-vk-v4 212.233.88.0/21 -add blacklist-vk-v4 212.233.96.0/22 add blacklist-vk-v4 213.219.212.0/22 add blacklist-vk-v4 213.219.212.0/23 add blacklist-vk-v4 213.219.214.0/23 @@ -230,7 +224,6 @@ add blacklist-vk-v4 90.156.216.0/22 add blacklist-vk-v4 90.156.216.0/23 add blacklist-vk-v4 90.156.218.0/23 add blacklist-vk-v4 90.156.232.0/21 -add blacklist-vk-v4 91.219.224.0/22 add blacklist-vk-v4 91.231.132.0/22 add blacklist-vk-v4 91.237.76.0/24 add blacklist-vk-v4 93.153.255.84/30 diff --git a/blacklists_iptables/blacklist-vk-v6.ipset b/blacklists_iptables/blacklist-vk-v6.ipset index c2813f3..b91dda1 100644 --- a/blacklists_iptables/blacklist-vk-v6.ipset +++ b/blacklists_iptables/blacklist-vk-v6.ipset @@ -1,14 +1,14 @@ # IPSet blacklist configuration (VK names, IPv6 only) # Auto-generated from blacklist-vk-v6.txt -# Last updated: 2026-03-24 18:07:55 UTC +# Last updated: 2026-03-24 18:20:34 UTC # # Usage: # 1. Load the ipset: # ipset restore < blacklist-vk-v6.ipset # # 2. Use with iptables/ip6tables: -# iptables -I INPUT -m set --match-set blacklist-vk-v6 src -m conntrack --ctstate NEW -j DROP -# iptables -I FORWARD -m set --match-set blacklist-vk-v6 src -m conntrack --ctstate NEW -j DROP +# ip6tables -I OUTPUT -m set --match-set blacklist-vk-v6 dst -m conntrack --ctstate NEW -j REJECT + # # 3. To flush/delete the set: # ipset flush blacklist-vk-v6 diff --git a/blacklists_iptables/blacklist-vk.ipset b/blacklists_iptables/blacklist-vk.ipset index 428d519..f3d53d4 100644 --- a/blacklists_iptables/blacklist-vk.ipset +++ b/blacklists_iptables/blacklist-vk.ipset @@ -1,18 +1,12 @@ # IPSet blacklist configuration (VK names: VK Cloud / VKCOMPANY / VKONTAKTE) # Auto-generated from name-filtered auto/*.txt sources -# Last updated: 2026-03-24 18:07:55 UTC +# Last updated: 2026-03-24 18:20:34 UTC # # Usage: # 1. Load the ipset: # ipset restore < blacklist-vk.ipset # # 2. Use with iptables/ip6tables: -# iptables -I INPUT -m set --match-set blacklist-vk-v4 src -m conntrack --ctstate NEW -j DROP -# iptables -I FORWARD -m set --match-set blacklist-vk-v4 src -m conntrack --ctstate NEW -j DROP -# ip6tables -I INPUT -m set --match-set blacklist-vk-v6 src -m conntrack --ctstate NEW -j DROP -# ip6tables -I FORWARD -m set --match-set blacklist-vk-v6 src -m conntrack --ctstate NEW -j DROP -# -# 2a. Block outgoing traffic to VK destination networks: # iptables -I OUTPUT -m set --match-set blacklist-vk-v4 dst -m conntrack --ctstate NEW -j REJECT # ip6tables -I OUTPUT -m set --match-set blacklist-vk-v6 dst -m conntrack --ctstate NEW -j REJECT # @@ -21,7 +15,7 @@ # ipset flush blacklist-vk-v6 && ipset destroy blacklist-vk-v6 # -create blacklist-vk-v4 hash:net family inet hashsize 1024 maxelem 532 +create blacklist-vk-v4 hash:net family inet hashsize 1024 maxelem 518 add blacklist-vk-v4 109.120.180.0/22 add blacklist-vk-v4 109.120.180.0/23 add blacklist-vk-v4 109.120.182.0/23 @@ -73,7 +67,6 @@ add blacklist-vk-v4 185.241.192.0/22 add blacklist-vk-v4 185.241.192.0/23 add blacklist-vk-v4 185.241.194.0/23 add blacklist-vk-v4 185.29.128.0/22 -add blacklist-vk-v4 185.29.130.0/24 add blacklist-vk-v4 185.32.248.0/22 add blacklist-vk-v4 185.32.248.0/23 add blacklist-vk-v4 185.32.250.0/23 @@ -98,11 +91,6 @@ add blacklist-vk-v4 194.84.16.12/30 add blacklist-vk-v4 195.211.20.0/22 add blacklist-vk-v4 195.211.22.0/24 add blacklist-vk-v4 195.211.23.0/24 -add blacklist-vk-v4 212.111.84.0/22 -add blacklist-vk-v4 212.233.120.0/22 -add blacklist-vk-v4 212.233.72.0/21 -add blacklist-vk-v4 212.233.88.0/21 -add blacklist-vk-v4 212.233.96.0/22 add blacklist-vk-v4 213.219.212.0/22 add blacklist-vk-v4 213.219.212.0/23 add blacklist-vk-v4 213.219.214.0/23 @@ -236,7 +224,6 @@ add blacklist-vk-v4 90.156.216.0/22 add blacklist-vk-v4 90.156.216.0/23 add blacklist-vk-v4 90.156.218.0/23 add blacklist-vk-v4 90.156.232.0/21 -add blacklist-vk-v4 91.219.224.0/22 add blacklist-vk-v4 91.231.132.0/22 add blacklist-vk-v4 91.237.76.0/24 add blacklist-vk-v4 93.153.255.84/30 diff --git a/blacklists_iptables/blacklist.ipset b/blacklists_iptables/blacklist.ipset index 886bf00..aac9029 100644 --- a/blacklists_iptables/blacklist.ipset +++ b/blacklists_iptables/blacklist.ipset @@ -1,6 +1,6 @@ # IPSet blacklist configuration (mixed IPv4/IPv6) # Auto-generated from blacklist.txt -# Last updated: 2026-03-24 18:07:55 UTC +# Last updated: 2026-03-24 18:20:34 UTC # # Usage: # 1. Load the ipset: diff --git a/blacklists_updater_iptables.sh b/blacklists_updater_iptables.sh index a92568f..6df881a 100755 --- a/blacklists_updater_iptables.sh +++ b/blacklists_updater_iptables.sh @@ -48,6 +48,18 @@ generate_ipset_config() { local ip_version="$3" local set_name="$4" local family="$5" + local iptables_cmd="iptables" + local rule_primary="" + local rule_secondary="" + + [ "${family}" = "inet6" ] && iptables_cmd="ip6tables" + + if printf "%s" "${set_name}" | grep -q '^blacklist-vk'; then + rule_primary="${iptables_cmd} -I OUTPUT -m set --match-set ${set_name} dst -j REJECT" + else + rule_primary="${iptables_cmd} -I INPUT -m set --match-set ${set_name} src -m conntrack --ctstate NEW -j DROP" + rule_secondary="${iptables_cmd} -I FORWARD -m set --match-set ${set_name} src -m conntrack --ctstate NEW -j DROP" + fi # Count entries for hash size calculation local count=$(wc -l < "${input_file}" | tr -d ' ') @@ -65,8 +77,8 @@ generate_ipset_config() { # ipset restore < $(basename ${output_file}) # # 2. Use with iptables/ip6tables: -# iptables -I INPUT -m set --match-set ${set_name} src -m conntrack --ctstate NEW -j DROP -# iptables -I FORWARD -m set --match-set ${set_name} src -m conntrack --ctstate NEW -j DROP +# ${rule_primary} +${rule_secondary:+# ${rule_secondary}} # # 3. To flush/delete the set: # ipset flush ${set_name} @@ -135,14 +147,8 @@ cat > "${iptables_vk_output_file}" << EOF # ipset restore < $(basename "${iptables_vk_output_file}") # # 2. Use with iptables/ip6tables: -# iptables -I INPUT -m set --match-set blacklist-vk-v4 src -m conntrack --ctstate NEW -j DROP -# iptables -I FORWARD -m set --match-set blacklist-vk-v4 src -m conntrack --ctstate NEW -j DROP -# ip6tables -I INPUT -m set --match-set blacklist-vk-v6 src -m conntrack --ctstate NEW -j DROP -# ip6tables -I FORWARD -m set --match-set blacklist-vk-v6 src -m conntrack --ctstate NEW -j DROP -# -# 2a. Block outgoing traffic to VK destination networks: -# iptables -I OUTPUT -m set --match-set blacklist-vk-v4 dst -m conntrack --ctstate NEW -j REJECT -# ip6tables -I OUTPUT -m set --match-set blacklist-vk-v6 dst -m conntrack --ctstate NEW -j REJECT +# iptables -I OUTPUT -m set --match-set blacklist-vk-v4 dst -j REJECT +# ip6tables -I OUTPUT -m set --match-set blacklist-vk-v6 dst -j REJECT # # 3. To flush/delete the sets: # ipset flush blacklist-vk-v4 && ipset destroy blacklist-vk-v4 @@ -161,7 +167,7 @@ echo " Total entries: $(wc -l < "${blacklist_vk_file}" | tr -d ' ')" echo "" echo "VK outgoing block examples (iptables/ipset):" echo " ipset restore < ${iptables_vk_output_file}" -echo " iptables -I OUTPUT -m set --match-set blacklist-vk-v4 dst -m conntrack --ctstate NEW -j REJECT" -echo " ip6tables -I OUTPUT -m set --match-set blacklist-vk-v6 dst -m conntrack --ctstate NEW -j REJECT" +echo " iptables -I OUTPUT -m set --match-set blacklist-vk-v4 dst -j REJECT" +echo " ip6tables -I OUTPUT -m set --match-set blacklist-vk-v6 dst -j REJECT" echo "" echo "Tip: Do not install Messenger MAX on the same phone/device that has VPN access configured."