yanistyle/AS_Network_List
1
0
Fork 0
mirror of https://github.com/C24Be/AS_Network_List.git synced 2026-03-25 19:09:48 +03:00
Code Issues Packages Projects Releases Wiki Activity

README, nginx, iptables, vk, mail.ru

Browse Source
This commit is contained in:
C24Be
2025-10-23 12:17:01 +02:00
parent 036bcdfa25
commit c7732b817c
19 changed files with 4839 additions and 27 deletions
Download Patch File Download Diff File Expand all files Collapse all files

109
blacklists_iptables/README.md Normal file
View File

@@ -0,0 +1,109 @@
# IPTables/IPSet Blacklist Configurations
Auto-generated ipset configuration files for blocking networks and IP addresses with iptables/ip6tables.
## Available Files
### IPv4 Only
- **`blacklist-v4.ipset`** - Contains only IPv4 networks (806 entries)
### IPv6 Only
- **`blacklist-v6.ipset`** - Contains only IPv6 networks (3 entries)
### Mixed IPv4/IPv6
- **`blacklist.ipset`** - Contains both IPv4 and IPv6 sets (809 total entries)
## Usage
### 1. Load the IPSet
```bash
# For IPv4 only
ipset restore < blacklist-v4.ipset
# For IPv6 only
ipset restore < blacklist-v6.ipset
# For both IPv4 and IPv6 (loads both sets)
ipset restore < blacklist.ipset
```
### 2. Apply IPTables Rules
```bash
# For IPv4
iptables -I INPUT -m set --match-set blacklist-v4 src -j DROP
iptables -I FORWARD -m set --match-set blacklist-v4 src -j DROP
# For IPv6
ip6tables -I INPUT -m set --match-set blacklist-v6 src -j DROP
ip6tables -I FORWARD -m set --match-set blacklist-v6 src -j DROP
```
### 3. Persist Rules (Optional)
To make the rules persistent across reboots:
**On Debian/Ubuntu:**
```bash
# Save iptables rules
iptables-save > /etc/iptables/rules.v4
ip6tables-save > /etc/iptables/rules.v6
# Save ipset
ipset save > /etc/ipset.conf
```
**On RHEL/CentOS:**
```bash
# Save iptables rules
service iptables save
service ip6tables save
# Save ipset
ipset save > /etc/sysconfig/ipset
```
### 4. Update Existing Sets
To update the blacklist without restarting iptables:
```bash
# Flush and reload
ipset flush blacklist-v4
ipset restore < blacklist-v4.ipset
```
### 5. Remove Sets
```bash
# Remove IPv4 set
ipset flush blacklist-v4
ipset destroy blacklist-v4
# Remove IPv6 set
ipset flush blacklist-v6
ipset destroy blacklist-v6
```
## Performance Benefits
IPSet uses hash tables for O(1) lookup performance, making it ideal for large blacklists:
- Much faster than individual iptables rules
- Minimal CPU overhead
- Supports up to 65536 entries per set (configurable)
- Kernel-level implementation for maximum efficiency
## Automatic Updates
These files are automatically regenerated when the blacklists are updated via the GitHub Actions workflow.
## Source
Generated from the blacklist files in the `blacklists/` directory.