Add nftables support with config generator and IP checker (#22)

* Add nftables support with config generator and IP checker - Add generate_nft_blacklist.py for generating nftables configurations - Add check_nft_blacklist.py for verifying IPs against blacklist - Add blacklists_updater_nftables.sh for automated updates - Add blacklists_nftables/ directory with generated configs - Add GitHub Actions workflow for daily nftables updates - Update README.md with nftables usage instructions nftables is a modern replacement for iptables with better performance and lower memory usage, especially for large rulesets. This addition complements the existing iptables and nginx blacklist formats. * Added nftables scripts help
2026-01-25 07:26:59 +03:00 · 2026-01-12 12:46:07 +03:00
parent f2d2795afe
commit a3a5ec2ea8
9 changed files with 2305 additions and 0 deletions
--- a/README.md
+++ b/README.md
@@ -50,6 +50,14 @@ This repository contains Python scripts that allow you to retrieve network lists
 - `blacklist-v6.ipset`: IPSet configuration for IPv6 only (**daily generated**)
 - `README.md`: Complete usage documentation for iptables integration

+**nftables Format** (`blacklists_nftables/` folder):
+
+* `blacklist.nft`: nftables configuration for mixed IPv4/IPv6 (**daily generated**)
+* `blacklist-v4.nft`: nftables configuration for IPv4 only (**daily generated**)
+* `blacklist-v6.nft`: nftables configuration for IPv6 only (**daily generated**)
+* `README.md`: Complete usage documentation for nftables integration
+
+
 ### Reference Lists

 **Contributors are welcome!**
@@ -90,6 +98,15 @@ iptables -I INPUT -m set --match-set blacklist-v4 src -j DROP
 ip6tables -I INPUT -m set --match-set blacklist-v6 src -j DROP
 ```

+**For nftables:**
+````bash
+# Download and load into nftables
+wget https://raw.githubusercontent.com/C24Be/AS_Network_List/main/blacklists_nftables/blacklist.nft
+sudo nft -f blacklist.nft
+# View the loaded rules
+sudo nft list ruleset
+````
+
 **For Custom Applications:**

 ```bash
@@ -183,6 +200,20 @@ See the README files in each folder for detailed usage instructions.
    ./network_list_from_netname.py --help
    ```

+### `generate_nft_blacklist.py`
+1. Generate nftables config from blacklist:
+
+    ```bash
+    ./generate_nft_blacklist.py blacklists/blacklist.txt blacklist.nft
+    ```
+
+### `check_nft_blacklist.py`
+1. Check IP address against generated config:
+
+    ```bash
+    ./check_nft_blacklist.py blacklist.nft 77.37.166.239
+    ```
+
 ## Screenshots

 <img width="320" alt="image" src="https://github.com/C24Be/AS_Network_List/assets/153936414/71bd0ed4-0e9b-42f0-8e91-01964ea9b8e1">