Block VK / usage

2026-03-26 11:20:59 +03:00 · 2026-03-24 19:21:52 +01:00
parent 4a8a10d6d6
commit 6381ea7863
9 changed files with 32 additions and 60 deletions
--- a/blacklists/blacklist-vk-v4.txt
+++ b/blacklists/blacklist-vk-v4.txt
@@ -49,7 +49,6 @@
 185.241.192.0/23
 185.241.194.0/23
 185.29.128.0/22
 185.29.130.0/24
 185.32.248.0/22
 185.32.248.0/23
 185.32.250.0/23
@@ -74,11 +73,6 @@
 195.211.20.0/22
 195.211.22.0/24
 195.211.23.0/24
 212.111.84.0/22
 212.233.120.0/22
 212.233.72.0/21
 212.233.88.0/21
 212.233.96.0/22
 213.219.212.0/22
 213.219.212.0/23
 213.219.214.0/23
@@ -212,7 +206,6 @@
 90.156.216.0/23
 90.156.218.0/23
 90.156.232.0/21
 91.219.224.0/22
 91.231.132.0/22
 91.237.76.0/24
 93.153.255.84/30
--- a/blacklists/blacklist-vk.txt
+++ b/blacklists/blacklist-vk.txt
@@ -49,7 +49,6 @@
 185.241.192.0/23
 185.241.194.0/23
 185.29.128.0/22
 185.29.130.0/24
 185.32.248.0/22
 185.32.248.0/23
 185.32.250.0/23
@@ -74,11 +73,6 @@
 195.211.20.0/22
 195.211.22.0/24
 195.211.23.0/24
 212.111.84.0/22
 212.233.120.0/22
 212.233.72.0/21
 212.233.88.0/21
 212.233.96.0/22
 213.219.212.0/22
 213.219.212.0/23
 213.219.214.0/23
@@ -213,7 +207,6 @@
 90.156.216.0/23
 90.156.218.0/23
 90.156.232.0/21
 91.219.224.0/22
 91.231.132.0/22
 91.237.76.0/24
 93.153.255.84/30
--- a/blacklists_iptables/blacklist-v4.ipset
+++ b/blacklists_iptables/blacklist-v4.ipset
@@ -1,6 +1,6 @@
 # IPSet blacklist configuration (IPv4 only)
 # Auto-generated from blacklist-v4.txt
-# Last updated: 2026-03-24 18:07:55 UTC
+# Last updated: 2026-03-24 18:20:34 UTC
 #
 # Usage:
 #   1. Load the ipset:
--- a/blacklists_iptables/blacklist-v6.ipset
+++ b/blacklists_iptables/blacklist-v6.ipset
@@ -1,14 +1,14 @@
 # IPSet blacklist configuration (IPv6 only)
 # Auto-generated from blacklist-v6.txt
-# Last updated: 2026-03-24 18:07:55 UTC
+# Last updated: 2026-03-24 18:20:34 UTC
 #
 # Usage:
 #   1. Load the ipset:
 #      ipset restore < blacklist-v6.ipset
 #
 #   2. Use with iptables/ip6tables:
-#      iptables -I INPUT -m set --match-set blacklist-v6 src -m conntrack --ctstate NEW -j DROP
+#      ip6tables -I INPUT -m set --match-set blacklist-v6 src -m conntrack --ctstate NEW -j DROP
-#      iptables -I FORWARD -m set --match-set blacklist-v6 src -m conntrack --ctstate NEW -j DROP
+#      ip6tables -I FORWARD -m set --match-set blacklist-v6 src -m conntrack --ctstate NEW -j DROP
 #
 #   3. To flush/delete the set:
 #      ipset flush blacklist-v6
--- a/blacklists_iptables/blacklist-vk-v4.ipset
+++ b/blacklists_iptables/blacklist-vk-v4.ipset
@@ -1,21 +1,21 @@
 # IPSet blacklist configuration (VK names, IPv4 only)
 # Auto-generated from blacklist-vk-v4.txt
-# Last updated: 2026-03-24 18:07:55 UTC
+# Last updated: 2026-03-24 18:20:34 UTC
 #
 # Usage:
 #   1. Load the ipset:
 #      ipset restore < blacklist-vk-v4.ipset
 #
 #   2. Use with iptables/ip6tables:
-#      iptables -I INPUT -m set --match-set blacklist-vk-v4 src -m conntrack --ctstate NEW -j DROP
+#      iptables -I OUTPUT -m set --match-set blacklist-vk-v4 dst -m conntrack --ctstate NEW -j REJECT
-#      iptables -I FORWARD -m set --match-set blacklist-vk-v4 src -m conntrack --ctstate NEW -j DROP
+
 #
 #   3. To flush/delete the set:
 #      ipset flush blacklist-vk-v4
 #      ipset destroy blacklist-vk-v4
 #
-create blacklist-vk-v4 hash:net family inet hashsize 1024 maxelem 532
+create blacklist-vk-v4 hash:net family inet hashsize 1024 maxelem 518
 add blacklist-vk-v4 109.120.180.0/22
 add blacklist-vk-v4 109.120.180.0/23
 add blacklist-vk-v4 109.120.182.0/23
@@ -67,7 +67,6 @@ add blacklist-vk-v4 185.241.192.0/22
 add blacklist-vk-v4 185.241.192.0/23
 add blacklist-vk-v4 185.241.194.0/23
 add blacklist-vk-v4 185.29.128.0/22
 add blacklist-vk-v4 185.29.130.0/24
 add blacklist-vk-v4 185.32.248.0/22
 add blacklist-vk-v4 185.32.248.0/23
 add blacklist-vk-v4 185.32.250.0/23
@@ -92,11 +91,6 @@ add blacklist-vk-v4 194.84.16.12/30
 add blacklist-vk-v4 195.211.20.0/22
 add blacklist-vk-v4 195.211.22.0/24
 add blacklist-vk-v4 195.211.23.0/24
 add blacklist-vk-v4 212.111.84.0/22
 add blacklist-vk-v4 212.233.120.0/22
 add blacklist-vk-v4 212.233.72.0/21
 add blacklist-vk-v4 212.233.88.0/21
 add blacklist-vk-v4 212.233.96.0/22
 add blacklist-vk-v4 213.219.212.0/22
 add blacklist-vk-v4 213.219.212.0/23
 add blacklist-vk-v4 213.219.214.0/23
@@ -230,7 +224,6 @@ add blacklist-vk-v4 90.156.216.0/22
 add blacklist-vk-v4 90.156.216.0/23
 add blacklist-vk-v4 90.156.218.0/23
 add blacklist-vk-v4 90.156.232.0/21
 add blacklist-vk-v4 91.219.224.0/22
 add blacklist-vk-v4 91.231.132.0/22
 add blacklist-vk-v4 91.237.76.0/24
 add blacklist-vk-v4 93.153.255.84/30
--- a/blacklists_iptables/blacklist-vk-v6.ipset
+++ b/blacklists_iptables/blacklist-vk-v6.ipset
@@ -1,14 +1,14 @@
 # IPSet blacklist configuration (VK names, IPv6 only)
 # Auto-generated from blacklist-vk-v6.txt
-# Last updated: 2026-03-24 18:07:55 UTC
+# Last updated: 2026-03-24 18:20:34 UTC
 #
 # Usage:
 #   1. Load the ipset:
 #      ipset restore < blacklist-vk-v6.ipset
 #
 #   2. Use with iptables/ip6tables:
-#      iptables -I INPUT -m set --match-set blacklist-vk-v6 src -m conntrack --ctstate NEW -j DROP
+#      ip6tables -I OUTPUT -m set --match-set blacklist-vk-v6 dst -m conntrack --ctstate NEW -j REJECT
-#      iptables -I FORWARD -m set --match-set blacklist-vk-v6 src -m conntrack --ctstate NEW -j DROP
+
 #
 #   3. To flush/delete the set:
 #      ipset flush blacklist-vk-v6
--- a/blacklists_iptables/blacklist-vk.ipset
+++ b/blacklists_iptables/blacklist-vk.ipset
@@ -1,18 +1,12 @@
 # IPSet blacklist configuration (VK names: VK Cloud / VKCOMPANY / VKONTAKTE)
 # Auto-generated from name-filtered auto/*.txt sources
-# Last updated: 2026-03-24 18:07:55 UTC
+# Last updated: 2026-03-24 18:20:34 UTC
 #
 # Usage:
 #   1. Load the ipset:
 #      ipset restore < blacklist-vk.ipset
 #
 #   2. Use with iptables/ip6tables:
 #      iptables -I INPUT -m set --match-set blacklist-vk-v4 src -m conntrack --ctstate NEW -j DROP
 #      iptables -I FORWARD -m set --match-set blacklist-vk-v4 src -m conntrack --ctstate NEW -j DROP
 #      ip6tables -I INPUT -m set --match-set blacklist-vk-v6 src -m conntrack --ctstate NEW -j DROP
 #      ip6tables -I FORWARD -m set --match-set blacklist-vk-v6 src -m conntrack --ctstate NEW -j DROP
 #
 #   2a. Block outgoing traffic to VK destination networks:
 #      iptables -I OUTPUT -m set --match-set blacklist-vk-v4 dst -m conntrack --ctstate NEW -j REJECT
 #      ip6tables -I OUTPUT -m set --match-set blacklist-vk-v6 dst -m conntrack --ctstate NEW -j REJECT
 #
@@ -21,7 +15,7 @@
 #      ipset flush blacklist-vk-v6 && ipset destroy blacklist-vk-v6
 #
-create blacklist-vk-v4 hash:net family inet hashsize 1024 maxelem 532
+create blacklist-vk-v4 hash:net family inet hashsize 1024 maxelem 518
 add blacklist-vk-v4 109.120.180.0/22
 add blacklist-vk-v4 109.120.180.0/23
 add blacklist-vk-v4 109.120.182.0/23
@@ -73,7 +67,6 @@ add blacklist-vk-v4 185.241.192.0/22
 add blacklist-vk-v4 185.241.192.0/23
 add blacklist-vk-v4 185.241.194.0/23
 add blacklist-vk-v4 185.29.128.0/22
 add blacklist-vk-v4 185.29.130.0/24
 add blacklist-vk-v4 185.32.248.0/22
 add blacklist-vk-v4 185.32.248.0/23
 add blacklist-vk-v4 185.32.250.0/23
@@ -98,11 +91,6 @@ add blacklist-vk-v4 194.84.16.12/30
 add blacklist-vk-v4 195.211.20.0/22
 add blacklist-vk-v4 195.211.22.0/24
 add blacklist-vk-v4 195.211.23.0/24
 add blacklist-vk-v4 212.111.84.0/22
 add blacklist-vk-v4 212.233.120.0/22
 add blacklist-vk-v4 212.233.72.0/21
 add blacklist-vk-v4 212.233.88.0/21
 add blacklist-vk-v4 212.233.96.0/22
 add blacklist-vk-v4 213.219.212.0/22
 add blacklist-vk-v4 213.219.212.0/23
 add blacklist-vk-v4 213.219.214.0/23
@@ -236,7 +224,6 @@ add blacklist-vk-v4 90.156.216.0/22
 add blacklist-vk-v4 90.156.216.0/23
 add blacklist-vk-v4 90.156.218.0/23
 add blacklist-vk-v4 90.156.232.0/21
 add blacklist-vk-v4 91.219.224.0/22
 add blacklist-vk-v4 91.231.132.0/22
 add blacklist-vk-v4 91.237.76.0/24
 add blacklist-vk-v4 93.153.255.84/30
--- a/blacklists_iptables/blacklist.ipset
+++ b/blacklists_iptables/blacklist.ipset
@@ -1,6 +1,6 @@
 # IPSet blacklist configuration (mixed IPv4/IPv6)
 # Auto-generated from blacklist.txt
-# Last updated: 2026-03-24 18:07:55 UTC
+# Last updated: 2026-03-24 18:20:34 UTC
 #
 # Usage:
 #   1. Load the ipset:
--- a/blacklists_updater_iptables.sh
+++ b/blacklists_updater_iptables.sh
@@ -48,6 +48,18 @@ generate_ipset_config() {
    local ip_version="$3"
    local set_name="$4"
    local family="$5"
    local iptables_cmd="iptables"
    local rule_primary=""
    local rule_secondary=""
    [ "${family}" = "inet6" ] && iptables_cmd="ip6tables"
    if printf "%s" "${set_name}" | grep -q '^blacklist-vk'; then
        rule_primary="${iptables_cmd} -I OUTPUT -m set --match-set ${set_name} dst -j REJECT"
    else
        rule_primary="${iptables_cmd} -I INPUT -m set --match-set ${set_name} src -m conntrack --ctstate NEW -j DROP"
        rule_secondary="${iptables_cmd} -I FORWARD -m set --match-set ${set_name} src -m conntrack --ctstate NEW -j DROP"
    fi
    # Count entries for hash size calculation
    local count=$(wc -l < "${input_file}" | tr -d ' ')
@@ -65,8 +77,8 @@ generate_ipset_config() {
 #      ipset restore < $(basename ${output_file})
 #
 #   2. Use with iptables/ip6tables:
-#      iptables -I INPUT -m set --match-set ${set_name} src -m conntrack --ctstate NEW -j DROP
+#      ${rule_primary}
-#      iptables -I FORWARD -m set --match-set ${set_name} src -m conntrack --ctstate NEW -j DROP
+${rule_secondary:+#      ${rule_secondary}}
 #
 #   3. To flush/delete the set:
 #      ipset flush ${set_name}
@@ -135,14 +147,8 @@ cat > "${iptables_vk_output_file}" << EOF
 #      ipset restore < $(basename "${iptables_vk_output_file}")
 #
 #   2. Use with iptables/ip6tables:
-#      iptables -I INPUT -m set --match-set blacklist-vk-v4 src -m conntrack --ctstate NEW -j DROP
+#      iptables -I OUTPUT -m set --match-set blacklist-vk-v4 dst -j REJECT
-#      iptables -I FORWARD -m set --match-set blacklist-vk-v4 src -m conntrack --ctstate NEW -j DROP
+#      ip6tables -I OUTPUT -m set --match-set blacklist-vk-v6 dst -j REJECT
 #      ip6tables -I INPUT -m set --match-set blacklist-vk-v6 src -m conntrack --ctstate NEW -j DROP
 #      ip6tables -I FORWARD -m set --match-set blacklist-vk-v6 src -m conntrack --ctstate NEW -j DROP
 #
 #   2a. Block outgoing traffic to VK destination networks:
 #      iptables -I OUTPUT -m set --match-set blacklist-vk-v4 dst -m conntrack --ctstate NEW -j REJECT
 #      ip6tables -I OUTPUT -m set --match-set blacklist-vk-v6 dst -m conntrack --ctstate NEW -j REJECT
 #
 #   3. To flush/delete the sets:
 #      ipset flush blacklist-vk-v4 && ipset destroy blacklist-vk-v4
@@ -161,7 +167,7 @@ echo "  Total entries: $(wc -l < "${blacklist_vk_file}" | tr -d ' ')"
 echo ""
 echo "VK outgoing block examples (iptables/ipset):"
 echo "  ipset restore < ${iptables_vk_output_file}"
-echo "  iptables -I OUTPUT -m set --match-set blacklist-vk-v4 dst -m conntrack --ctstate NEW -j REJECT"
+echo "  iptables -I OUTPUT -m set --match-set blacklist-vk-v4 dst -j REJECT"
-echo "  ip6tables -I OUTPUT -m set --match-set blacklist-vk-v6 dst -m conntrack --ctstate NEW -j REJECT"
+echo "  ip6tables -I OUTPUT -m set --match-set blacklist-vk-v6 dst -j REJECT"
 echo ""
 echo "Tip: Do not install Messenger MAX on the same phone/device that has VPN access configured."