yanistyle/AS_Network_List
1
0
Fork 0
mirror of https://github.com/C24Be/AS_Network_List.git synced 2026-03-25 19:09:48 +03:00
Code Issues Packages Projects Releases Wiki Activity

Block VK / usage

Browse Source
This commit is contained in:
C24Be
2026-03-24 19:06:26 +01:00
parent b98e6d008c
commit d7e0f9c7b7
2 changed files with 20 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
blacklists_updater_iptables.sh
View File

@@ -140,6 +140,10 @@ cat > "${iptables_vk_output_file}" << EOF
# ip6tables -I INPUT -m set --match-set blacklist-vk-v6 src -m conntrack --ctstate NEW -j DROP # ip6tables -I INPUT -m set --match-set blacklist-vk-v6 src -m conntrack --ctstate NEW -j DROP
# ip6tables -I FORWARD -m set --match-set blacklist-vk-v6 src -m conntrack --ctstate NEW -j DROP # ip6tables -I FORWARD -m set --match-set blacklist-vk-v6 src -m conntrack --ctstate NEW -j DROP
# #
# 2a. Block outgoing traffic to VK destination networks:
# iptables -I OUTPUT -m set --match-set blacklist-vk-v4 dst -m conntrack --ctstate NEW -j REJECT
# ip6tables -I OUTPUT -m set --match-set blacklist-vk-v6 dst -m conntrack --ctstate NEW -j REJECT
#
# 3. To flush/delete the sets: # 3. To flush/delete the sets:
# ipset flush blacklist-vk-v4 && ipset destroy blacklist-vk-v4 # ipset flush blacklist-vk-v4 && ipset destroy blacklist-vk-v4
# ipset flush blacklist-vk-v6 && ipset destroy blacklist-vk-v6 # ipset flush blacklist-vk-v6 && ipset destroy blacklist-vk-v6
@@ -153,3 +157,11 @@ tail -n +2 "${iptables_vk_v6_output_file}" | grep -E "^(create|add)" >> "${iptab
echo "✓ Generated (VK names, mixed IPv4/IPv6): ${iptables_vk_output_file}" echo "✓ Generated (VK names, mixed IPv4/IPv6): ${iptables_vk_output_file}"
echo " Total entries: $(wc -l < "${blacklist_vk_file}" | tr -d ' ')" echo " Total entries: $(wc -l < "${blacklist_vk_file}" | tr -d ' ')"
echo ""
echo "VK outgoing block examples (iptables/ipset):"
echo " ipset restore < ${iptables_vk_output_file}"
echo " iptables -I OUTPUT -m set --match-set blacklist-vk-v4 dst -m conntrack --ctstate NEW -j REJECT"
echo " ip6tables -I OUTPUT -m set --match-set blacklist-vk-v6 dst -m conntrack --ctstate NEW -j REJECT"
echo ""
echo "Tip: Do not install Messenger MAX on the same phone/device that has VPN access configured."

8
blacklists_updater_nftables.sh
View File

@@ -68,3 +68,11 @@ python3 "$SCRIPT_DIR/generate_nft_blacklist.py" \
rm -f "$TMP_V4_FILE" "$TMP_V6_FILE" rm -f "$TMP_V4_FILE" "$TMP_V6_FILE"
echo "nftables blacklists generated successfully!" echo "nftables blacklists generated successfully!"
echo ""
echo "VK outgoing block examples (nftables):"
echo " sudo nft -f $OUTPUT_DIR/blacklist-vk.nft"
echo " sudo nft add chain inet filter output '{ type filter hook output priority 0; policy accept; }'"
echo " sudo nft add rule inet filter output ip daddr @blacklist_v4 counter reject"
echo " sudo nft add rule inet filter output ip6 daddr @blacklist_v6 counter reject"
echo ""
echo "Tip: Do not install Messenger MAX on the same phone/device that has VPN access configured."