yanistyle/AS_Network_List
1
0
Fork 0
mirror of https://github.com/C24Be/AS_Network_List.git synced 2026-01-24 15:06:17 +03:00
Code Issues Packages Projects Releases Wiki Activity

iptables

Browse Source
This commit is contained in:
C24Be
2026-01-01 18:33:41 +01:00
parent 8afeeeb5cf
commit b02bcd8a5e
2 changed files with 185856 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

185847
auto/all-ru.txt Normal file
View File

File diff suppressed because it is too large Load Diff

18
blacklists_updater_iptables.sh
View File

@@ -21,12 +21,12 @@ generate_ipset_config() {
local ip_version="$3"
local set_name="$4"
local family="$5"
# Count entries for hash size calculation
local count=$(wc -l < "${input_file}" | tr -d ' ')
local hashsize=$((count > 1024 ? count : 1024))
local maxelem=$((count * 2))
# Generate ipset configuration with header
cat > "${output_file}" << EOF
# IPSet blacklist configuration ${ip_version}
@@ -38,8 +38,8 @@ generate_ipset_config() {
# ipset restore < $(basename ${output_file})
#
# 2. Use with iptables/ip6tables:
# iptables -I INPUT -m set --match-set ${set_name} src -j DROP
# iptables -I FORWARD -m set --match-set ${set_name} src -j DROP
# iptables -I INPUT -m set --match-set ${set_name} src -m conntrack --ctstate NEW -j DROP
# iptables -I FORWARD -m set --match-set ${set_name} src -m conntrack --ctstate NEW -j DROP
#
# 3. To flush/delete the set:
# ipset flush ${set_name}
@@ -55,7 +55,7 @@ EOF
[ -z "${network}" ] && continue
echo "add ${set_name} ${network}" >> "${output_file}"
done < "${input_file}"
echo "✓ Generated ${ip_version}: ${output_file}"
echo " Total entries: ${count}"
}
@@ -75,10 +75,10 @@ cat > "${iptables_output_file}" << EOF
# ipset restore < $(basename ${iptables_output_file})
#
# 2. Use with iptables/ip6tables:
# iptables -I INPUT -m set --match-set blacklist-v4 src -j DROP
# iptables -I FORWARD -m set --match-set blacklist-v4 src -j DROP
# ip6tables -I INPUT -m set --match-set blacklist-v6 src -j DROP
# ip6tables -I FORWARD -m set --match-set blacklist-v6 src -j DROP
# iptables -I INPUT -m set --match-set blacklist-v4 src -m conntrack --ctstate NEW -j DROP
# iptables -I FORWARD -m set --match-set blacklist-v4 src -m conntrack --ctstate NEW -j DROP
# ip6tables -I INPUT -m set --match-set blacklist-v6 src -m conntrack --ctstate NEW -j DROP
# ip6tables -I FORWARD -m set --match-set blacklist-v6 src -m conntrack --ctstate NEW -j DROP
#
# 3. To flush/delete the sets:
# ipset flush blacklist-v4 && ipset destroy blacklist-v4