diff --git a/.github/actions/gitPush/action.yaml b/.github/actions/gitPush/action.yaml index 9fb21e7..cb4f172 100644 --- a/.github/actions/gitPush/action.yaml +++ b/.github/actions/gitPush/action.yaml @@ -10,7 +10,7 @@ runs: git config --global user.email "${{ env.REPO_OWNER }}@github.com" if [ -n "${{ env.CUSTOM_BRANCH }}" ]; then git checkout "${daily_branch}" 2>/dev/null || git checkout -b "${daily_branch}" - git push --set origin "${daily_branch}" + git push --set-upstream origin "${daily_branch}" fi git add ${{ env.PUSH_FILES }} git diff --staged --quiet || CHANGED=true diff --git a/.github/actions/gitReset/action.yaml b/.github/actions/gitReset/action.yaml index 8f0379e..914c4cd 100644 --- a/.github/actions/gitReset/action.yaml +++ b/.github/actions/gitReset/action.yaml @@ -8,9 +8,9 @@ runs: if [ -n "${{ env.CUSTOM_BRANCH }}" ]; then git reset --hard git clean -fdx - git checkout "${daily_branch}" - git pull origin "${daily_branch}" - git push --set origin "${daily_branch}" + git checkout "${daily_branch}" 2>/dev/null || git checkout -b "${daily_branch}" + git pull origin "${daily_branch}" || true + git push --set-upstream origin "${daily_branch}" fi git reset --hard git clean -fdx diff --git a/.github/workflows/resolve_networks.yml b/.github/workflows/resolve_networks.yml index bf01410..c5ba434 100644 --- a/.github/workflows/resolve_networks.yml +++ b/.github/workflows/resolve_networks.yml @@ -26,7 +26,7 @@ jobs: with: fetch-depth: 0 # this is required to fetch all history for all branches and tags token: ${{ env.GH_PAT }} - ref: ${{ github.branch }} + ref: ${{ github.ref_name }} - uses: ./.github/actions/gitReset env: CUSTOM_BRANCH: true @@ -53,7 +53,7 @@ jobs: with: fetch-depth: 0 # this is required to fetch all history for all branches and tags token: ${{ env.GH_PAT }} - ref: ${{ github.branch }} + ref: ${{ github.ref_name }} - uses: ./.github/actions/gitReset env: CUSTOM_BRANCH: true @@ -80,7 +80,7 @@ jobs: with: fetch-depth: 0 # this is required to fetch all history for all branches and tags token: ${{ env.GH_PAT }} - ref: ${{ github.branch }} + ref: ${{ github.ref_name }} - uses: ./.github/actions/gitReset env: CUSTOM_BRANCH: true diff --git a/README.md b/README.md index 0ea3fd3..ffd890d 100644 --- a/README.md +++ b/README.md @@ -57,15 +57,18 @@ This repository contains Python scripts that allow you to retrieve network lists **IPTables/IPSet Format** (`blacklists_iptables/` folder): -- `blacklist.ipset`: IPSet configuration for mixed IPv4/IPv6 (**daily generated**) - `blacklist-v4.ipset`: IPSet configuration for IPv4 only (**daily generated**) - `blacklist-v6.ipset`: IPSet configuration for IPv6 only (**daily generated**) +- `blacklist-vk-v4.ipset`: IPSet configuration for VK-only IPv4 networks (**daily generated**) +- `blacklist-vk-v6.ipset`: IPSet configuration for VK-only IPv6 networks (**daily generated**) - `README.md`: Complete usage documentation for iptables integration **nftables Format** (`blacklists_nftables/` folder): +* `blacklist.nft`: nftables set definitions for mixed IPv4/IPv6 (**daily generated**) * `blacklist-v4.nft`: nftables configuration for IPv4 only (**daily generated**) * `blacklist-v6.nft`: nftables configuration for IPv6 only (**daily generated**) +* `blacklist-vk.nft`: nftables set definitions for VK-only mixed IPv4/IPv6 (**daily generated**) * `blacklist-vk-v4.nft`: nftables configuration for VK-only IPv4 networks (**daily generated**) * `blacklist-vk-v6.nft`: nftables configuration for VK-only IPv6 networks (**daily generated**) * `README.md`: Complete usage documentation for nftables integration @@ -81,7 +84,7 @@ This repository contains Python scripts that allow you to retrieve network lists **Contributors are welcome!** - `lists/ru-gov-netnames.txt`: A list of network names associated with the Russian government. -- `lists/ru-gov-asns.txt`: A list of AS numbers associated with the Russian government. +- ASN candidates used for blacklists are derived automatically from `auto/all-ru-asn.txt`. ### Auto-Generated Data @@ -109,18 +112,22 @@ wget https://raw.githubusercontent.com/C24Be/AS_Network_List/main/blacklists_ngi **For IPTables/IPSet:** ```bash -# Download and load into ipset -wget https://raw.githubusercontent.com/C24Be/AS_Network_List/main/blacklists_iptables/blacklist.ipset -ipset restore < blacklist.ipset -iptables -I INPUT -m set --match-set blacklist-v4 src -j DROP -ip6tables -I INPUT -m set --match-set blacklist-v6 src -j DROP +# Download and load IPv4/IPv6 sets into ipset +wget https://raw.githubusercontent.com/C24Be/AS_Network_List/main/blacklists_iptables/blacklist-v4.ipset +wget https://raw.githubusercontent.com/C24Be/AS_Network_List/main/blacklists_iptables/blacklist-v6.ipset +ipset restore < blacklist-v4.ipset +ipset restore < blacklist-v6.ipset +iptables -I INPUT -m set --match-set blacklist-v4 src -m conntrack --ctstate NEW -j DROP +ip6tables -I INPUT -m set --match-set blacklist-v6 src -m conntrack --ctstate NEW -j DROP ``` **For nftables:** ````bash -# Download and load into nftables +# Download and load nftables sets +wget https://raw.githubusercontent.com/C24Be/AS_Network_List/main/blacklists_nftables/blacklist.nft wget https://raw.githubusercontent.com/C24Be/AS_Network_List/main/blacklists_nftables/blacklist-v4.nft wget https://raw.githubusercontent.com/C24Be/AS_Network_List/main/blacklists_nftables/blacklist-v6.nft +sudo nft -f blacklist.nft sudo nft -f blacklist-v4.nft sudo nft -f blacklist-v6.nft @@ -130,13 +137,15 @@ sudo nft add rule inet filter input ip saddr @blacklist_v4 counter reject sudo nft add rule inet filter input ip6 saddr @blacklist_v6 counter reject # VK-only outbound blocking for VPN clients via NAT/FORWARD +wget https://raw.githubusercontent.com/C24Be/AS_Network_List/main/blacklists_nftables/blacklist-vk.nft wget https://raw.githubusercontent.com/C24Be/AS_Network_List/main/blacklists_nftables/blacklist-vk-v4.nft wget https://raw.githubusercontent.com/C24Be/AS_Network_List/main/blacklists_nftables/blacklist-vk-v6.nft +sudo nft -f blacklist-vk.nft sudo nft -f blacklist-vk-v4.nft sudo nft -f blacklist-vk-v6.nft sudo nft add chain inet filter forward '{ type filter hook forward priority 0; policy accept; }' -sudo nft add rule inet filter forward iifname "" ip daddr @blacklist_v4 counter reject -sudo nft add rule inet filter forward iifname "" ip6 daddr @blacklist_v6 counter reject +sudo nft add rule inet filter forward iifname "" ip daddr @blacklist_vk_v4 counter reject +sudo nft add rule inet filter forward iifname "" ip6 daddr @blacklist_vk_v6 counter reject # View the loaded rules sudo nft list ruleset @@ -201,16 +210,16 @@ See the README files in each folder for detailed usage instructions. ./network_list_from_as.py AS61280 ``` -2. Run the script with a URL to a file in a GitHub repository as an argument: +2. Run the script with a URL to a file with one ASN per line: ```bash - ./network_list_from_as.py https://github.com/C24Be/AS_Network_List/blob/main/lists/ru-gov-asns.txt + ./network_list_from_as.py https://example.com/asns.txt ``` Or better use the raw file link: ```bash - ./network_list_from_as.py https://raw.githubusercontent.com/C24Be/AS_Network_List/main/lists/ru-gov-asns.txt + ./network_list_from_as.py https://example.com/asns-raw.txt ``` 3. To display a help message, use the `-h` or `--help` switch: diff --git a/auto/ripe-ru-ipv4.json b/auto/ripe-ru-ipv4.json index 9a9710c..98a9be4 100644 --- a/auto/ripe-ru-ipv4.json +++ b/auto/ripe-ru-ipv4.json @@ -1602271,12 +1602271,5 @@ "netname": "Vector interlir-mnt", "country": "RU", "org": "" - }, - { - "inetnum": "168.222.92.0 - 168.222.92.255", - "descr": "", - "netname": "NET-168-222-92-0-24 netutils-mnt", - "country": "US", - "org": "ORG-PC1253-RIPE" } -] \ No newline at end of file +] diff --git a/auto/ripe-ru-ipv4.txt b/auto/ripe-ru-ipv4.txt index 49e12c2..8b34c73 100644 --- a/auto/ripe-ru-ipv4.txt +++ b/auto/ripe-ru-ipv4.txt @@ -184415,32 +184415,3 @@ 150.251.145.0/24 LLC_IT_TECHNOLOGY_VECTOR interlir-mnt () [] 163.5.180.0/25 Vector interlir-mnt () [] 163.5.180.128/25 Vector interlir-mnt () [] -1 NET-168-222-92-0-24 netutils-mnt (ORG-PC1253-RIPE) [] -6 NET-168-222-92-0-24 netutils-mnt (ORG-PC1253-RIPE) [] -8 NET-168-222-92-0-24 netutils-mnt (ORG-PC1253-RIPE) [] -. NET-168-222-92-0-24 netutils-mnt (ORG-PC1253-RIPE) [] -2 NET-168-222-92-0-24 netutils-mnt (ORG-PC1253-RIPE) [] -2 NET-168-222-92-0-24 netutils-mnt (ORG-PC1253-RIPE) [] -2 NET-168-222-92-0-24 netutils-mnt (ORG-PC1253-RIPE) [] -. NET-168-222-92-0-24 netutils-mnt (ORG-PC1253-RIPE) [] -9 NET-168-222-92-0-24 netutils-mnt (ORG-PC1253-RIPE) [] -2 NET-168-222-92-0-24 netutils-mnt (ORG-PC1253-RIPE) [] -. NET-168-222-92-0-24 netutils-mnt (ORG-PC1253-RIPE) [] -0 NET-168-222-92-0-24 netutils-mnt (ORG-PC1253-RIPE) [] - NET-168-222-92-0-24 netutils-mnt (ORG-PC1253-RIPE) [] -- NET-168-222-92-0-24 netutils-mnt (ORG-PC1253-RIPE) [] - NET-168-222-92-0-24 netutils-mnt (ORG-PC1253-RIPE) [] -1 NET-168-222-92-0-24 netutils-mnt (ORG-PC1253-RIPE) [] -6 NET-168-222-92-0-24 netutils-mnt (ORG-PC1253-RIPE) [] -8 NET-168-222-92-0-24 netutils-mnt (ORG-PC1253-RIPE) [] -. NET-168-222-92-0-24 netutils-mnt (ORG-PC1253-RIPE) [] -2 NET-168-222-92-0-24 netutils-mnt (ORG-PC1253-RIPE) [] -2 NET-168-222-92-0-24 netutils-mnt (ORG-PC1253-RIPE) [] -2 NET-168-222-92-0-24 netutils-mnt (ORG-PC1253-RIPE) [] -. NET-168-222-92-0-24 netutils-mnt (ORG-PC1253-RIPE) [] -9 NET-168-222-92-0-24 netutils-mnt (ORG-PC1253-RIPE) [] -2 NET-168-222-92-0-24 netutils-mnt (ORG-PC1253-RIPE) [] -. NET-168-222-92-0-24 netutils-mnt (ORG-PC1253-RIPE) [] -2 NET-168-222-92-0-24 netutils-mnt (ORG-PC1253-RIPE) [] -5 NET-168-222-92-0-24 netutils-mnt (ORG-PC1253-RIPE) [] -5 NET-168-222-92-0-24 netutils-mnt (ORG-PC1253-RIPE) [] diff --git a/blacklists_iptables/README.md b/blacklists_iptables/README.md deleted file mode 100644 index 9ba9704..0000000 --- a/blacklists_iptables/README.md +++ /dev/null @@ -1,53 +0,0 @@ -# iptables/ipset blacklists - -Short: ready-to-use ipset files for iptables/ip6tables (general and VK-only, separated by IPv4/IPv6). - -## Download links - -- https://raw.githubusercontent.com/C24Be/AS_Network_List/refs/heads/main/blacklists_iptables/blacklist-v4.ipset -- https://raw.githubusercontent.com/C24Be/AS_Network_List/refs/heads/main/blacklists_iptables/blacklist-v6.ipset -- https://raw.githubusercontent.com/C24Be/AS_Network_List/refs/heads/main/blacklists_iptables/blacklist-vk-v4.ipset -- https://raw.githubusercontent.com/C24Be/AS_Network_List/refs/heads/main/blacklists_iptables/blacklist-vk-v6.ipset - -## How to use - -### 1) Protect VM from incoming connections (general blacklists) - -Load IPv4 and IPv6 sets: - -```bash -ipset restore < blacklist-v4.ipset -ipset restore < blacklist-v6.ipset -``` - -Apply inbound rules to traffic connecting to the VM and forwarded through the host: - -```bash -iptables -I INPUT -m set --match-set blacklist-v4 src -m conntrack --ctstate NEW -j DROP -iptables -I FORWARD -m set --match-set blacklist-v4 src -m conntrack --ctstate NEW -j DROP -ip6tables -I INPUT -m set --match-set blacklist-v6 src -m conntrack --ctstate NEW -j DROP -ip6tables -I FORWARD -m set --match-set blacklist-v6 src -m conntrack --ctstate NEW -j DROP -``` - -### 2) Block VK outbound traffic - -Load VK IPv4 and IPv6 sets: - -```bash -ipset restore < blacklist-vk-v4.ipset -ipset restore < blacklist-vk-v6.ipset -``` - -Apply OUTPUT rules for traffic originated on this host: - -```bash -iptables -I OUTPUT -m set --match-set blacklist-vk-v4 dst -j REJECT -ip6tables -I OUTPUT -m set --match-set blacklist-vk-v6 dst -j REJECT -``` - -If you also need to block forwarded VPN-client traffic via NAT, add FORWARD rules (replace ``): - -```bash -iptables -I FORWARD -i -m set --match-set blacklist-vk-v4 dst -j REJECT -ip6tables -I FORWARD -i -m set --match-set blacklist-vk-v6 dst -j REJECT -``` diff --git a/blacklists_iptables/blacklist-v4.ipset b/blacklists_iptables/blacklist-v4.ipset deleted file mode 100644 index 531a2c7..0000000 --- a/blacklists_iptables/blacklist-v4.ipset +++ /dev/null @@ -1,1153 +0,0 @@ -# IPSet blacklist configuration (IPv4 only) -# Auto-generated from blacklist-v4.txt -# Last updated: 2026-03-26 09:38:26 UTC -# -# Usage: -# 1. Load the ipset: -# ipset restore < blacklist-v4.ipset -# -# 2. Use with iptables/ip6tables: -# iptables -I INPUT -m set --match-set blacklist-v4 src -m conntrack --ctstate NEW -j DROP -# iptables -I FORWARD -m set --match-set blacklist-v4 src -m conntrack --ctstate NEW -j DROP -# -# 3. To flush/delete the set: -# ipset flush blacklist-v4 -# ipset destroy blacklist-v4 -# - -create blacklist-v4 hash:net family inet hashsize 1135 maxelem 2270 -add blacklist-v4 109.120.180.0/22 -add blacklist-v4 109.120.180.0/23 -add blacklist-v4 109.120.182.0/23 -add blacklist-v4 109.120.188.0/22 -add blacklist-v4 109.120.188.0/23 -add blacklist-v4 109.120.190.0/23 -add blacklist-v4 109.124.119.88/29 -add blacklist-v4 109.124.66.128/30 -add blacklist-v4 109.124.66.160/28 -add blacklist-v4 109.124.71.64/29 -add blacklist-v4 109.124.78.108/30 -add blacklist-v4 109.124.80.132/30 -add blacklist-v4 109.124.83.20/30 -add blacklist-v4 109.124.87.96/29 -add blacklist-v4 109.124.89.140/30 -add blacklist-v4 109.124.89.212/30 -add blacklist-v4 109.124.89.36/30 -add blacklist-v4 109.124.90.128/30 -add blacklist-v4 109.124.90.32/30 -add blacklist-v4 109.124.97.4/30 -add blacklist-v4 109.124.99.16/30 -add blacklist-v4 109.124.99.160/28 -add blacklist-v4 109.204.204.232/29 -add blacklist-v4 109.207.0.0/20 -add blacklist-v4 109.232.187.16/29 -add blacklist-v4 109.248.197.0/24 -add blacklist-v4 109.73.4.224/27 -add blacklist-v4 128.140.168.0/21 -add blacklist-v4 128.140.168.0/23 -add blacklist-v4 128.140.170.0/24 -add blacklist-v4 128.140.171.0/24 -add blacklist-v4 128.140.172.0/22 -add blacklist-v4 128.140.173.0/24 -add blacklist-v4 130.49.224.0/19 -add blacklist-v4 145.255.238.240/28 -add blacklist-v4 146.185.208.0/22 -add blacklist-v4 146.185.208.0/23 -add blacklist-v4 146.185.210.0/23 -add blacklist-v4 146.185.240.0/22 -add blacklist-v4 146.185.240.0/23 -add blacklist-v4 146.185.242.0/23 -add blacklist-v4 149.62.55.240/30 -add blacklist-v4 155.212.192.0/20 -add blacklist-v4 176.109.0.0/21 -add blacklist-v4 176.112.168.0/21 -add blacklist-v4 176.116.96.0/20 -add blacklist-v4 178.16.156.148/30 -add blacklist-v4 178.17.176.0/23 -add blacklist-v4 178.17.178.0/23 -add blacklist-v4 178.17.180.0/23 -add blacklist-v4 178.17.182.0/23 -add blacklist-v4 178.17.184.0/22 -add blacklist-v4 178.17.188.0/22 -add blacklist-v4 178.20.234.224/29 -add blacklist-v4 178.22.88.0/21 -add blacklist-v4 178.22.89.64/26 -add blacklist-v4 178.22.94.0/23 -add blacklist-v4 178.237.16.0/20 -add blacklist-v4 178.237.16.0/21 -add blacklist-v4 178.237.206.0/24 -add blacklist-v4 178.237.21.0/24 -add blacklist-v4 178.237.22.0/24 -add blacklist-v4 178.237.24.0/22 -add blacklist-v4 178.237.24.0/24 -add blacklist-v4 178.237.240.0/20 -add blacklist-v4 178.237.248.0/21 -add blacklist-v4 178.237.28.0/24 -add blacklist-v4 178.237.29.0/24 -add blacklist-v4 178.237.30.0/23 -add blacklist-v4 178.248.232.137/32 -add blacklist-v4 178.248.232.60/32 -add blacklist-v4 178.248.233.136/32 -add blacklist-v4 178.248.233.244/32 -add blacklist-v4 178.248.233.245/32 -add blacklist-v4 178.248.233.26/32 -add blacklist-v4 178.248.233.32/32 -add blacklist-v4 178.248.233.60/32 -add blacklist-v4 178.248.234.136/32 -add blacklist-v4 178.248.234.204/32 -add blacklist-v4 178.248.234.228/32 -add blacklist-v4 178.248.234.238/32 -add blacklist-v4 178.248.234.30/32 -add blacklist-v4 178.248.234.33/32 -add blacklist-v4 178.248.234.60/32 -add blacklist-v4 178.248.234.79/32 -add blacklist-v4 178.248.234.83/32 -add blacklist-v4 178.248.235.244/32 -add blacklist-v4 178.248.235.60/32 -add blacklist-v4 178.248.235.75/32 -add blacklist-v4 178.248.236.20/32 -add blacklist-v4 178.248.236.244/32 -add blacklist-v4 178.248.236.83/32 -add blacklist-v4 178.248.237.136/32 -add blacklist-v4 178.248.237.18/32 -add blacklist-v4 178.248.237.242/32 -add blacklist-v4 178.248.237.98/32 -add blacklist-v4 178.248.238.102/32 -add blacklist-v4 178.248.238.128/32 -add blacklist-v4 178.248.238.129/32 -add blacklist-v4 178.248.238.136/32 -add blacklist-v4 178.248.238.155/32 -add blacklist-v4 178.248.238.172/32 -add blacklist-v4 178.248.238.205/32 -add blacklist-v4 178.248.238.255/32 -add blacklist-v4 178.248.238.55/32 -add blacklist-v4 178.248.239.215/32 -add blacklist-v4 178.49.148.176/29 -add blacklist-v4 185.100.104.0/22 -add blacklist-v4 185.100.104.0/23 -add blacklist-v4 185.100.106.0/23 -add blacklist-v4 185.130.112.0/22 -add blacklist-v4 185.130.112.0/23 -add blacklist-v4 185.130.114.0/23 -add blacklist-v4 185.131.68.0/22 -add blacklist-v4 185.131.68.0/23 -add blacklist-v4 185.149.160.0/24 -add blacklist-v4 185.149.161.0/24 -add blacklist-v4 185.149.162.0/24 -add blacklist-v4 185.149.163.0/24 -add blacklist-v4 185.16.148.0/22 -add blacklist-v4 185.16.148.0/23 -add blacklist-v4 185.16.150.0/23 -add blacklist-v4 185.16.244.0/22 -add blacklist-v4 185.16.244.0/23 -add blacklist-v4 185.16.246.0/23 -add blacklist-v4 185.16.246.0/24 -add blacklist-v4 185.16.247.0/24 -add blacklist-v4 185.168.60.0/24 -add blacklist-v4 185.168.61.0/24 -add blacklist-v4 185.168.62.0/24 -add blacklist-v4 185.168.63.0/24 -add blacklist-v4 185.179.224.0/24 -add blacklist-v4 185.179.225.0/24 -add blacklist-v4 185.179.226.0/24 -add blacklist-v4 185.179.227.0/24 -add blacklist-v4 185.180.200.0/22 -add blacklist-v4 185.183.172.0/23 -add blacklist-v4 185.183.174.0/23 -add blacklist-v4 185.187.63.0/24 -add blacklist-v4 185.187.63.0/25 -add blacklist-v4 185.187.63.128/25 -add blacklist-v4 185.224.228.0/24 -add blacklist-v4 185.224.229.0/24 -add blacklist-v4 185.224.230.0/24 -add blacklist-v4 185.224.231.0/24 -add blacklist-v4 185.226.52.0/22 -add blacklist-v4 185.226.52.0/23 -add blacklist-v4 185.226.54.0/23 -add blacklist-v4 185.241.192.0/22 -add blacklist-v4 185.241.192.0/23 -add blacklist-v4 185.241.194.0/23 -add blacklist-v4 185.29.128.0/22 -add blacklist-v4 185.29.130.0/24 -add blacklist-v4 185.32.248.0/22 -add blacklist-v4 185.32.248.0/23 -add blacklist-v4 185.32.249.0/24 -add blacklist-v4 185.32.250.0/23 -add blacklist-v4 185.32.251.0/24 -add blacklist-v4 185.5.136.0/22 -add blacklist-v4 185.5.136.0/23 -add blacklist-v4 185.5.138.0/23 -add blacklist-v4 185.6.244.0/22 -add blacklist-v4 185.6.244.0/23 -add blacklist-v4 185.6.246.0/23 -add blacklist-v4 185.65.149.170/32 -add blacklist-v4 185.7.234.188/30 -add blacklist-v4 185.86.144.0/22 -add blacklist-v4 185.86.144.0/23 -add blacklist-v4 185.86.146.0/23 -add blacklist-v4 188.128.101.108/30 -add blacklist-v4 188.128.11.196/30 -add blacklist-v4 188.128.112.216/29 -add blacklist-v4 188.128.112.240/29 -add blacklist-v4 188.128.113.0/28 -add blacklist-v4 188.128.114.128/28 -add blacklist-v4 188.128.115.232/29 -add blacklist-v4 188.128.118.224/27 -add blacklist-v4 188.128.119.104/30 -add blacklist-v4 188.128.122.240/30 -add blacklist-v4 188.128.8.240/30 -add blacklist-v4 188.128.89.0/30 -add blacklist-v4 188.128.92.104/30 -add blacklist-v4 188.128.94.204/30 -add blacklist-v4 188.128.98.204/30 -add blacklist-v4 188.247.36.124/30 -add blacklist-v4 188.247.36.128/30 -add blacklist-v4 188.247.36.132/30 -add blacklist-v4 188.247.36.136/30 -add blacklist-v4 188.247.36.140/30 -add blacklist-v4 188.247.36.204/30 -add blacklist-v4 188.93.56.0/21 -add blacklist-v4 188.93.56.0/24 -add blacklist-v4 188.93.57.0/24 -add blacklist-v4 188.93.58.0/24 -add blacklist-v4 188.93.60.0/24 -add blacklist-v4 188.93.61.0/24 -add blacklist-v4 188.93.62.0/24 -add blacklist-v4 193.203.40.0/22 -add blacklist-v4 193.232.70.0/24 -add blacklist-v4 193.33.230.0/23 -add blacklist-v4 193.47.146.0/24 -add blacklist-v4 194.140.247.0/25 -add blacklist-v4 194.140.247.128/25 -add blacklist-v4 194.150.202.0/23 -add blacklist-v4 194.165.22.0/23 -add blacklist-v4 194.186.112.80/28 -add blacklist-v4 194.186.63.0/24 -add blacklist-v4 194.190.9.0/24 -add blacklist-v4 194.215.248.0/24 -add blacklist-v4 194.226.116.0/22 -add blacklist-v4 194.226.127.0/24 -add blacklist-v4 194.226.80.0/21 -add blacklist-v4 194.226.88.0/21 -add blacklist-v4 194.67.63.200/30 -add blacklist-v4 194.8.246.0/23 -add blacklist-v4 194.8.70.0/23 -add blacklist-v4 194.84.16.12/30 -add blacklist-v4 195.128.157.0/24 -add blacklist-v4 195.131.53.248/29 -add blacklist-v4 195.131.61.80/29 -add blacklist-v4 195.131.63.24/29 -add blacklist-v4 195.131.7.8/29 -add blacklist-v4 195.144.226.224/28 -add blacklist-v4 195.144.232.144/30 -add blacklist-v4 195.144.240.128/28 -add blacklist-v4 195.149.110.0/24 -add blacklist-v4 195.151.25.48/29 -add blacklist-v4 195.16.55.224/27 -add blacklist-v4 195.162.36.64/28 -add blacklist-v4 195.170.218.24/29 -add blacklist-v4 195.170.218.88/29 -add blacklist-v4 195.182.142.128/26 -add blacklist-v4 195.182.145.64/28 -add blacklist-v4 195.182.151.212/30 -add blacklist-v4 195.182.151.216/30 -add blacklist-v4 195.182.155.164/30 -add blacklist-v4 195.182.156.96/30 -add blacklist-v4 195.209.120.0/22 -add blacklist-v4 195.211.20.0/22 -add blacklist-v4 195.211.22.0/24 -add blacklist-v4 195.211.23.0/24 -add blacklist-v4 195.218.175.40/29 -add blacklist-v4 195.218.190.0/23 -add blacklist-v4 195.226.203.0/24 -add blacklist-v4 195.239.113.0/24 -add blacklist-v4 195.239.247.0/24 -add blacklist-v4 195.239.80.32/29 -add blacklist-v4 195.3.240.0/22 -add blacklist-v4 195.42.75.8/29 -add blacklist-v4 195.54.20.168/29 -add blacklist-v4 195.54.221.0/24 -add blacklist-v4 195.54.28.72/30 -add blacklist-v4 195.58.13.120/30 -add blacklist-v4 195.58.21.196/30 -add blacklist-v4 195.58.29.57/32 -add blacklist-v4 195.58.30.164/30 -add blacklist-v4 195.58.30.200/29 -add blacklist-v4 195.58.5.16/30 -add blacklist-v4 195.58.5.20/30 -add blacklist-v4 195.80.224.0/24 -add blacklist-v4 195.98.38.16/28 -add blacklist-v4 195.98.43.104/29 -add blacklist-v4 195.98.73.56/29 -add blacklist-v4 195.98.77.100/30 -add blacklist-v4 212.111.84.0/22 -add blacklist-v4 212.119.174.0/24 -add blacklist-v4 212.119.175.0/24 -add blacklist-v4 212.120.169.48/29 -add blacklist-v4 212.120.174.88/29 -add blacklist-v4 212.120.184.48/29 -add blacklist-v4 212.120.184.56/29 -add blacklist-v4 212.120.184.64/29 -add blacklist-v4 212.120.189.208/29 -add blacklist-v4 212.120.189.224/29 -add blacklist-v4 212.120.190.112/29 -add blacklist-v4 212.120.190.240/29 -add blacklist-v4 212.120.191.120/29 -add blacklist-v4 212.120.191.248/29 -add blacklist-v4 212.13.104.116/30 -add blacklist-v4 212.13.113.100/30 -add blacklist-v4 212.15.105.64/28 -add blacklist-v4 212.15.114.156/30 -add blacklist-v4 212.15.115.80/28 -add blacklist-v4 212.17.16.192/27 -add blacklist-v4 212.17.17.176/28 -add blacklist-v4 212.17.8.176/29 -add blacklist-v4 212.17.9.144/28 -add blacklist-v4 212.192.156.0/22 -add blacklist-v4 212.23.85.48/30 -add blacklist-v4 212.23.85.56/29 -add blacklist-v4 212.233.120.0/22 -add blacklist-v4 212.233.72.0/21 -add blacklist-v4 212.233.88.0/21 -add blacklist-v4 212.233.96.0/22 -add blacklist-v4 212.32.198.64/29 -add blacklist-v4 212.48.134.192/26 -add blacklist-v4 212.48.138.240/28 -add blacklist-v4 212.48.141.160/27 -add blacklist-v4 212.48.34.176/29 -add blacklist-v4 212.48.34.184/29 -add blacklist-v4 212.48.53.100/30 -add blacklist-v4 212.48.53.144/30 -add blacklist-v4 212.48.53.152/30 -add blacklist-v4 212.48.53.156/30 -add blacklist-v4 212.48.53.160/30 -add blacklist-v4 212.48.53.164/30 -add blacklist-v4 212.48.53.184/30 -add blacklist-v4 212.48.53.188/30 -add blacklist-v4 212.48.53.192/30 -add blacklist-v4 212.48.53.196/30 -add blacklist-v4 212.48.53.200/30 -add blacklist-v4 212.48.53.216/30 -add blacklist-v4 212.48.53.236/30 -add blacklist-v4 212.48.53.240/30 -add blacklist-v4 212.48.53.244/30 -add blacklist-v4 212.48.53.248/30 -add blacklist-v4 212.48.53.252/30 -add blacklist-v4 212.48.53.76/30 -add blacklist-v4 212.48.53.84/30 -add blacklist-v4 212.48.53.88/30 -add blacklist-v4 212.48.53.92/30 -add blacklist-v4 212.48.54.0/30 -add blacklist-v4 212.48.54.100/30 -add blacklist-v4 212.48.54.104/30 -add blacklist-v4 212.48.54.108/30 -add blacklist-v4 212.48.54.112/30 -add blacklist-v4 212.48.54.116/30 -add blacklist-v4 212.48.54.12/30 -add blacklist-v4 212.48.54.120/30 -add blacklist-v4 212.48.54.124/30 -add blacklist-v4 212.48.54.128/30 -add blacklist-v4 212.48.54.132/30 -add blacklist-v4 212.48.54.136/30 -add blacklist-v4 212.48.54.140/30 -add blacklist-v4 212.48.54.144/30 -add blacklist-v4 212.48.54.148/30 -add blacklist-v4 212.48.54.152/30 -add blacklist-v4 212.48.54.156/30 -add blacklist-v4 212.48.54.16/30 -add blacklist-v4 212.48.54.164/30 -add blacklist-v4 212.48.54.168/30 -add blacklist-v4 212.48.54.172/30 -add blacklist-v4 212.48.54.176/30 -add blacklist-v4 212.48.54.180/30 -add blacklist-v4 212.48.54.184/30 -add blacklist-v4 212.48.54.188/30 -add blacklist-v4 212.48.54.196/30 -add blacklist-v4 212.48.54.20/30 -add blacklist-v4 212.48.54.200/30 -add blacklist-v4 212.48.54.208/30 -add blacklist-v4 212.48.54.212/30 -add blacklist-v4 212.48.54.216/30 -add blacklist-v4 212.48.54.220/30 -add blacklist-v4 212.48.54.24/30 -add blacklist-v4 212.48.54.240/30 -add blacklist-v4 212.48.54.244/30 -add blacklist-v4 212.48.54.248/30 -add blacklist-v4 212.48.54.252/30 -add blacklist-v4 212.48.54.28/30 -add blacklist-v4 212.48.54.32/30 -add blacklist-v4 212.48.54.36/30 -add blacklist-v4 212.48.54.44/30 -add blacklist-v4 212.48.54.48/30 -add blacklist-v4 212.48.54.52/30 -add blacklist-v4 212.48.54.56/30 -add blacklist-v4 212.48.54.60/30 -add blacklist-v4 212.48.54.64/30 -add blacklist-v4 212.48.54.68/30 -add blacklist-v4 212.48.54.72/30 -add blacklist-v4 212.48.54.76/30 -add blacklist-v4 212.48.54.8/30 -add blacklist-v4 212.48.54.80/30 -add blacklist-v4 212.48.54.84/30 -add blacklist-v4 212.48.54.92/30 -add blacklist-v4 212.48.54.96/30 -add blacklist-v4 212.49.107.224/27 -add blacklist-v4 212.49.124.0/26 -add blacklist-v4 212.57.133.0/24 -add blacklist-v4 212.57.159.0/24 -add blacklist-v4 212.59.98.48/29 -add blacklist-v4 212.59.99.96/27 -add blacklist-v4 213.147.55.108/30 -add blacklist-v4 213.172.17.252/30 -add blacklist-v4 213.172.18.124/30 -add blacklist-v4 213.172.18.148/30 -add blacklist-v4 213.172.18.160/30 -add blacklist-v4 213.172.18.164/30 -add blacklist-v4 213.172.18.252/30 -add blacklist-v4 213.172.18.60/30 -add blacklist-v4 213.172.27.0/30 -add blacklist-v4 213.172.27.116/30 -add blacklist-v4 213.172.27.160/30 -add blacklist-v4 213.172.27.204/30 -add blacklist-v4 213.172.27.212/30 -add blacklist-v4 213.172.27.224/30 -add blacklist-v4 213.172.27.252/30 -add blacklist-v4 213.172.30.136/30 -add blacklist-v4 213.172.4.192/26 -add blacklist-v4 213.176.232.0/23 -add blacklist-v4 213.176.234.0/23 -add blacklist-v4 213.177.111.0/24 -add blacklist-v4 213.183.253.56/29 -add blacklist-v4 213.219.212.0/22 -add blacklist-v4 213.219.212.0/23 -add blacklist-v4 213.219.214.0/23 -add blacklist-v4 213.219.237.68/30 -add blacklist-v4 213.234.13.60/30 -add blacklist-v4 213.234.15.228/30 -add blacklist-v4 213.234.15.248/30 -add blacklist-v4 213.234.18.52/30 -add blacklist-v4 213.234.8.8/30 -add blacklist-v4 213.24.128.0/22 -add blacklist-v4 213.24.143.0/24 -add blacklist-v4 213.24.152.0/22 -add blacklist-v4 213.24.160.0/28 -add blacklist-v4 213.24.34.0/24 -add blacklist-v4 213.24.75.0/24 -add blacklist-v4 213.24.76.0/23 -add blacklist-v4 213.242.204.236/30 -add blacklist-v4 213.242.204.76/30 -add blacklist-v4 213.242.205.88/30 -add blacklist-v4 213.242.215.192/29 -add blacklist-v4 213.242.215.68/30 -add blacklist-v4 213.243.106.48/28 -add blacklist-v4 213.243.116.0/24 -add blacklist-v4 213.243.84.80/28 -add blacklist-v4 213.33.171.240/29 -add blacklist-v4 213.59.59.120/29 -add blacklist-v4 213.59.59.128/29 -add blacklist-v4 213.59.59.144/29 -add blacklist-v4 213.59.59.16/29 -add blacklist-v4 213.59.59.168/29 -add blacklist-v4 213.59.59.64/29 -add blacklist-v4 213.59.91.128/27 -add blacklist-v4 213.59.91.176/28 -add blacklist-v4 213.59.91.48/29 -add blacklist-v4 213.85.142.176/28 -add blacklist-v4 213.85.2.64/28 -add blacklist-v4 213.85.2.80/29 -add blacklist-v4 213.85.20.32/30 -add blacklist-v4 213.85.20.8/30 -add blacklist-v4 213.85.20.84/30 -add blacklist-v4 213.85.77.64/27 -add blacklist-v4 217.106.0.0/16 -add blacklist-v4 217.106.115.168/29 -add blacklist-v4 217.106.147.0/29 -add blacklist-v4 217.106.147.8/29 -add blacklist-v4 217.106.150.224/29 -add blacklist-v4 217.106.150.72/29 -add blacklist-v4 217.106.150.80/29 -add blacklist-v4 217.106.150.88/29 -add blacklist-v4 217.106.203.240/29 -add blacklist-v4 217.106.203.88/29 -add blacklist-v4 217.106.93.192/26 -add blacklist-v4 217.106.95.112/28 -add blacklist-v4 217.107.200.0/21 -add blacklist-v4 217.107.5.112/29 -add blacklist-v4 217.107.5.16/29 -add blacklist-v4 217.107.5.24/29 -add blacklist-v4 217.107.5.40/29 -add blacklist-v4 217.107.5.8/29 -add blacklist-v4 217.107.5.80/29 -add blacklist-v4 217.107.5.88/29 -add blacklist-v4 217.107.5.96/29 -add blacklist-v4 217.147.23.112/28 -add blacklist-v4 217.148.216.156/30 -add blacklist-v4 217.148.220.160/29 -add blacklist-v4 217.16.16.0/20 -add blacklist-v4 217.16.16.0/21 -add blacklist-v4 217.16.24.0/21 -add blacklist-v4 217.172.18.0/23 -add blacklist-v4 217.174.188.0/22 -add blacklist-v4 217.174.188.0/23 -add blacklist-v4 217.195.92.16/28 -add blacklist-v4 217.195.93.144/29 -add blacklist-v4 217.195.94.200/29 -add blacklist-v4 217.20.144.0/20 -add blacklist-v4 217.20.144.0/22 -add blacklist-v4 217.20.148.0/24 -add blacklist-v4 217.20.149.0/24 -add blacklist-v4 217.20.150.0/23 -add blacklist-v4 217.20.152.0/22 -add blacklist-v4 217.20.156.0/23 -add blacklist-v4 217.20.158.0/24 -add blacklist-v4 217.20.159.0/24 -add blacklist-v4 217.20.86.128/26 -add blacklist-v4 217.20.86.232/29 -add blacklist-v4 217.23.88.168/29 -add blacklist-v4 217.23.88.248/29 -add blacklist-v4 217.27.142.176/30 -add blacklist-v4 217.65.214.24/29 -add blacklist-v4 217.65.219.160/29 -add blacklist-v4 217.67.177.208/29 -add blacklist-v4 217.69.128.0/20 -add blacklist-v4 217.69.128.0/21 -add blacklist-v4 217.69.132.0/24 -add blacklist-v4 217.69.136.0/21 -add blacklist-v4 31.177.104.0/22 -add blacklist-v4 31.177.95.0/24 -add blacklist-v4 31.44.63.64/29 -add blacklist-v4 37.139.32.0/22 -add blacklist-v4 37.139.32.0/23 -add blacklist-v4 37.139.34.0/23 -add blacklist-v4 37.139.40.0/22 -add blacklist-v4 37.139.40.0/23 -add blacklist-v4 37.139.42.0/23 -add blacklist-v4 37.28.161.48/30 -add blacklist-v4 37.29.53.16/30 -add blacklist-v4 37.29.57.52/30 -add blacklist-v4 37.29.57.64/30 -add blacklist-v4 37.29.59.56/30 -add blacklist-v4 45.136.20.0/22 -add blacklist-v4 45.136.20.0/23 -add blacklist-v4 45.136.22.0/23 -add blacklist-v4 45.84.128.0/22 -add blacklist-v4 45.84.128.0/23 -add blacklist-v4 45.84.130.0/23 -add blacklist-v4 46.20.70.160/28 -add blacklist-v4 46.228.0.232/29 -add blacklist-v4 46.29.152.0/22 -add blacklist-v4 46.46.142.160/28 -add blacklist-v4 46.46.148.40/29 -add blacklist-v4 46.47.197.128/30 -add blacklist-v4 46.47.199.76/30 -add blacklist-v4 46.47.203.52/30 -add blacklist-v4 46.47.207.96/30 -add blacklist-v4 46.47.208.84/30 -add blacklist-v4 46.47.210.76/30 -add blacklist-v4 46.47.211.0/24 -add blacklist-v4 46.47.212.204/30 -add blacklist-v4 46.47.213.0/24 -add blacklist-v4 46.47.214.200/30 -add blacklist-v4 46.47.219.200/30 -add blacklist-v4 46.47.223.196/30 -add blacklist-v4 46.47.229.0/28 -add blacklist-v4 46.47.238.144/30 -add blacklist-v4 46.47.249.176/29 -add blacklist-v4 46.61.208.0/24 -add blacklist-v4 5.101.40.0/22 -add blacklist-v4 5.101.40.0/23 -add blacklist-v4 5.101.42.0/23 -add blacklist-v4 5.181.60.0/22 -add blacklist-v4 5.181.60.0/24 -add blacklist-v4 5.181.61.0/24 -add blacklist-v4 5.181.62.0/23 -add blacklist-v4 5.188.140.0/22 -add blacklist-v4 5.188.140.0/23 -add blacklist-v4 5.188.142.0/23 -add blacklist-v4 5.61.16.0/21 -add blacklist-v4 5.61.16.0/22 -add blacklist-v4 5.61.20.0/22 -add blacklist-v4 5.61.232.0/21 -add blacklist-v4 5.61.232.0/22 -add blacklist-v4 5.61.236.0/23 -add blacklist-v4 5.61.238.0/24 -add blacklist-v4 5.61.239.0/27 -add blacklist-v4 5.61.239.128/25 -add blacklist-v4 5.61.239.40/29 -add blacklist-v4 5.61.239.48/28 -add blacklist-v4 5.61.239.64/26 -add blacklist-v4 62.105.158.200/29 -add blacklist-v4 62.112.110.64/28 -add blacklist-v4 62.118.101.184/29 -add blacklist-v4 62.118.113.232/29 -add blacklist-v4 62.118.125.188/30 -add blacklist-v4 62.118.127.240/28 -add blacklist-v4 62.118.193.8/29 -add blacklist-v4 62.118.205.68/30 -add blacklist-v4 62.118.208.100/30 -add blacklist-v4 62.118.209.192/30 -add blacklist-v4 62.118.216.60/30 -add blacklist-v4 62.118.219.184/30 -add blacklist-v4 62.118.230.4/30 -add blacklist-v4 62.118.233.224/29 -add blacklist-v4 62.118.234.64/29 -add blacklist-v4 62.118.239.128/29 -add blacklist-v4 62.141.125.0/25 -add blacklist-v4 62.217.160.0/20 -add blacklist-v4 62.217.160.0/21 -add blacklist-v4 62.217.168.0/21 -add blacklist-v4 62.28.169.168/30 -add blacklist-v4 62.33.199.80/29 -add blacklist-v4 62.33.34.16/28 -add blacklist-v4 62.33.87.128/28 -add blacklist-v4 62.5.130.104/29 -add blacklist-v4 62.5.132.224/29 -add blacklist-v4 62.5.189.80/29 -add blacklist-v4 62.5.202.60/30 -add blacklist-v4 62.5.218.204/30 -add blacklist-v4 62.5.224.188/30 -add blacklist-v4 62.5.242.80/28 -add blacklist-v4 62.63.100.160/30 -add blacklist-v4 62.63.101.80/29 -add blacklist-v4 62.63.96.32/28 -add blacklist-v4 62.63.98.24/29 -add blacklist-v4 62.76.98.0/24 -add blacklist-v4 77.243.9.80/28 -add blacklist-v4 77.34.209.160/28 -add blacklist-v4 77.35.76.80/28 -add blacklist-v4 77.35.98.240/28 -add blacklist-v4 77.37.128.0/17 -add blacklist-v4 77.72.139.0/28 -add blacklist-v4 77.82.124.112/29 -add blacklist-v4 78.107.13.208/28 -add blacklist-v4 78.107.16.96/28 -add blacklist-v4 78.107.18.112/28 -add blacklist-v4 78.107.3.208/28 -add blacklist-v4 78.107.40.160/28 -add blacklist-v4 78.107.42.144/28 -add blacklist-v4 78.107.51.16/28 -add blacklist-v4 78.107.61.96/28 -add blacklist-v4 78.107.86.32/28 -add blacklist-v4 78.108.192.0/21 -add blacklist-v4 78.108.200.0/24 -add blacklist-v4 78.109.140.112/29 -add blacklist-v4 78.24.159.48/29 -add blacklist-v4 78.37.104.0/29 -add blacklist-v4 78.37.67.24/29 -add blacklist-v4 78.37.69.160/27 -add blacklist-v4 78.37.84.120/29 -add blacklist-v4 78.37.97.88/29 -add blacklist-v4 79.133.74.160/30 -add blacklist-v4 79.133.74.168/30 -add blacklist-v4 79.133.75.176/30 -add blacklist-v4 79.133.75.44/30 -add blacklist-v4 79.137.132.0/24 -add blacklist-v4 79.137.132.0/25 -add blacklist-v4 79.137.132.128/25 -add blacklist-v4 79.137.139.0/24 -add blacklist-v4 79.137.139.0/25 -add blacklist-v4 79.137.139.128/25 -add blacklist-v4 79.137.140.0/24 -add blacklist-v4 79.137.142.0/24 -add blacklist-v4 79.137.157.0/24 -add blacklist-v4 79.137.157.0/25 -add blacklist-v4 79.137.157.128/25 -add blacklist-v4 79.137.164.0/24 -add blacklist-v4 79.137.164.0/25 -add blacklist-v4 79.137.164.128/25 -add blacklist-v4 79.137.167.0/24 -add blacklist-v4 79.137.167.0/25 -add blacklist-v4 79.137.167.128/25 -add blacklist-v4 79.137.174.0/23 -add blacklist-v4 79.137.174.0/24 -add blacklist-v4 79.137.175.0/24 -add blacklist-v4 79.137.180.0/24 -add blacklist-v4 79.137.180.0/25 -add blacklist-v4 79.137.180.128/25 -add blacklist-v4 79.137.183.0/24 -add blacklist-v4 79.137.240.0/21 -add blacklist-v4 79.137.240.0/22 -add blacklist-v4 79.137.244.0/22 -add blacklist-v4 79.142.88.0/28 -add blacklist-v4 79.143.229.0/24 -add blacklist-v4 79.143.230.0/24 -add blacklist-v4 79.143.232.0/24 -add blacklist-v4 80.237.11.88/29 -add blacklist-v4 80.237.39.112/29 -add blacklist-v4 80.237.98.80/28 -add blacklist-v4 80.247.32.0/20 -add blacklist-v4 80.247.32.0/24 -add blacklist-v4 80.247.46.0/24 -add blacklist-v4 80.254.100.40/29 -add blacklist-v4 80.254.119.168/29 -add blacklist-v4 80.73.16.0/20 -add blacklist-v4 80.73.16.0/21 -add blacklist-v4 80.73.16.0/24 -add blacklist-v4 80.73.168.80/28 -add blacklist-v4 80.73.169.244/30 -add blacklist-v4 80.82.43.24/29 -add blacklist-v4 80.89.152.220/30 -add blacklist-v4 81.1.195.0/28 -add blacklist-v4 81.1.205.96/27 -add blacklist-v4 81.17.2.192/28 -add blacklist-v4 81.17.3.16/29 -add blacklist-v4 81.176.235.0/27 -add blacklist-v4 81.176.70.0/26 -add blacklist-v4 81.177.12.0/24 -add blacklist-v4 81.177.156.0/24 -add blacklist-v4 81.177.31.64/26 -add blacklist-v4 81.195.105.160/28 -add blacklist-v4 81.195.108.164/30 -add blacklist-v4 81.195.112.36/30 -add blacklist-v4 81.195.118.128/30 -add blacklist-v4 81.195.118.48/30 -add blacklist-v4 81.195.120.16/29 -add blacklist-v4 81.195.124.52/30 -add blacklist-v4 81.195.125.96/30 -add blacklist-v4 81.195.148.140/30 -add blacklist-v4 81.195.150.248/30 -add blacklist-v4 81.195.151.0/24 -add blacklist-v4 81.195.151.172/30 -add blacklist-v4 81.195.155.0/30 -add blacklist-v4 81.195.161.12/30 -add blacklist-v4 81.195.164.0/24 -add blacklist-v4 81.195.165.64/28 -add blacklist-v4 81.195.168.24/30 -add blacklist-v4 81.195.177.160/30 -add blacklist-v4 81.195.178.224/27 -add blacklist-v4 81.195.182.64/28 -add blacklist-v4 81.195.192.96/30 -add blacklist-v4 81.195.231.128/26 -add blacklist-v4 81.195.244.32/29 -add blacklist-v4 81.195.245.0/28 -add blacklist-v4 81.195.247.128/28 -add blacklist-v4 81.195.250.16/29 -add blacklist-v4 81.195.36.48/28 -add blacklist-v4 81.195.44.248/30 -add blacklist-v4 81.195.45.64/30 -add blacklist-v4 81.195.50.72/29 -add blacklist-v4 81.195.90.44/30 -add blacklist-v4 81.195.92.48/30 -add blacklist-v4 81.195.93.192/27 -add blacklist-v4 81.195.94.72/29 -add blacklist-v4 81.2.1.0/28 -add blacklist-v4 81.2.10.192/27 -add blacklist-v4 81.211.32.16/28 -add blacklist-v4 81.222.194.200/29 -add blacklist-v4 81.222.209.136/29 -add blacklist-v4 81.222.210.24/29 -add blacklist-v4 81.3.168.148/30 -add blacklist-v4 82.140.65.240/29 -add blacklist-v4 82.142.162.104/29 -add blacklist-v4 82.151.107.136/29 -add blacklist-v4 82.162.103.144/28 -add blacklist-v4 82.162.126.96/28 -add blacklist-v4 82.162.149.160/28 -add blacklist-v4 82.162.157.64/28 -add blacklist-v4 82.162.158.176/28 -add blacklist-v4 82.162.172.112/28 -add blacklist-v4 82.162.72.208/28 -add blacklist-v4 82.162.76.176/28 -add blacklist-v4 82.162.80.192/28 -add blacklist-v4 82.162.87.192/28 -add blacklist-v4 82.162.90.0/28 -add blacklist-v4 82.179.86.32/27 -add blacklist-v4 82.196.130.0/27 -add blacklist-v4 82.196.69.152/30 -add blacklist-v4 82.198.176.144/29 -add blacklist-v4 82.198.176.16/29 -add blacklist-v4 82.198.176.208/29 -add blacklist-v4 82.198.189.128/26 -add blacklist-v4 82.198.190.64/26 -add blacklist-v4 82.198.191.248/29 -add blacklist-v4 82.198.191.96/27 -add blacklist-v4 82.200.13.0/27 -add blacklist-v4 82.200.22.136/29 -add blacklist-v4 82.200.22.144/28 -add blacklist-v4 82.200.64.0/24 -add blacklist-v4 82.208.68.240/28 -add blacklist-v4 82.208.77.104/29 -add blacklist-v4 82.208.81.0/24 -add blacklist-v4 82.208.93.160/27 -add blacklist-v4 83.149.42.64/29 -add blacklist-v4 83.166.232.0/21 -add blacklist-v4 83.166.232.0/22 -add blacklist-v4 83.166.236.0/22 -add blacklist-v4 83.166.248.0/21 -add blacklist-v4 83.166.248.0/22 -add blacklist-v4 83.166.252.0/22 -add blacklist-v4 83.172.36.224/29 -add blacklist-v4 83.217.216.0/22 -add blacklist-v4 83.217.216.0/23 -add blacklist-v4 83.217.218.0/23 -add blacklist-v4 83.219.13.128/29 -add blacklist-v4 83.219.13.184/29 -add blacklist-v4 83.219.138.16/28 -add blacklist-v4 83.219.23.48/29 -add blacklist-v4 83.219.23.8/29 -add blacklist-v4 83.219.25.0/29 -add blacklist-v4 83.219.25.112/29 -add blacklist-v4 83.219.5.248/29 -add blacklist-v4 83.219.6.72/29 -add blacklist-v4 83.220.53.16/28 -add blacklist-v4 83.222.28.0/22 -add blacklist-v4 83.229.181.192/26 -add blacklist-v4 83.229.232.16/29 -add blacklist-v4 83.69.207.248/29 -add blacklist-v4 84.204.143.44/30 -add blacklist-v4 84.204.154.16/30 -add blacklist-v4 84.204.170.220/30 -add blacklist-v4 84.204.217.164/30 -add blacklist-v4 84.204.245.208/29 -add blacklist-v4 84.204.7.144/29 -add blacklist-v4 84.204.93.232/30 -add blacklist-v4 84.23.52.0/22 -add blacklist-v4 84.23.52.0/23 -add blacklist-v4 84.23.54.0/23 -add blacklist-v4 84.53.210.144/28 -add blacklist-v4 85.114.30.192/30 -add blacklist-v4 85.114.30.204/30 -add blacklist-v4 85.114.31.108/30 -add blacklist-v4 85.114.93.88/29 -add blacklist-v4 85.141.17.112/30 -add blacklist-v4 85.141.17.24/30 -add blacklist-v4 85.141.18.80/30 -add blacklist-v4 85.141.19.56/30 -add blacklist-v4 85.141.21.236/30 -add blacklist-v4 85.141.28.0/30 -add blacklist-v4 85.141.31.68/30 -add blacklist-v4 85.141.32.96/28 -add blacklist-v4 85.141.33.0/28 -add blacklist-v4 85.141.33.64/28 -add blacklist-v4 85.141.60.96/28 -add blacklist-v4 85.141.61.160/28 -add blacklist-v4 85.143.125.0/24 -add blacklist-v4 85.146.204.44/30 -add blacklist-v4 85.192.32.0/22 -add blacklist-v4 85.192.32.0/23 -add blacklist-v4 85.192.34.0/23 -add blacklist-v4 85.198.106.0/24 -add blacklist-v4 85.198.107.0/24 -add blacklist-v4 85.21.102.224/28 -add blacklist-v4 85.21.103.64/28 -add blacklist-v4 85.21.104.192/27 -add blacklist-v4 85.21.148.0/26 -add blacklist-v4 85.21.149.48/28 -add blacklist-v4 85.21.155.208/28 -add blacklist-v4 85.21.157.48/28 -add blacklist-v4 85.21.204.208/28 -add blacklist-v4 85.21.99.48/28 -add blacklist-v4 85.21.99.64/28 -add blacklist-v4 85.236.29.160/27 -add blacklist-v4 85.90.100.72/29 -add blacklist-v4 85.90.101.112/28 -add blacklist-v4 85.90.101.192/29 -add blacklist-v4 85.90.102.168/29 -add blacklist-v4 85.90.120.72/29 -add blacklist-v4 85.90.121.72/29 -add blacklist-v4 85.90.125.96/29 -add blacklist-v4 85.90.127.16/29 -add blacklist-v4 85.90.98.144/30 -add blacklist-v4 85.90.99.168/29 -add blacklist-v4 85.94.52.160/27 -add blacklist-v4 85.94.53.32/28 -add blacklist-v4 86.102.100.48/28 -add blacklist-v4 86.102.108.32/28 -add blacklist-v4 86.102.109.32/28 -add blacklist-v4 86.102.109.48/28 -add blacklist-v4 86.102.115.80/28 -add blacklist-v4 86.102.126.160/28 -add blacklist-v4 86.102.126.80/28 -add blacklist-v4 86.102.72.240/28 -add blacklist-v4 86.102.74.64/28 -add blacklist-v4 87.117.18.144/29 -add blacklist-v4 87.117.20.128/28 -add blacklist-v4 87.117.20.64/27 -add blacklist-v4 87.117.20.96/27 -add blacklist-v4 87.117.21.0/29 -add blacklist-v4 87.117.21.16/29 -add blacklist-v4 87.117.21.24/29 -add blacklist-v4 87.117.21.32/29 -add blacklist-v4 87.117.21.40/29 -add blacklist-v4 87.117.21.48/29 -add blacklist-v4 87.117.21.56/29 -add blacklist-v4 87.117.21.64/29 -add blacklist-v4 87.117.21.72/29 -add blacklist-v4 87.117.21.8/29 -add blacklist-v4 87.117.21.80/29 -add blacklist-v4 87.117.23.128/28 -add blacklist-v4 87.117.31.56/29 -add blacklist-v4 87.225.56.224/28 -add blacklist-v4 87.226.156.64/26 -add blacklist-v4 87.226.191.0/24 -add blacklist-v4 87.226.213.0/24 -add blacklist-v4 87.226.239.180/30 -add blacklist-v4 87.237.47.204/30 -add blacklist-v4 87.239.104.0/21 -add blacklist-v4 87.239.104.0/22 -add blacklist-v4 87.239.108.0/22 -add blacklist-v4 87.240.128.0/18 -add blacklist-v4 87.240.128.0/19 -add blacklist-v4 87.240.160.0/19 -add blacklist-v4 87.240.166.0/24 -add blacklist-v4 87.240.167.0/24 -add blacklist-v4 87.242.112.0/22 -add blacklist-v4 87.245.133.0/24 -add blacklist-v4 87.249.16.32/28 -add blacklist-v4 87.249.18.60/30 -add blacklist-v4 87.249.22.72/29 -add blacklist-v4 87.249.28.232/29 -add blacklist-v4 87.249.3.64/28 -add blacklist-v4 87.249.30.176/30 -add blacklist-v4 87.249.5.48/30 -add blacklist-v4 87.249.7.120/29 -add blacklist-v4 88.151.200.0/24 -add blacklist-v4 88.200.208.112/29 -add blacklist-v4 88.83.195.248/30 -add blacklist-v4 89.106.172.160/29 -add blacklist-v4 89.107.123.120/29 -add blacklist-v4 89.107.123.136/29 -add blacklist-v4 89.107.127.136/29 -add blacklist-v4 89.109.250.132/30 -add blacklist-v4 89.109.250.140/30 -add blacklist-v4 89.109.250.28/30 -add blacklist-v4 89.109.250.80/30 -add blacklist-v4 89.109.250.88/29 -add blacklist-v4 89.109.250.96/30 -add blacklist-v4 89.109.7.176/29 -add blacklist-v4 89.111.176.0/22 -add blacklist-v4 89.175.10.160/30 -add blacklist-v4 89.175.165.208/28 -add blacklist-v4 89.175.170.144/28 -add blacklist-v4 89.175.174.136/29 -add blacklist-v4 89.175.176.140/30 -add blacklist-v4 89.175.176.176/30 -add blacklist-v4 89.175.176.88/30 -add blacklist-v4 89.175.188.184/29 -add blacklist-v4 89.175.6.64/27 -add blacklist-v4 89.175.8.104/30 -add blacklist-v4 89.175.8.140/30 -add blacklist-v4 89.175.8.192/30 -add blacklist-v4 89.175.8.36/30 -add blacklist-v4 89.175.8.40/30 -add blacklist-v4 89.175.8.44/30 -add blacklist-v4 89.175.8.52/30 -add blacklist-v4 89.175.8.68/30 -add blacklist-v4 89.175.9.4/30 -add blacklist-v4 89.179.155.192/28 -add blacklist-v4 89.179.179.16/28 -add blacklist-v4 89.179.181.0/24 -add blacklist-v4 89.208.196.0/22 -add blacklist-v4 89.208.196.0/23 -add blacklist-v4 89.208.198.0/23 -add blacklist-v4 89.208.208.0/22 -add blacklist-v4 89.208.208.0/23 -add blacklist-v4 89.208.210.0/23 -add blacklist-v4 89.208.216.0/21 -add blacklist-v4 89.208.216.0/23 -add blacklist-v4 89.208.218.0/23 -add blacklist-v4 89.208.220.0/22 -add blacklist-v4 89.208.228.0/22 -add blacklist-v4 89.208.228.0/23 -add blacklist-v4 89.208.230.0/23 -add blacklist-v4 89.208.84.0/22 -add blacklist-v4 89.208.84.0/23 -add blacklist-v4 89.208.86.0/23 -add blacklist-v4 89.21.129.16/28 -add blacklist-v4 89.21.140.104/29 -add blacklist-v4 89.21.152.104/29 -add blacklist-v4 89.221.228.0/22 -add blacklist-v4 89.221.232.0/21 -add blacklist-v4 89.221.232.0/22 -add blacklist-v4 89.221.235.0/24 -add blacklist-v4 89.221.236.0/22 -add blacklist-v4 89.28.253.168/29 -add blacklist-v4 89.28.255.56/29 -add blacklist-v4 90.150.176.52/30 -add blacklist-v4 90.150.189.128/29 -add blacklist-v4 90.150.189.136/29 -add blacklist-v4 90.150.189.144/29 -add blacklist-v4 90.150.189.152/29 -add blacklist-v4 90.150.189.160/29 -add blacklist-v4 90.150.189.168/29 -add blacklist-v4 90.150.189.176/29 -add blacklist-v4 90.150.189.184/29 -add blacklist-v4 90.150.189.192/29 -add blacklist-v4 90.150.189.200/29 -add blacklist-v4 90.150.189.208/29 -add blacklist-v4 90.150.189.216/29 -add blacklist-v4 90.150.189.224/29 -add blacklist-v4 90.150.189.232/29 -add blacklist-v4 90.150.189.248/29 -add blacklist-v4 90.150.189.32/29 -add blacklist-v4 90.156.148.0/22 -add blacklist-v4 90.156.148.0/23 -add blacklist-v4 90.156.150.0/23 -add blacklist-v4 90.156.151.0/24 -add blacklist-v4 90.156.212.0/22 -add blacklist-v4 90.156.212.0/23 -add blacklist-v4 90.156.214.0/23 -add blacklist-v4 90.156.216.0/22 -add blacklist-v4 90.156.216.0/23 -add blacklist-v4 90.156.218.0/23 -add blacklist-v4 90.156.232.0/21 -add blacklist-v4 91.103.194.184/29 -add blacklist-v4 91.135.212.0/22 -add blacklist-v4 91.135.216.0/21 -add blacklist-v4 91.135.220.0/24 -add blacklist-v4 91.135.221.0/24 -add blacklist-v4 91.195.136.0/23 -add blacklist-v4 91.208.20.0/24 -add blacklist-v4 91.215.168.0/22 -add blacklist-v4 91.217.34.0/23 -add blacklist-v4 91.219.192.0/22 -add blacklist-v4 91.219.224.0/22 -add blacklist-v4 91.221.140.0/23 -add blacklist-v4 91.221.140.0/24 -add blacklist-v4 91.221.141.0/24 -add blacklist-v4 91.226.250.0/24 -add blacklist-v4 91.227.32.0/24 -add blacklist-v4 91.231.132.0/22 -add blacklist-v4 91.231.132.0/24 -add blacklist-v4 91.231.133.0/24 -add blacklist-v4 91.231.134.0/24 -add blacklist-v4 91.237.76.0/24 -add blacklist-v4 92.101.253.152/29 -add blacklist-v4 92.101.253.96/29 -add blacklist-v4 92.38.217.0/24 -add blacklist-v4 92.39.106.168/30 -add blacklist-v4 92.39.106.20/30 -add blacklist-v4 92.39.111.84/30 -add blacklist-v4 92.39.128.0/21 -add blacklist-v4 92.50.198.124/30 -add blacklist-v4 92.50.198.72/30 -add blacklist-v4 92.50.219.136/29 -add blacklist-v4 92.50.238.224/29 -add blacklist-v4 93.153.134.112/29 -add blacklist-v4 93.153.135.88/30 -add blacklist-v4 93.153.136.132/30 -add blacklist-v4 93.153.142.4/30 -add blacklist-v4 93.153.144.60/30 -add blacklist-v4 93.153.171.204/30 -add blacklist-v4 93.153.172.100/30 -add blacklist-v4 93.153.175.44/30 -add blacklist-v4 93.153.183.104/30 -add blacklist-v4 93.153.194.160/29 -add blacklist-v4 93.153.220.192/29 -add blacklist-v4 93.153.223.8/29 -add blacklist-v4 93.153.229.232/29 -add blacklist-v4 93.153.244.188/30 -add blacklist-v4 93.153.244.248/29 -add blacklist-v4 93.153.251.0/24 -add blacklist-v4 93.153.255.84/30 -add blacklist-v4 93.178.104.32/30 -add blacklist-v4 93.178.104.36/30 -add blacklist-v4 93.178.104.64/30 -add blacklist-v4 93.178.104.68/30 -add blacklist-v4 93.178.106.0/26 -add blacklist-v4 93.186.224.0/20 -add blacklist-v4 93.186.224.0/21 -add blacklist-v4 93.186.232.0/21 -add blacklist-v4 93.188.20.72/29 -add blacklist-v4 93.190.110.0/24 -add blacklist-v4 94.100.176.0/20 -add blacklist-v4 94.100.176.0/21 -add blacklist-v4 94.100.184.0/21 -add blacklist-v4 94.124.192.192/29 -add blacklist-v4 94.139.244.0/22 -add blacklist-v4 94.139.244.0/23 -add blacklist-v4 94.139.244.0/24 -add blacklist-v4 94.139.246.0/23 -add blacklist-v4 94.199.64.0/21 -add blacklist-v4 94.25.119.228/30 -add blacklist-v4 94.25.53.56/29 -add blacklist-v4 94.25.57.176/29 -add blacklist-v4 94.25.57.224/28 -add blacklist-v4 94.25.65.16/29 -add blacklist-v4 94.25.70.64/30 -add blacklist-v4 94.25.90.240/29 -add blacklist-v4 94.25.95.136/30 -add blacklist-v4 95.142.192.0/20 -add blacklist-v4 95.142.192.0/21 -add blacklist-v4 95.142.200.0/21 -add blacklist-v4 95.142.201.0/24 -add blacklist-v4 95.142.202.0/24 -add blacklist-v4 95.142.203.0/24 -add blacklist-v4 95.142.204.0/23 -add blacklist-v4 95.142.207.0/24 -add blacklist-v4 95.163.133.0/24 -add blacklist-v4 95.163.180.0/22 -add blacklist-v4 95.163.180.0/23 -add blacklist-v4 95.163.182.0/23 -add blacklist-v4 95.163.208.0/21 -add blacklist-v4 95.163.208.0/23 -add blacklist-v4 95.163.210.0/23 -add blacklist-v4 95.163.212.0/22 -add blacklist-v4 95.163.216.0/22 -add blacklist-v4 95.163.216.0/23 -add blacklist-v4 95.163.218.0/23 -add blacklist-v4 95.163.248.0/21 -add blacklist-v4 95.163.248.0/22 -add blacklist-v4 95.163.252.0/23 -add blacklist-v4 95.163.254.0/23 -add blacklist-v4 95.163.32.0/19 -add blacklist-v4 95.163.32.0/22 -add blacklist-v4 95.163.36.0/22 -add blacklist-v4 95.163.40.0/21 -add blacklist-v4 95.163.48.0/20 -add blacklist-v4 95.167.113.48/30 -add blacklist-v4 95.167.114.48/30 -add blacklist-v4 95.167.121.68/30 -add blacklist-v4 95.167.122.128/28 -add blacklist-v4 95.167.142.32/30 -add blacklist-v4 95.167.157.156/30 -add blacklist-v4 95.167.162.236/30 -add blacklist-v4 95.167.162.76/30 -add blacklist-v4 95.167.176.0/23 -add blacklist-v4 95.167.2.4/30 -add blacklist-v4 95.167.21.104/29 -add blacklist-v4 95.167.213.0/24 -add blacklist-v4 95.167.29.104/29 -add blacklist-v4 95.167.4.168/29 -add blacklist-v4 95.167.5.64/28 -add blacklist-v4 95.167.5.80/28 -add blacklist-v4 95.167.54.76/30 -add blacklist-v4 95.167.59.244/30 -add blacklist-v4 95.167.64.20/30 -add blacklist-v4 95.167.68.216/29 -add blacklist-v4 95.167.69.116/30 -add blacklist-v4 95.167.70.136/29 -add blacklist-v4 95.167.70.176/28 -add blacklist-v4 95.167.70.32/28 -add blacklist-v4 95.167.72.140/30 -add blacklist-v4 95.167.72.204/30 -add blacklist-v4 95.167.72.48/30 -add blacklist-v4 95.167.74.136/29 -add blacklist-v4 95.167.74.180/30 -add blacklist-v4 95.167.76.160/27 -add blacklist-v4 95.167.99.48/28 -add blacklist-v4 95.173.128.0/19 -add blacklist-v4 95.173.128.0/20 -add blacklist-v4 95.173.144.0/20 -add blacklist-v4 95.213.0.0/17 -add blacklist-v4 95.213.0.0/18 -add blacklist-v4 95.213.0.0/20 -add blacklist-v4 95.213.16.0/21 -add blacklist-v4 95.213.24.0/23 -add blacklist-v4 95.213.26.0/24 -add blacklist-v4 95.213.27.0/24 -add blacklist-v4 95.213.28.0/24 -add blacklist-v4 95.213.29.0/24 -add blacklist-v4 95.213.30.0/24 -add blacklist-v4 95.213.31.0/24 -add blacklist-v4 95.213.32.0/24 -add blacklist-v4 95.213.33.0/24 -add blacklist-v4 95.213.34.0/23 -add blacklist-v4 95.213.36.0/22 -add blacklist-v4 95.213.40.0/21 -add blacklist-v4 95.213.44.0/24 -add blacklist-v4 95.213.45.0/24 -add blacklist-v4 95.213.48.0/20 -add blacklist-v4 95.213.64.0/18 -add blacklist-v4 95.53.248.0/29 -add blacklist-v4 95.54.193.80/28 diff --git a/blacklists_iptables/blacklist-v6.ipset b/blacklists_iptables/blacklist-v6.ipset deleted file mode 100644 index a159193..0000000 --- a/blacklists_iptables/blacklist-v6.ipset +++ /dev/null @@ -1,40 +0,0 @@ -# IPSet blacklist configuration (IPv6 only) -# Auto-generated from blacklist-v6.txt -# Last updated: 2026-03-26 09:38:26 UTC -# -# Usage: -# 1. Load the ipset: -# ipset restore < blacklist-v6.ipset -# -# 2. Use with iptables/ip6tables: -# ip6tables -I INPUT -m set --match-set blacklist-v6 src -m conntrack --ctstate NEW -j DROP -# ip6tables -I FORWARD -m set --match-set blacklist-v6 src -m conntrack --ctstate NEW -j DROP -# -# 3. To flush/delete the set: -# ipset flush blacklist-v6 -# ipset destroy blacklist-v6 -# - -create blacklist-v6 hash:net family inet6 hashsize 1024 maxelem 44 -add blacklist-v6 2a00:1148::/29 -add blacklist-v6 2a00:1148::/32 -add blacklist-v6 2a00:46e0:2::/48 -add blacklist-v6 2a00:46e0::/32 -add blacklist-v6 2a00:a300::/32 -add blacklist-v6 2a00:b4c0::/32 -add blacklist-v6 2a00:bdc0:8000::/34 -add blacklist-v6 2a00:bdc0::/33 -add blacklist-v6 2a00:bdc0:c000::/35 -add blacklist-v6 2a00:bdc0:e002::/48 -add blacklist-v6 2a00:bdc0:e003::/48 -add blacklist-v6 2a00:bdc0:e004::/48 -add blacklist-v6 2a00:bdc0:e005::/48 -add blacklist-v6 2a00:bdc0:e007::/48 -add blacklist-v6 2a00:bdc0:f000::/36 -add blacklist-v6 2a00:bdc1::/32 -add blacklist-v6 2a00:bdc2::/31 -add blacklist-v6 2a00:bdc4::/30 -add blacklist-v6 2a14:25c0::/32 -add blacklist-v6 2a14:25c5::/32 -add blacklist-v6 2a14:25c6::/32 -add blacklist-v6 2a14:25c7::/32 diff --git a/blacklists_iptables/blacklist-vk-v4.ipset b/blacklists_iptables/blacklist-vk-v4.ipset deleted file mode 100644 index 18fe519..0000000 --- a/blacklists_iptables/blacklist-vk-v4.ipset +++ /dev/null @@ -1,284 +0,0 @@ -# IPSet blacklist configuration (VK names, IPv4 only) -# Auto-generated from blacklist-vk-v4.txt -# Last updated: 2026-03-26 09:38:26 UTC -# -# Usage: -# 1. Load the ipset: -# ipset restore < blacklist-vk-v4.ipset -# -# 2. Use with iptables/ip6tables: -# iptables -I OUTPUT -m set --match-set blacklist-vk-v4 dst -j REJECT -# iptables -I FORWARD -m set --match-set blacklist-vk-v4 dst -j REJECT -# -# 3. To flush/delete the set: -# ipset flush blacklist-vk-v4 -# ipset destroy blacklist-vk-v4 -# - -create blacklist-vk-v4 hash:net family inet hashsize 1024 maxelem 532 -add blacklist-vk-v4 109.120.180.0/22 -add blacklist-vk-v4 109.120.180.0/23 -add blacklist-vk-v4 109.120.182.0/23 -add blacklist-vk-v4 109.120.188.0/22 -add blacklist-vk-v4 109.120.188.0/23 -add blacklist-vk-v4 109.120.190.0/23 -add blacklist-vk-v4 128.140.168.0/21 -add blacklist-vk-v4 128.140.168.0/23 -add blacklist-vk-v4 128.140.170.0/24 -add blacklist-vk-v4 128.140.171.0/24 -add blacklist-vk-v4 128.140.172.0/22 -add blacklist-vk-v4 130.49.224.0/19 -add blacklist-vk-v4 146.185.208.0/22 -add blacklist-vk-v4 146.185.208.0/23 -add blacklist-vk-v4 146.185.210.0/23 -add blacklist-vk-v4 146.185.240.0/22 -add blacklist-vk-v4 146.185.240.0/23 -add blacklist-vk-v4 146.185.242.0/23 -add blacklist-vk-v4 155.212.192.0/20 -add blacklist-vk-v4 176.112.168.0/21 -add blacklist-vk-v4 178.22.88.0/21 -add blacklist-vk-v4 178.22.89.64/26 -add blacklist-vk-v4 178.22.94.0/23 -add blacklist-vk-v4 178.237.16.0/20 -add blacklist-vk-v4 178.237.16.0/21 -add blacklist-vk-v4 178.237.24.0/22 -add blacklist-vk-v4 178.237.30.0/23 -add blacklist-vk-v4 185.100.104.0/22 -add blacklist-vk-v4 185.100.104.0/23 -add blacklist-vk-v4 185.100.106.0/23 -add blacklist-vk-v4 185.130.112.0/22 -add blacklist-vk-v4 185.130.112.0/23 -add blacklist-vk-v4 185.130.114.0/23 -add blacklist-vk-v4 185.131.68.0/22 -add blacklist-vk-v4 185.16.148.0/22 -add blacklist-vk-v4 185.16.148.0/23 -add blacklist-vk-v4 185.16.150.0/23 -add blacklist-vk-v4 185.16.244.0/22 -add blacklist-vk-v4 185.16.244.0/23 -add blacklist-vk-v4 185.16.246.0/23 -add blacklist-vk-v4 185.180.200.0/22 -add blacklist-vk-v4 185.187.63.0/24 -add blacklist-vk-v4 185.187.63.0/25 -add blacklist-vk-v4 185.187.63.128/25 -add blacklist-vk-v4 185.226.52.0/22 -add blacklist-vk-v4 185.226.52.0/23 -add blacklist-vk-v4 185.226.54.0/23 -add blacklist-vk-v4 185.241.192.0/22 -add blacklist-vk-v4 185.241.192.0/23 -add blacklist-vk-v4 185.241.194.0/23 -add blacklist-vk-v4 185.29.128.0/22 -add blacklist-vk-v4 185.29.130.0/24 -add blacklist-vk-v4 185.32.248.0/22 -add blacklist-vk-v4 185.32.248.0/23 -add blacklist-vk-v4 185.32.250.0/23 -add blacklist-vk-v4 185.5.136.0/22 -add blacklist-vk-v4 185.5.136.0/23 -add blacklist-vk-v4 185.5.138.0/23 -add blacklist-vk-v4 185.6.244.0/22 -add blacklist-vk-v4 185.6.244.0/23 -add blacklist-vk-v4 185.6.246.0/23 -add blacklist-vk-v4 185.86.144.0/22 -add blacklist-vk-v4 185.86.144.0/23 -add blacklist-vk-v4 185.86.146.0/23 -add blacklist-vk-v4 188.93.56.0/21 -add blacklist-vk-v4 188.93.56.0/24 -add blacklist-vk-v4 188.93.57.0/24 -add blacklist-vk-v4 188.93.58.0/24 -add blacklist-vk-v4 188.93.60.0/24 -add blacklist-vk-v4 188.93.61.0/24 -add blacklist-vk-v4 188.93.62.0/24 -add blacklist-vk-v4 193.203.40.0/22 -add blacklist-vk-v4 194.84.16.12/30 -add blacklist-vk-v4 195.211.20.0/22 -add blacklist-vk-v4 195.211.22.0/24 -add blacklist-vk-v4 195.211.23.0/24 -add blacklist-vk-v4 212.111.84.0/22 -add blacklist-vk-v4 212.233.120.0/22 -add blacklist-vk-v4 212.233.72.0/21 -add blacklist-vk-v4 212.233.88.0/21 -add blacklist-vk-v4 212.233.96.0/22 -add blacklist-vk-v4 213.219.212.0/22 -add blacklist-vk-v4 213.219.212.0/23 -add blacklist-vk-v4 213.219.214.0/23 -add blacklist-vk-v4 217.16.16.0/20 -add blacklist-vk-v4 217.16.16.0/21 -add blacklist-vk-v4 217.16.24.0/21 -add blacklist-vk-v4 217.174.188.0/23 -add blacklist-vk-v4 217.20.144.0/20 -add blacklist-vk-v4 217.20.144.0/22 -add blacklist-vk-v4 217.20.148.0/24 -add blacklist-vk-v4 217.20.149.0/24 -add blacklist-vk-v4 217.20.150.0/23 -add blacklist-vk-v4 217.20.152.0/22 -add blacklist-vk-v4 217.20.156.0/23 -add blacklist-vk-v4 217.20.158.0/24 -add blacklist-vk-v4 217.20.159.0/24 -add blacklist-vk-v4 217.69.128.0/20 -add blacklist-vk-v4 217.69.128.0/21 -add blacklist-vk-v4 217.69.136.0/21 -add blacklist-vk-v4 37.139.32.0/22 -add blacklist-vk-v4 37.139.32.0/23 -add blacklist-vk-v4 37.139.34.0/23 -add blacklist-vk-v4 37.139.40.0/22 -add blacklist-vk-v4 37.139.40.0/23 -add blacklist-vk-v4 37.139.42.0/23 -add blacklist-vk-v4 45.136.20.0/22 -add blacklist-vk-v4 45.136.20.0/23 -add blacklist-vk-v4 45.136.22.0/23 -add blacklist-vk-v4 45.84.128.0/22 -add blacklist-vk-v4 45.84.128.0/23 -add blacklist-vk-v4 45.84.130.0/23 -add blacklist-vk-v4 5.101.40.0/22 -add blacklist-vk-v4 5.101.40.0/23 -add blacklist-vk-v4 5.101.42.0/23 -add blacklist-vk-v4 5.181.60.0/22 -add blacklist-vk-v4 5.181.60.0/24 -add blacklist-vk-v4 5.181.61.0/24 -add blacklist-vk-v4 5.181.62.0/23 -add blacklist-vk-v4 5.188.140.0/22 -add blacklist-vk-v4 5.188.140.0/23 -add blacklist-vk-v4 5.188.142.0/23 -add blacklist-vk-v4 5.61.16.0/21 -add blacklist-vk-v4 5.61.16.0/22 -add blacklist-vk-v4 5.61.20.0/22 -add blacklist-vk-v4 5.61.232.0/21 -add blacklist-vk-v4 5.61.232.0/22 -add blacklist-vk-v4 5.61.236.0/23 -add blacklist-vk-v4 5.61.238.0/24 -add blacklist-vk-v4 5.61.239.0/27 -add blacklist-vk-v4 5.61.239.128/25 -add blacklist-vk-v4 5.61.239.40/29 -add blacklist-vk-v4 5.61.239.48/28 -add blacklist-vk-v4 5.61.239.64/26 -add blacklist-vk-v4 62.217.160.0/20 -add blacklist-vk-v4 62.217.160.0/21 -add blacklist-vk-v4 62.217.168.0/21 -add blacklist-vk-v4 79.137.132.0/24 -add blacklist-vk-v4 79.137.132.0/25 -add blacklist-vk-v4 79.137.132.128/25 -add blacklist-vk-v4 79.137.139.0/24 -add blacklist-vk-v4 79.137.139.0/25 -add blacklist-vk-v4 79.137.139.128/25 -add blacklist-vk-v4 79.137.157.0/25 -add blacklist-vk-v4 79.137.157.128/25 -add blacklist-vk-v4 79.137.164.0/24 -add blacklist-vk-v4 79.137.164.0/25 -add blacklist-vk-v4 79.137.164.128/25 -add blacklist-vk-v4 79.137.167.0/24 -add blacklist-vk-v4 79.137.167.0/25 -add blacklist-vk-v4 79.137.167.128/25 -add blacklist-vk-v4 79.137.174.0/23 -add blacklist-vk-v4 79.137.174.0/24 -add blacklist-vk-v4 79.137.175.0/24 -add blacklist-vk-v4 79.137.180.0/24 -add blacklist-vk-v4 79.137.180.0/25 -add blacklist-vk-v4 79.137.180.128/25 -add blacklist-vk-v4 79.137.240.0/21 -add blacklist-vk-v4 79.137.240.0/22 -add blacklist-vk-v4 79.137.244.0/22 -add blacklist-vk-v4 83.166.232.0/21 -add blacklist-vk-v4 83.166.232.0/22 -add blacklist-vk-v4 83.166.236.0/22 -add blacklist-vk-v4 83.166.248.0/21 -add blacklist-vk-v4 83.166.248.0/22 -add blacklist-vk-v4 83.166.252.0/22 -add blacklist-vk-v4 83.217.216.0/22 -add blacklist-vk-v4 83.217.216.0/23 -add blacklist-vk-v4 83.217.218.0/23 -add blacklist-vk-v4 83.222.28.0/22 -add blacklist-vk-v4 84.23.52.0/22 -add blacklist-vk-v4 84.23.52.0/23 -add blacklist-vk-v4 84.23.54.0/23 -add blacklist-vk-v4 85.114.31.108/30 -add blacklist-vk-v4 85.192.32.0/22 -add blacklist-vk-v4 85.192.32.0/23 -add blacklist-vk-v4 85.192.34.0/23 -add blacklist-vk-v4 85.198.106.0/24 -add blacklist-vk-v4 85.198.107.0/24 -add blacklist-vk-v4 87.239.104.0/21 -add blacklist-vk-v4 87.239.104.0/22 -add blacklist-vk-v4 87.239.108.0/22 -add blacklist-vk-v4 87.240.128.0/18 -add blacklist-vk-v4 87.240.128.0/19 -add blacklist-vk-v4 87.240.160.0/19 -add blacklist-vk-v4 87.242.112.0/22 -add blacklist-vk-v4 89.208.196.0/22 -add blacklist-vk-v4 89.208.196.0/23 -add blacklist-vk-v4 89.208.198.0/23 -add blacklist-vk-v4 89.208.208.0/22 -add blacklist-vk-v4 89.208.208.0/23 -add blacklist-vk-v4 89.208.210.0/23 -add blacklist-vk-v4 89.208.216.0/21 -add blacklist-vk-v4 89.208.216.0/23 -add blacklist-vk-v4 89.208.218.0/23 -add blacklist-vk-v4 89.208.220.0/22 -add blacklist-vk-v4 89.208.228.0/22 -add blacklist-vk-v4 89.208.228.0/23 -add blacklist-vk-v4 89.208.230.0/23 -add blacklist-vk-v4 89.208.84.0/22 -add blacklist-vk-v4 89.208.84.0/23 -add blacklist-vk-v4 89.208.86.0/23 -add blacklist-vk-v4 89.221.228.0/22 -add blacklist-vk-v4 89.221.232.0/21 -add blacklist-vk-v4 90.156.148.0/22 -add blacklist-vk-v4 90.156.148.0/23 -add blacklist-vk-v4 90.156.150.0/23 -add blacklist-vk-v4 90.156.212.0/22 -add blacklist-vk-v4 90.156.212.0/23 -add blacklist-vk-v4 90.156.214.0/23 -add blacklist-vk-v4 90.156.216.0/22 -add blacklist-vk-v4 90.156.216.0/23 -add blacklist-vk-v4 90.156.218.0/23 -add blacklist-vk-v4 90.156.232.0/21 -add blacklist-vk-v4 91.219.224.0/22 -add blacklist-vk-v4 91.231.132.0/22 -add blacklist-vk-v4 91.237.76.0/24 -add blacklist-vk-v4 93.153.255.84/30 -add blacklist-vk-v4 93.186.224.0/20 -add blacklist-vk-v4 93.186.224.0/21 -add blacklist-vk-v4 93.186.232.0/21 -add blacklist-vk-v4 94.100.176.0/20 -add blacklist-vk-v4 94.100.176.0/21 -add blacklist-vk-v4 94.100.184.0/21 -add blacklist-vk-v4 94.139.244.0/22 -add blacklist-vk-v4 94.139.244.0/23 -add blacklist-vk-v4 94.139.246.0/23 -add blacklist-vk-v4 95.142.192.0/20 -add blacklist-vk-v4 95.142.192.0/21 -add blacklist-vk-v4 95.142.200.0/21 -add blacklist-vk-v4 95.163.180.0/22 -add blacklist-vk-v4 95.163.180.0/23 -add blacklist-vk-v4 95.163.182.0/23 -add blacklist-vk-v4 95.163.208.0/21 -add blacklist-vk-v4 95.163.208.0/23 -add blacklist-vk-v4 95.163.210.0/23 -add blacklist-vk-v4 95.163.212.0/22 -add blacklist-vk-v4 95.163.216.0/22 -add blacklist-vk-v4 95.163.216.0/23 -add blacklist-vk-v4 95.163.218.0/23 -add blacklist-vk-v4 95.163.248.0/21 -add blacklist-vk-v4 95.163.248.0/22 -add blacklist-vk-v4 95.163.252.0/23 -add blacklist-vk-v4 95.163.254.0/23 -add blacklist-vk-v4 95.163.32.0/19 -add blacklist-vk-v4 95.163.32.0/22 -add blacklist-vk-v4 95.163.36.0/22 -add blacklist-vk-v4 95.163.40.0/21 -add blacklist-vk-v4 95.163.48.0/20 -add blacklist-vk-v4 95.213.0.0/17 -add blacklist-vk-v4 95.213.0.0/20 -add blacklist-vk-v4 95.213.16.0/21 -add blacklist-vk-v4 95.213.24.0/23 -add blacklist-vk-v4 95.213.26.0/24 -add blacklist-vk-v4 95.213.27.0/24 -add blacklist-vk-v4 95.213.28.0/24 -add blacklist-vk-v4 95.213.29.0/24 -add blacklist-vk-v4 95.213.30.0/24 -add blacklist-vk-v4 95.213.31.0/24 -add blacklist-vk-v4 95.213.32.0/24 -add blacklist-vk-v4 95.213.33.0/24 -add blacklist-vk-v4 95.213.34.0/23 -add blacklist-vk-v4 95.213.36.0/22 -add blacklist-vk-v4 95.213.40.0/21 -add blacklist-vk-v4 95.213.48.0/20 -add blacklist-vk-v4 95.213.64.0/18 diff --git a/blacklists_iptables/blacklist-vk-v6.ipset b/blacklists_iptables/blacklist-vk-v6.ipset deleted file mode 100644 index 471c189..0000000 --- a/blacklists_iptables/blacklist-vk-v6.ipset +++ /dev/null @@ -1,19 +0,0 @@ -# IPSet blacklist configuration (VK names, IPv6 only) -# Auto-generated from blacklist-vk-v6.txt -# Last updated: 2026-03-26 09:38:26 UTC -# -# Usage: -# 1. Load the ipset: -# ipset restore < blacklist-vk-v6.ipset -# -# 2. Use with iptables/ip6tables: -# ip6tables -I OUTPUT -m set --match-set blacklist-vk-v6 dst -j REJECT -# ip6tables -I FORWARD -m set --match-set blacklist-vk-v6 dst -j REJECT -# -# 3. To flush/delete the set: -# ipset flush blacklist-vk-v6 -# ipset destroy blacklist-vk-v6 -# - -create blacklist-vk-v6 hash:net family inet6 hashsize 1024 maxelem 2 -add blacklist-vk-v6 2a00:bdc0::/29 diff --git a/blacklists_nftables/README.md b/blacklists_nftables/README.md index d0d6c6f..fdc7a79 100644 --- a/blacklists_nftables/README.md +++ b/blacklists_nftables/README.md @@ -1,6 +1,6 @@ # nftables blacklists -Short: ready-to-use nftables blacklist files (general and VK-only, separated by IPv4/IPv6). +Short: ready-to-use nftables set files (general and VK-only, separated by IPv4/IPv6). ## Download links @@ -15,7 +15,7 @@ Short: ready-to-use nftables blacklist files (general and VK-only, separated by ### 1) Protect VM from incoming connections (general blacklists) -Load either mixed or split general files: +Load either mixed or split general set files: ```bash sudo nft -f blacklist.nft @@ -34,7 +34,7 @@ sudo nft add rule inet filter input ip6 saddr @blacklist_v6 counter reject ### 2) Block VK outbound traffic for VPN clients via NAT/FORWARD -Load either mixed or split VK files: +Load either mixed or split VK set files: ```bash sudo nft -f blacklist-vk.nft diff --git a/blacklists_nftables/blacklist-v4.nft b/blacklists_nftables/blacklist-v4.nft deleted file mode 100644 index 68ff899..0000000 --- a/blacklists_nftables/blacklist-v4.nft +++ /dev/null @@ -1,839 +0,0 @@ -# Autogenerated nftables blacklist -# Generated: 2026-03-26T09:38:27.148618Z -# Source: /tmp/blacklist-v4.txt -# IPv4: 804, IPv6: 0 -# -# Usage: -# sudo nft -f -# # VM protection from incoming blacklist sources -# sudo nft add chain inet filter input '{ type filter hook input priority 0; policy accept; }' -# sudo nft add rule inet filter input ip saddr @blacklist_v4 counter reject -# sudo nft add rule inet filter input ip6 saddr @blacklist_v6 counter reject - -table inet filter { - - set blacklist_v4 { - type ipv4_addr - flags interval - elements = { - 5.61.16.0/21, - 5.61.232.0/21, - 5.101.40.0/22, - 5.181.60.0/22, - 5.188.140.0/22, - 31.44.63.64/29, - 31.177.95.0/24, - 31.177.104.0/22, - 37.28.161.48/30, - 37.29.53.16/30, - 37.29.57.52/30, - 37.29.57.64/30, - 37.29.59.56/30, - 37.139.32.0/22, - 37.139.40.0/22, - 45.84.128.0/22, - 45.136.20.0/22, - 46.20.70.160/28, - 46.29.152.0/22, - 46.46.142.160/28, - 46.46.148.40/29, - 46.47.197.128/30, - 46.47.199.76/30, - 46.47.203.52/30, - 46.47.207.96/30, - 46.47.208.84/30, - 46.47.210.76/30, - 46.47.211.0/24, - 46.47.212.204/30, - 46.47.213.0/24, - 46.47.214.200/30, - 46.47.219.200/30, - 46.47.223.196/30, - 46.47.229.0/28, - 46.47.238.144/30, - 46.47.249.176/29, - 46.61.208.0/24, - 46.228.0.232/29, - 62.5.130.104/29, - 62.5.132.224/29, - 62.5.189.80/29, - 62.5.202.60/30, - 62.5.218.204/30, - 62.5.224.188/30, - 62.5.242.80/28, - 62.28.169.168/30, - 62.33.34.16/28, - 62.33.87.128/28, - 62.33.199.80/29, - 62.63.96.32/28, - 62.63.98.24/29, - 62.63.100.160/30, - 62.63.101.80/29, - 62.76.98.0/24, - 62.105.158.200/29, - 62.112.110.64/28, - 62.118.101.184/29, - 62.118.113.232/29, - 62.118.125.188/30, - 62.118.127.240/28, - 62.118.193.8/29, - 62.118.205.68/30, - 62.118.208.100/30, - 62.118.209.192/30, - 62.118.216.60/30, - 62.118.219.184/30, - 62.118.230.4/30, - 62.118.233.224/29, - 62.118.234.64/29, - 62.118.239.128/29, - 62.141.125.0/25, - 62.217.160.0/20, - 77.34.209.160/28, - 77.35.76.80/28, - 77.35.98.240/28, - 77.37.128.0/17, - 77.72.139.0/28, - 77.82.124.112/29, - 77.243.9.80/28, - 78.24.159.48/29, - 78.37.67.24/29, - 78.37.69.160/27, - 78.37.84.120/29, - 78.37.97.88/29, - 78.37.104.0/29, - 78.107.3.208/28, - 78.107.13.208/28, - 78.107.16.96/28, - 78.107.18.112/28, - 78.107.40.160/28, - 78.107.42.144/28, - 78.107.51.16/28, - 78.107.61.96/28, - 78.107.86.32/28, - 78.108.192.0/21, - 78.108.200.0/24, - 78.109.140.112/29, - 79.133.74.160/30, - 79.133.74.168/30, - 79.133.75.44/30, - 79.133.75.176/30, - 79.137.132.0/24, - 79.137.139.0/24, - 79.137.140.0/24, - 79.137.142.0/24, - 79.137.157.0/24, - 79.137.164.0/24, - 79.137.167.0/24, - 79.137.174.0/23, - 79.137.180.0/24, - 79.137.183.0/24, - 79.137.240.0/21, - 79.142.88.0/28, - 79.143.229.0/24, - 79.143.230.0/24, - 79.143.232.0/24, - 80.73.16.0/20, - 80.73.168.80/28, - 80.73.169.244/30, - 80.82.43.24/29, - 80.89.152.220/30, - 80.237.11.88/29, - 80.237.39.112/29, - 80.237.98.80/28, - 80.247.32.0/20, - 80.254.100.40/29, - 80.254.119.168/29, - 81.1.195.0/28, - 81.1.205.96/27, - 81.2.1.0/28, - 81.2.10.192/27, - 81.3.168.148/30, - 81.17.2.192/28, - 81.17.3.16/29, - 81.176.70.0/26, - 81.176.235.0/27, - 81.177.12.0/24, - 81.177.31.64/26, - 81.177.156.0/24, - 81.195.36.48/28, - 81.195.44.248/30, - 81.195.45.64/30, - 81.195.50.72/29, - 81.195.90.44/30, - 81.195.92.48/30, - 81.195.93.192/27, - 81.195.94.72/29, - 81.195.105.160/28, - 81.195.108.164/30, - 81.195.112.36/30, - 81.195.118.48/30, - 81.195.118.128/30, - 81.195.120.16/29, - 81.195.124.52/30, - 81.195.125.96/30, - 81.195.148.140/30, - 81.195.150.248/30, - 81.195.151.0/24, - 81.195.155.0/30, - 81.195.161.12/30, - 81.195.164.0/24, - 81.195.165.64/28, - 81.195.168.24/30, - 81.195.177.160/30, - 81.195.178.224/27, - 81.195.182.64/28, - 81.195.192.96/30, - 81.195.231.128/26, - 81.195.244.32/29, - 81.195.245.0/28, - 81.195.247.128/28, - 81.195.250.16/29, - 81.211.32.16/28, - 81.222.194.200/29, - 81.222.209.136/29, - 81.222.210.24/29, - 82.140.65.240/29, - 82.142.162.104/29, - 82.151.107.136/29, - 82.162.72.208/28, - 82.162.76.176/28, - 82.162.80.192/28, - 82.162.87.192/28, - 82.162.90.0/28, - 82.162.103.144/28, - 82.162.126.96/28, - 82.162.149.160/28, - 82.162.157.64/28, - 82.162.158.176/28, - 82.162.172.112/28, - 82.179.86.32/27, - 82.196.69.152/30, - 82.196.130.0/27, - 82.198.176.16/29, - 82.198.176.144/29, - 82.198.176.208/29, - 82.198.189.128/26, - 82.198.190.64/26, - 82.198.191.96/27, - 82.198.191.248/29, - 82.200.13.0/27, - 82.200.22.136/29, - 82.200.22.144/28, - 82.200.64.0/24, - 82.208.68.240/28, - 82.208.77.104/29, - 82.208.81.0/24, - 82.208.93.160/27, - 83.69.207.248/29, - 83.149.42.64/29, - 83.166.232.0/21, - 83.166.248.0/21, - 83.172.36.224/29, - 83.217.216.0/22, - 83.219.5.248/29, - 83.219.6.72/29, - 83.219.13.128/29, - 83.219.13.184/29, - 83.219.23.8/29, - 83.219.23.48/29, - 83.219.25.0/29, - 83.219.25.112/29, - 83.219.138.16/28, - 83.220.53.16/28, - 83.222.28.0/22, - 83.229.181.192/26, - 83.229.232.16/29, - 84.23.52.0/22, - 84.53.210.144/28, - 84.204.7.144/29, - 84.204.93.232/30, - 84.204.143.44/30, - 84.204.154.16/30, - 84.204.170.220/30, - 84.204.217.164/30, - 84.204.245.208/29, - 85.21.99.48/28, - 85.21.99.64/28, - 85.21.102.224/28, - 85.21.103.64/28, - 85.21.104.192/27, - 85.21.148.0/26, - 85.21.149.48/28, - 85.21.155.208/28, - 85.21.157.48/28, - 85.21.204.208/28, - 85.90.98.144/30, - 85.90.99.168/29, - 85.90.100.72/29, - 85.90.101.112/28, - 85.90.101.192/29, - 85.90.102.168/29, - 85.90.120.72/29, - 85.90.121.72/29, - 85.90.125.96/29, - 85.90.127.16/29, - 85.94.52.160/27, - 85.94.53.32/28, - 85.114.30.192/30, - 85.114.30.204/30, - 85.114.31.108/30, - 85.114.93.88/29, - 85.141.17.24/30, - 85.141.17.112/30, - 85.141.18.80/30, - 85.141.19.56/30, - 85.141.21.236/30, - 85.141.28.0/30, - 85.141.31.68/30, - 85.141.32.96/28, - 85.141.33.0/28, - 85.141.33.64/28, - 85.141.60.96/28, - 85.141.61.160/28, - 85.143.125.0/24, - 85.146.204.44/30, - 85.192.32.0/22, - 85.198.106.0/23, - 85.236.29.160/27, - 86.102.72.240/28, - 86.102.74.64/28, - 86.102.100.48/28, - 86.102.108.32/28, - 86.102.109.32/27, - 86.102.115.80/28, - 86.102.126.80/28, - 86.102.126.160/28, - 87.117.18.144/29, - 87.117.20.64/26, - 87.117.20.128/28, - 87.117.21.0/26, - 87.117.21.64/28, - 87.117.21.80/29, - 87.117.23.128/28, - 87.117.31.56/29, - 87.225.56.224/28, - 87.226.156.64/26, - 87.226.191.0/24, - 87.226.213.0/24, - 87.226.239.180/30, - 87.237.47.204/30, - 87.239.104.0/21, - 87.240.128.0/18, - 87.242.112.0/22, - 87.245.133.0/24, - 87.249.3.64/28, - 87.249.5.48/30, - 87.249.7.120/29, - 87.249.16.32/28, - 87.249.18.60/30, - 87.249.22.72/29, - 87.249.28.232/29, - 87.249.30.176/30, - 88.83.195.248/30, - 88.151.200.0/24, - 88.200.208.112/29, - 89.21.129.16/28, - 89.21.140.104/29, - 89.21.152.104/29, - 89.28.253.168/29, - 89.28.255.56/29, - 89.106.172.160/29, - 89.107.123.120/29, - 89.107.123.136/29, - 89.107.127.136/29, - 89.109.7.176/29, - 89.109.250.28/30, - 89.109.250.80/30, - 89.109.250.88/29, - 89.109.250.96/30, - 89.109.250.132/30, - 89.109.250.140/30, - 89.111.176.0/22, - 89.175.6.64/27, - 89.175.8.36/30, - 89.175.8.40/29, - 89.175.8.52/30, - 89.175.8.68/30, - 89.175.8.104/30, - 89.175.8.140/30, - 89.175.8.192/30, - 89.175.9.4/30, - 89.175.10.160/30, - 89.175.165.208/28, - 89.175.170.144/28, - 89.175.174.136/29, - 89.175.176.88/30, - 89.175.176.140/30, - 89.175.176.176/30, - 89.175.188.184/29, - 89.179.155.192/28, - 89.179.179.16/28, - 89.179.181.0/24, - 89.208.84.0/22, - 89.208.196.0/22, - 89.208.208.0/22, - 89.208.216.0/21, - 89.208.228.0/22, - 89.221.228.0/22, - 89.221.232.0/21, - 90.150.176.52/30, - 90.150.189.32/29, - 90.150.189.128/26, - 90.150.189.192/27, - 90.150.189.224/28, - 90.150.189.248/29, - 90.156.148.0/22, - 90.156.212.0/22, - 90.156.216.0/22, - 90.156.232.0/21, - 91.103.194.184/29, - 91.135.212.0/22, - 91.135.216.0/21, - 91.195.136.0/23, - 91.208.20.0/24, - 91.215.168.0/22, - 91.217.34.0/23, - 91.219.192.0/22, - 91.219.224.0/22, - 91.221.140.0/23, - 91.226.250.0/24, - 91.227.32.0/24, - 91.231.132.0/22, - 91.237.76.0/24, - 92.38.217.0/24, - 92.39.106.20/30, - 92.39.106.168/30, - 92.39.111.84/30, - 92.39.128.0/21, - 92.50.198.72/30, - 92.50.198.124/30, - 92.50.219.136/29, - 92.50.238.224/29, - 92.101.253.96/29, - 92.101.253.152/29, - 93.153.134.112/29, - 93.153.135.88/30, - 93.153.136.132/30, - 93.153.142.4/30, - 93.153.144.60/30, - 93.153.171.204/30, - 93.153.172.100/30, - 93.153.175.44/30, - 93.153.183.104/30, - 93.153.194.160/29, - 93.153.220.192/29, - 93.153.223.8/29, - 93.153.229.232/29, - 93.153.244.188/30, - 93.153.244.248/29, - 93.153.251.0/24, - 93.153.255.84/30, - 93.178.104.32/29, - 93.178.104.64/29, - 93.178.106.0/26, - 93.186.224.0/20, - 93.188.20.72/29, - 93.190.110.0/24, - 94.25.53.56/29, - 94.25.57.176/29, - 94.25.57.224/28, - 94.25.65.16/29, - 94.25.70.64/30, - 94.25.90.240/29, - 94.25.95.136/30, - 94.25.119.228/30, - 94.100.176.0/20, - 94.124.192.192/29, - 94.139.244.0/22, - 94.199.64.0/21, - 95.53.248.0/29, - 95.54.193.80/28, - 95.142.192.0/20, - 95.163.32.0/19, - 95.163.133.0/24, - 95.163.180.0/22, - 95.163.208.0/21, - 95.163.216.0/22, - 95.163.248.0/21, - 95.167.2.4/30, - 95.167.4.168/29, - 95.167.5.64/27, - 95.167.21.104/29, - 95.167.29.104/29, - 95.167.54.76/30, - 95.167.59.244/30, - 95.167.64.20/30, - 95.167.68.216/29, - 95.167.69.116/30, - 95.167.70.32/28, - 95.167.70.136/29, - 95.167.70.176/28, - 95.167.72.48/30, - 95.167.72.140/30, - 95.167.72.204/30, - 95.167.74.136/29, - 95.167.74.180/30, - 95.167.76.160/27, - 95.167.99.48/28, - 95.167.113.48/30, - 95.167.114.48/30, - 95.167.121.68/30, - 95.167.122.128/28, - 95.167.142.32/30, - 95.167.157.156/30, - 95.167.162.76/30, - 95.167.162.236/30, - 95.167.176.0/23, - 95.167.213.0/24, - 95.173.128.0/19, - 95.213.0.0/17, - 109.73.4.224/27, - 109.120.180.0/22, - 109.120.188.0/22, - 109.124.66.128/30, - 109.124.66.160/28, - 109.124.71.64/29, - 109.124.78.108/30, - 109.124.80.132/30, - 109.124.83.20/30, - 109.124.87.96/29, - 109.124.89.36/30, - 109.124.89.140/30, - 109.124.89.212/30, - 109.124.90.32/30, - 109.124.90.128/30, - 109.124.97.4/30, - 109.124.99.16/30, - 109.124.99.160/28, - 109.124.119.88/29, - 109.204.204.232/29, - 109.207.0.0/20, - 109.232.187.16/29, - 109.248.197.0/24, - 128.140.168.0/21, - 130.49.224.0/19, - 145.255.238.240/28, - 146.185.208.0/22, - 146.185.240.0/22, - 149.62.55.240/30, - 155.212.192.0/20, - 176.109.0.0/21, - 176.112.168.0/21, - 176.116.96.0/20, - 178.16.156.148/30, - 178.17.176.0/20, - 178.20.234.224/29, - 178.22.88.0/21, - 178.49.148.176/29, - 178.237.16.0/20, - 178.237.206.0/24, - 178.237.240.0/20, - 178.248.232.60/32, - 178.248.232.137/32, - 178.248.233.26/32, - 178.248.233.32/32, - 178.248.233.60/32, - 178.248.233.136/32, - 178.248.233.244/31, - 178.248.234.30/32, - 178.248.234.33/32, - 178.248.234.60/32, - 178.248.234.79/32, - 178.248.234.83/32, - 178.248.234.136/32, - 178.248.234.204/32, - 178.248.234.228/32, - 178.248.234.238/32, - 178.248.235.60/32, - 178.248.235.75/32, - 178.248.235.244/32, - 178.248.236.20/32, - 178.248.236.83/32, - 178.248.236.244/32, - 178.248.237.18/32, - 178.248.237.98/32, - 178.248.237.136/32, - 178.248.237.242/32, - 178.248.238.55/32, - 178.248.238.102/32, - 178.248.238.128/31, - 178.248.238.136/32, - 178.248.238.155/32, - 178.248.238.172/32, - 178.248.238.205/32, - 178.248.238.255/32, - 178.248.239.215/32, - 185.5.136.0/22, - 185.6.244.0/22, - 185.7.234.188/30, - 185.16.148.0/22, - 185.16.244.0/22, - 185.29.128.0/22, - 185.32.248.0/22, - 185.65.149.170/32, - 185.86.144.0/22, - 185.100.104.0/22, - 185.130.112.0/22, - 185.131.68.0/22, - 185.149.160.0/22, - 185.168.60.0/22, - 185.179.224.0/22, - 185.180.200.0/22, - 185.183.172.0/22, - 185.187.63.0/24, - 185.224.228.0/22, - 185.226.52.0/22, - 185.241.192.0/22, - 188.93.56.0/21, - 188.128.8.240/30, - 188.128.11.196/30, - 188.128.89.0/30, - 188.128.92.104/30, - 188.128.94.204/30, - 188.128.98.204/30, - 188.128.101.108/30, - 188.128.112.216/29, - 188.128.112.240/29, - 188.128.113.0/28, - 188.128.114.128/28, - 188.128.115.232/29, - 188.128.118.224/27, - 188.128.119.104/30, - 188.128.122.240/30, - 188.247.36.124/30, - 188.247.36.128/28, - 188.247.36.204/30, - 193.33.230.0/23, - 193.47.146.0/24, - 193.203.40.0/22, - 193.232.70.0/24, - 194.8.70.0/23, - 194.8.246.0/23, - 194.67.63.200/30, - 194.84.16.12/30, - 194.140.247.0/24, - 194.150.202.0/23, - 194.165.22.0/23, - 194.186.63.0/24, - 194.186.112.80/28, - 194.190.9.0/24, - 194.215.248.0/24, - 194.226.80.0/20, - 194.226.116.0/22, - 194.226.127.0/24, - 195.3.240.0/22, - 195.16.55.224/27, - 195.42.75.8/29, - 195.54.20.168/29, - 195.54.28.72/30, - 195.54.221.0/24, - 195.58.5.16/29, - 195.58.13.120/30, - 195.58.21.196/30, - 195.58.29.57/32, - 195.58.30.164/30, - 195.58.30.200/29, - 195.80.224.0/24, - 195.98.38.16/28, - 195.98.43.104/29, - 195.98.73.56/29, - 195.98.77.100/30, - 195.128.157.0/24, - 195.131.7.8/29, - 195.131.53.248/29, - 195.131.61.80/29, - 195.131.63.24/29, - 195.144.226.224/28, - 195.144.232.144/30, - 195.144.240.128/28, - 195.149.110.0/24, - 195.151.25.48/29, - 195.162.36.64/28, - 195.170.218.24/29, - 195.170.218.88/29, - 195.182.142.128/26, - 195.182.145.64/28, - 195.182.151.212/30, - 195.182.151.216/30, - 195.182.155.164/30, - 195.182.156.96/30, - 195.209.120.0/22, - 195.211.20.0/22, - 195.218.175.40/29, - 195.218.190.0/23, - 195.226.203.0/24, - 195.239.80.32/29, - 195.239.113.0/24, - 195.239.247.0/24, - 212.13.104.116/30, - 212.13.113.100/30, - 212.15.105.64/28, - 212.15.114.156/30, - 212.15.115.80/28, - 212.17.8.176/29, - 212.17.9.144/28, - 212.17.16.192/27, - 212.17.17.176/28, - 212.23.85.48/30, - 212.23.85.56/29, - 212.32.198.64/29, - 212.48.34.176/28, - 212.48.53.76/30, - 212.48.53.84/30, - 212.48.53.88/29, - 212.48.53.100/30, - 212.48.53.144/30, - 212.48.53.152/29, - 212.48.53.160/29, - 212.48.53.184/29, - 212.48.53.192/29, - 212.48.53.200/30, - 212.48.53.216/30, - 212.48.53.236/30, - 212.48.53.240/28, - 212.48.54.0/30, - 212.48.54.8/29, - 212.48.54.16/28, - 212.48.54.32/29, - 212.48.54.44/30, - 212.48.54.48/28, - 212.48.54.64/28, - 212.48.54.80/29, - 212.48.54.92/30, - 212.48.54.96/27, - 212.48.54.128/27, - 212.48.54.164/30, - 212.48.54.168/29, - 212.48.54.176/28, - 212.48.54.196/30, - 212.48.54.200/30, - 212.48.54.208/28, - 212.48.54.240/28, - 212.48.134.192/26, - 212.48.138.240/28, - 212.48.141.160/27, - 212.49.107.224/27, - 212.49.124.0/26, - 212.57.133.0/24, - 212.57.159.0/24, - 212.59.98.48/29, - 212.59.99.96/27, - 212.111.84.0/22, - 212.119.174.0/23, - 212.120.169.48/29, - 212.120.174.88/29, - 212.120.184.48/28, - 212.120.184.64/29, - 212.120.189.208/29, - 212.120.189.224/29, - 212.120.190.112/29, - 212.120.190.240/29, - 212.120.191.120/29, - 212.120.191.248/29, - 212.192.156.0/22, - 212.233.72.0/21, - 212.233.88.0/21, - 212.233.96.0/22, - 212.233.120.0/22, - 213.24.34.0/24, - 213.24.75.0/24, - 213.24.76.0/23, - 213.24.128.0/22, - 213.24.143.0/24, - 213.24.152.0/22, - 213.24.160.0/28, - 213.33.171.240/29, - 213.59.59.16/29, - 213.59.59.64/29, - 213.59.59.120/29, - 213.59.59.128/29, - 213.59.59.144/29, - 213.59.59.168/29, - 213.59.91.48/29, - 213.59.91.128/27, - 213.59.91.176/28, - 213.85.2.64/28, - 213.85.2.80/29, - 213.85.20.8/30, - 213.85.20.32/30, - 213.85.20.84/30, - 213.85.77.64/27, - 213.85.142.176/28, - 213.147.55.108/30, - 213.172.4.192/26, - 213.172.17.252/30, - 213.172.18.60/30, - 213.172.18.124/30, - 213.172.18.148/30, - 213.172.18.160/29, - 213.172.18.252/30, - 213.172.27.0/30, - 213.172.27.116/30, - 213.172.27.160/30, - 213.172.27.204/30, - 213.172.27.212/30, - 213.172.27.224/30, - 213.172.27.252/30, - 213.172.30.136/30, - 213.176.232.0/22, - 213.177.111.0/24, - 213.183.253.56/29, - 213.219.212.0/22, - 213.219.237.68/30, - 213.234.8.8/30, - 213.234.13.60/30, - 213.234.15.228/30, - 213.234.15.248/30, - 213.234.18.52/30, - 213.242.204.76/30, - 213.242.204.236/30, - 213.242.205.88/30, - 213.242.215.68/30, - 213.242.215.192/29, - 213.243.84.80/28, - 213.243.106.48/28, - 213.243.116.0/24, - 217.16.16.0/20, - 217.20.86.128/26, - 217.20.86.232/29, - 217.20.144.0/20, - 217.23.88.168/29, - 217.23.88.248/29, - 217.27.142.176/30, - 217.65.214.24/29, - 217.65.219.160/29, - 217.67.177.208/29, - 217.69.128.0/20, - 217.106.0.0/16, - 217.107.5.8/29, - 217.107.5.16/28, - 217.107.5.40/29, - 217.107.5.80/28, - 217.107.5.96/29, - 217.107.5.112/29, - 217.107.200.0/21, - 217.147.23.112/28, - 217.148.216.156/30, - 217.148.220.160/29, - 217.172.18.0/23, - 217.174.188.0/22, - 217.195.92.16/28, - 217.195.93.144/29, - 217.195.94.200/29 - } - } - - set blacklist_v6 { - type ipv6_addr - flags interval - } - - chain input { - type filter hook input priority 0; - policy accept; - - ct state { established, related } accept - - ip saddr @blacklist_v4 counter drop - } -} \ No newline at end of file diff --git a/blacklists_nftables/blacklist-v6.nft b/blacklists_nftables/blacklist-v6.nft deleted file mode 100644 index fc91f0a..0000000 --- a/blacklists_nftables/blacklist-v6.nft +++ /dev/null @@ -1,52 +0,0 @@ -# Autogenerated nftables blacklist -# Generated: 2026-03-26T09:38:27.179873Z -# Source: /tmp/blacklist-v6.txt -# IPv4: 0, IPv6: 17 -# -# Usage: -# sudo nft -f -# # VM protection from incoming blacklist sources -# sudo nft add chain inet filter input '{ type filter hook input priority 0; policy accept; }' -# sudo nft add rule inet filter input ip saddr @blacklist_v4 counter reject -# sudo nft add rule inet filter input ip6 saddr @blacklist_v6 counter reject - -table inet filter { - - set blacklist_v4 { - type ipv4_addr - flags interval - } - - set blacklist_v6 { - type ipv6_addr - flags interval - elements = { - 2a00:1148::/29, - 2a00:46e0::/32, - 2a00:a300::/32, - 2a00:b4c0::/32, - 2a00:bdc0::/33, - 2a00:bdc0:8000::/34, - 2a00:bdc0:c000::/35, - 2a00:bdc0:e002::/47, - 2a00:bdc0:e004::/47, - 2a00:bdc0:e007::/48, - 2a00:bdc0:f000::/36, - 2a00:bdc1::/32, - 2a00:bdc2::/31, - 2a00:bdc4::/30, - 2a14:25c0::/32, - 2a14:25c5::/32, - 2a14:25c6::/31 - } - } - - chain input { - type filter hook input priority 0; - policy accept; - - ct state { established, related } accept - - ip6 saddr @blacklist_v6 counter drop - } -} \ No newline at end of file diff --git a/blacklists_nftables/blacklist-vk-v4.nft b/blacklists_nftables/blacklist-vk-v4.nft deleted file mode 100644 index aec4e84..0000000 --- a/blacklists_nftables/blacklist-vk-v4.nft +++ /dev/null @@ -1,127 +0,0 @@ -# Autogenerated nftables blacklist -# Generated: 2026-03-26T09:38:27.240037Z -# Source: /home/runner/work/AS_Network_List/AS_Network_List/blacklists/blacklist-vk-v4.txt -# IPv4: 92, IPv6: 0 -# -# Usage: -# sudo nft -f -# # VK egress blocking for VPN clients via NAT/FORWARD -# sudo nft add chain inet filter forward '{ type filter hook forward priority 0; policy accept; }' -# sudo nft add rule inet filter forward iifname "" ip daddr @blacklist_vk_v4 counter reject -# sudo nft add rule inet filter forward iifname "" ip6 daddr @blacklist_vk_v6 counter reject - -table inet filter { - - set blacklist_vk_v4 { - type ipv4_addr - flags interval - elements = { - 5.61.16.0/21, - 5.61.232.0/21, - 5.101.40.0/22, - 5.181.60.0/22, - 5.188.140.0/22, - 37.139.32.0/22, - 37.139.40.0/22, - 45.84.128.0/22, - 45.136.20.0/22, - 62.217.160.0/20, - 79.137.132.0/24, - 79.137.139.0/24, - 79.137.157.0/24, - 79.137.164.0/24, - 79.137.167.0/24, - 79.137.174.0/23, - 79.137.180.0/24, - 79.137.240.0/21, - 83.166.232.0/21, - 83.166.248.0/21, - 83.217.216.0/22, - 83.222.28.0/22, - 84.23.52.0/22, - 85.114.31.108/30, - 85.192.32.0/22, - 85.198.106.0/23, - 87.239.104.0/21, - 87.240.128.0/18, - 87.242.112.0/22, - 89.208.84.0/22, - 89.208.196.0/22, - 89.208.208.0/22, - 89.208.216.0/21, - 89.208.228.0/22, - 89.221.228.0/22, - 89.221.232.0/21, - 90.156.148.0/22, - 90.156.212.0/22, - 90.156.216.0/22, - 90.156.232.0/21, - 91.219.224.0/22, - 91.231.132.0/22, - 91.237.76.0/24, - 93.153.255.84/30, - 93.186.224.0/20, - 94.100.176.0/20, - 94.139.244.0/22, - 95.142.192.0/20, - 95.163.32.0/19, - 95.163.180.0/22, - 95.163.208.0/21, - 95.163.216.0/22, - 95.163.248.0/21, - 95.213.0.0/17, - 109.120.180.0/22, - 109.120.188.0/22, - 128.140.168.0/21, - 130.49.224.0/19, - 146.185.208.0/22, - 146.185.240.0/22, - 155.212.192.0/20, - 176.112.168.0/21, - 178.22.88.0/21, - 178.237.16.0/20, - 185.5.136.0/22, - 185.6.244.0/22, - 185.16.148.0/22, - 185.16.244.0/22, - 185.29.128.0/22, - 185.32.248.0/22, - 185.86.144.0/22, - 185.100.104.0/22, - 185.130.112.0/22, - 185.131.68.0/22, - 185.180.200.0/22, - 185.187.63.0/24, - 185.226.52.0/22, - 185.241.192.0/22, - 188.93.56.0/21, - 193.203.40.0/22, - 194.84.16.12/30, - 195.211.20.0/22, - 212.111.84.0/22, - 212.233.72.0/21, - 212.233.88.0/21, - 212.233.96.0/22, - 212.233.120.0/22, - 213.219.212.0/22, - 217.16.16.0/20, - 217.20.144.0/20, - 217.69.128.0/20, - 217.174.188.0/23 - } - } - - set blacklist_vk_v6 { - type ipv6_addr - flags interval - } - - chain input { - type filter hook input priority 0; - policy accept; - - ct state { established, related } accept - - ip saddr @blacklist_vk_v4 counter drop - } -} \ No newline at end of file diff --git a/blacklists_nftables/blacklist-vk-v6.nft b/blacklists_nftables/blacklist-vk-v6.nft deleted file mode 100644 index d9de970..0000000 --- a/blacklists_nftables/blacklist-vk-v6.nft +++ /dev/null @@ -1,36 +0,0 @@ -# Autogenerated nftables blacklist -# Generated: 2026-03-26T09:38:27.267027Z -# Source: /home/runner/work/AS_Network_List/AS_Network_List/blacklists/blacklist-vk-v6.txt -# IPv4: 0, IPv6: 1 -# -# Usage: -# sudo nft -f -# # VK egress blocking for VPN clients via NAT/FORWARD -# sudo nft add chain inet filter forward '{ type filter hook forward priority 0; policy accept; }' -# sudo nft add rule inet filter forward iifname "" ip daddr @blacklist_vk_v4 counter reject -# sudo nft add rule inet filter forward iifname "" ip6 daddr @blacklist_vk_v6 counter reject - -table inet filter { - - set blacklist_vk_v4 { - type ipv4_addr - flags interval - } - - set blacklist_vk_v6 { - type ipv6_addr - flags interval - elements = { - 2a00:bdc0::/29 - } - } - - chain input { - type filter hook input priority 0; - policy accept; - - ct state { established, related } accept - - ip6 saddr @blacklist_vk_v6 counter drop - } -} \ No newline at end of file diff --git a/blacklists_nftables/blacklist-vk.nft b/blacklists_nftables/blacklist-vk.nft deleted file mode 100644 index 3657d12..0000000 --- a/blacklists_nftables/blacklist-vk.nft +++ /dev/null @@ -1,131 +0,0 @@ -# Autogenerated nftables blacklist -# Generated: 2026-03-26T09:38:27.209536Z -# Source: /home/runner/work/AS_Network_List/AS_Network_List/blacklists/blacklist-vk.txt -# IPv4: 92, IPv6: 1 -# -# Usage: -# sudo nft -f -# # VK egress blocking for VPN clients via NAT/FORWARD -# sudo nft add chain inet filter forward '{ type filter hook forward priority 0; policy accept; }' -# sudo nft add rule inet filter forward iifname "" ip daddr @blacklist_vk_v4 counter reject -# sudo nft add rule inet filter forward iifname "" ip6 daddr @blacklist_vk_v6 counter reject - -table inet filter { - - set blacklist_vk_v4 { - type ipv4_addr - flags interval - elements = { - 5.61.16.0/21, - 5.61.232.0/21, - 5.101.40.0/22, - 5.181.60.0/22, - 5.188.140.0/22, - 37.139.32.0/22, - 37.139.40.0/22, - 45.84.128.0/22, - 45.136.20.0/22, - 62.217.160.0/20, - 79.137.132.0/24, - 79.137.139.0/24, - 79.137.157.0/24, - 79.137.164.0/24, - 79.137.167.0/24, - 79.137.174.0/23, - 79.137.180.0/24, - 79.137.240.0/21, - 83.166.232.0/21, - 83.166.248.0/21, - 83.217.216.0/22, - 83.222.28.0/22, - 84.23.52.0/22, - 85.114.31.108/30, - 85.192.32.0/22, - 85.198.106.0/23, - 87.239.104.0/21, - 87.240.128.0/18, - 87.242.112.0/22, - 89.208.84.0/22, - 89.208.196.0/22, - 89.208.208.0/22, - 89.208.216.0/21, - 89.208.228.0/22, - 89.221.228.0/22, - 89.221.232.0/21, - 90.156.148.0/22, - 90.156.212.0/22, - 90.156.216.0/22, - 90.156.232.0/21, - 91.219.224.0/22, - 91.231.132.0/22, - 91.237.76.0/24, - 93.153.255.84/30, - 93.186.224.0/20, - 94.100.176.0/20, - 94.139.244.0/22, - 95.142.192.0/20, - 95.163.32.0/19, - 95.163.180.0/22, - 95.163.208.0/21, - 95.163.216.0/22, - 95.163.248.0/21, - 95.213.0.0/17, - 109.120.180.0/22, - 109.120.188.0/22, - 128.140.168.0/21, - 130.49.224.0/19, - 146.185.208.0/22, - 146.185.240.0/22, - 155.212.192.0/20, - 176.112.168.0/21, - 178.22.88.0/21, - 178.237.16.0/20, - 185.5.136.0/22, - 185.6.244.0/22, - 185.16.148.0/22, - 185.16.244.0/22, - 185.29.128.0/22, - 185.32.248.0/22, - 185.86.144.0/22, - 185.100.104.0/22, - 185.130.112.0/22, - 185.131.68.0/22, - 185.180.200.0/22, - 185.187.63.0/24, - 185.226.52.0/22, - 185.241.192.0/22, - 188.93.56.0/21, - 193.203.40.0/22, - 194.84.16.12/30, - 195.211.20.0/22, - 212.111.84.0/22, - 212.233.72.0/21, - 212.233.88.0/21, - 212.233.96.0/22, - 212.233.120.0/22, - 213.219.212.0/22, - 217.16.16.0/20, - 217.20.144.0/20, - 217.69.128.0/20, - 217.174.188.0/23 - } - } - - set blacklist_vk_v6 { - type ipv6_addr - flags interval - elements = { - 2a00:bdc0::/29 - } - } - - chain input { - type filter hook input priority 0; - policy accept; - - ct state { established, related } accept - - ip saddr @blacklist_vk_v4 counter drop - ip6 saddr @blacklist_vk_v6 counter drop - } -} \ No newline at end of file diff --git a/blacklists_nftables/blacklist.nft b/blacklists_nftables/blacklist.nft deleted file mode 100644 index aed61fa..0000000 --- a/blacklists_nftables/blacklist.nft +++ /dev/null @@ -1,859 +0,0 @@ -# Autogenerated nftables blacklist -# Generated: 2026-03-26T09:38:27.097875Z -# Source: /home/runner/work/AS_Network_List/AS_Network_List/blacklists/blacklist.txt -# IPv4: 804, IPv6: 17 -# -# Usage: -# sudo nft -f -# # VM protection from incoming blacklist sources -# sudo nft add chain inet filter input '{ type filter hook input priority 0; policy accept; }' -# sudo nft add rule inet filter input ip saddr @blacklist_v4 counter reject -# sudo nft add rule inet filter input ip6 saddr @blacklist_v6 counter reject - -table inet filter { - - set blacklist_v4 { - type ipv4_addr - flags interval - elements = { - 5.61.16.0/21, - 5.61.232.0/21, - 5.101.40.0/22, - 5.181.60.0/22, - 5.188.140.0/22, - 31.44.63.64/29, - 31.177.95.0/24, - 31.177.104.0/22, - 37.28.161.48/30, - 37.29.53.16/30, - 37.29.57.52/30, - 37.29.57.64/30, - 37.29.59.56/30, - 37.139.32.0/22, - 37.139.40.0/22, - 45.84.128.0/22, - 45.136.20.0/22, - 46.20.70.160/28, - 46.29.152.0/22, - 46.46.142.160/28, - 46.46.148.40/29, - 46.47.197.128/30, - 46.47.199.76/30, - 46.47.203.52/30, - 46.47.207.96/30, - 46.47.208.84/30, - 46.47.210.76/30, - 46.47.211.0/24, - 46.47.212.204/30, - 46.47.213.0/24, - 46.47.214.200/30, - 46.47.219.200/30, - 46.47.223.196/30, - 46.47.229.0/28, - 46.47.238.144/30, - 46.47.249.176/29, - 46.61.208.0/24, - 46.228.0.232/29, - 62.5.130.104/29, - 62.5.132.224/29, - 62.5.189.80/29, - 62.5.202.60/30, - 62.5.218.204/30, - 62.5.224.188/30, - 62.5.242.80/28, - 62.28.169.168/30, - 62.33.34.16/28, - 62.33.87.128/28, - 62.33.199.80/29, - 62.63.96.32/28, - 62.63.98.24/29, - 62.63.100.160/30, - 62.63.101.80/29, - 62.76.98.0/24, - 62.105.158.200/29, - 62.112.110.64/28, - 62.118.101.184/29, - 62.118.113.232/29, - 62.118.125.188/30, - 62.118.127.240/28, - 62.118.193.8/29, - 62.118.205.68/30, - 62.118.208.100/30, - 62.118.209.192/30, - 62.118.216.60/30, - 62.118.219.184/30, - 62.118.230.4/30, - 62.118.233.224/29, - 62.118.234.64/29, - 62.118.239.128/29, - 62.141.125.0/25, - 62.217.160.0/20, - 77.34.209.160/28, - 77.35.76.80/28, - 77.35.98.240/28, - 77.37.128.0/17, - 77.72.139.0/28, - 77.82.124.112/29, - 77.243.9.80/28, - 78.24.159.48/29, - 78.37.67.24/29, - 78.37.69.160/27, - 78.37.84.120/29, - 78.37.97.88/29, - 78.37.104.0/29, - 78.107.3.208/28, - 78.107.13.208/28, - 78.107.16.96/28, - 78.107.18.112/28, - 78.107.40.160/28, - 78.107.42.144/28, - 78.107.51.16/28, - 78.107.61.96/28, - 78.107.86.32/28, - 78.108.192.0/21, - 78.108.200.0/24, - 78.109.140.112/29, - 79.133.74.160/30, - 79.133.74.168/30, - 79.133.75.44/30, - 79.133.75.176/30, - 79.137.132.0/24, - 79.137.139.0/24, - 79.137.140.0/24, - 79.137.142.0/24, - 79.137.157.0/24, - 79.137.164.0/24, - 79.137.167.0/24, - 79.137.174.0/23, - 79.137.180.0/24, - 79.137.183.0/24, - 79.137.240.0/21, - 79.142.88.0/28, - 79.143.229.0/24, - 79.143.230.0/24, - 79.143.232.0/24, - 80.73.16.0/20, - 80.73.168.80/28, - 80.73.169.244/30, - 80.82.43.24/29, - 80.89.152.220/30, - 80.237.11.88/29, - 80.237.39.112/29, - 80.237.98.80/28, - 80.247.32.0/20, - 80.254.100.40/29, - 80.254.119.168/29, - 81.1.195.0/28, - 81.1.205.96/27, - 81.2.1.0/28, - 81.2.10.192/27, - 81.3.168.148/30, - 81.17.2.192/28, - 81.17.3.16/29, - 81.176.70.0/26, - 81.176.235.0/27, - 81.177.12.0/24, - 81.177.31.64/26, - 81.177.156.0/24, - 81.195.36.48/28, - 81.195.44.248/30, - 81.195.45.64/30, - 81.195.50.72/29, - 81.195.90.44/30, - 81.195.92.48/30, - 81.195.93.192/27, - 81.195.94.72/29, - 81.195.105.160/28, - 81.195.108.164/30, - 81.195.112.36/30, - 81.195.118.48/30, - 81.195.118.128/30, - 81.195.120.16/29, - 81.195.124.52/30, - 81.195.125.96/30, - 81.195.148.140/30, - 81.195.150.248/30, - 81.195.151.0/24, - 81.195.155.0/30, - 81.195.161.12/30, - 81.195.164.0/24, - 81.195.165.64/28, - 81.195.168.24/30, - 81.195.177.160/30, - 81.195.178.224/27, - 81.195.182.64/28, - 81.195.192.96/30, - 81.195.231.128/26, - 81.195.244.32/29, - 81.195.245.0/28, - 81.195.247.128/28, - 81.195.250.16/29, - 81.211.32.16/28, - 81.222.194.200/29, - 81.222.209.136/29, - 81.222.210.24/29, - 82.140.65.240/29, - 82.142.162.104/29, - 82.151.107.136/29, - 82.162.72.208/28, - 82.162.76.176/28, - 82.162.80.192/28, - 82.162.87.192/28, - 82.162.90.0/28, - 82.162.103.144/28, - 82.162.126.96/28, - 82.162.149.160/28, - 82.162.157.64/28, - 82.162.158.176/28, - 82.162.172.112/28, - 82.179.86.32/27, - 82.196.69.152/30, - 82.196.130.0/27, - 82.198.176.16/29, - 82.198.176.144/29, - 82.198.176.208/29, - 82.198.189.128/26, - 82.198.190.64/26, - 82.198.191.96/27, - 82.198.191.248/29, - 82.200.13.0/27, - 82.200.22.136/29, - 82.200.22.144/28, - 82.200.64.0/24, - 82.208.68.240/28, - 82.208.77.104/29, - 82.208.81.0/24, - 82.208.93.160/27, - 83.69.207.248/29, - 83.149.42.64/29, - 83.166.232.0/21, - 83.166.248.0/21, - 83.172.36.224/29, - 83.217.216.0/22, - 83.219.5.248/29, - 83.219.6.72/29, - 83.219.13.128/29, - 83.219.13.184/29, - 83.219.23.8/29, - 83.219.23.48/29, - 83.219.25.0/29, - 83.219.25.112/29, - 83.219.138.16/28, - 83.220.53.16/28, - 83.222.28.0/22, - 83.229.181.192/26, - 83.229.232.16/29, - 84.23.52.0/22, - 84.53.210.144/28, - 84.204.7.144/29, - 84.204.93.232/30, - 84.204.143.44/30, - 84.204.154.16/30, - 84.204.170.220/30, - 84.204.217.164/30, - 84.204.245.208/29, - 85.21.99.48/28, - 85.21.99.64/28, - 85.21.102.224/28, - 85.21.103.64/28, - 85.21.104.192/27, - 85.21.148.0/26, - 85.21.149.48/28, - 85.21.155.208/28, - 85.21.157.48/28, - 85.21.204.208/28, - 85.90.98.144/30, - 85.90.99.168/29, - 85.90.100.72/29, - 85.90.101.112/28, - 85.90.101.192/29, - 85.90.102.168/29, - 85.90.120.72/29, - 85.90.121.72/29, - 85.90.125.96/29, - 85.90.127.16/29, - 85.94.52.160/27, - 85.94.53.32/28, - 85.114.30.192/30, - 85.114.30.204/30, - 85.114.31.108/30, - 85.114.93.88/29, - 85.141.17.24/30, - 85.141.17.112/30, - 85.141.18.80/30, - 85.141.19.56/30, - 85.141.21.236/30, - 85.141.28.0/30, - 85.141.31.68/30, - 85.141.32.96/28, - 85.141.33.0/28, - 85.141.33.64/28, - 85.141.60.96/28, - 85.141.61.160/28, - 85.143.125.0/24, - 85.146.204.44/30, - 85.192.32.0/22, - 85.198.106.0/23, - 85.236.29.160/27, - 86.102.72.240/28, - 86.102.74.64/28, - 86.102.100.48/28, - 86.102.108.32/28, - 86.102.109.32/27, - 86.102.115.80/28, - 86.102.126.80/28, - 86.102.126.160/28, - 87.117.18.144/29, - 87.117.20.64/26, - 87.117.20.128/28, - 87.117.21.0/26, - 87.117.21.64/28, - 87.117.21.80/29, - 87.117.23.128/28, - 87.117.31.56/29, - 87.225.56.224/28, - 87.226.156.64/26, - 87.226.191.0/24, - 87.226.213.0/24, - 87.226.239.180/30, - 87.237.47.204/30, - 87.239.104.0/21, - 87.240.128.0/18, - 87.242.112.0/22, - 87.245.133.0/24, - 87.249.3.64/28, - 87.249.5.48/30, - 87.249.7.120/29, - 87.249.16.32/28, - 87.249.18.60/30, - 87.249.22.72/29, - 87.249.28.232/29, - 87.249.30.176/30, - 88.83.195.248/30, - 88.151.200.0/24, - 88.200.208.112/29, - 89.21.129.16/28, - 89.21.140.104/29, - 89.21.152.104/29, - 89.28.253.168/29, - 89.28.255.56/29, - 89.106.172.160/29, - 89.107.123.120/29, - 89.107.123.136/29, - 89.107.127.136/29, - 89.109.7.176/29, - 89.109.250.28/30, - 89.109.250.80/30, - 89.109.250.88/29, - 89.109.250.96/30, - 89.109.250.132/30, - 89.109.250.140/30, - 89.111.176.0/22, - 89.175.6.64/27, - 89.175.8.36/30, - 89.175.8.40/29, - 89.175.8.52/30, - 89.175.8.68/30, - 89.175.8.104/30, - 89.175.8.140/30, - 89.175.8.192/30, - 89.175.9.4/30, - 89.175.10.160/30, - 89.175.165.208/28, - 89.175.170.144/28, - 89.175.174.136/29, - 89.175.176.88/30, - 89.175.176.140/30, - 89.175.176.176/30, - 89.175.188.184/29, - 89.179.155.192/28, - 89.179.179.16/28, - 89.179.181.0/24, - 89.208.84.0/22, - 89.208.196.0/22, - 89.208.208.0/22, - 89.208.216.0/21, - 89.208.228.0/22, - 89.221.228.0/22, - 89.221.232.0/21, - 90.150.176.52/30, - 90.150.189.32/29, - 90.150.189.128/26, - 90.150.189.192/27, - 90.150.189.224/28, - 90.150.189.248/29, - 90.156.148.0/22, - 90.156.212.0/22, - 90.156.216.0/22, - 90.156.232.0/21, - 91.103.194.184/29, - 91.135.212.0/22, - 91.135.216.0/21, - 91.195.136.0/23, - 91.208.20.0/24, - 91.215.168.0/22, - 91.217.34.0/23, - 91.219.192.0/22, - 91.219.224.0/22, - 91.221.140.0/23, - 91.226.250.0/24, - 91.227.32.0/24, - 91.231.132.0/22, - 91.237.76.0/24, - 92.38.217.0/24, - 92.39.106.20/30, - 92.39.106.168/30, - 92.39.111.84/30, - 92.39.128.0/21, - 92.50.198.72/30, - 92.50.198.124/30, - 92.50.219.136/29, - 92.50.238.224/29, - 92.101.253.96/29, - 92.101.253.152/29, - 93.153.134.112/29, - 93.153.135.88/30, - 93.153.136.132/30, - 93.153.142.4/30, - 93.153.144.60/30, - 93.153.171.204/30, - 93.153.172.100/30, - 93.153.175.44/30, - 93.153.183.104/30, - 93.153.194.160/29, - 93.153.220.192/29, - 93.153.223.8/29, - 93.153.229.232/29, - 93.153.244.188/30, - 93.153.244.248/29, - 93.153.251.0/24, - 93.153.255.84/30, - 93.178.104.32/29, - 93.178.104.64/29, - 93.178.106.0/26, - 93.186.224.0/20, - 93.188.20.72/29, - 93.190.110.0/24, - 94.25.53.56/29, - 94.25.57.176/29, - 94.25.57.224/28, - 94.25.65.16/29, - 94.25.70.64/30, - 94.25.90.240/29, - 94.25.95.136/30, - 94.25.119.228/30, - 94.100.176.0/20, - 94.124.192.192/29, - 94.139.244.0/22, - 94.199.64.0/21, - 95.53.248.0/29, - 95.54.193.80/28, - 95.142.192.0/20, - 95.163.32.0/19, - 95.163.133.0/24, - 95.163.180.0/22, - 95.163.208.0/21, - 95.163.216.0/22, - 95.163.248.0/21, - 95.167.2.4/30, - 95.167.4.168/29, - 95.167.5.64/27, - 95.167.21.104/29, - 95.167.29.104/29, - 95.167.54.76/30, - 95.167.59.244/30, - 95.167.64.20/30, - 95.167.68.216/29, - 95.167.69.116/30, - 95.167.70.32/28, - 95.167.70.136/29, - 95.167.70.176/28, - 95.167.72.48/30, - 95.167.72.140/30, - 95.167.72.204/30, - 95.167.74.136/29, - 95.167.74.180/30, - 95.167.76.160/27, - 95.167.99.48/28, - 95.167.113.48/30, - 95.167.114.48/30, - 95.167.121.68/30, - 95.167.122.128/28, - 95.167.142.32/30, - 95.167.157.156/30, - 95.167.162.76/30, - 95.167.162.236/30, - 95.167.176.0/23, - 95.167.213.0/24, - 95.173.128.0/19, - 95.213.0.0/17, - 109.73.4.224/27, - 109.120.180.0/22, - 109.120.188.0/22, - 109.124.66.128/30, - 109.124.66.160/28, - 109.124.71.64/29, - 109.124.78.108/30, - 109.124.80.132/30, - 109.124.83.20/30, - 109.124.87.96/29, - 109.124.89.36/30, - 109.124.89.140/30, - 109.124.89.212/30, - 109.124.90.32/30, - 109.124.90.128/30, - 109.124.97.4/30, - 109.124.99.16/30, - 109.124.99.160/28, - 109.124.119.88/29, - 109.204.204.232/29, - 109.207.0.0/20, - 109.232.187.16/29, - 109.248.197.0/24, - 128.140.168.0/21, - 130.49.224.0/19, - 145.255.238.240/28, - 146.185.208.0/22, - 146.185.240.0/22, - 149.62.55.240/30, - 155.212.192.0/20, - 176.109.0.0/21, - 176.112.168.0/21, - 176.116.96.0/20, - 178.16.156.148/30, - 178.17.176.0/20, - 178.20.234.224/29, - 178.22.88.0/21, - 178.49.148.176/29, - 178.237.16.0/20, - 178.237.206.0/24, - 178.237.240.0/20, - 178.248.232.60/32, - 178.248.232.137/32, - 178.248.233.26/32, - 178.248.233.32/32, - 178.248.233.60/32, - 178.248.233.136/32, - 178.248.233.244/31, - 178.248.234.30/32, - 178.248.234.33/32, - 178.248.234.60/32, - 178.248.234.79/32, - 178.248.234.83/32, - 178.248.234.136/32, - 178.248.234.204/32, - 178.248.234.228/32, - 178.248.234.238/32, - 178.248.235.60/32, - 178.248.235.75/32, - 178.248.235.244/32, - 178.248.236.20/32, - 178.248.236.83/32, - 178.248.236.244/32, - 178.248.237.18/32, - 178.248.237.98/32, - 178.248.237.136/32, - 178.248.237.242/32, - 178.248.238.55/32, - 178.248.238.102/32, - 178.248.238.128/31, - 178.248.238.136/32, - 178.248.238.155/32, - 178.248.238.172/32, - 178.248.238.205/32, - 178.248.238.255/32, - 178.248.239.215/32, - 185.5.136.0/22, - 185.6.244.0/22, - 185.7.234.188/30, - 185.16.148.0/22, - 185.16.244.0/22, - 185.29.128.0/22, - 185.32.248.0/22, - 185.65.149.170/32, - 185.86.144.0/22, - 185.100.104.0/22, - 185.130.112.0/22, - 185.131.68.0/22, - 185.149.160.0/22, - 185.168.60.0/22, - 185.179.224.0/22, - 185.180.200.0/22, - 185.183.172.0/22, - 185.187.63.0/24, - 185.224.228.0/22, - 185.226.52.0/22, - 185.241.192.0/22, - 188.93.56.0/21, - 188.128.8.240/30, - 188.128.11.196/30, - 188.128.89.0/30, - 188.128.92.104/30, - 188.128.94.204/30, - 188.128.98.204/30, - 188.128.101.108/30, - 188.128.112.216/29, - 188.128.112.240/29, - 188.128.113.0/28, - 188.128.114.128/28, - 188.128.115.232/29, - 188.128.118.224/27, - 188.128.119.104/30, - 188.128.122.240/30, - 188.247.36.124/30, - 188.247.36.128/28, - 188.247.36.204/30, - 193.33.230.0/23, - 193.47.146.0/24, - 193.203.40.0/22, - 193.232.70.0/24, - 194.8.70.0/23, - 194.8.246.0/23, - 194.67.63.200/30, - 194.84.16.12/30, - 194.140.247.0/24, - 194.150.202.0/23, - 194.165.22.0/23, - 194.186.63.0/24, - 194.186.112.80/28, - 194.190.9.0/24, - 194.215.248.0/24, - 194.226.80.0/20, - 194.226.116.0/22, - 194.226.127.0/24, - 195.3.240.0/22, - 195.16.55.224/27, - 195.42.75.8/29, - 195.54.20.168/29, - 195.54.28.72/30, - 195.54.221.0/24, - 195.58.5.16/29, - 195.58.13.120/30, - 195.58.21.196/30, - 195.58.29.57/32, - 195.58.30.164/30, - 195.58.30.200/29, - 195.80.224.0/24, - 195.98.38.16/28, - 195.98.43.104/29, - 195.98.73.56/29, - 195.98.77.100/30, - 195.128.157.0/24, - 195.131.7.8/29, - 195.131.53.248/29, - 195.131.61.80/29, - 195.131.63.24/29, - 195.144.226.224/28, - 195.144.232.144/30, - 195.144.240.128/28, - 195.149.110.0/24, - 195.151.25.48/29, - 195.162.36.64/28, - 195.170.218.24/29, - 195.170.218.88/29, - 195.182.142.128/26, - 195.182.145.64/28, - 195.182.151.212/30, - 195.182.151.216/30, - 195.182.155.164/30, - 195.182.156.96/30, - 195.209.120.0/22, - 195.211.20.0/22, - 195.218.175.40/29, - 195.218.190.0/23, - 195.226.203.0/24, - 195.239.80.32/29, - 195.239.113.0/24, - 195.239.247.0/24, - 212.13.104.116/30, - 212.13.113.100/30, - 212.15.105.64/28, - 212.15.114.156/30, - 212.15.115.80/28, - 212.17.8.176/29, - 212.17.9.144/28, - 212.17.16.192/27, - 212.17.17.176/28, - 212.23.85.48/30, - 212.23.85.56/29, - 212.32.198.64/29, - 212.48.34.176/28, - 212.48.53.76/30, - 212.48.53.84/30, - 212.48.53.88/29, - 212.48.53.100/30, - 212.48.53.144/30, - 212.48.53.152/29, - 212.48.53.160/29, - 212.48.53.184/29, - 212.48.53.192/29, - 212.48.53.200/30, - 212.48.53.216/30, - 212.48.53.236/30, - 212.48.53.240/28, - 212.48.54.0/30, - 212.48.54.8/29, - 212.48.54.16/28, - 212.48.54.32/29, - 212.48.54.44/30, - 212.48.54.48/28, - 212.48.54.64/28, - 212.48.54.80/29, - 212.48.54.92/30, - 212.48.54.96/27, - 212.48.54.128/27, - 212.48.54.164/30, - 212.48.54.168/29, - 212.48.54.176/28, - 212.48.54.196/30, - 212.48.54.200/30, - 212.48.54.208/28, - 212.48.54.240/28, - 212.48.134.192/26, - 212.48.138.240/28, - 212.48.141.160/27, - 212.49.107.224/27, - 212.49.124.0/26, - 212.57.133.0/24, - 212.57.159.0/24, - 212.59.98.48/29, - 212.59.99.96/27, - 212.111.84.0/22, - 212.119.174.0/23, - 212.120.169.48/29, - 212.120.174.88/29, - 212.120.184.48/28, - 212.120.184.64/29, - 212.120.189.208/29, - 212.120.189.224/29, - 212.120.190.112/29, - 212.120.190.240/29, - 212.120.191.120/29, - 212.120.191.248/29, - 212.192.156.0/22, - 212.233.72.0/21, - 212.233.88.0/21, - 212.233.96.0/22, - 212.233.120.0/22, - 213.24.34.0/24, - 213.24.75.0/24, - 213.24.76.0/23, - 213.24.128.0/22, - 213.24.143.0/24, - 213.24.152.0/22, - 213.24.160.0/28, - 213.33.171.240/29, - 213.59.59.16/29, - 213.59.59.64/29, - 213.59.59.120/29, - 213.59.59.128/29, - 213.59.59.144/29, - 213.59.59.168/29, - 213.59.91.48/29, - 213.59.91.128/27, - 213.59.91.176/28, - 213.85.2.64/28, - 213.85.2.80/29, - 213.85.20.8/30, - 213.85.20.32/30, - 213.85.20.84/30, - 213.85.77.64/27, - 213.85.142.176/28, - 213.147.55.108/30, - 213.172.4.192/26, - 213.172.17.252/30, - 213.172.18.60/30, - 213.172.18.124/30, - 213.172.18.148/30, - 213.172.18.160/29, - 213.172.18.252/30, - 213.172.27.0/30, - 213.172.27.116/30, - 213.172.27.160/30, - 213.172.27.204/30, - 213.172.27.212/30, - 213.172.27.224/30, - 213.172.27.252/30, - 213.172.30.136/30, - 213.176.232.0/22, - 213.177.111.0/24, - 213.183.253.56/29, - 213.219.212.0/22, - 213.219.237.68/30, - 213.234.8.8/30, - 213.234.13.60/30, - 213.234.15.228/30, - 213.234.15.248/30, - 213.234.18.52/30, - 213.242.204.76/30, - 213.242.204.236/30, - 213.242.205.88/30, - 213.242.215.68/30, - 213.242.215.192/29, - 213.243.84.80/28, - 213.243.106.48/28, - 213.243.116.0/24, - 217.16.16.0/20, - 217.20.86.128/26, - 217.20.86.232/29, - 217.20.144.0/20, - 217.23.88.168/29, - 217.23.88.248/29, - 217.27.142.176/30, - 217.65.214.24/29, - 217.65.219.160/29, - 217.67.177.208/29, - 217.69.128.0/20, - 217.106.0.0/16, - 217.107.5.8/29, - 217.107.5.16/28, - 217.107.5.40/29, - 217.107.5.80/28, - 217.107.5.96/29, - 217.107.5.112/29, - 217.107.200.0/21, - 217.147.23.112/28, - 217.148.216.156/30, - 217.148.220.160/29, - 217.172.18.0/23, - 217.174.188.0/22, - 217.195.92.16/28, - 217.195.93.144/29, - 217.195.94.200/29 - } - } - - set blacklist_v6 { - type ipv6_addr - flags interval - elements = { - 2a00:1148::/29, - 2a00:46e0::/32, - 2a00:a300::/32, - 2a00:b4c0::/32, - 2a00:bdc0::/33, - 2a00:bdc0:8000::/34, - 2a00:bdc0:c000::/35, - 2a00:bdc0:e002::/47, - 2a00:bdc0:e004::/47, - 2a00:bdc0:e007::/48, - 2a00:bdc0:f000::/36, - 2a00:bdc1::/32, - 2a00:bdc2::/31, - 2a00:bdc4::/30, - 2a14:25c0::/32, - 2a14:25c5::/32, - 2a14:25c6::/31 - } - } - - chain input { - type filter hook input priority 0; - policy accept; - - ct state { established, related } accept - - ip saddr @blacklist_v4 counter drop - ip6 saddr @blacklist_v6 counter drop - } -} \ No newline at end of file diff --git a/blacklists_route/README.md b/blacklists_route/README.md deleted file mode 100644 index e5a0e04..0000000 --- a/blacklists_route/README.md +++ /dev/null @@ -1,25 +0,0 @@ -# linux route blacklists - -Short: ready-to-use route files for VK networks with loopback routing (IPv4/IPv6). - -## Download links - -- https://raw.githubusercontent.com/C24Be/AS_Network_List/refs/heads/main/blacklists_route/blacklist-vk-v4.routes -- https://raw.githubusercontent.com/C24Be/AS_Network_List/refs/heads/main/blacklists_route/blacklist-vk-v6.routes - -## How to use - -1. Download both route files. -2. Apply routes as root: - -```bash -sudo sh blacklist-vk-v4.routes -sudo sh blacklist-vk-v6.routes -``` - -3. Verify routes are present: - -```bash -ip route | grep -E '127\.0\.0\.1.*lo' -ip -6 route | grep -E '::1' -``` diff --git a/blacklists_route/blacklist-vk-v4.routes b/blacklists_route/blacklist-vk-v4.routes deleted file mode 100644 index 433210f..0000000 --- a/blacklists_route/blacklist-vk-v4.routes +++ /dev/null @@ -1,274 +0,0 @@ -# Linux routes for VK networks (IPv4) -# Auto-generated by blacklists_updater_routes.sh -# Last updated: 2026-03-26 09:38:27 UTC -# -# Apply: -# sudo sh blacklist-vk-v4.routes -# - -ip route replace 109.120.180.0/22 via 127.0.0.1 dev lo onlink -ip route replace 109.120.180.0/23 via 127.0.0.1 dev lo onlink -ip route replace 109.120.182.0/23 via 127.0.0.1 dev lo onlink -ip route replace 109.120.188.0/22 via 127.0.0.1 dev lo onlink -ip route replace 109.120.188.0/23 via 127.0.0.1 dev lo onlink -ip route replace 109.120.190.0/23 via 127.0.0.1 dev lo onlink -ip route replace 128.140.168.0/21 via 127.0.0.1 dev lo onlink -ip route replace 128.140.168.0/23 via 127.0.0.1 dev lo onlink -ip route replace 128.140.170.0/24 via 127.0.0.1 dev lo onlink -ip route replace 128.140.171.0/24 via 127.0.0.1 dev lo onlink -ip route replace 128.140.172.0/22 via 127.0.0.1 dev lo onlink -ip route replace 130.49.224.0/19 via 127.0.0.1 dev lo onlink -ip route replace 146.185.208.0/22 via 127.0.0.1 dev lo onlink -ip route replace 146.185.208.0/23 via 127.0.0.1 dev lo onlink -ip route replace 146.185.210.0/23 via 127.0.0.1 dev lo onlink -ip route replace 146.185.240.0/22 via 127.0.0.1 dev lo onlink -ip route replace 146.185.240.0/23 via 127.0.0.1 dev lo onlink -ip route replace 146.185.242.0/23 via 127.0.0.1 dev lo onlink -ip route replace 155.212.192.0/20 via 127.0.0.1 dev lo onlink -ip route replace 176.112.168.0/21 via 127.0.0.1 dev lo onlink -ip route replace 178.22.88.0/21 via 127.0.0.1 dev lo onlink -ip route replace 178.22.89.64/26 via 127.0.0.1 dev lo onlink -ip route replace 178.22.94.0/23 via 127.0.0.1 dev lo onlink -ip route replace 178.237.16.0/20 via 127.0.0.1 dev lo onlink -ip route replace 178.237.16.0/21 via 127.0.0.1 dev lo onlink -ip route replace 178.237.24.0/22 via 127.0.0.1 dev lo onlink -ip route replace 178.237.30.0/23 via 127.0.0.1 dev lo onlink -ip route replace 185.100.104.0/22 via 127.0.0.1 dev lo onlink -ip route replace 185.100.104.0/23 via 127.0.0.1 dev lo onlink -ip route replace 185.100.106.0/23 via 127.0.0.1 dev lo onlink -ip route replace 185.130.112.0/22 via 127.0.0.1 dev lo onlink -ip route replace 185.130.112.0/23 via 127.0.0.1 dev lo onlink -ip route replace 185.130.114.0/23 via 127.0.0.1 dev lo onlink -ip route replace 185.131.68.0/22 via 127.0.0.1 dev lo onlink -ip route replace 185.16.148.0/22 via 127.0.0.1 dev lo onlink -ip route replace 185.16.148.0/23 via 127.0.0.1 dev lo onlink -ip route replace 185.16.150.0/23 via 127.0.0.1 dev lo onlink -ip route replace 185.16.244.0/22 via 127.0.0.1 dev lo onlink -ip route replace 185.16.244.0/23 via 127.0.0.1 dev lo onlink -ip route replace 185.16.246.0/23 via 127.0.0.1 dev lo onlink -ip route replace 185.180.200.0/22 via 127.0.0.1 dev lo onlink -ip route replace 185.187.63.0/24 via 127.0.0.1 dev lo onlink -ip route replace 185.187.63.0/25 via 127.0.0.1 dev lo onlink -ip route replace 185.187.63.128/25 via 127.0.0.1 dev lo onlink -ip route replace 185.226.52.0/22 via 127.0.0.1 dev lo onlink -ip route replace 185.226.52.0/23 via 127.0.0.1 dev lo onlink -ip route replace 185.226.54.0/23 via 127.0.0.1 dev lo onlink -ip route replace 185.241.192.0/22 via 127.0.0.1 dev lo onlink -ip route replace 185.241.192.0/23 via 127.0.0.1 dev lo onlink -ip route replace 185.241.194.0/23 via 127.0.0.1 dev lo onlink -ip route replace 185.29.128.0/22 via 127.0.0.1 dev lo onlink -ip route replace 185.29.130.0/24 via 127.0.0.1 dev lo onlink -ip route replace 185.32.248.0/22 via 127.0.0.1 dev lo onlink -ip route replace 185.32.248.0/23 via 127.0.0.1 dev lo onlink -ip route replace 185.32.250.0/23 via 127.0.0.1 dev lo onlink -ip route replace 185.5.136.0/22 via 127.0.0.1 dev lo onlink -ip route replace 185.5.136.0/23 via 127.0.0.1 dev lo onlink -ip route replace 185.5.138.0/23 via 127.0.0.1 dev lo onlink -ip route replace 185.6.244.0/22 via 127.0.0.1 dev lo onlink -ip route replace 185.6.244.0/23 via 127.0.0.1 dev lo onlink -ip route replace 185.6.246.0/23 via 127.0.0.1 dev lo onlink -ip route replace 185.86.144.0/22 via 127.0.0.1 dev lo onlink -ip route replace 185.86.144.0/23 via 127.0.0.1 dev lo onlink -ip route replace 185.86.146.0/23 via 127.0.0.1 dev lo onlink -ip route replace 188.93.56.0/21 via 127.0.0.1 dev lo onlink -ip route replace 188.93.56.0/24 via 127.0.0.1 dev lo onlink -ip route replace 188.93.57.0/24 via 127.0.0.1 dev lo onlink -ip route replace 188.93.58.0/24 via 127.0.0.1 dev lo onlink -ip route replace 188.93.60.0/24 via 127.0.0.1 dev lo onlink -ip route replace 188.93.61.0/24 via 127.0.0.1 dev lo onlink -ip route replace 188.93.62.0/24 via 127.0.0.1 dev lo onlink -ip route replace 193.203.40.0/22 via 127.0.0.1 dev lo onlink -ip route replace 194.84.16.12/30 via 127.0.0.1 dev lo onlink -ip route replace 195.211.20.0/22 via 127.0.0.1 dev lo onlink -ip route replace 195.211.22.0/24 via 127.0.0.1 dev lo onlink -ip route replace 195.211.23.0/24 via 127.0.0.1 dev lo onlink -ip route replace 212.111.84.0/22 via 127.0.0.1 dev lo onlink -ip route replace 212.233.120.0/22 via 127.0.0.1 dev lo onlink -ip route replace 212.233.72.0/21 via 127.0.0.1 dev lo onlink -ip route replace 212.233.88.0/21 via 127.0.0.1 dev lo onlink -ip route replace 212.233.96.0/22 via 127.0.0.1 dev lo onlink -ip route replace 213.219.212.0/22 via 127.0.0.1 dev lo onlink -ip route replace 213.219.212.0/23 via 127.0.0.1 dev lo onlink -ip route replace 213.219.214.0/23 via 127.0.0.1 dev lo onlink -ip route replace 217.16.16.0/20 via 127.0.0.1 dev lo onlink -ip route replace 217.16.16.0/21 via 127.0.0.1 dev lo onlink -ip route replace 217.16.24.0/21 via 127.0.0.1 dev lo onlink -ip route replace 217.174.188.0/23 via 127.0.0.1 dev lo onlink -ip route replace 217.20.144.0/20 via 127.0.0.1 dev lo onlink -ip route replace 217.20.144.0/22 via 127.0.0.1 dev lo onlink -ip route replace 217.20.148.0/24 via 127.0.0.1 dev lo onlink -ip route replace 217.20.149.0/24 via 127.0.0.1 dev lo onlink -ip route replace 217.20.150.0/23 via 127.0.0.1 dev lo onlink -ip route replace 217.20.152.0/22 via 127.0.0.1 dev lo onlink -ip route replace 217.20.156.0/23 via 127.0.0.1 dev lo onlink -ip route replace 217.20.158.0/24 via 127.0.0.1 dev lo onlink -ip route replace 217.20.159.0/24 via 127.0.0.1 dev lo onlink -ip route replace 217.69.128.0/20 via 127.0.0.1 dev lo onlink -ip route replace 217.69.128.0/21 via 127.0.0.1 dev lo onlink -ip route replace 217.69.136.0/21 via 127.0.0.1 dev lo onlink -ip route replace 37.139.32.0/22 via 127.0.0.1 dev lo onlink -ip route replace 37.139.32.0/23 via 127.0.0.1 dev lo onlink -ip route replace 37.139.34.0/23 via 127.0.0.1 dev lo onlink -ip route replace 37.139.40.0/22 via 127.0.0.1 dev lo onlink -ip route replace 37.139.40.0/23 via 127.0.0.1 dev lo onlink -ip route replace 37.139.42.0/23 via 127.0.0.1 dev lo onlink -ip route replace 45.136.20.0/22 via 127.0.0.1 dev lo onlink -ip route replace 45.136.20.0/23 via 127.0.0.1 dev lo onlink -ip route replace 45.136.22.0/23 via 127.0.0.1 dev lo onlink -ip route replace 45.84.128.0/22 via 127.0.0.1 dev lo onlink -ip route replace 45.84.128.0/23 via 127.0.0.1 dev lo onlink -ip route replace 45.84.130.0/23 via 127.0.0.1 dev lo onlink -ip route replace 5.101.40.0/22 via 127.0.0.1 dev lo onlink -ip route replace 5.101.40.0/23 via 127.0.0.1 dev lo onlink -ip route replace 5.101.42.0/23 via 127.0.0.1 dev lo onlink -ip route replace 5.181.60.0/22 via 127.0.0.1 dev lo onlink -ip route replace 5.181.60.0/24 via 127.0.0.1 dev lo onlink -ip route replace 5.181.61.0/24 via 127.0.0.1 dev lo onlink -ip route replace 5.181.62.0/23 via 127.0.0.1 dev lo onlink -ip route replace 5.188.140.0/22 via 127.0.0.1 dev lo onlink -ip route replace 5.188.140.0/23 via 127.0.0.1 dev lo onlink -ip route replace 5.188.142.0/23 via 127.0.0.1 dev lo onlink -ip route replace 5.61.16.0/21 via 127.0.0.1 dev lo onlink -ip route replace 5.61.16.0/22 via 127.0.0.1 dev lo onlink -ip route replace 5.61.20.0/22 via 127.0.0.1 dev lo onlink -ip route replace 5.61.232.0/21 via 127.0.0.1 dev lo onlink -ip route replace 5.61.232.0/22 via 127.0.0.1 dev lo onlink -ip route replace 5.61.236.0/23 via 127.0.0.1 dev lo onlink -ip route replace 5.61.238.0/24 via 127.0.0.1 dev lo onlink -ip route replace 5.61.239.0/27 via 127.0.0.1 dev lo onlink -ip route replace 5.61.239.128/25 via 127.0.0.1 dev lo onlink -ip route replace 5.61.239.40/29 via 127.0.0.1 dev lo onlink -ip route replace 5.61.239.48/28 via 127.0.0.1 dev lo onlink -ip route replace 5.61.239.64/26 via 127.0.0.1 dev lo onlink -ip route replace 62.217.160.0/20 via 127.0.0.1 dev lo onlink -ip route replace 62.217.160.0/21 via 127.0.0.1 dev lo onlink -ip route replace 62.217.168.0/21 via 127.0.0.1 dev lo onlink -ip route replace 79.137.132.0/24 via 127.0.0.1 dev lo onlink -ip route replace 79.137.132.0/25 via 127.0.0.1 dev lo onlink -ip route replace 79.137.132.128/25 via 127.0.0.1 dev lo onlink -ip route replace 79.137.139.0/24 via 127.0.0.1 dev lo onlink -ip route replace 79.137.139.0/25 via 127.0.0.1 dev lo onlink -ip route replace 79.137.139.128/25 via 127.0.0.1 dev lo onlink -ip route replace 79.137.157.0/25 via 127.0.0.1 dev lo onlink -ip route replace 79.137.157.128/25 via 127.0.0.1 dev lo onlink -ip route replace 79.137.164.0/24 via 127.0.0.1 dev lo onlink -ip route replace 79.137.164.0/25 via 127.0.0.1 dev lo onlink -ip route replace 79.137.164.128/25 via 127.0.0.1 dev lo onlink -ip route replace 79.137.167.0/24 via 127.0.0.1 dev lo onlink -ip route replace 79.137.167.0/25 via 127.0.0.1 dev lo onlink -ip route replace 79.137.167.128/25 via 127.0.0.1 dev lo onlink -ip route replace 79.137.174.0/23 via 127.0.0.1 dev lo onlink -ip route replace 79.137.174.0/24 via 127.0.0.1 dev lo onlink -ip route replace 79.137.175.0/24 via 127.0.0.1 dev lo onlink -ip route replace 79.137.180.0/24 via 127.0.0.1 dev lo onlink -ip route replace 79.137.180.0/25 via 127.0.0.1 dev lo onlink -ip route replace 79.137.180.128/25 via 127.0.0.1 dev lo onlink -ip route replace 79.137.240.0/21 via 127.0.0.1 dev lo onlink -ip route replace 79.137.240.0/22 via 127.0.0.1 dev lo onlink -ip route replace 79.137.244.0/22 via 127.0.0.1 dev lo onlink -ip route replace 83.166.232.0/21 via 127.0.0.1 dev lo onlink -ip route replace 83.166.232.0/22 via 127.0.0.1 dev lo onlink -ip route replace 83.166.236.0/22 via 127.0.0.1 dev lo onlink -ip route replace 83.166.248.0/21 via 127.0.0.1 dev lo onlink -ip route replace 83.166.248.0/22 via 127.0.0.1 dev lo onlink -ip route replace 83.166.252.0/22 via 127.0.0.1 dev lo onlink -ip route replace 83.217.216.0/22 via 127.0.0.1 dev lo onlink -ip route replace 83.217.216.0/23 via 127.0.0.1 dev lo onlink -ip route replace 83.217.218.0/23 via 127.0.0.1 dev lo onlink -ip route replace 83.222.28.0/22 via 127.0.0.1 dev lo onlink -ip route replace 84.23.52.0/22 via 127.0.0.1 dev lo onlink -ip route replace 84.23.52.0/23 via 127.0.0.1 dev lo onlink -ip route replace 84.23.54.0/23 via 127.0.0.1 dev lo onlink -ip route replace 85.114.31.108/30 via 127.0.0.1 dev lo onlink -ip route replace 85.192.32.0/22 via 127.0.0.1 dev lo onlink -ip route replace 85.192.32.0/23 via 127.0.0.1 dev lo onlink -ip route replace 85.192.34.0/23 via 127.0.0.1 dev lo onlink -ip route replace 85.198.106.0/24 via 127.0.0.1 dev lo onlink -ip route replace 85.198.107.0/24 via 127.0.0.1 dev lo onlink -ip route replace 87.239.104.0/21 via 127.0.0.1 dev lo onlink -ip route replace 87.239.104.0/22 via 127.0.0.1 dev lo onlink -ip route replace 87.239.108.0/22 via 127.0.0.1 dev lo onlink -ip route replace 87.240.128.0/18 via 127.0.0.1 dev lo onlink -ip route replace 87.240.128.0/19 via 127.0.0.1 dev lo onlink -ip route replace 87.240.160.0/19 via 127.0.0.1 dev lo onlink -ip route replace 87.242.112.0/22 via 127.0.0.1 dev lo onlink -ip route replace 89.208.196.0/22 via 127.0.0.1 dev lo onlink -ip route replace 89.208.196.0/23 via 127.0.0.1 dev lo onlink -ip route replace 89.208.198.0/23 via 127.0.0.1 dev lo onlink -ip route replace 89.208.208.0/22 via 127.0.0.1 dev lo onlink -ip route replace 89.208.208.0/23 via 127.0.0.1 dev lo onlink -ip route replace 89.208.210.0/23 via 127.0.0.1 dev lo onlink -ip route replace 89.208.216.0/21 via 127.0.0.1 dev lo onlink -ip route replace 89.208.216.0/23 via 127.0.0.1 dev lo onlink -ip route replace 89.208.218.0/23 via 127.0.0.1 dev lo onlink -ip route replace 89.208.220.0/22 via 127.0.0.1 dev lo onlink -ip route replace 89.208.228.0/22 via 127.0.0.1 dev lo onlink -ip route replace 89.208.228.0/23 via 127.0.0.1 dev lo onlink -ip route replace 89.208.230.0/23 via 127.0.0.1 dev lo onlink -ip route replace 89.208.84.0/22 via 127.0.0.1 dev lo onlink -ip route replace 89.208.84.0/23 via 127.0.0.1 dev lo onlink -ip route replace 89.208.86.0/23 via 127.0.0.1 dev lo onlink -ip route replace 89.221.228.0/22 via 127.0.0.1 dev lo onlink -ip route replace 89.221.232.0/21 via 127.0.0.1 dev lo onlink -ip route replace 90.156.148.0/22 via 127.0.0.1 dev lo onlink -ip route replace 90.156.148.0/23 via 127.0.0.1 dev lo onlink -ip route replace 90.156.150.0/23 via 127.0.0.1 dev lo onlink -ip route replace 90.156.212.0/22 via 127.0.0.1 dev lo onlink -ip route replace 90.156.212.0/23 via 127.0.0.1 dev lo onlink -ip route replace 90.156.214.0/23 via 127.0.0.1 dev lo onlink -ip route replace 90.156.216.0/22 via 127.0.0.1 dev lo onlink -ip route replace 90.156.216.0/23 via 127.0.0.1 dev lo onlink -ip route replace 90.156.218.0/23 via 127.0.0.1 dev lo onlink -ip route replace 90.156.232.0/21 via 127.0.0.1 dev lo onlink -ip route replace 91.219.224.0/22 via 127.0.0.1 dev lo onlink -ip route replace 91.231.132.0/22 via 127.0.0.1 dev lo onlink -ip route replace 91.237.76.0/24 via 127.0.0.1 dev lo onlink -ip route replace 93.153.255.84/30 via 127.0.0.1 dev lo onlink -ip route replace 93.186.224.0/20 via 127.0.0.1 dev lo onlink -ip route replace 93.186.224.0/21 via 127.0.0.1 dev lo onlink -ip route replace 93.186.232.0/21 via 127.0.0.1 dev lo onlink -ip route replace 94.100.176.0/20 via 127.0.0.1 dev lo onlink -ip route replace 94.100.176.0/21 via 127.0.0.1 dev lo onlink -ip route replace 94.100.184.0/21 via 127.0.0.1 dev lo onlink -ip route replace 94.139.244.0/22 via 127.0.0.1 dev lo onlink -ip route replace 94.139.244.0/23 via 127.0.0.1 dev lo onlink -ip route replace 94.139.246.0/23 via 127.0.0.1 dev lo onlink -ip route replace 95.142.192.0/20 via 127.0.0.1 dev lo onlink -ip route replace 95.142.192.0/21 via 127.0.0.1 dev lo onlink -ip route replace 95.142.200.0/21 via 127.0.0.1 dev lo onlink -ip route replace 95.163.180.0/22 via 127.0.0.1 dev lo onlink -ip route replace 95.163.180.0/23 via 127.0.0.1 dev lo onlink -ip route replace 95.163.182.0/23 via 127.0.0.1 dev lo onlink -ip route replace 95.163.208.0/21 via 127.0.0.1 dev lo onlink -ip route replace 95.163.208.0/23 via 127.0.0.1 dev lo onlink -ip route replace 95.163.210.0/23 via 127.0.0.1 dev lo onlink -ip route replace 95.163.212.0/22 via 127.0.0.1 dev lo onlink -ip route replace 95.163.216.0/22 via 127.0.0.1 dev lo onlink -ip route replace 95.163.216.0/23 via 127.0.0.1 dev lo onlink -ip route replace 95.163.218.0/23 via 127.0.0.1 dev lo onlink -ip route replace 95.163.248.0/21 via 127.0.0.1 dev lo onlink -ip route replace 95.163.248.0/22 via 127.0.0.1 dev lo onlink -ip route replace 95.163.252.0/23 via 127.0.0.1 dev lo onlink -ip route replace 95.163.254.0/23 via 127.0.0.1 dev lo onlink -ip route replace 95.163.32.0/19 via 127.0.0.1 dev lo onlink -ip route replace 95.163.32.0/22 via 127.0.0.1 dev lo onlink -ip route replace 95.163.36.0/22 via 127.0.0.1 dev lo onlink -ip route replace 95.163.40.0/21 via 127.0.0.1 dev lo onlink -ip route replace 95.163.48.0/20 via 127.0.0.1 dev lo onlink -ip route replace 95.213.0.0/17 via 127.0.0.1 dev lo onlink -ip route replace 95.213.0.0/20 via 127.0.0.1 dev lo onlink -ip route replace 95.213.16.0/21 via 127.0.0.1 dev lo onlink -ip route replace 95.213.24.0/23 via 127.0.0.1 dev lo onlink -ip route replace 95.213.26.0/24 via 127.0.0.1 dev lo onlink -ip route replace 95.213.27.0/24 via 127.0.0.1 dev lo onlink -ip route replace 95.213.28.0/24 via 127.0.0.1 dev lo onlink -ip route replace 95.213.29.0/24 via 127.0.0.1 dev lo onlink -ip route replace 95.213.30.0/24 via 127.0.0.1 dev lo onlink -ip route replace 95.213.31.0/24 via 127.0.0.1 dev lo onlink -ip route replace 95.213.32.0/24 via 127.0.0.1 dev lo onlink -ip route replace 95.213.33.0/24 via 127.0.0.1 dev lo onlink -ip route replace 95.213.34.0/23 via 127.0.0.1 dev lo onlink -ip route replace 95.213.36.0/22 via 127.0.0.1 dev lo onlink -ip route replace 95.213.40.0/21 via 127.0.0.1 dev lo onlink -ip route replace 95.213.48.0/20 via 127.0.0.1 dev lo onlink -ip route replace 95.213.64.0/18 via 127.0.0.1 dev lo onlink diff --git a/blacklists_route/blacklist-vk-v6.routes b/blacklists_route/blacklist-vk-v6.routes deleted file mode 100644 index ae3d2f7..0000000 --- a/blacklists_route/blacklist-vk-v6.routes +++ /dev/null @@ -1,9 +0,0 @@ -# Linux routes for VK networks (IPv6) -# Auto-generated by blacklists_updater_routes.sh -# Last updated: 2026-03-26 09:38:27 UTC -# -# Apply: -# sudo sh blacklist-vk-v6.routes -# - -ip -6 route replace 2a00:bdc0::/29 via ::1 dev lo diff --git a/blacklists_updater_iptables.sh b/blacklists_updater_iptables.sh index 484ecd0..c0cc346 100755 --- a/blacklists_updater_iptables.sh +++ b/blacklists_updater_iptables.sh @@ -11,7 +11,7 @@ blacklist_v6_file="${SCRIPT_DIR}/blacklists/blacklist-v6.txt" auto_all_v4_file="${SCRIPT_DIR}/auto/all-ru-ipv4.txt" auto_all_v6_file="${SCRIPT_DIR}/auto/all-ru-ipv6.txt" auto_ripe_v4_file="${SCRIPT_DIR}/auto/ripe-ru-ipv4.txt" -vk_name_pattern='VK[[:space:]-]*CLOUD|VKCOMPANY|VKONTAKTE' +vk_name_pattern='vk[[:space:]-]*cloud|vkcompany|vkontakte' # Additional VK-only text blacklists blacklist_vk_file="${SCRIPT_DIR}/blacklists/blacklist-vk.txt" @@ -32,7 +32,7 @@ mkdir -p "${iptables_output_dir}" "${SCRIPT_DIR}/blacklists" tmp_vk_file="$(mktemp "${SCRIPT_DIR}/blacklists/.blacklist-vk.XXXXXX")" for source_file in "${auto_all_v4_file}" "${auto_all_v6_file}" "${auto_ripe_v4_file}"; do [ -f "${source_file}" ] || continue - awk -v pattern="${vk_name_pattern}" 'BEGIN { IGNORECASE = 1 } $0 ~ pattern { print $1 }' "${source_file}" >> "${tmp_vk_file}" + awk -v pattern="${vk_name_pattern}" 'tolower($0) ~ pattern { print $1 }' "${source_file}" >> "${tmp_vk_file}" done sort -u "${tmp_vk_file}" > "${blacklist_vk_file}" grep ':' "${blacklist_vk_file}" | sort -u > "${blacklist_vk_v6_file}" || true diff --git a/blacklists_updater_nftables.sh b/blacklists_updater_nftables.sh index abc1160..1ca4c3d 100755 --- a/blacklists_updater_nftables.sh +++ b/blacklists_updater_nftables.sh @@ -11,7 +11,7 @@ OUTPUT_DIR="$SCRIPT_DIR/blacklists_nftables" AUTO_ALL_V4_FILE="$SCRIPT_DIR/auto/all-ru-ipv4.txt" AUTO_ALL_V6_FILE="$SCRIPT_DIR/auto/all-ru-ipv6.txt" AUTO_RIPE_V4_FILE="$SCRIPT_DIR/auto/ripe-ru-ipv4.txt" -VK_NAME_PATTERN='VK[[:space:]-]*CLOUD|VKCOMPANY|VKONTAKTE' +VK_NAME_PATTERN='vk[[:space:]-]*cloud|vkcompany|vkontakte' # Additional VK-only text blacklists VK_INPUT_FILE="$SCRIPT_DIR/blacklists/blacklist-vk.txt" @@ -27,7 +27,7 @@ echo "Generating nftables blacklists..." TMP_VK_FILE="$(mktemp "$SCRIPT_DIR/blacklists/.blacklist-vk.XXXXXX")" for source_file in "$AUTO_ALL_V4_FILE" "$AUTO_ALL_V6_FILE" "$AUTO_RIPE_V4_FILE"; do [[ -f "$source_file" ]] || continue - awk -v pattern="$VK_NAME_PATTERN" 'BEGIN { IGNORECASE = 1 } $0 ~ pattern { print $1 }' "$source_file" >> "$TMP_VK_FILE" + awk -v pattern="$VK_NAME_PATTERN" 'tolower($0) ~ pattern { print $1 }' "$source_file" >> "$TMP_VK_FILE" done sort -u "$TMP_VK_FILE" > "$VK_INPUT_FILE" grep ':' "$VK_INPUT_FILE" | sort -u > "$VK_INPUT_V6_FILE" || true diff --git a/blacklists_updater_routes.sh b/blacklists_updater_routes.sh index 3673364..b724ed8 100755 --- a/blacklists_updater_routes.sh +++ b/blacklists_updater_routes.sh @@ -8,7 +8,7 @@ SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)" AUTO_ALL_V4_FILE="${SCRIPT_DIR}/auto/all-ru-ipv4.txt" AUTO_ALL_V6_FILE="${SCRIPT_DIR}/auto/all-ru-ipv6.txt" AUTO_RIPE_V4_FILE="${SCRIPT_DIR}/auto/ripe-ru-ipv4.txt" -VK_NAME_PATTERN='VK[[:space:]-]*CLOUD|VKCOMPANY|VKONTAKTE' +VK_NAME_PATTERN='vk[[:space:]-]*cloud|vkcompany|vkontakte' # Additional VK-only text blacklists VK_INPUT_FILE="${SCRIPT_DIR}/blacklists/blacklist-vk.txt" @@ -28,7 +28,7 @@ echo "Generating VK route blacklists..." TMP_VK_FILE="$(mktemp "${SCRIPT_DIR}/blacklists/.blacklist-vk.XXXXXX")" for source_file in "${AUTO_ALL_V4_FILE}" "${AUTO_ALL_V6_FILE}" "${AUTO_RIPE_V4_FILE}"; do [ -f "${source_file}" ] || continue - awk -v pattern="${VK_NAME_PATTERN}" 'BEGIN { IGNORECASE = 1 } $0 ~ pattern { print $1 }' "${source_file}" >> "${TMP_VK_FILE}" + awk -v pattern="${VK_NAME_PATTERN}" 'tolower($0) ~ pattern { print $1 }' "${source_file}" >> "${TMP_VK_FILE}" done sort -u "${TMP_VK_FILE}" > "${VK_INPUT_FILE}" diff --git a/check_nft_blacklist.py b/check_nft_blacklist.py index 9cb5908..c005b9f 100755 --- a/check_nft_blacklist.py +++ b/check_nft_blacklist.py @@ -12,6 +12,27 @@ import re from ipaddress import ip_address, ip_network, AddressValueError from pathlib import Path +def iter_set_blocks(content): + current_name = None + current_lines = [] + brace_depth = 0 + + for line in content.splitlines(): + if current_name is None: + match = re.match(r"\s*set\s+([A-Za-z0-9_]+)\s*\{", line) + if match: + current_name = match.group(1) + current_lines = [line] + brace_depth = line.count("{") - line.count("}") + continue + + current_lines.append(line) + brace_depth += line.count("{") - line.count("}") + if brace_depth == 0: + yield current_name, "\n".join(current_lines) + current_name = None + current_lines = [] + def parse_nft_config(config_path): """Extract IPv4 and IPv6 prefixes from nftables config.""" p = Path(config_path) @@ -21,37 +42,20 @@ def parse_nft_config(config_path): content = p.read_text(encoding="utf-8") v4_prefixes = [] v6_prefixes = [] - - # Parse IPv4 set (blacklist_v4) - v4_match = re.search( - r'set blacklist_v4\s*\{[^}]*elements\s*=\s*\{([^}]+)\}', - content, - re.DOTALL - ) - if v4_match: - elements = v4_match.group(1) - # Extract all CIDR notations - for match in re.finditer(r'(\d+\.\d+\.\d+\.\d+(?:/\d+)?)', elements): - try: - v4_prefixes.append(ip_network(match.group(1), strict=False)) - except Exception as e: - print(f"Warning: Could not parse IPv4 prefix '{match.group(1)}': {e}", file=sys.stderr) - - # Parse IPv6 set (blacklist_v6) - v6_match = re.search( - r'set blacklist_v6\s*\{[^}]*elements\s*=\s*\{([^}]+)\}', - content, - re.DOTALL - ) - if v6_match: - elements = v6_match.group(1) - # Extract all IPv6 CIDR notations - for match in re.finditer(r'([0-9a-fA-F:]+(?:/\d+)?)', elements): - try: - v6_prefixes.append(ip_network(match.group(1), strict=False)) - except Exception as e: - # Skip false matches from comments or other text - pass + + for _, block in iter_set_blocks(content): + if "type ipv4_addr" in block: + for match in re.finditer(r"(\d+\.\d+\.\d+\.\d+(?:/\d+)?)", block): + try: + v4_prefixes.append(ip_network(match.group(1), strict=False)) + except Exception as e: + print(f"Warning: Could not parse IPv4 prefix '{match.group(1)}': {e}", file=sys.stderr) + elif "type ipv6_addr" in block: + for match in re.finditer(r"([0-9a-fA-F:]+(?:/\d+)?)", block): + try: + v6_prefixes.append(ip_network(match.group(1), strict=False)) + except Exception: + pass return v4_prefixes, v6_prefixes diff --git a/generate_nft_blacklist.py b/generate_nft_blacklist.py index de82f8f..3167bb7 100755 --- a/generate_nft_blacklist.py +++ b/generate_nft_blacklist.py @@ -47,9 +47,13 @@ def make_nft_config(agg_v4, agg_v6, comment=None, usage_profile="vm_input"): if usage_profile == "vk_forward": set_v4_name = "blacklist_vk_v4" set_v6_name = "blacklist_vk_v6" + rule_v4 = f'sudo nft add rule inet filter forward iifname "" ip daddr @{set_v4_name} counter reject' + rule_v6 = f'sudo nft add rule inet filter forward iifname "" ip6 daddr @{set_v6_name} counter reject' else: set_v4_name = "blacklist_v4" set_v6_name = "blacklist_v6" + rule_v4 = f"sudo nft add rule inet filter input ip saddr @{set_v4_name} counter reject" + rule_v6 = f"sudo nft add rule inet filter input ip6 saddr @{set_v6_name} counter reject" lines = [] lines.append("# Autogenerated nftables blacklist") @@ -63,13 +67,13 @@ def make_nft_config(agg_v4, agg_v6, comment=None, usage_profile="vm_input"): if usage_profile == "vk_forward": lines.append("# # VK egress blocking for VPN clients via NAT/FORWARD") lines.append("# sudo nft add chain inet filter forward '{ type filter hook forward priority 0; policy accept; }'") - lines.append(f"# sudo nft add rule inet filter forward iifname \"\" ip daddr @{set_v4_name} counter reject") - lines.append(f"# sudo nft add rule inet filter forward iifname \"\" ip6 daddr @{set_v6_name} counter reject") + lines.append(f"# {rule_v4}") + lines.append(f"# {rule_v6}") else: lines.append("# # VM protection from incoming blacklist sources") lines.append("# sudo nft add chain inet filter input '{ type filter hook input priority 0; policy accept; }'") - lines.append(f"# sudo nft add rule inet filter input ip saddr @{set_v4_name} counter reject") - lines.append(f"# sudo nft add rule inet filter input ip6 saddr @{set_v6_name} counter reject") + lines.append(f"# {rule_v4}") + lines.append(f"# {rule_v6}") lines.append("") lines.append("table inet filter {") lines.append("") @@ -82,7 +86,8 @@ def make_nft_config(agg_v4, agg_v6, comment=None, usage_profile="vm_input"): lines.append(" elements = {") for i, net in enumerate(agg_v4): comma = "," if i < len(agg_v4) - 1 else "" - lines.append(f" {net.with_prefixlen}{comma}") + rendered_net = net.with_prefixlen if hasattr(net, "with_prefixlen") else str(net) + lines.append(f" {rendered_net}{comma}") lines.append(" }") lines.append(" }") lines.append("") @@ -95,23 +100,12 @@ def make_nft_config(agg_v4, agg_v6, comment=None, usage_profile="vm_input"): lines.append(" elements = {") for i, net in enumerate(agg_v6): comma = "," if i < len(agg_v6) - 1 else "" - lines.append(f" {net.with_prefixlen}{comma}") + rendered_net = net.with_prefixlen if hasattr(net, "with_prefixlen") else str(net) + lines.append(f" {rendered_net}{comma}") lines.append(" }") lines.append(" }") lines.append("") - # Define input chain with set lookups - lines.append(" chain input {") - lines.append(" type filter hook input priority 0;") - lines.append(" policy accept;") - lines.append("") - lines.append(" ct state { established, related } accept") - lines.append("") - if agg_v4: - lines.append(f" ip saddr @{set_v4_name} counter drop") - if agg_v6: - lines.append(f" ip6 saddr @{set_v6_name} counter drop") - lines.append(" }") lines.append("}") return "\n".join(lines) @@ -168,9 +162,12 @@ def main(argv): print("Done.") print("Load with: sudo nft -f ") - print("View counters: sudo nft list chain inet filter input -a") - print("View sets: sudo nft list set inet filter blacklist_v4") - print(" sudo nft list set inet filter blacklist_v6") + if profile == "vk_forward": + print("View sets: sudo nft list set inet filter blacklist_vk_v4") + print(" sudo nft list set inet filter blacklist_vk_v6") + else: + print("View sets: sudo nft list set inet filter blacklist_v4") + print(" sudo nft list set inet filter blacklist_v6") return 0 if __name__ == "__main__": diff --git a/network_list_from_as.py b/network_list_from_as.py index 6e2efc8..8f6848e 100755 --- a/network_list_from_as.py +++ b/network_list_from_as.py @@ -1,60 +1,94 @@ #!/usr/bin/env python3 -import requests import argparse import re -from cymruwhois import Client +import sys + +import requests + from pylib.whois import whois_query +ASN_RE = re.compile(r"\bAS\d+\b", re.IGNORECASE) + def get_as_prefixes(asn): url = f"https://stat.ripe.net/data/announced-prefixes/data.json?resource={asn}" - response = requests.get(url) - if response.status_code == 200: - data = response.json() - prefixes = data['data']['prefixes'] - return [prefix['prefix'] for prefix in prefixes] - else: - return [] + response = requests.get(url, timeout=30) + response.raise_for_status() + data = response.json() + prefixes = data["data"]["prefixes"] + return [prefix["prefix"] for prefix in prefixes] def convert_to_raw_github_url(url): return url.replace("https://github.com/", "https://raw.githubusercontent.com/").replace("/blob", "") -def print_prefixes(asn): - line = re.sub(r'[^AS0-9]', '', asn) - if not args.quiet: - print(f"# Networks announced by {line}") - response = whois_query(line, "as-name", True) + +def normalize_asn(value): + match = ASN_RE.search(value) + if match: + return match.group(0).upper() + return None + + +def print_prefixes(asn, quiet=False): + normalized_asn = normalize_asn(asn) + if normalized_asn is None: + return + + if not quiet: + print(f"# Networks announced by {normalized_asn}") + response = whois_query(normalized_asn, "as-name", True) if response is not None: info = response.strip() print(f"# AS-Name (ORG): {info}") - prefixes = get_as_prefixes(line) + prefixes = get_as_prefixes(normalized_asn) for prefix in prefixes: print(prefix) -def extract_asses(asn_filename_or_url): - if asn_filename_or_url.startswith('AS'): - print_prefixes(asn_filename_or_url) + +def extract_asses(asn_filename_or_url, quiet=False): + if normalize_asn(asn_filename_or_url) and not asn_filename_or_url.startswith(("http://", "https://")): + print_prefixes(asn_filename_or_url, quiet=quiet) return None - if asn_filename_or_url.startswith('http://') or asn_filename_or_url.startswith('https://'): - if 'github.com' in asn_filename_or_url: + if asn_filename_or_url.startswith("http://") or asn_filename_or_url.startswith("https://"): + if "github.com" in asn_filename_or_url: asn_filename_or_url = convert_to_raw_github_url(asn_filename_or_url) - response = requests.get(asn_filename_or_url) - lines = response.text.split('\n') + response = requests.get(asn_filename_or_url, timeout=30) + response.raise_for_status() + lines = response.text.splitlines() else: - with open(asn_filename_or_url, 'r') as file: + with open(asn_filename_or_url, "r", encoding="utf-8") as file: lines = file.readlines() for line in lines: - if re.match(r'^AS.*', line): - print_prefixes(line) + normalized_asn = normalize_asn(line) + if normalized_asn: + print_prefixes(normalized_asn, quiet=quiet) return None -parser = argparse.ArgumentParser(description='./as_network_list.py -q AS61280') -parser.add_argument('asn_filename_or_url', help='The AS number to get networks / The file or URL to extract AS numbers from.') -parser.add_argument('-q', '--quiet', action='store_true', help='Disable all output except prefixes.') -args = parser.parse_args() -extract_asses(args.asn_filename_or_url) +def build_parser(): + parser = argparse.ArgumentParser(description="./network_list_from_as.py -q AS61280") + parser.add_argument("asn_filename_or_url", help="The AS number to get networks / The file or URL to extract AS numbers from.") + parser.add_argument("-q", "--quiet", action="store_true", help="Disable all output except prefixes.") + return parser + + +def main(argv=None): + parser = build_parser() + args = parser.parse_args(argv) + try: + extract_asses(args.asn_filename_or_url, quiet=args.quiet) + except requests.RequestException as exc: + print(f"ERROR: failed to fetch ASN data: {exc}", file=sys.stderr) + return 1 + except OSError as exc: + print(f"ERROR: failed to read input: {exc}", file=sys.stderr) + return 1 + return 0 + + +if __name__ == "__main__": + sys.exit(main()) diff --git a/network_list_from_netname.py b/network_list_from_netname.py index ba3e953..d3a6ce5 100755 --- a/network_list_from_netname.py +++ b/network_list_from_netname.py @@ -1,41 +1,72 @@ #!/usr/bin/env python3 import argparse -import requests import re -from pylib.whois import whois_query -from pylib.ip import convert_to_cidr +import sys + +import requests + +from pylib.ip import convert_to_cidr +from pylib.whois import whois_query def convert_to_raw_github_url(url): return url.replace("https://github.com/", "https://raw.githubusercontent.com/").replace("/blob", "") -def extract_netname(filename_or_url): - if filename_or_url.startswith('http://') or filename_or_url.startswith('https://'): - if 'github.com' in filename_or_url: + +def iter_netnames(lines): + for line in lines: + stripped = line.strip() + if not stripped or stripped.startswith("#"): + continue + if re.match(r"^netname:", stripped, re.IGNORECASE): + yield stripped.split(":", 1)[1].strip() + else: + yield stripped + + +def extract_netname(filename_or_url, quiet=False): + if filename_or_url.startswith("http://") or filename_or_url.startswith("https://"): + if "github.com" in filename_or_url: filename_or_url = convert_to_raw_github_url(filename_or_url) - response = requests.get(filename_or_url) - lines = response.text.split('\n') + response = requests.get(filename_or_url, timeout=30) + response.raise_for_status() + lines = response.text.splitlines() else: - with open(filename_or_url, 'r') as file: + with open(filename_or_url, "r", encoding="utf-8") as file: lines = file.readlines() - for line in lines: - if re.match(r'^netname:', line): - netname = line.split(':')[1].strip() - response = whois_query(netname, "inetnum") - if response is not None and len(response) > 0: - if not args.quiet: - print(f"# Network name: {netname}") - for cidr in response: - net = convert_to_cidr(cidr) - net = net[0] - print(net) + for netname in iter_netnames(lines): + response = whois_query(netname, "inetnum") + if response is not None and len(response) > 0: + if not quiet: + print(f"# Network name: {netname}") + for cidr in response: + for network in convert_to_cidr(cidr): + print(network) return None -parser = argparse.ArgumentParser(description='Extract netname from file.') -parser.add_argument('filename_or_url', help='The file or URL to extract netnames from.') -parser.add_argument('-q', '--quiet', action='store_true', help='Disable all output except prefixes.') -args = parser.parse_args() -extract_netname(args.filename_or_url) +def build_parser(): + parser = argparse.ArgumentParser(description="Extract netname from file.") + parser.add_argument("filename_or_url", help="The file or URL to extract netnames from.") + parser.add_argument("-q", "--quiet", action="store_true", help="Disable all output except prefixes.") + return parser + + +def main(argv=None): + parser = build_parser() + args = parser.parse_args(argv) + try: + extract_netname(args.filename_or_url, quiet=args.quiet) + except requests.RequestException as exc: + print(f"ERROR: failed to fetch netname data: {exc}", file=sys.stderr) + return 1 + except OSError as exc: + print(f"ERROR: failed to read input: {exc}", file=sys.stderr) + return 1 + return 0 + + +if __name__ == "__main__": + sys.exit(main()) diff --git a/parse_ripe_db.py b/parse_ripe_db.py index de2837a..0e7ae67 100755 --- a/parse_ripe_db.py +++ b/parse_ripe_db.py @@ -1,62 +1,84 @@ #!/usr/bin/env python3 import argparse -import re import json -from pylib.ip import convert_to_cidr +import sys + +from pylib.ip import convert_to_cidr country = "RU" + +def normalize_record(record): + if not record: + return None + if record.get("country") != country: + return None + + normalized = dict(record) + normalized["inetnum"] = convert_to_cidr(record["inetnum"]) + return normalized + + def parse(filename, output_text, output_json): - cList = [] + c_list = [] record = {} - with open(filename, 'r', encoding='latin-1') as f: + with open(filename, "r", encoding="latin-1") as f: lines = f.readlines() - f.close() + for line in lines: - if re.match(r'^inetnum:', line): - if record: - record['inetnum'] = convert_to_cidr(record['inetnum']) - if record['country'] == country: -# print(record) - cList.append(record) + if line.startswith("inetnum:"): + normalized = normalize_record(record) + if normalized is not None: + c_list.append(normalized) record = {} - record['inetnum'] = line.split('inetnum:', 1)[1].strip() - record['descr'] = '' - record['netname'] = '' - record['country'] = '' - record['org'] = '' - if re.match(r'^netname:', line): - record['netname'] = line.split('netname:', 1)[1].strip() - if re.match(r'^descr:', line): - record['descr'] = str(record['descr'].strip() + ' ' + line.split('descr:', 1)[1].strip()).strip() - if re.match(r'^mnt-by:', line): - record['netname'] = str(record['netname'].strip() + ' ' + line.split('mnt-by:', 1)[1].strip()).strip() - if re.match(r'^country:', line): - record['country'] = line.split('country:', 1)[1].strip() - if re.match(r'^org:', line): - record['org'] = line.split('org:', 1)[1].strip() - if record: - cList.append(record) + record["inetnum"] = line.split("inetnum:", 1)[1].strip() + record["descr"] = "" + record["netname"] = "" + record["country"] = "" + record["org"] = "" + if line.startswith("netname:"): + record["netname"] = line.split("netname:", 1)[1].strip() + if line.startswith("descr:"): + record["descr"] = str(record["descr"].strip() + " " + line.split("descr:", 1)[1].strip()).strip() + if line.startswith("mnt-by:"): + record["netname"] = str(record["netname"].strip() + " " + line.split("mnt-by:", 1)[1].strip()).strip() + if line.startswith("country:"): + record["country"] = line.split("country:", 1)[1].strip() + if line.startswith("org:"): + record["org"] = line.split("org:", 1)[1].strip() - with open(output_json, 'w') as f: - json.dump(cList, f, indent=4) - f.close() + normalized = normalize_record(record) + if normalized is not None: + c_list.append(normalized) - with open(output_text, 'w') as f: - for record in cList: - for net in record['inetnum']: - f.write(net + ' ' + record['netname'] + ' (' + record['org'] + ') [' + record['descr'] + ']\n') - f.close() + with open(output_json, "w", encoding="utf-8") as f: + json.dump(c_list, f, indent=4) -parser = argparse.ArgumentParser(description='Parse RIPE DB for getting a list of RU networks.') -parser.add_argument('filename', help='ripe.db.inetnum file to parse.') -parser.add_argument('output_text', help='write text db to...') -parser.add_argument('output_json', help='write json do to...') -args = parser.parse_args() + with open(output_text, "w", encoding="utf-8") as f: + for item in c_list: + for net in item["inetnum"]: + f.write(net + " " + item["netname"] + " (" + item["org"] + ") [" + item["descr"] + "]\n") -if not (args.filename): - parser.print_help() - exit() -parse(args.filename, args.output_text, args.output_json) +def build_parser(): + parser = argparse.ArgumentParser(description="Parse RIPE DB for getting a list of RU networks.") + parser.add_argument("filename", help="ripe.db.inetnum file to parse.") + parser.add_argument("output_text", help="write text db to...") + parser.add_argument("output_json", help="write json db to...") + return parser + + +def main(argv=None): + parser = build_parser() + args = parser.parse_args(argv) + try: + parse(args.filename, args.output_text, args.output_json) + except OSError as exc: + print(f"ERROR: {exc}", file=sys.stderr) + return 1 + return 0 + + +if __name__ == "__main__": + sys.exit(main()) diff --git a/tests/test_check_nft_blacklist.py b/tests/test_check_nft_blacklist.py new file mode 100644 index 0000000..da17d63 --- /dev/null +++ b/tests/test_check_nft_blacklist.py @@ -0,0 +1,26 @@ +import tempfile +import unittest +from pathlib import Path + +from check_nft_blacklist import check_ip_in_blacklist, parse_nft_config +from generate_nft_blacklist import make_nft_config + + +class CheckNftBlacklistTests(unittest.TestCase): + def test_vk_sets_are_parsed(self): + config = make_nft_config(["87.240.128.0/18"], [], usage_profile="vk_forward") + + with tempfile.TemporaryDirectory() as tmpdir: + config_path = Path(tmpdir) / "blacklist-vk-v4.nft" + config_path.write_text(config, encoding="utf-8") + + v4_prefixes, v6_prefixes = parse_nft_config(config_path) + blocked, prefix = check_ip_in_blacklist("87.240.128.1", v4_prefixes, v6_prefixes) + + self.assertEqual(len(v4_prefixes), 1) + self.assertTrue(blocked) + self.assertEqual(str(prefix), "87.240.128.0/18") + + +if __name__ == "__main__": + unittest.main() diff --git a/tests/test_generate_nft_blacklist.py b/tests/test_generate_nft_blacklist.py new file mode 100644 index 0000000..88939b8 --- /dev/null +++ b/tests/test_generate_nft_blacklist.py @@ -0,0 +1,25 @@ +import unittest + +from generate_nft_blacklist import make_nft_config + + +class GenerateNftBlacklistTests(unittest.TestCase): + def test_general_profile_generates_plain_sets_only(self): + config = make_nft_config(["10.0.0.0/24"], [], usage_profile="vm_input") + + self.assertIn("set blacklist_v4", config) + self.assertNotIn("chain input", config) + self.assertIn("ip saddr @blacklist_v4", config) + + def test_vk_profile_uses_vk_set_names_and_forward_example(self): + config = make_nft_config(["10.0.0.0/24"], ["2001:db8::/32"], usage_profile="vk_forward") + + self.assertIn("set blacklist_vk_v4", config) + self.assertIn("set blacklist_vk_v6", config) + self.assertNotIn("chain forward", config) + self.assertIn("ip daddr @blacklist_vk_v4", config) + self.assertIn("ip6 daddr @blacklist_vk_v6", config) + + +if __name__ == "__main__": + unittest.main() diff --git a/tests/test_parse_ripe_db.py b/tests/test_parse_ripe_db.py new file mode 100644 index 0000000..a287c67 --- /dev/null +++ b/tests/test_parse_ripe_db.py @@ -0,0 +1,41 @@ +import json +import tempfile +import unittest +from pathlib import Path + +from parse_ripe_db import parse + + +class ParseRipeDbTests(unittest.TestCase): + def test_skips_non_ru_last_record_and_normalizes_last_ru_record(self): + sample = """\ +inetnum: 10.0.0.0 - 10.0.0.255 +netname: TEST1 +country: RU +org: ORG-1 +descr: desc1 +inetnum: 20.0.0.0 - 20.0.0.255 +netname: TEST2 +country: US +org: ORG-2 +""" + + with tempfile.TemporaryDirectory() as tmpdir: + source = Path(tmpdir) / "ripe.db.inetnum" + output_text = Path(tmpdir) / "out.txt" + output_json = Path(tmpdir) / "out.json" + source.write_text(sample, encoding="latin-1") + + parse(str(source), str(output_text), str(output_json)) + + payload = json.loads(output_json.read_text(encoding="utf-8")) + self.assertEqual(len(payload), 1) + self.assertEqual(payload[0]["inetnum"], ["10.0.0.0/24"]) + self.assertEqual(payload[0]["country"], "RU") + + text_lines = output_text.read_text(encoding="utf-8").splitlines() + self.assertEqual(text_lines, ["10.0.0.0/24 TEST1 (ORG-1) [desc1]"]) + + +if __name__ == "__main__": + unittest.main()