Update 2026.04.01 01:17:26

* Update 2026.03.01 01:07:56

* Update 2026.03.01 04:25:44

* Update 2026.03.01 06:01:46

* Update 2026.03.01 06:15:37

* Update 2026.03.01 06:23:34

* Update 2026.03.01 07:44:01

* Update 2026.03.01 08:02:08

* Update 2026.03.01 08:06:50

---------

Co-authored-by: C24Be <C24Be@github.com>

.github/actions/gitPush/action.yaml

@@ -10,7 +10,7 @@ runs:
           git config --global user.email "${{ env.REPO_OWNER }}@github.com"
           if [ -n "${{ env.CUSTOM_BRANCH }}" ]; then
               git checkout "${daily_branch}" 2>/dev/null || git checkout -b "${daily_branch}"
-              git push --set origin "${daily_branch}"
+              git push --set-upstream origin "${daily_branch}"
           fi
           git add ${{ env.PUSH_FILES }}
           git diff --staged --quiet || CHANGED=true

.github/actions/gitReset/action.yaml

@@ -8,9 +8,9 @@ runs:
           if [ -n "${{ env.CUSTOM_BRANCH }}" ]; then
               git reset --hard
               git clean -fdx
-              git checkout "${daily_branch}"
-              git pull origin "${daily_branch}"
-              git push --set origin "${daily_branch}"
+              git checkout "${daily_branch}" 2>/dev/null || git checkout -b "${daily_branch}"
+              git pull origin "${daily_branch}" || true
+              git push --set-upstream origin "${daily_branch}"
           fi
           git reset --hard
           git clean -fdx

.github/workflows/resolve_networks.yml

@@ -26,7 +26,7 @@ jobs:
         with:
           fetch-depth: 0                         # this is required to fetch all history for all branches and tags
           token: ${{ env.GH_PAT }}
-          ref: ${{ github.branch }}
+          ref: ${{ github.ref_name }}
       - uses: ./.github/actions/gitReset
         env:
           CUSTOM_BRANCH: true
@@ -53,7 +53,7 @@ jobs:
         with:
           fetch-depth: 0                         # this is required to fetch all history for all branches and tags
           token: ${{ env.GH_PAT }}
-          ref: ${{ github.branch }}
+          ref: ${{ github.ref_name }}
       - uses: ./.github/actions/gitReset
         env:
           CUSTOM_BRANCH: true
@@ -80,7 +80,7 @@ jobs:
         with:
           fetch-depth: 0                         # this is required to fetch all history for all branches and tags
           token: ${{ env.GH_PAT }}
-          ref: ${{ github.branch }}
+          ref: ${{ github.ref_name }}
       - uses: ./.github/actions/gitReset
         env:
           CUSTOM_BRANCH: true

.github/workflows/update_blacklists.yml

@@ -33,6 +33,7 @@ jobs:
       - run: ./blacklists_updater_nginx.sh
       - run: ./blacklists_updater_iptables.sh
       - run: ./blacklists_updater_nftables.sh
+      - run: ./blacklists_updater_routes.sh
       - uses: ./.github/actions/gitPush
         env:
-          PUSH_FILES: blacklists/ blacklists_nginx/ blacklists_iptables/ blacklists_nftables/
+          PUSH_FILES: blacklists/ blacklists_nginx/ blacklists_iptables/ blacklists_nftables/ blacklists_route/

README.md

@@ -2,14 +2,22 @@
 
 ### Blacklists are updated daily!
 
+> [!IMPORTANT]
+> A very important feature has been added: dedicated lists of VK Cloud / VK networks that can be used to block **OUTGOING** traffic from your server (iptables/ipset and nftables formats are available).
+> This can help reduce the risk of Messenger MAX being used to compromise your VPN server.
+> The best security option is to avoid installing Messenger MAX at all on a phone where VPN access is configured.
+
 This repository contains Python scripts that allow you to retrieve network lists based on either an Autonomous System (AS) name or a Network name. Also you can download and parse the whole RIPE database to get information about Networks for the further analysis.
 
+## Important Links
+
 **Ready-to-use blacklists in multiple formats:**
 
 - [Text blacklists in `blacklists/`](https://github.com/C24Be/AS_Network_List/tree/main/blacklists) - Plain text format with IPv4/IPv6 separation
 - [Nginx configurations in `blacklists_nginx/`](https://github.com/C24Be/AS_Network_List/tree/main/blacklists_nginx) - Ready to include in your nginx config
 - [IPTables/IPSet files in `blacklists_iptables/`](https://github.com/C24Be/AS_Network_List/tree/main/blacklists_iptables) - Optimized for iptables with ipset
-- [Other network and ASN lists in `auto/`](https://github.com/C24Be/AS_Network_List/tree/main/auto) - Comprehensive Russian network data
+- [nftables files in `blacklists_nftables/`](https://github.com/C24Be/AS_Network_List/tree/main/blacklists_nftables) - Ready-to-load sets and rules for nftables
+- [Linux route files in `blacklists_route/`](https://github.com/C24Be/AS_Network_List/tree/main/blacklists_route) - VK route blackholes to loopback (IPv4/IPv6)
 
 ## Files and features
 
@@ -28,6 +36,8 @@ This repository contains Python scripts that allow you to retrieve network lists
 - `blacklists_updater_txt.sh`: Generates text-based blacklists with IPv4/IPv6 separation
 - `blacklists_updater_nginx.sh`: Generates nginx configuration files with deny directives
 - `blacklists_updater_iptables.sh`: Generates ipset configuration files for iptables/ip6tables
+- `blacklists_updater_nftables.sh`: Generates nftables blacklist files (mixed/v4/v6 and VK-specific)
+- `blacklists_updater_routes.sh`: Generates Linux route files to send VK networks to loopback (`127.0.0.1` / `::1`)
 
 ### Generated Blacklists
 
@@ -47,25 +57,34 @@ This repository contains Python scripts that allow you to retrieve network lists
 
 **IPTables/IPSet Format** (`blacklists_iptables/` folder):
 
-- `blacklist.ipset`: IPSet configuration for mixed IPv4/IPv6 (**daily generated**)
 - `blacklist-v4.ipset`: IPSet configuration for IPv4 only (**daily generated**)
 - `blacklist-v6.ipset`: IPSet configuration for IPv6 only (**daily generated**)
+- `blacklist-vk-v4.ipset`: IPSet configuration for VK-only IPv4 networks (**daily generated**)
+- `blacklist-vk-v6.ipset`: IPSet configuration for VK-only IPv6 networks (**daily generated**)
 - `README.md`: Complete usage documentation for iptables integration
 
 **nftables Format** (`blacklists_nftables/` folder):
 
-* `blacklist.nft`: nftables configuration for mixed IPv4/IPv6 (**daily generated**)
+* `blacklist.nft`: nftables set definitions for mixed IPv4/IPv6 (**daily generated**)
 * `blacklist-v4.nft`: nftables configuration for IPv4 only (**daily generated**)
 * `blacklist-v6.nft`: nftables configuration for IPv6 only (**daily generated**)
+* `blacklist-vk.nft`: nftables set definitions for VK-only mixed IPv4/IPv6 (**daily generated**)
+* `blacklist-vk-v4.nft`: nftables configuration for VK-only IPv4 networks (**daily generated**)
+* `blacklist-vk-v6.nft`: nftables configuration for VK-only IPv6 networks (**daily generated**)
 * `README.md`: Complete usage documentation for nftables integration
 
+**Linux Routes Format** (`blacklists_route/` folder):
+
+* `blacklist-vk-v4.routes`: IPv4 routes for VK-only networks to `127.0.0.1` via `lo` (**daily generated**)
+* `blacklist-vk-v6.routes`: IPv6 routes for VK-only networks to `::1` via `lo` (**daily generated**)
+
 
 ### Reference Lists
 
 **Contributors are welcome!**
 
 - `lists/ru-gov-netnames.txt`: A list of network names associated with the Russian government.
-- `lists/ru-gov-asns.txt`: A list of AS numbers associated with the Russian government.
+- ASN candidates used for blacklists are derived automatically from `auto/all-ru-asn.txt`.
 
 ### Auto-Generated Data
 
@@ -93,22 +112,55 @@ wget https://raw.githubusercontent.com/C24Be/AS_Network_List/main/blacklists_ngi
 **For IPTables/IPSet:**
 
 ```bash
-# Download and load into ipset
-wget https://raw.githubusercontent.com/C24Be/AS_Network_List/main/blacklists_iptables/blacklist.ipset
-ipset restore < blacklist.ipset
-iptables -I INPUT -m set --match-set blacklist-v4 src -j DROP
-ip6tables -I INPUT -m set --match-set blacklist-v6 src -j DROP
+# Download and load IPv4/IPv6 sets into ipset
+wget https://raw.githubusercontent.com/C24Be/AS_Network_List/main/blacklists_iptables/blacklist-v4.ipset
+wget https://raw.githubusercontent.com/C24Be/AS_Network_List/main/blacklists_iptables/blacklist-v6.ipset
+ipset restore < blacklist-v4.ipset
+ipset restore < blacklist-v6.ipset
+iptables -I INPUT -m set --match-set blacklist-v4 src -m conntrack --ctstate NEW -j DROP
+ip6tables -I INPUT -m set --match-set blacklist-v6 src -m conntrack --ctstate NEW -j DROP
 ```
 
 **For nftables:**
 ````bash
-# Download and load into nftables
+# Download and load nftables sets
 wget https://raw.githubusercontent.com/C24Be/AS_Network_List/main/blacklists_nftables/blacklist.nft
+wget https://raw.githubusercontent.com/C24Be/AS_Network_List/main/blacklists_nftables/blacklist-v4.nft
+wget https://raw.githubusercontent.com/C24Be/AS_Network_List/main/blacklists_nftables/blacklist-v6.nft
 sudo nft -f blacklist.nft
+sudo nft -f blacklist-v4.nft
+sudo nft -f blacklist-v6.nft
+
+# Protect VM from incoming blacklist sources
+sudo nft add chain inet filter input '{ type filter hook input priority 0; policy accept; }'
+sudo nft add rule inet filter input ip saddr @blacklist_v4 counter reject
+sudo nft add rule inet filter input ip6 saddr @blacklist_v6 counter reject
+
+# VK-only outbound blocking for VPN clients via NAT/FORWARD
+wget https://raw.githubusercontent.com/C24Be/AS_Network_List/main/blacklists_nftables/blacklist-vk.nft
+wget https://raw.githubusercontent.com/C24Be/AS_Network_List/main/blacklists_nftables/blacklist-vk-v4.nft
+wget https://raw.githubusercontent.com/C24Be/AS_Network_List/main/blacklists_nftables/blacklist-vk-v6.nft
+sudo nft -f blacklist-vk.nft
+sudo nft -f blacklist-vk-v4.nft
+sudo nft -f blacklist-vk-v6.nft
+sudo nft add chain inet filter forward '{ type filter hook forward priority 0; policy accept; }'
+sudo nft add rule inet filter forward iifname "<VPN_IFACE>" ip daddr @blacklist_vk_v4 counter reject
+sudo nft add rule inet filter forward iifname "<VPN_IFACE>" ip6 daddr @blacklist_vk_v6 counter reject
+
 # View the loaded rules
 sudo nft list ruleset
 ````
 
+**For Linux Routes (VK loopback blackhole):**
+
+```bash
+# Download and apply VK route files
+wget https://raw.githubusercontent.com/C24Be/AS_Network_List/main/blacklists_route/blacklist-vk-v4.routes
+wget https://raw.githubusercontent.com/C24Be/AS_Network_List/main/blacklists_route/blacklist-vk-v6.routes
+sudo sh blacklist-vk-v4.routes
+sudo sh blacklist-vk-v6.routes
+```
+
 **For Custom Applications:**
 
 ```bash
@@ -158,16 +210,16 @@ See the README files in each folder for detailed usage instructions.
     ./network_list_from_as.py AS61280
     ```
 
-2. Run the script with a URL to a file in a GitHub repository as an argument:
+2. Run the script with a URL to a file with one ASN per line:
 
     ```bash
-    ./network_list_from_as.py https://github.com/C24Be/AS_Network_List/blob/main/lists/ru-gov-asns.txt
+    ./network_list_from_as.py https://example.com/asns.txt
     ```
 
     Or better use the raw file link:
 
     ```bash
-    ./network_list_from_as.py https://raw.githubusercontent.com/C24Be/AS_Network_List/main/lists/ru-gov-asns.txt
+    ./network_list_from_as.py https://example.com/asns-raw.txt
     ```
 
 3. To display a help message, use the `-h` or `--help` switch:
@@ -232,16 +284,6 @@ This repository uses GitHub Actions to automatically update blacklists:
 
 All blacklists are automatically regenerated and committed to ensure you always have the latest data.
 
-## Blacklist Format Comparison
-
-| Format | Best For | Performance | Ease of Use | File Size |
-|--------|----------|-------------|-------------|-----------|
-| **Text** | Custom scripts, analysis | N/A | ⭐⭐⭐⭐⭐ | Small |
-| **Nginx** | Web servers, reverse proxies | Good | ⭐⭐⭐⭐ | Medium |
-| **IPSet** | Firewalls, large-scale blocking | Excellent | ⭐⭐⭐ | Medium |
-
-**Recommendation**: Use IPSet for firewall-level blocking (best performance), Nginx for web application layer, and text format for custom integrations.
-
 ## Additional information
 
 - [RIPE DB Inetnum](https://ftp.ripe.net/ripe/dbase/split/ripe.db.inetnum.gz)

blacklists/blacklist-v4.txt

@@ -41,8 +41,10 @@
 146.185.242.0/23
 149.62.55.240/30
 155.212.192.0/20
+161.104.104.0/21
 176.109.0.0/21
 176.112.168.0/21
+176.116.112.0/22
 176.116.96.0/20
 178.16.156.148/30
 178.17.176.0/23
@@ -117,7 +119,6 @@
 185.149.161.0/24
 185.149.162.0/24
 185.149.163.0/24
-185.16.10.0/23
 185.16.148.0/22
 185.16.148.0/23
 185.16.150.0/23
@@ -126,7 +127,6 @@
 185.16.246.0/23
 185.16.246.0/24
 185.16.247.0/24
-185.16.8.0/23
 185.168.60.0/24
 185.168.61.0/24
 185.168.62.0/24
@@ -226,7 +226,6 @@
 195.144.232.144/30
 195.144.240.128/28
 195.149.110.0/24
-195.151.25.48/29
 195.16.55.224/27
 195.162.36.64/28
 195.170.218.24/29
@@ -455,7 +454,9 @@
 217.106.203.88/29
 217.106.93.192/26
 217.106.95.112/28
+217.107.0.0/18
 217.107.200.0/21
+217.107.208.0/20
 217.107.5.112/29
 217.107.5.16/29
 217.107.5.24/29
@@ -471,6 +472,7 @@
 217.16.16.0/21
 217.16.24.0/21
 217.172.18.0/23
+217.172.20.0/22
 217.174.188.0/22
 217.174.188.0/23
 217.195.92.16/28
@@ -486,7 +488,10 @@
 217.20.158.0/24
 217.20.159.0/24
 217.20.86.128/26
+217.20.86.192/27
+217.20.86.224/29
 217.20.86.232/29
+217.20.86.240/28
 217.23.88.168/29
 217.23.88.248/29
 217.27.142.176/30
@@ -520,6 +525,7 @@
 46.20.70.160/28
 46.228.0.232/29
 46.29.152.0/22
+46.29.156.0/23
 46.46.142.160/28
 46.46.148.40/29
 46.47.197.128/30
@@ -562,31 +568,20 @@
 5.61.239.64/26
 62.105.158.200/29
 62.112.110.64/28
-62.118.0.208/28
 62.118.101.184/29
 62.118.113.232/29
 62.118.125.188/30
 62.118.127.240/28
-62.118.15.16/28
-62.118.17.152/29
-62.118.19.112/30
-62.118.19.40/30
 62.118.193.8/29
 62.118.205.68/30
 62.118.208.100/30
 62.118.209.192/30
-62.118.21.160/29
 62.118.216.60/30
 62.118.219.184/30
 62.118.230.4/30
 62.118.233.224/29
 62.118.234.64/29
 62.118.239.128/29
-62.118.25.112/28
-62.118.37.168/30
-62.118.37.180/30
-62.118.37.4/30
-62.118.38.212/30
 62.141.125.0/25
 62.217.160.0/20
 62.217.160.0/21
@@ -595,7 +590,6 @@
 62.33.199.80/29
 62.33.34.16/28
 62.33.87.128/28
-62.33.87.152/29
 62.5.130.104/29
 62.5.132.224/29
 62.5.189.80/29
@@ -634,7 +628,6 @@
 78.37.84.120/29
 78.37.97.88/29
 79.133.74.160/30
-79.133.74.168/30
 79.133.75.176/30
 79.133.75.44/30
 79.137.132.0/24
@@ -706,6 +699,7 @@
 81.195.151.172/30
 81.195.155.0/30
 81.195.161.12/30
+81.195.164.0/24
 81.195.165.64/28
 81.195.168.24/30
 81.195.177.160/30
@@ -817,6 +811,7 @@
 85.141.60.96/28
 85.141.61.160/28
 85.143.125.0/24
+85.146.204.44/30
 85.192.32.0/22
 85.192.32.0/23
 85.192.34.0/23
@@ -985,7 +980,6 @@
 90.156.216.0/23
 90.156.218.0/23
 90.156.232.0/21
-90.156.248.0/22
 91.103.194.184/29
 91.135.212.0/22
 91.135.216.0/21
@@ -1009,6 +1003,7 @@
 91.237.76.0/24
 92.101.253.152/29
 92.101.253.96/29
+92.38.217.0/24
 92.39.106.168/30
 92.39.106.20/30
 92.39.111.84/30
@@ -1107,6 +1102,7 @@
 95.167.5.80/28
 95.167.54.76/30
 95.167.59.244/30
+95.167.59.248/30
 95.167.64.20/30
 95.167.68.216/29
 95.167.69.116/30

blacklists/blacklist-vk-v4.txt

@@ -0,0 +1,267 @@
+109.120.180.0/22
+109.120.180.0/23
+109.120.182.0/23
+109.120.188.0/22
+109.120.188.0/23
+109.120.190.0/23
+128.140.168.0/21
+128.140.168.0/23
+128.140.170.0/24
+128.140.171.0/24
+128.140.172.0/22
+130.49.224.0/19
+146.185.208.0/22
+146.185.208.0/23
+146.185.210.0/23
+146.185.240.0/22
+146.185.240.0/23
+146.185.242.0/23
+155.212.192.0/20
+161.104.104.0/21
+176.112.168.0/21
+178.22.88.0/21
+178.22.89.64/26
+178.22.94.0/23
+178.237.16.0/20
+178.237.16.0/21
+178.237.24.0/22
+178.237.30.0/23
+185.100.104.0/22
+185.100.104.0/23
+185.100.106.0/23
+185.130.112.0/22
+185.130.112.0/23
+185.130.114.0/23
+185.131.68.0/22
+185.16.148.0/22
+185.16.148.0/23
+185.16.150.0/23
+185.16.244.0/22
+185.16.244.0/23
+185.16.246.0/23
+185.180.200.0/22
+185.187.63.0/24
+185.187.63.0/25
+185.187.63.128/25
+185.226.52.0/22
+185.226.52.0/23
+185.226.54.0/23
+185.241.192.0/22
+185.241.192.0/23
+185.241.194.0/23
+185.29.128.0/22
+185.29.130.0/24
+185.32.248.0/22
+185.32.248.0/23
+185.32.250.0/23
+185.5.136.0/22
+185.5.136.0/23
+185.5.138.0/23
+185.6.244.0/22
+185.6.244.0/23
+185.6.246.0/23
+185.86.144.0/22
+185.86.144.0/23
+185.86.146.0/23
+188.93.56.0/21
+188.93.56.0/24
+188.93.57.0/24
+188.93.58.0/24
+188.93.60.0/24
+188.93.61.0/24
+188.93.62.0/24
+193.203.40.0/22
+194.84.16.12/30
+195.211.20.0/22
+195.211.22.0/24
+195.211.23.0/24
+212.111.84.0/22
+212.233.120.0/22
+212.233.72.0/21
+212.233.88.0/21
+212.233.96.0/22
+213.219.212.0/22
+213.219.212.0/23
+213.219.214.0/23
+217.16.16.0/20
+217.16.16.0/21
+217.16.24.0/21
+217.174.188.0/23
+217.20.144.0/20
+217.20.144.0/22
+217.20.148.0/24
+217.20.149.0/24
+217.20.150.0/23
+217.20.152.0/22
+217.20.156.0/23
+217.20.158.0/24
+217.20.159.0/24
+217.69.128.0/20
+217.69.128.0/21
+217.69.136.0/21
+37.139.32.0/22
+37.139.32.0/23
+37.139.34.0/23
+37.139.40.0/22
+37.139.40.0/23
+37.139.42.0/23
+45.136.20.0/22
+45.136.20.0/23
+45.136.22.0/23
+45.84.128.0/22
+45.84.128.0/23
+45.84.130.0/23
+5.101.40.0/22
+5.101.40.0/23
+5.101.42.0/23
+5.181.60.0/22
+5.181.60.0/24
+5.181.61.0/24
+5.181.62.0/23
+5.188.140.0/22
+5.188.140.0/23
+5.188.142.0/23
+5.61.16.0/21
+5.61.16.0/22
+5.61.20.0/22
+5.61.232.0/21
+5.61.232.0/22
+5.61.236.0/23
+5.61.238.0/24
+5.61.239.0/27
+5.61.239.128/25
+5.61.239.40/29
+5.61.239.48/28
+5.61.239.64/26
+62.217.160.0/20
+62.217.160.0/21
+62.217.168.0/21
+79.137.132.0/24
+79.137.132.0/25
+79.137.132.128/25
+79.137.139.0/24
+79.137.139.0/25
+79.137.139.128/25
+79.137.157.0/25
+79.137.157.128/25
+79.137.164.0/24
+79.137.164.0/25
+79.137.164.128/25
+79.137.167.0/24
+79.137.167.0/25
+79.137.167.128/25
+79.137.174.0/23
+79.137.174.0/24
+79.137.175.0/24
+79.137.180.0/24
+79.137.180.0/25
+79.137.180.128/25
+79.137.240.0/21
+79.137.240.0/22
+79.137.244.0/22
+83.166.232.0/21
+83.166.232.0/22
+83.166.236.0/22
+83.166.248.0/21
+83.166.248.0/22
+83.166.252.0/22
+83.217.216.0/22
+83.217.216.0/23
+83.217.218.0/23
+83.222.28.0/22
+84.23.52.0/22
+84.23.52.0/23
+84.23.54.0/23
+85.114.31.108/30
+85.192.32.0/22
+85.192.32.0/23
+85.192.34.0/23
+85.198.106.0/24
+85.198.107.0/24
+87.239.104.0/21
+87.239.104.0/22
+87.239.108.0/22
+87.240.128.0/18
+87.240.128.0/19
+87.240.160.0/19
+87.242.112.0/22
+89.208.196.0/22
+89.208.196.0/23
+89.208.198.0/23
+89.208.208.0/22
+89.208.208.0/23
+89.208.210.0/23
+89.208.216.0/21
+89.208.216.0/23
+89.208.218.0/23
+89.208.220.0/22
+89.208.228.0/22
+89.208.228.0/23
+89.208.230.0/23
+89.208.84.0/22
+89.208.84.0/23
+89.208.86.0/23
+89.221.228.0/22
+89.221.232.0/21
+90.156.148.0/22
+90.156.148.0/23
+90.156.150.0/23
+90.156.212.0/22
+90.156.212.0/23
+90.156.214.0/23
+90.156.216.0/22
+90.156.216.0/23
+90.156.218.0/23
+90.156.232.0/21
+91.219.224.0/22
+91.231.132.0/22
+91.237.76.0/24
+93.153.255.84/30
+93.186.224.0/20
+93.186.224.0/21
+93.186.232.0/21
+94.100.176.0/20
+94.100.176.0/21
+94.100.184.0/21
+94.139.244.0/22
+94.139.244.0/23
+94.139.246.0/23
+95.142.192.0/20
+95.142.192.0/21
+95.142.200.0/21
+95.163.180.0/22
+95.163.180.0/23
+95.163.182.0/23
+95.163.208.0/21
+95.163.208.0/23
+95.163.210.0/23
+95.163.212.0/22
+95.163.216.0/22
+95.163.216.0/23
+95.163.218.0/23
+95.163.248.0/21
+95.163.248.0/22
+95.163.252.0/23
+95.163.254.0/23
+95.163.32.0/19
+95.163.32.0/22
+95.163.36.0/22
+95.163.40.0/21
+95.163.48.0/20
+95.213.0.0/17
+95.213.0.0/20
+95.213.16.0/21
+95.213.24.0/23
+95.213.26.0/24
+95.213.27.0/24
+95.213.28.0/24
+95.213.29.0/24
+95.213.30.0/24
+95.213.31.0/24
+95.213.32.0/24
+95.213.33.0/24
+95.213.34.0/23
+95.213.36.0/22
+95.213.40.0/21
+95.213.48.0/20
+95.213.64.0/18

blacklists/blacklist-vk-v6.txt

@@ -0,0 +1 @@
+2a00:bdc0::/29

blacklists/blacklist-vk.txt

@@ -0,0 +1,268 @@
+109.120.180.0/22
+109.120.180.0/23
+109.120.182.0/23
+109.120.188.0/22
+109.120.188.0/23
+109.120.190.0/23
+128.140.168.0/21
+128.140.168.0/23
+128.140.170.0/24
+128.140.171.0/24
+128.140.172.0/22
+130.49.224.0/19
+146.185.208.0/22
+146.185.208.0/23
+146.185.210.0/23
+146.185.240.0/22
+146.185.240.0/23
+146.185.242.0/23
+155.212.192.0/20
+161.104.104.0/21
+176.112.168.0/21
+178.22.88.0/21
+178.22.89.64/26
+178.22.94.0/23
+178.237.16.0/20
+178.237.16.0/21
+178.237.24.0/22
+178.237.30.0/23
+185.100.104.0/22
+185.100.104.0/23
+185.100.106.0/23
+185.130.112.0/22
+185.130.112.0/23
+185.130.114.0/23
+185.131.68.0/22
+185.16.148.0/22
+185.16.148.0/23
+185.16.150.0/23
+185.16.244.0/22
+185.16.244.0/23
+185.16.246.0/23
+185.180.200.0/22
+185.187.63.0/24
+185.187.63.0/25
+185.187.63.128/25
+185.226.52.0/22
+185.226.52.0/23
+185.226.54.0/23
+185.241.192.0/22
+185.241.192.0/23
+185.241.194.0/23
+185.29.128.0/22
+185.29.130.0/24
+185.32.248.0/22
+185.32.248.0/23
+185.32.250.0/23
+185.5.136.0/22
+185.5.136.0/23
+185.5.138.0/23
+185.6.244.0/22
+185.6.244.0/23
+185.6.246.0/23
+185.86.144.0/22
+185.86.144.0/23
+185.86.146.0/23
+188.93.56.0/21
+188.93.56.0/24
+188.93.57.0/24
+188.93.58.0/24
+188.93.60.0/24
+188.93.61.0/24
+188.93.62.0/24
+193.203.40.0/22
+194.84.16.12/30
+195.211.20.0/22
+195.211.22.0/24
+195.211.23.0/24
+212.111.84.0/22
+212.233.120.0/22
+212.233.72.0/21
+212.233.88.0/21
+212.233.96.0/22
+213.219.212.0/22
+213.219.212.0/23
+213.219.214.0/23
+217.16.16.0/20
+217.16.16.0/21
+217.16.24.0/21
+217.174.188.0/23
+217.20.144.0/20
+217.20.144.0/22
+217.20.148.0/24
+217.20.149.0/24
+217.20.150.0/23
+217.20.152.0/22
+217.20.156.0/23
+217.20.158.0/24
+217.20.159.0/24
+217.69.128.0/20
+217.69.128.0/21
+217.69.136.0/21
+2a00:bdc0::/29
+37.139.32.0/22
+37.139.32.0/23
+37.139.34.0/23
+37.139.40.0/22
+37.139.40.0/23
+37.139.42.0/23
+45.136.20.0/22
+45.136.20.0/23
+45.136.22.0/23
+45.84.128.0/22
+45.84.128.0/23
+45.84.130.0/23
+5.101.40.0/22
+5.101.40.0/23
+5.101.42.0/23
+5.181.60.0/22
+5.181.60.0/24
+5.181.61.0/24
+5.181.62.0/23
+5.188.140.0/22
+5.188.140.0/23
+5.188.142.0/23
+5.61.16.0/21
+5.61.16.0/22
+5.61.20.0/22
+5.61.232.0/21
+5.61.232.0/22
+5.61.236.0/23
+5.61.238.0/24
+5.61.239.0/27
+5.61.239.128/25
+5.61.239.40/29
+5.61.239.48/28
+5.61.239.64/26
+62.217.160.0/20
+62.217.160.0/21
+62.217.168.0/21
+79.137.132.0/24
+79.137.132.0/25
+79.137.132.128/25
+79.137.139.0/24
+79.137.139.0/25
+79.137.139.128/25
+79.137.157.0/25
+79.137.157.128/25
+79.137.164.0/24
+79.137.164.0/25
+79.137.164.128/25
+79.137.167.0/24
+79.137.167.0/25
+79.137.167.128/25
+79.137.174.0/23
+79.137.174.0/24
+79.137.175.0/24
+79.137.180.0/24
+79.137.180.0/25
+79.137.180.128/25
+79.137.240.0/21
+79.137.240.0/22
+79.137.244.0/22
+83.166.232.0/21
+83.166.232.0/22
+83.166.236.0/22
+83.166.248.0/21
+83.166.248.0/22
+83.166.252.0/22
+83.217.216.0/22
+83.217.216.0/23
+83.217.218.0/23
+83.222.28.0/22
+84.23.52.0/22
+84.23.52.0/23
+84.23.54.0/23
+85.114.31.108/30
+85.192.32.0/22
+85.192.32.0/23
+85.192.34.0/23
+85.198.106.0/24
+85.198.107.0/24
+87.239.104.0/21
+87.239.104.0/22
+87.239.108.0/22
+87.240.128.0/18
+87.240.128.0/19
+87.240.160.0/19
+87.242.112.0/22
+89.208.196.0/22
+89.208.196.0/23
+89.208.198.0/23
+89.208.208.0/22
+89.208.208.0/23
+89.208.210.0/23
+89.208.216.0/21
+89.208.216.0/23
+89.208.218.0/23
+89.208.220.0/22
+89.208.228.0/22
+89.208.228.0/23
+89.208.230.0/23
+89.208.84.0/22
+89.208.84.0/23
+89.208.86.0/23
+89.221.228.0/22
+89.221.232.0/21
+90.156.148.0/22
+90.156.148.0/23
+90.156.150.0/23
+90.156.212.0/22
+90.156.212.0/23
+90.156.214.0/23
+90.156.216.0/22
+90.156.216.0/23
+90.156.218.0/23
+90.156.232.0/21
+91.219.224.0/22
+91.231.132.0/22
+91.237.76.0/24
+93.153.255.84/30
+93.186.224.0/20
+93.186.224.0/21
+93.186.232.0/21
+94.100.176.0/20
+94.100.176.0/21
+94.100.184.0/21
+94.139.244.0/22
+94.139.244.0/23
+94.139.246.0/23
+95.142.192.0/20
+95.142.192.0/21
+95.142.200.0/21
+95.163.180.0/22
+95.163.180.0/23
+95.163.182.0/23
+95.163.208.0/21
+95.163.208.0/23
+95.163.210.0/23
+95.163.212.0/22
+95.163.216.0/22
+95.163.216.0/23
+95.163.218.0/23
+95.163.248.0/21
+95.163.248.0/22
+95.163.252.0/23
+95.163.254.0/23
+95.163.32.0/19
+95.163.32.0/22
+95.163.36.0/22
+95.163.40.0/21
+95.163.48.0/20
+95.213.0.0/17
+95.213.0.0/20
+95.213.16.0/21
+95.213.24.0/23
+95.213.26.0/24
+95.213.27.0/24
+95.213.28.0/24
+95.213.29.0/24
+95.213.30.0/24
+95.213.31.0/24
+95.213.32.0/24
+95.213.33.0/24
+95.213.34.0/23
+95.213.36.0/22
+95.213.40.0/21
+95.213.48.0/20
+95.213.64.0/18

blacklists/blacklist.txt

@@ -41,8 +41,10 @@
 146.185.242.0/23
 149.62.55.240/30
 155.212.192.0/20
+161.104.104.0/21
 176.109.0.0/21
 176.112.168.0/21
+176.116.112.0/22
 176.116.96.0/20
 178.16.156.148/30
 178.17.176.0/23
@@ -117,7 +119,6 @@
 185.149.161.0/24
 185.149.162.0/24
 185.149.163.0/24
-185.16.10.0/23
 185.16.148.0/22
 185.16.148.0/23
 185.16.150.0/23
@@ -126,7 +127,6 @@
 185.16.246.0/23
 185.16.246.0/24
 185.16.247.0/24
-185.16.8.0/23
 185.168.60.0/24
 185.168.61.0/24
 185.168.62.0/24
@@ -226,7 +226,6 @@
 195.144.232.144/30
 195.144.240.128/28
 195.149.110.0/24
-195.151.25.48/29
 195.16.55.224/27
 195.162.36.64/28
 195.170.218.24/29
@@ -455,7 +454,9 @@
 217.106.203.88/29
 217.106.93.192/26
 217.106.95.112/28
+217.107.0.0/18
 217.107.200.0/21
+217.107.208.0/20
 217.107.5.112/29
 217.107.5.16/29
 217.107.5.24/29
@@ -471,6 +472,7 @@
 217.16.16.0/21
 217.16.24.0/21
 217.172.18.0/23
+217.172.20.0/22
 217.174.188.0/22
 217.174.188.0/23
 217.195.92.16/28
@@ -486,7 +488,10 @@
 217.20.158.0/24
 217.20.159.0/24
 217.20.86.128/26
+217.20.86.192/27
+217.20.86.224/29
 217.20.86.232/29
+217.20.86.240/28
 217.23.88.168/29
 217.23.88.248/29
 217.27.142.176/30
@@ -542,6 +547,7 @@
 46.20.70.160/28
 46.228.0.232/29
 46.29.152.0/22
+46.29.156.0/23
 46.46.142.160/28
 46.46.148.40/29
 46.47.197.128/30
@@ -584,31 +590,20 @@
 5.61.239.64/26
 62.105.158.200/29
 62.112.110.64/28
-62.118.0.208/28
 62.118.101.184/29
 62.118.113.232/29
 62.118.125.188/30
 62.118.127.240/28
-62.118.15.16/28
-62.118.17.152/29
-62.118.19.112/30
-62.118.19.40/30
 62.118.193.8/29
 62.118.205.68/30
 62.118.208.100/30
 62.118.209.192/30
-62.118.21.160/29
 62.118.216.60/30
 62.118.219.184/30
 62.118.230.4/30
 62.118.233.224/29
 62.118.234.64/29
 62.118.239.128/29
-62.118.25.112/28
-62.118.37.168/30
-62.118.37.180/30
-62.118.37.4/30
-62.118.38.212/30
 62.141.125.0/25
 62.217.160.0/20
 62.217.160.0/21
@@ -617,7 +612,6 @@
 62.33.199.80/29
 62.33.34.16/28
 62.33.87.128/28
-62.33.87.152/29
 62.5.130.104/29
 62.5.132.224/29
 62.5.189.80/29
@@ -656,7 +650,6 @@
 78.37.84.120/29
 78.37.97.88/29
 79.133.74.160/30
-79.133.74.168/30
 79.133.75.176/30
 79.133.75.44/30
 79.137.132.0/24
@@ -728,6 +721,7 @@
 81.195.151.172/30
 81.195.155.0/30
 81.195.161.12/30
+81.195.164.0/24
 81.195.165.64/28
 81.195.168.24/30
 81.195.177.160/30
@@ -839,6 +833,7 @@
 85.141.60.96/28
 85.141.61.160/28
 85.143.125.0/24
+85.146.204.44/30
 85.192.32.0/22
 85.192.32.0/23
 85.192.34.0/23
@@ -1007,7 +1002,6 @@
 90.156.216.0/23
 90.156.218.0/23
 90.156.232.0/21
-90.156.248.0/22
 91.103.194.184/29
 91.135.212.0/22
 91.135.216.0/21
@@ -1031,6 +1025,7 @@
 91.237.76.0/24
 92.101.253.152/29
 92.101.253.96/29
+92.38.217.0/24
 92.39.106.168/30
 92.39.106.20/30
 92.39.111.84/30
@@ -1129,6 +1124,7 @@
 95.167.5.80/28
 95.167.54.76/30
 95.167.59.244/30
+95.167.59.248/30
 95.167.64.20/30
 95.167.68.216/29
 95.167.69.116/30

blacklists/blacklist_with_comments.txt

@@ -1,20 +1,42 @@
 # Networks announced by AS28709
-# AS-Name (ORG): VKONTAKTE-REGIONAL-CDN (VKontakte Ltd)
-178.237.24.0/24
-2a00:bdc0:e004::/48
-185.32.251.0/24
-178.237.22.0/24
-2a00:bdc0:e007::/48
+# AS-Name (ORG): VKONTAKTE-REGIONAL-CDN (LLC VK)
 95.142.202.0/24
-178.237.21.0/24
+2a00:bdc0:e004::/48
+178.237.22.0/24
 2a00:bdc0:e005::/48
-178.237.28.0/24
 2a00:bdc0:e002::/48
-2a00:bdc0:e003::/48
+178.237.21.0/24
+178.237.24.0/24
+128.140.170.0/24
+185.32.251.0/24
 95.142.203.0/24
 185.32.249.0/24
+2a00:bdc0:e003::/48
 95.142.201.0/24
+178.237.28.0/24
+2a00:bdc0:e007::/48
+# Networks announced by AS28709
+# AS-Name (ORG): VKONTAKTE-REGIONAL-CDN (LLC VK)
+95.142.202.0/24
+2a00:bdc0:e004::/48
+178.237.22.0/24
+2a00:bdc0:e005::/48
+2a00:bdc0:e002::/48
+178.237.21.0/24
+178.237.24.0/24
 128.140.170.0/24
+185.32.251.0/24
+95.142.203.0/24
+185.32.249.0/24
+2a00:bdc0:e003::/48
+95.142.201.0/24
+178.237.28.0/24
+2a00:bdc0:e007::/48
+# Networks announced by AS34500
+# AS-Name (ORG): CTSPI (FGUP CTSPI MGA Russia)
+80.73.16.0/21
+80.73.16.0/24
+80.73.16.0/20
 # Networks announced by AS34500
 # AS-Name (ORG): CTSPI (FGUP CTSPI MGA Russia)
 80.73.16.0/21
@@ -22,185 +44,373 @@
 80.73.16.0/20
 # Networks announced by AS43038
 # AS-Name (ORG): TVK-AS (MTS PJSC)
-178.17.182.0/23
+81.195.151.0/24
+213.176.232.0/23
 91.208.20.0/24
+178.17.182.0/23
+178.17.188.0/22
+178.17.176.0/23
+178.17.184.0/22
+195.226.203.0/24
+79.143.232.0/24
+213.176.234.0/23
 79.143.229.0/24
 178.17.180.0/23
-195.226.203.0/24
 193.33.230.0/23
 79.143.230.0/24
-213.176.234.0/23
 178.17.178.0/23
-79.143.232.0/24
-213.176.232.0/23
-178.17.184.0/22
-178.17.176.0/23
-178.17.188.0/22
+# Networks announced by AS43038
+# AS-Name (ORG): TVK-AS (MTS PJSC)
 81.195.151.0/24
+213.176.232.0/23
+91.208.20.0/24
+178.17.182.0/23
+178.17.188.0/22
+178.17.176.0/23
+178.17.184.0/22
+195.226.203.0/24
+79.143.232.0/24
+213.176.234.0/23
+79.143.229.0/24
+178.17.180.0/23
+193.33.230.0/23
+79.143.230.0/24
+178.17.178.0/23
 # Networks announced by AS43720
 # AS-Name (ORG): TVK-AS (MTS OJSC)
-91.135.220.0/24
 91.135.221.0/24
+91.195.136.0/23
 91.135.216.0/21
 91.135.212.0/22
+91.135.220.0/24
+81.195.164.0/24
+# Networks announced by AS43720
+# AS-Name (ORG): TVK-AS (MTS OJSC)
+91.135.221.0/24
 91.195.136.0/23
+91.135.216.0/21
+91.135.212.0/22
+91.135.220.0/24
+81.195.164.0/24
 # Networks announced by AS47541
-# AS-Name (ORG): VKONTAKTE-SPB-AS (VKontakte Ltd)
-95.213.0.0/17
-79.137.183.0/24
-95.213.44.0/24
-2a00:bdc0:c000::/35
-91.231.132.0/24
-87.240.128.0/18
-87.240.167.0/24
-95.213.45.0/24
-95.213.0.0/18
-95.142.192.0/20
-185.32.248.0/22
-79.137.180.0/24
-91.231.134.0/24
-2a00:bdc2::/31
-2a14:25c7::/32
-87.240.166.0/24
+# AS-Name (ORG): VKONTAKTE-SPB-AS (LLC VK)
 2a00:bdc1::/32
 185.131.68.0/23
-2a00:bdc0::/33
-2a14:25c5::/32
-217.69.132.0/24
-79.137.139.0/24
-95.142.192.0/21
-2a00:bdc0:8000::/34
-93.186.232.0/21
-79.137.164.0/24
-93.186.224.0/21
-91.231.133.0/24
 2a00:bdc4::/30
-# Networks announced by AS47542
-# AS-Name (ORG): VKONTAKTE-MSK-CDN-AS (VKontakte Ltd)
+79.137.183.0/24
 95.213.45.0/24
-87.240.166.0/24
+79.137.180.0/24
+2a14:25c7::/32
+95.142.192.0/21
 87.240.167.0/24
-128.140.173.0/24
+91.231.134.0/24
+2a00:bdc2::/31
 95.213.44.0/24
-95.142.207.0/24
-2a00:bdc0:f000::/36
+87.240.166.0/24
+2a00:bdc0:c000::/35
+185.32.248.0/22
+2a14:25c5::/32
+91.231.133.0/24
+2a00:bdc0:8000::/34
+91.231.132.0/24
+95.142.192.0/20
+93.186.232.0/21
+93.186.224.0/21
+87.240.128.0/18
+79.137.139.0/24
+95.213.0.0/18
+2a00:bdc0::/33
+95.213.0.0/17
+217.69.132.0/24
+79.137.164.0/24
+# Networks announced by AS47541
+# AS-Name (ORG): VKONTAKTE-SPB-AS (LLC VK)
+2a00:bdc1::/32
+185.131.68.0/23
+2a00:bdc4::/30
+79.137.183.0/24
+95.213.45.0/24
+79.137.180.0/24
+2a14:25c7::/32
+95.142.192.0/21
+87.240.167.0/24
+91.231.134.0/24
+2a00:bdc2::/31
+95.213.44.0/24
+87.240.166.0/24
+2a00:bdc0:c000::/35
+185.32.248.0/22
+2a14:25c5::/32
+91.231.133.0/24
+2a00:bdc0:8000::/34
+91.231.132.0/24
+95.142.192.0/20
+93.186.232.0/21
+93.186.224.0/21
+87.240.128.0/18
+79.137.139.0/24
+95.213.0.0/18
+2a00:bdc0::/33
+95.213.0.0/17
+217.69.132.0/24
+79.137.164.0/24
+# Networks announced by AS47542
+# AS-Name (ORG): VKONTAKTE-MSK-CDN-AS (LLC VK)
 95.142.204.0/23
+87.240.167.0/24
+87.240.166.0/24
+128.140.173.0/24
+95.142.207.0/24
+95.213.44.0/24
+95.213.45.0/24
+2a00:bdc0:f000::/36
+# Networks announced by AS47542
+# AS-Name (ORG): VKONTAKTE-MSK-CDN-AS (LLC VK)
+95.142.204.0/23
+87.240.167.0/24
+87.240.166.0/24
+128.140.173.0/24
+95.142.207.0/24
+95.213.44.0/24
+95.213.45.0/24
+2a00:bdc0:f000::/36
 # Networks announced by AS47764
 # AS-Name (ORG): VK-AS (LLC VK)
-217.16.16.0/20
-90.156.212.0/22
-83.217.216.0/22
-79.137.240.0/21
-185.130.112.0/22
-95.163.180.0/22
 185.16.244.0/23
-89.208.84.0/22
-31.177.104.0/22
-185.16.246.0/24
-212.233.96.0/22
-45.84.128.0/22
-89.208.218.0/23
-84.23.52.0/22
-185.86.144.0/22
-178.237.29.0/24
-109.120.188.0/22
-90.156.148.0/22
-195.218.190.0/23
-83.166.248.0/21
-176.112.168.0/21
-185.180.200.0/22
-212.233.88.0/21
-5.181.60.0/22
-2a14:25c6::/32
-185.241.192.0/22
-213.219.212.0/22
-90.156.216.0/22
-95.163.208.0/21
-85.192.32.0/22
-2a00:46e0:2::/48
-155.212.192.0/20
-185.16.247.0/24
-90.156.232.0/21
-89.221.228.0/22
-45.136.20.0/22
-5.61.16.0/21
-212.233.120.0/22
-87.239.104.0/21
-193.203.40.0/22
-130.49.224.0/19
-89.208.196.0/22
-89.208.208.0/22
-90.156.151.0/24
-185.100.104.0/22
-212.111.84.0/22
-128.140.168.0/21
-83.222.28.0/22
-2a00:1148::/32
-2a00:1148::/29
-195.211.20.0/22
-94.139.244.0/24
-146.185.240.0/22
-94.100.176.0/20
-217.20.144.0/20
-37.139.32.0/22
-89.208.216.0/23
-217.69.128.0/20
-79.137.157.0/24
-89.208.228.0/22
-62.217.160.0/20
-185.16.148.0/22
-146.185.208.0/22
-95.163.32.0/19
-79.137.174.0/23
-178.22.88.0/21
-217.174.188.0/22
-91.219.224.0/22
-212.233.72.0/21
-188.93.56.0/21
 185.5.136.0/22
-91.231.132.0/22
-89.221.235.0/24
-94.139.244.0/22
-2a00:46e0::/32
-95.163.216.0/22
-37.139.40.0/22
+79.137.240.0/21
 2a14:25c0::/32
-5.101.40.0/22
-89.221.236.0/22
+89.221.232.0/22
+79.137.174.0/23
+91.219.224.0/22
+195.211.20.0/22
+146.185.240.0/22
+31.177.104.0/22
+87.242.112.0/22
+79.137.157.0/24
+185.86.144.0/22
+90.156.212.0/22
+178.237.29.0/24
+45.136.20.0/22
+94.100.176.0/20
+188.93.56.0/21
+185.100.104.0/22
+89.208.208.0/22
+90.156.216.0/22
+2a14:25c6::/32
+109.120.180.0/22
+185.241.192.0/22
 185.187.63.0/24
+45.84.128.0/22
+5.181.61.0/24
+91.231.134.0/24
+185.16.247.0/24
+2a00:b4c0::/32
+146.185.208.0/22
 83.166.232.0/21
+194.186.63.0/24
+5.188.140.0/22
+217.174.188.0/22
+178.22.88.0/21
+155.212.192.0/20
+37.139.32.0/22
+84.23.52.0/22
+92.38.217.0/24
+95.163.208.0/21
+89.208.220.0/22
+185.226.52.0/22
+185.16.246.0/24
+178.237.16.0/20
+94.139.244.0/24
+109.120.188.0/22
+95.163.180.0/22
+95.163.216.0/22
+5.101.40.0/22
+90.156.148.0/22
+37.139.40.0/22
+89.221.236.0/22
+185.16.148.0/22
+193.203.40.0/22
+85.192.32.0/22
+5.61.16.0/21
+2a00:46e0:2::/48
+176.112.168.0/21
+212.233.120.0/22
+212.233.96.0/22
+212.233.88.0/21
 185.16.244.0/22
 185.131.68.0/22
 91.231.133.0/24
-109.120.180.0/22
-91.231.134.0/24
-5.181.61.0/24
-87.242.112.0/22
-89.221.232.0/22
+213.219.212.0/22
+95.163.32.0/19
+90.156.232.0/21
+185.130.112.0/22
+89.221.235.0/24
+217.20.144.0/20
+94.139.244.0/22
+91.231.132.0/22
 95.163.133.0/24
+83.217.216.0/22
+217.16.16.0/20
+62.217.160.0/20
+89.208.228.0/22
+195.218.190.0/23
+95.163.248.0/21
 5.61.232.0/21
+128.140.168.0/21
+185.180.200.0/22
+217.69.128.0/20
+83.222.28.0/22
+90.156.151.0/24
+2a00:1148::/29
+5.181.60.0/22
+83.166.248.0/21
+212.233.72.0/21
+89.221.228.0/22
+89.208.216.0/23
+89.208.218.0/23
+212.111.84.0/22
+130.49.224.0/19
+87.239.104.0/21
+89.208.196.0/22
+2a00:1148::/32
+2a00:46e0::/32
+89.208.84.0/22
+161.104.104.0/21
+# Networks announced by AS47764
+# AS-Name (ORG): VK-AS (LLC VK)
+185.16.244.0/23
+185.5.136.0/22
+79.137.240.0/21
+2a14:25c0::/32
+89.221.232.0/22
+79.137.174.0/23
+91.219.224.0/22
+195.211.20.0/22
+146.185.240.0/22
+31.177.104.0/22
+87.242.112.0/22
+79.137.157.0/24
+185.86.144.0/22
+90.156.212.0/22
+178.237.29.0/24
+45.136.20.0/22
+94.100.176.0/20
+188.93.56.0/21
+185.100.104.0/22
+89.208.208.0/22
+90.156.216.0/22
+2a14:25c6::/32
+109.120.180.0/22
+185.241.192.0/22
+185.187.63.0/24
+45.84.128.0/22
+5.181.61.0/24
+91.231.134.0/24
+185.16.247.0/24
+2a00:b4c0::/32
+146.185.208.0/22
+83.166.232.0/21
+194.186.63.0/24
+5.188.140.0/22
+217.174.188.0/22
+178.22.88.0/21
+155.212.192.0/20
+37.139.32.0/22
+84.23.52.0/22
+92.38.217.0/24
+95.163.208.0/21
 89.208.220.0/22
 185.226.52.0/22
+185.16.246.0/24
 178.237.16.0/20
+94.139.244.0/24
+109.120.188.0/22
+95.163.180.0/22
+95.163.216.0/22
+5.101.40.0/22
+90.156.148.0/22
+37.139.40.0/22
+89.221.236.0/22
+185.16.148.0/22
+193.203.40.0/22
+85.192.32.0/22
+5.61.16.0/21
+2a00:46e0:2::/48
+176.112.168.0/21
+212.233.120.0/22
+212.233.96.0/22
+212.233.88.0/21
+185.16.244.0/22
+185.131.68.0/22
+91.231.133.0/24
+213.219.212.0/22
+95.163.32.0/19
+90.156.232.0/21
+185.130.112.0/22
+89.221.235.0/24
+217.20.144.0/20
+94.139.244.0/22
+91.231.132.0/22
+95.163.133.0/24
+83.217.216.0/22
+217.16.16.0/20
+62.217.160.0/20
+89.208.228.0/22
+195.218.190.0/23
 95.163.248.0/21
-5.188.140.0/22
-2a00:b4c0::/32
-194.186.63.0/24
+5.61.232.0/21
+128.140.168.0/21
+185.180.200.0/22
+217.69.128.0/20
+83.222.28.0/22
+90.156.151.0/24
+2a00:1148::/29
+5.181.60.0/22
+83.166.248.0/21
+212.233.72.0/21
+89.221.228.0/22
+89.208.216.0/23
+89.208.218.0/23
+212.111.84.0/22
+130.49.224.0/19
+87.239.104.0/21
+89.208.196.0/22
+2a00:1148::/32
+2a00:46e0::/32
+89.208.84.0/22
+161.104.104.0/21
 # Networks announced by AS49281
 # AS-Name (ORG): M100 (M100 LLC)
-85.198.106.0/24
 2a00:a300::/32
+85.198.106.0/24
+# Networks announced by AS49281
+# AS-Name (ORG): M100 (M100 LLC)
+2a00:a300::/32
+85.198.106.0/24
+# Networks announced by AS49797
+# AS-Name (ORG): NESSLY (LLC VK)
+79.137.142.0/24
 # Networks announced by AS49797
 # AS-Name (ORG): NESSLY (LLC VK)
 79.137.142.0/24
 # Networks announced by AS49988
 # AS-Name (ORG): odkl-as (LLC VK)
-79.137.140.0/24
 85.198.107.0/24
+79.137.140.0/24
+# Networks announced by AS49988
+# AS-Name (ORG): odkl-as (LLC VK)
+85.198.107.0/24
+79.137.140.0/24
 # Networks announced by AS51932
 # AS-Name (ORG): ORVD-AS (FGUP Goskorporatsiya po OrVD)
-91.221.140.0/24
 91.221.140.0/23
+91.221.140.0/24
+91.221.141.0/24
+# Networks announced by AS51932
+# AS-Name (ORG): ORVD-AS (FGUP Goskorporatsiya po OrVD)
+91.221.140.0/23
+91.221.140.0/24
 91.221.141.0/24
 # Network name: Roskomnadzor-net
 46.228.0.232/29
@@ -210,7 +420,9 @@
 78.108.200.0/24
 # Network name: RU-RTCOMM-20001220
 217.106.0.0/16
+217.107.0.0/18
 217.107.200.0/21
+217.107.208.0/20
 # Network name: MMT
 46.61.208.0/24
 # Network name: RTCOMM-GNIVC
@@ -224,6 +436,7 @@
 95.173.128.0/20
 95.173.144.0/20
 176.116.96.0/20
+176.116.112.0/22
 185.183.172.0/23
 185.183.174.0/23
 194.226.80.0/21
@@ -244,6 +457,7 @@
 95.173.128.0/20
 95.173.144.0/20
 176.116.96.0/20
+176.116.112.0/22
 185.183.172.0/23
 185.183.174.0/23
 194.226.80.0/21
@@ -267,6 +481,8 @@
 # Network name: NCPLG-NET
 85.90.98.144/30
 194.150.202.0/23
+# Network name: vei
+85.146.204.44/30
 # Network name: FSKN-Vologda
 95.167.76.160/27
 # Network name: RU-CHUVASHIA-NALOG
@@ -328,6 +544,7 @@
 95.173.128.0/20
 95.173.144.0/20
 176.116.96.0/20
+176.116.112.0/22
 185.183.172.0/23
 185.183.174.0/23
 194.226.80.0/21
@@ -337,6 +554,7 @@
 # Network name: RU_FSKN
 92.50.198.72/30
 95.167.59.244/30
+95.167.59.248/30
 # Network name: UMNS-NOVGOROD
 213.59.91.48/29
 # Network name: FOMS
@@ -358,6 +576,7 @@
 217.106.147.8/29
 # Network name: GLAVNIVZ
 46.29.152.0/22
+46.29.156.0/23
 185.168.60.0/24
 185.168.61.0/24
 185.168.62.0/24
@@ -395,7 +614,10 @@
 94.25.70.64/30
 # Network name: MNSHMAO
 217.20.86.128/26
+217.20.86.192/27
+217.20.86.224/29
 217.20.86.232/29
+217.20.86.240/28
 # Network name: UMNS-TUMEN
 213.59.59.120/29
 213.59.59.144/29
@@ -534,6 +756,7 @@
 77.37.128.0/17
 # Network name: STARNET-VPN
 217.172.18.0/23
+217.172.20.0/22
 # Network name: CCC-HC
 89.111.176.0/22
 # Network name: RU-NIC-HOSTING
@@ -558,64 +781,22 @@
 45.136.20.0/22
 # NET-Name: 62.217.160.0/20 RU-NETBRIDGE-20020410 (LLC VK)
 62.217.160.0/20
-# NET-Name: 79.137.132.0/24 RU-VKONTAKTE-20071018 (VKontakte Ltd)
+# NET-Name: 79.137.132.0/24 RU-VKONTAKTE-20071018 (LLC VK)
 79.137.132.0/24
-# NET-Name: 79.137.139.0/24 RU-VKONTAKTE-20071018 (VKontakte Ltd)
+# NET-Name: 79.137.139.0/24 RU-VKONTAKTE-20071018 (LLC VK)
 79.137.139.0/24
-# NET-Name: 79.137.164.0/24 RU-VKONTAKTE-20071018 (VKontakte Ltd)
+# NET-Name: 79.137.164.0/24 RU-VKONTAKTE-20071018 (LLC VK)
 79.137.164.0/24
-# NET-Name: 79.137.167.0/24 RU-VKONTAKTE-20071018 (VKontakte Ltd)
+# NET-Name: 79.137.167.0/24 RU-VKONTAKTE-20071018 (LLC VK)
 79.137.167.0/24
 # NET-Name: 79.137.174.0/23 RU-NETBRIDGE-20071018 (LLC VK)
 79.137.174.0/23
-# NET-Name: 79.137.180.0/24 RU-VKONTAKTE-20071018 (VKontakte Ltd)
+# NET-Name: 79.137.180.0/24 RU-VKONTAKTE-20071018 (LLC VK)
 79.137.180.0/24
 # NET-Name: 79.137.240.0/21 RU-NETBRIDGE-20071018 (LLC VK)
 79.137.240.0/21
 # NET-Name: 80.73.16.0/20 RU-CTSPI-20050201 (FGUP CTSPI MGA Russia)
 80.73.16.0/20
-# NET-Name: 83.166.232.0/21 RU-NETBRIDGE-20040611 (LLC VK)
-83.166.232.0/21
-# NET-Name: 83.166.248.0/21 RU-NETBRIDGE-20040611 (LLC VK)
-83.166.248.0/21
-# NET-Name: 83.217.216.0/22 RU-NETBRIDGE-20040310 (LLC VK)
-83.217.216.0/22
-# NET-Name: 83.222.28.0/22 RU-ODNOKLASSNIKI-20040421 (LLC VK)
-83.222.28.0/22
-# NET-Name: 84.23.52.0/22 RU-NETBRIDGE-20041012 (LLC VK)
-84.23.52.0/22
-# NET-Name: 85.192.32.0/22 RU-NETBRIDGE-20041206 (LLC VK)
-85.192.32.0/22
-# NET-Name: 87.239.104.0/21 RU-NETBRIDGE-20060104 (LLC VK)
-87.239.104.0/21
-# NET-Name: 87.240.128.0/18 RU-VKONTAKTE-20091223 (VKontakte Ltd)
-87.240.128.0/18
-# NET-Name: 87.242.112.0/22 RU-ODNOKLASSNIKI-20050722 (LLC VK)
-87.242.112.0/22
-# NET-Name: 89.208.84.0/22 RU-NETBRIDGE-20060418 (LLC VK)
-89.208.84.0/22
-# NET-Name: 89.208.196.0/22 RU-NETBRIDGE-20060418 (LLC VK)
-89.208.196.0/22
-# NET-Name: 89.208.208.0/22 RU-NETBRIDGE-20060418 (LLC VK)
-89.208.208.0/22
-# NET-Name: 89.208.216.0/21 RU-NETBRIDGE-20060418 (LLC VK)
-89.208.216.0/21
-# NET-Name: 89.208.228.0/22 RU-NETBRIDGE-20060418 (LLC VK)
-89.208.228.0/22
-# NET-Name: 89.221.228.0/22 RU-NETBRIDGE-20061011 (LLC VK)
-89.221.228.0/22
-# NET-Name: 89.221.232.0/21 RU-NETBRIDGE-20061011 (LLC VK)
-89.221.232.0/21
-# NET-Name: 90.156.148.0/22 RU-NETBRIDGE-20061117 (LLC VK)
-90.156.148.0/22
-# NET-Name: 90.156.212.0/22 RU-NETBRIDGE-20061117 (LLC VK)
-90.156.212.0/22
-# NET-Name: 90.156.216.0/22 RU-NETBRIDGE-20061117 (LLC VK)
-90.156.216.0/22
-# NET-Name: 90.156.232.0/21 RU-NETBRIDGE-20061117 (LLC VK)
-90.156.232.0/21
-# NET-Name: 90.156.248.0/22 RU-NETBRIDGE-20061117 (LLC VK)
-90.156.248.0/22
 # NET-Name: 212.57.133.0/24 CHUVD ROSTELECOM-MNT () [Computing Center of Regional Police Department of Chelyabinsk region]
 212.57.133.0/24
 # NET-Name: 213.147.55.108/30 CONNECTORS MTU-NOC () [Subnetwork for TM10068-RIPE]
@@ -664,12 +845,6 @@
 195.54.20.168/29
 # NET-Name: 195.98.77.100/30 VRNFGUPIPF-NET IC-VORONEZH-MNT () [IPF Voronezh Voronezh]
 195.98.77.100/30
-# NET-Name: 62.118.25.112/28 FGUP-NII-truda-i-social-nogo-strahovaniya MTU-NOC () [FGUP "NII truda i social'nogo strahovaniya" Moscow, Russia]
-62.118.25.112/28
-# NET-Name: 62.118.15.16/28 FGUP-Rosstrojizyskaniya MTU-NOC () [FGUP "Rosstrojizyskaniya" Moscow, Russia]
-62.118.15.16/28
-# NET-Name: 62.118.0.208/28 FGUP-MEZ-MPS-Rossii MTU-NOC () [FGUP MEZ MPS Rossii Moscow, Russia]
-62.118.0.208/28
 # NET-Name: 81.17.2.192/28 NEXCOM-NET TRON-MNT () [Ekaterinburg, Company Tron Clients Ethernet, GUVD]
 81.17.2.192/28
 # NET-Name: 81.17.3.16/29 NEXCOM-GUVD TRON-MNT () [Ekaterinburg, Company Tron Clients Ethernet, GUVD]
@@ -786,16 +961,10 @@
 89.109.250.28/30
 # NET-Name: 85.90.125.96/29 NICITEP-NET MNT-TELECOM-TZ () [FGUP NIC ITEP]
 85.90.125.96/29
-# NET-Name: 62.118.37.180/30 FGUP-CNIIGAIK MTU-NOC () [FGUP CNIIGAiK Moscow, Russia]
-62.118.37.180/30
 # NET-Name: 81.195.177.160/30 MTU-CUST-392C6D30 MTU-NOC () [FGUP "Giprozheldorstroj"]
 81.195.177.160/30
-# NET-Name: 62.118.38.212/30 MTU-CUST-1A3A43A6 MTU-NOC () [FGUP "Centr komplektacii uchebnih zavedenij"]
-62.118.38.212/30
 # NET-Name: 62.5.218.204/30 MTU-CUST-ECCC30E8 MTU-NOC () [FGUP "GOSGISCENTR"]
 62.5.218.204/30
-# NET-Name: 62.118.37.168/30 MTU-CUST-ECCC30E8 MTU-NOC () [FGUP "GOSGISCENTR"]
-62.118.37.168/30
 # NET-Name: 62.118.234.64/29 MTU-CUST-22A9114E MTU-NOC () [FGUP Eksperimentalnij optiko-mehanicheskij zavod]
 62.118.234.64/29
 # NET-Name: 62.118.219.184/30 MTU-CUST-111E7A6D MTU-NOC () [FGUP "Mos.zavod po obrabotke spec. splavov"]
@@ -812,8 +981,6 @@
 81.195.45.64/30
 # NET-Name: 62.5.189.80/29 MTU-CUST-896A2DE8 MTU-NOC () [FGUP "Filmofond kinostudii "Sojuzmultfilm"]
 62.5.189.80/29
-# NET-Name: 62.118.19.112/30 MTU-CUST-1A5806FD MTU-NOC () [FGUP "Zdraveksport"]
-62.118.19.112/30
 # NET-Name: 81.195.244.32/29 MTU-CUST-DFD35E9A MTU-NOC () [FGUP "Rusekotrans"]
 81.195.244.32/29
 # NET-Name: 62.118.209.192/30 MTU-CUST-0034780C MTU-NOC () [FGUP "Zavod "TOPAZ"]
@@ -826,16 +993,12 @@
 195.42.75.8/29
 # NET-Name: 81.195.124.52/30 MTU-CUST-F551ECEE MTU-NOC () [SU-334 FGUP "Tresta Moselektrotjagstroj"]
 81.195.124.52/30
-# NET-Name: 62.118.17.152/29 MTU-CUST-1EC64BF9 MTU-NOC () [FGUP GosNII OS]
-62.118.17.152/29
 # NET-Name: 62.118.193.8/29 MTU-CUST-40ACE85E MTU-NOC () [FGUP Izdatelstvo "Izvestija" UD P RF]
 62.118.193.8/29
 # NET-Name: 81.195.36.48/28 MTU-CUST-33EB33B2 MTU-NOC () [FGUP KBTM]
 81.195.36.48/28
 # NET-Name: 81.195.155.0/30 MTU-CUST-3C2C586F MTU-NOC () [FGUP Moskovskoe mashinostroitelnoe proizvodstvennoe predprijatie "Saljut"]
 81.195.155.0/30
-# NET-Name: 62.118.21.160/29 MTU-CUST-F43B8CF7 MTU-NOC () [FGUP "NPP VNIIEM"]
-62.118.21.160/29
 # NET-Name: 62.5.242.80/28 MTU-CUST-5250F868 MTU-NOC () [FGUP CNIIAG]
 62.5.242.80/28
 # NET-Name: 81.195.150.248/30 MTU-CUST-E232EA85 MTU-NOC () [427 UNR - filial FGUP "SU MVO MO RF"]
@@ -854,12 +1017,8 @@
 81.195.125.96/30
 # NET-Name: 62.118.230.4/30 MTU-CUST-5F25932F MTU-NOC () [FGUP "NIIIT"]
 62.118.230.4/30
-# NET-Name: 62.118.37.4/30 MTU-CUST-AC3DCE8D MTU-NOC () [FGUP "Centrorgtrudavtotrans"]
-62.118.37.4/30
 # NET-Name: 81.195.182.64/28 MTU-CUST-B40F23BD MTU-NOC () [FGUP NIC ITEP]
 81.195.182.64/28
-# NET-Name: 62.118.19.40/30 MTU-CUST-42DE527C MTU-NOC () [FGUP "GosNII BP"]
-62.118.19.40/30
 # NET-Name: 81.195.50.72/29 MTU-CUST-A89FBE5D MTU-NOC () [FGUP ATEKS]
 81.195.50.72/29
 # NET-Name: 81.195.118.128/30 MTU-CUST-73D8C4FE MTU-NOC () [Stroitelno-montazhnij poezd N 250 filial FGUP "Trest Moselektrotjagstroj"]
@@ -972,8 +1131,6 @@
 89.21.152.104/29
 # NET-Name: 89.175.176.140/30 GBUMSE COMSTAR-MNT () [FGUP «GBUMSE»]
 89.175.176.140/30
-# NET-Name: 195.151.25.48/29 UFSB-NET ROSPRINT-NCC () [(99999960) UFSB, Ekaterinburg]
-195.151.25.48/29
 # NET-Name: 87.249.16.32/28 TEL-NET-5728 TEL-NET-MNT () [object-VARSHAVSKOE125, client-FGUP "NII "Argon"]
 87.249.16.32/28
 # NET-Name: 87.249.18.60/30 TEL-NET-5728 TEL-NET-MNT () [object-VARSHAVSKOE125, client-FGUP "NII "Argon"]
@@ -1144,8 +1301,6 @@
 95.167.21.104/29
 # NET-Name: 95.167.29.104/29 FGUP_Avtomatika ROSTELECOM-MNT () [Ticket 09-43230, DVF]
 95.167.29.104/29
-# NET-Name: 79.133.74.168/30 UFSB ROSTELECOM-MNT () [Ticket 09-08632-1]
-79.133.74.168/30
 # NET-Name: 79.133.74.160/30 FGUP_GTRK_Smolensk ROSTELECOM-MNT () [Ticket 09-02269-1]
 79.133.74.160/30
 # NET-Name: 79.133.75.176/30 UVD_po_Kirovskoy_oblasti ROSTELECOM-MNT () [Ticket 08-02440-1]
@@ -1810,8 +1965,6 @@
 5.61.236.0/23
 # NET-Name: 5.61.238.0/24 VK-FRONT VKCOMPANY-MNT () [VK Services]
 5.61.238.0/24
-# NET-Name: 178.237.29.0/24 VK-FRONT VKCOMPANY-MNT () [VK Services]
-178.237.29.0/24
 # NET-Name: 95.163.32.0/22 VK-FRONT VKCOMPANY-MNT () [VK Services]
 95.163.32.0/22
 # NET-Name: 95.163.36.0/22 VK-FRONT VKCOMPANY-MNT () [VK Services]
@@ -1886,8 +2039,6 @@
 213.219.212.0/23
 # NET-Name: 213.219.214.0/23 VKCS VKCOMPANY-MNT () [VK Cloud Solutions VK Hosting]
 213.219.214.0/23
-# NET-Name: 62.33.87.152/29 STAVROPOL2-NET TRANSTELECOM-MNT () [(RS000504) UFSB, Stavropol, Russia]
-62.33.87.152/29
 # NET-Name: 89.208.196.0/23 VKCS VKCOMPANY-MNT () [VK Cloud Solutions VK Hosting]
 89.208.196.0/23
 # NET-Name: 89.208.198.0/23 VKCS VKCOMPANY-MNT () [VK Cloud Solutions VK Hosting]
@@ -2040,10 +2191,6 @@
 185.100.106.0/23
 # NET-Name: 217.174.188.0/23 ODNOKLASSNIKI-FRONT VKCOMPANY-MNT () [Odnoklassniki Services]
 217.174.188.0/23
-# NET-Name: 185.16.8.0/23 MY-GAMES VKCOMPANY-MNT () [my.games services NIVAL]
-185.16.8.0/23
-# NET-Name: 185.16.10.0/23 MY-GAMES VKCOMPANY-MNT () [my.games services NIVAL]
-185.16.10.0/23
 # NET-Name: 84.23.52.0/23 VKCS VKCOMPANY-MNT () [VK Cloud Solutions VK Hosting]
 84.23.52.0/23
 # NET-Name: 84.23.54.0/23 VKCS VKCOMPANY-MNT () [VK Cloud Solutions VK Hosting]
@@ -2376,3 +2523,5 @@
 155.212.192.0/20
 # NET-Name: 130.49.224.0/19 RU-NETBRIDGE-19880518 VKCOMPANY-MNT RIPE-NCC-HM-MNT (ORG-LLCn4-RIPE) []
 130.49.224.0/19
+# NET-Name: 161.104.104.0/21 RU-NETBRIDGE-19920624 VKCOMPANY-MNT RIPE-NCC-HM-MNT (ORG-LLCn4-RIPE) []
+161.104.104.0/21

blacklists_iptables/README.md

@@ -1,109 +0,0 @@
-# IPTables/IPSet Blacklist Configurations
-
-Auto-generated ipset configuration files for blocking networks and IP addresses with iptables/ip6tables.
-
-## Available Files
-
-### IPv4 Only
-
-- **`blacklist-v4.ipset`** - Contains only IPv4 networks (806 entries)
-
-### IPv6 Only
-
-- **`blacklist-v6.ipset`** - Contains only IPv6 networks (3 entries)
-
-### Mixed IPv4/IPv6
-
-- **`blacklist.ipset`** - Contains both IPv4 and IPv6 sets (809 total entries)
-
-## Usage
-
-### 1. Load the IPSet
-
-```bash
-# For IPv4 only
-ipset restore < blacklist-v4.ipset
-
-# For IPv6 only
-ipset restore < blacklist-v6.ipset
-
-# For both IPv4 and IPv6 (loads both sets)
-ipset restore < blacklist.ipset
-```
-
-### 2. Apply IPTables Rules
-
-```bash
-# For IPv4
-iptables -I INPUT -m set --match-set blacklist-v4 src -j DROP
-iptables -I FORWARD -m set --match-set blacklist-v4 src -j DROP
-
-# For IPv6
-ip6tables -I INPUT -m set --match-set blacklist-v6 src -j DROP
-ip6tables -I FORWARD -m set --match-set blacklist-v6 src -j DROP
-```
-
-### 3. Persist Rules (Optional)
-
-To make the rules persistent across reboots:
-
-**On Debian/Ubuntu:**
-
-```bash
-# Save iptables rules
-iptables-save > /etc/iptables/rules.v4
-ip6tables-save > /etc/iptables/rules.v6
-
-# Save ipset
-ipset save > /etc/ipset.conf
-```
-
-**On RHEL/CentOS:**
-
-```bash
-# Save iptables rules
-service iptables save
-service ip6tables save
-
-# Save ipset
-ipset save > /etc/sysconfig/ipset
-```
-
-### 4. Update Existing Sets
-
-To update the blacklist without restarting iptables:
-
-```bash
-# Flush and reload
-ipset flush blacklist-v4
-ipset restore < blacklist-v4.ipset
-```
-
-### 5. Remove Sets
-
-```bash
-# Remove IPv4 set
-ipset flush blacklist-v4
-ipset destroy blacklist-v4
-
-# Remove IPv6 set
-ipset flush blacklist-v6
-ipset destroy blacklist-v6
-```
-
-## Performance Benefits
-
-IPSet uses hash tables for O(1) lookup performance, making it ideal for large blacklists:
-
-- Much faster than individual iptables rules
-- Minimal CPU overhead
-- Supports up to 65536 entries per set (configurable)
-- Kernel-level implementation for maximum efficiency
-
-## Automatic Updates
-
-These files are automatically regenerated when the blacklists are updated via the GitHub Actions workflow.
-
-## Source
-
-Generated from the blacklist files in the `blacklists/` directory.

blacklists_iptables/blacklist-v4.ipset

@@ -1,6 +1,6 @@
 # IPSet blacklist configuration (IPv4 only)
 # Auto-generated from blacklist-v4.txt
-# Last updated: 2026-01-25 06:23:40 UTC
+# Last updated: 2026-03-31 07:05:56 UTC
 #
 # Usage:
 #   1. Load the ipset:
@@ -15,7 +15,7 @@
 #      ipset destroy blacklist-v4
 #
 
-create blacklist-v4 hash:net family inet hashsize 1147 maxelem 2294
+create blacklist-v4 hash:net family inet hashsize 1143 maxelem 2286
 add blacklist-v4 109.120.180.0/22
 add blacklist-v4 109.120.180.0/23
 add blacklist-v4 109.120.182.0/23
@@ -59,8 +59,10 @@ add blacklist-v4 146.185.240.0/23
 add blacklist-v4 146.185.242.0/23
 add blacklist-v4 149.62.55.240/30
 add blacklist-v4 155.212.192.0/20
+add blacklist-v4 161.104.104.0/21
 add blacklist-v4 176.109.0.0/21
 add blacklist-v4 176.112.168.0/21
+add blacklist-v4 176.116.112.0/22
 add blacklist-v4 176.116.96.0/20
 add blacklist-v4 178.16.156.148/30
 add blacklist-v4 178.17.176.0/23
@@ -135,7 +137,6 @@ add blacklist-v4 185.149.160.0/24
 add blacklist-v4 185.149.161.0/24
 add blacklist-v4 185.149.162.0/24
 add blacklist-v4 185.149.163.0/24
-add blacklist-v4 185.16.10.0/23
 add blacklist-v4 185.16.148.0/22
 add blacklist-v4 185.16.148.0/23
 add blacklist-v4 185.16.150.0/23
@@ -144,7 +145,6 @@ add blacklist-v4 185.16.244.0/23
 add blacklist-v4 185.16.246.0/23
 add blacklist-v4 185.16.246.0/24
 add blacklist-v4 185.16.247.0/24
-add blacklist-v4 185.16.8.0/23
 add blacklist-v4 185.168.60.0/24
 add blacklist-v4 185.168.61.0/24
 add blacklist-v4 185.168.62.0/24
@@ -244,7 +244,6 @@ add blacklist-v4 195.144.226.224/28
 add blacklist-v4 195.144.232.144/30
 add blacklist-v4 195.144.240.128/28
 add blacklist-v4 195.149.110.0/24
-add blacklist-v4 195.151.25.48/29
 add blacklist-v4 195.16.55.224/27
 add blacklist-v4 195.162.36.64/28
 add blacklist-v4 195.170.218.24/29
@@ -473,7 +472,9 @@ add blacklist-v4 217.106.203.240/29
 add blacklist-v4 217.106.203.88/29
 add blacklist-v4 217.106.93.192/26
 add blacklist-v4 217.106.95.112/28
+add blacklist-v4 217.107.0.0/18
 add blacklist-v4 217.107.200.0/21
+add blacklist-v4 217.107.208.0/20
 add blacklist-v4 217.107.5.112/29
 add blacklist-v4 217.107.5.16/29
 add blacklist-v4 217.107.5.24/29
@@ -489,6 +490,7 @@ add blacklist-v4 217.16.16.0/20
 add blacklist-v4 217.16.16.0/21
 add blacklist-v4 217.16.24.0/21
 add blacklist-v4 217.172.18.0/23
+add blacklist-v4 217.172.20.0/22
 add blacklist-v4 217.174.188.0/22
 add blacklist-v4 217.174.188.0/23
 add blacklist-v4 217.195.92.16/28
@@ -504,7 +506,10 @@ add blacklist-v4 217.20.156.0/23
 add blacklist-v4 217.20.158.0/24
 add blacklist-v4 217.20.159.0/24
 add blacklist-v4 217.20.86.128/26
+add blacklist-v4 217.20.86.192/27
+add blacklist-v4 217.20.86.224/29
 add blacklist-v4 217.20.86.232/29
+add blacklist-v4 217.20.86.240/28
 add blacklist-v4 217.23.88.168/29
 add blacklist-v4 217.23.88.248/29
 add blacklist-v4 217.27.142.176/30
@@ -538,6 +543,7 @@ add blacklist-v4 45.84.130.0/23
 add blacklist-v4 46.20.70.160/28
 add blacklist-v4 46.228.0.232/29
 add blacklist-v4 46.29.152.0/22
+add blacklist-v4 46.29.156.0/23
 add blacklist-v4 46.46.142.160/28
 add blacklist-v4 46.46.148.40/29
 add blacklist-v4 46.47.197.128/30
@@ -580,31 +586,20 @@ add blacklist-v4 5.61.239.48/28
 add blacklist-v4 5.61.239.64/26
 add blacklist-v4 62.105.158.200/29
 add blacklist-v4 62.112.110.64/28
-add blacklist-v4 62.118.0.208/28
 add blacklist-v4 62.118.101.184/29
 add blacklist-v4 62.118.113.232/29
 add blacklist-v4 62.118.125.188/30
 add blacklist-v4 62.118.127.240/28
-add blacklist-v4 62.118.15.16/28
-add blacklist-v4 62.118.17.152/29
-add blacklist-v4 62.118.19.112/30
-add blacklist-v4 62.118.19.40/30
 add blacklist-v4 62.118.193.8/29
 add blacklist-v4 62.118.205.68/30
 add blacklist-v4 62.118.208.100/30
 add blacklist-v4 62.118.209.192/30
-add blacklist-v4 62.118.21.160/29
 add blacklist-v4 62.118.216.60/30
 add blacklist-v4 62.118.219.184/30
 add blacklist-v4 62.118.230.4/30
 add blacklist-v4 62.118.233.224/29
 add blacklist-v4 62.118.234.64/29
 add blacklist-v4 62.118.239.128/29
-add blacklist-v4 62.118.25.112/28
-add blacklist-v4 62.118.37.168/30
-add blacklist-v4 62.118.37.180/30
-add blacklist-v4 62.118.37.4/30
-add blacklist-v4 62.118.38.212/30
 add blacklist-v4 62.141.125.0/25
 add blacklist-v4 62.217.160.0/20
 add blacklist-v4 62.217.160.0/21
@@ -613,7 +608,6 @@ add blacklist-v4 62.28.169.168/30
 add blacklist-v4 62.33.199.80/29
 add blacklist-v4 62.33.34.16/28
 add blacklist-v4 62.33.87.128/28
-add blacklist-v4 62.33.87.152/29
 add blacklist-v4 62.5.130.104/29
 add blacklist-v4 62.5.132.224/29
 add blacklist-v4 62.5.189.80/29
@@ -652,7 +646,6 @@ add blacklist-v4 78.37.69.160/27
 add blacklist-v4 78.37.84.120/29
 add blacklist-v4 78.37.97.88/29
 add blacklist-v4 79.133.74.160/30
-add blacklist-v4 79.133.74.168/30
 add blacklist-v4 79.133.75.176/30
 add blacklist-v4 79.133.75.44/30
 add blacklist-v4 79.137.132.0/24
@@ -724,6 +717,7 @@ add blacklist-v4 81.195.151.0/24
 add blacklist-v4 81.195.151.172/30
 add blacklist-v4 81.195.155.0/30
 add blacklist-v4 81.195.161.12/30
+add blacklist-v4 81.195.164.0/24
 add blacklist-v4 81.195.165.64/28
 add blacklist-v4 81.195.168.24/30
 add blacklist-v4 81.195.177.160/30
@@ -835,6 +829,7 @@ add blacklist-v4 85.141.33.64/28
 add blacklist-v4 85.141.60.96/28
 add blacklist-v4 85.141.61.160/28
 add blacklist-v4 85.143.125.0/24
+add blacklist-v4 85.146.204.44/30
 add blacklist-v4 85.192.32.0/22
 add blacklist-v4 85.192.32.0/23
 add blacklist-v4 85.192.34.0/23
@@ -1003,7 +998,6 @@ add blacklist-v4 90.156.216.0/22
 add blacklist-v4 90.156.216.0/23
 add blacklist-v4 90.156.218.0/23
 add blacklist-v4 90.156.232.0/21
-add blacklist-v4 90.156.248.0/22
 add blacklist-v4 91.103.194.184/29
 add blacklist-v4 91.135.212.0/22
 add blacklist-v4 91.135.216.0/21
@@ -1027,6 +1021,7 @@ add blacklist-v4 91.231.134.0/24
 add blacklist-v4 91.237.76.0/24
 add blacklist-v4 92.101.253.152/29
 add blacklist-v4 92.101.253.96/29
+add blacklist-v4 92.38.217.0/24
 add blacklist-v4 92.39.106.168/30
 add blacklist-v4 92.39.106.20/30
 add blacklist-v4 92.39.111.84/30
@@ -1125,6 +1120,7 @@ add blacklist-v4 95.167.5.64/28
 add blacklist-v4 95.167.5.80/28
 add blacklist-v4 95.167.54.76/30
 add blacklist-v4 95.167.59.244/30
+add blacklist-v4 95.167.59.248/30
 add blacklist-v4 95.167.64.20/30
 add blacklist-v4 95.167.68.216/29
 add blacklist-v4 95.167.69.116/30

blacklists_iptables/blacklist-v6.ipset

@@ -1,14 +1,14 @@
 # IPSet blacklist configuration (IPv6 only)
 # Auto-generated from blacklist-v6.txt
-# Last updated: 2026-01-25 06:23:40 UTC
+# Last updated: 2026-03-31 07:05:56 UTC
 #
 # Usage:
 #   1. Load the ipset:
 #      ipset restore < blacklist-v6.ipset
 #
 #   2. Use with iptables/ip6tables:
-#      iptables -I INPUT -m set --match-set blacklist-v6 src -m conntrack --ctstate NEW -j DROP
-#      iptables -I FORWARD -m set --match-set blacklist-v6 src -m conntrack --ctstate NEW -j DROP
+#      ip6tables -I INPUT -m set --match-set blacklist-v6 src -m conntrack --ctstate NEW -j DROP
+#      ip6tables -I FORWARD -m set --match-set blacklist-v6 src -m conntrack --ctstate NEW -j DROP
 #
 #   3. To flush/delete the set:
 #      ipset flush blacklist-v6

blacklists_iptables/blacklist-vk-v4.ipset

@@ -0,0 +1,285 @@
+# IPSet blacklist configuration (VK names, IPv4 only)
+# Auto-generated from blacklist-vk-v4.txt
+# Last updated: 2026-03-31 07:05:56 UTC
+#
+# Usage:
+#   1. Load the ipset:
+#      ipset restore < blacklist-vk-v4.ipset
+#
+#   2. Use with iptables/ip6tables:
+#      iptables -I OUTPUT -m set --match-set blacklist-vk-v4 dst -j REJECT
+#      iptables -I FORWARD -m set --match-set blacklist-vk-v4 dst -j REJECT
+#
+#   3. To flush/delete the set:
+#      ipset flush blacklist-vk-v4
+#      ipset destroy blacklist-vk-v4
+#
+
+create blacklist-vk-v4 hash:net family inet hashsize 1024 maxelem 534
+add blacklist-vk-v4 109.120.180.0/22
+add blacklist-vk-v4 109.120.180.0/23
+add blacklist-vk-v4 109.120.182.0/23
+add blacklist-vk-v4 109.120.188.0/22
+add blacklist-vk-v4 109.120.188.0/23
+add blacklist-vk-v4 109.120.190.0/23
+add blacklist-vk-v4 128.140.168.0/21
+add blacklist-vk-v4 128.140.168.0/23
+add blacklist-vk-v4 128.140.170.0/24
+add blacklist-vk-v4 128.140.171.0/24
+add blacklist-vk-v4 128.140.172.0/22
+add blacklist-vk-v4 130.49.224.0/19
+add blacklist-vk-v4 146.185.208.0/22
+add blacklist-vk-v4 146.185.208.0/23
+add blacklist-vk-v4 146.185.210.0/23
+add blacklist-vk-v4 146.185.240.0/22
+add blacklist-vk-v4 146.185.240.0/23
+add blacklist-vk-v4 146.185.242.0/23
+add blacklist-vk-v4 155.212.192.0/20
+add blacklist-vk-v4 161.104.104.0/21
+add blacklist-vk-v4 176.112.168.0/21
+add blacklist-vk-v4 178.22.88.0/21
+add blacklist-vk-v4 178.22.89.64/26
+add blacklist-vk-v4 178.22.94.0/23
+add blacklist-vk-v4 178.237.16.0/20
+add blacklist-vk-v4 178.237.16.0/21
+add blacklist-vk-v4 178.237.24.0/22
+add blacklist-vk-v4 178.237.30.0/23
+add blacklist-vk-v4 185.100.104.0/22
+add blacklist-vk-v4 185.100.104.0/23
+add blacklist-vk-v4 185.100.106.0/23
+add blacklist-vk-v4 185.130.112.0/22
+add blacklist-vk-v4 185.130.112.0/23
+add blacklist-vk-v4 185.130.114.0/23
+add blacklist-vk-v4 185.131.68.0/22
+add blacklist-vk-v4 185.16.148.0/22
+add blacklist-vk-v4 185.16.148.0/23
+add blacklist-vk-v4 185.16.150.0/23
+add blacklist-vk-v4 185.16.244.0/22
+add blacklist-vk-v4 185.16.244.0/23
+add blacklist-vk-v4 185.16.246.0/23
+add blacklist-vk-v4 185.180.200.0/22
+add blacklist-vk-v4 185.187.63.0/24
+add blacklist-vk-v4 185.187.63.0/25
+add blacklist-vk-v4 185.187.63.128/25
+add blacklist-vk-v4 185.226.52.0/22
+add blacklist-vk-v4 185.226.52.0/23
+add blacklist-vk-v4 185.226.54.0/23
+add blacklist-vk-v4 185.241.192.0/22
+add blacklist-vk-v4 185.241.192.0/23
+add blacklist-vk-v4 185.241.194.0/23
+add blacklist-vk-v4 185.29.128.0/22
+add blacklist-vk-v4 185.29.130.0/24
+add blacklist-vk-v4 185.32.248.0/22
+add blacklist-vk-v4 185.32.248.0/23
+add blacklist-vk-v4 185.32.250.0/23
+add blacklist-vk-v4 185.5.136.0/22
+add blacklist-vk-v4 185.5.136.0/23
+add blacklist-vk-v4 185.5.138.0/23
+add blacklist-vk-v4 185.6.244.0/22
+add blacklist-vk-v4 185.6.244.0/23
+add blacklist-vk-v4 185.6.246.0/23
+add blacklist-vk-v4 185.86.144.0/22
+add blacklist-vk-v4 185.86.144.0/23
+add blacklist-vk-v4 185.86.146.0/23
+add blacklist-vk-v4 188.93.56.0/21
+add blacklist-vk-v4 188.93.56.0/24
+add blacklist-vk-v4 188.93.57.0/24
+add blacklist-vk-v4 188.93.58.0/24
+add blacklist-vk-v4 188.93.60.0/24
+add blacklist-vk-v4 188.93.61.0/24
+add blacklist-vk-v4 188.93.62.0/24
+add blacklist-vk-v4 193.203.40.0/22
+add blacklist-vk-v4 194.84.16.12/30
+add blacklist-vk-v4 195.211.20.0/22
+add blacklist-vk-v4 195.211.22.0/24
+add blacklist-vk-v4 195.211.23.0/24
+add blacklist-vk-v4 212.111.84.0/22
+add blacklist-vk-v4 212.233.120.0/22
+add blacklist-vk-v4 212.233.72.0/21
+add blacklist-vk-v4 212.233.88.0/21
+add blacklist-vk-v4 212.233.96.0/22
+add blacklist-vk-v4 213.219.212.0/22
+add blacklist-vk-v4 213.219.212.0/23
+add blacklist-vk-v4 213.219.214.0/23
+add blacklist-vk-v4 217.16.16.0/20
+add blacklist-vk-v4 217.16.16.0/21
+add blacklist-vk-v4 217.16.24.0/21
+add blacklist-vk-v4 217.174.188.0/23
+add blacklist-vk-v4 217.20.144.0/20
+add blacklist-vk-v4 217.20.144.0/22
+add blacklist-vk-v4 217.20.148.0/24
+add blacklist-vk-v4 217.20.149.0/24
+add blacklist-vk-v4 217.20.150.0/23
+add blacklist-vk-v4 217.20.152.0/22
+add blacklist-vk-v4 217.20.156.0/23
+add blacklist-vk-v4 217.20.158.0/24
+add blacklist-vk-v4 217.20.159.0/24
+add blacklist-vk-v4 217.69.128.0/20
+add blacklist-vk-v4 217.69.128.0/21
+add blacklist-vk-v4 217.69.136.0/21
+add blacklist-vk-v4 37.139.32.0/22
+add blacklist-vk-v4 37.139.32.0/23
+add blacklist-vk-v4 37.139.34.0/23
+add blacklist-vk-v4 37.139.40.0/22
+add blacklist-vk-v4 37.139.40.0/23
+add blacklist-vk-v4 37.139.42.0/23
+add blacklist-vk-v4 45.136.20.0/22
+add blacklist-vk-v4 45.136.20.0/23
+add blacklist-vk-v4 45.136.22.0/23
+add blacklist-vk-v4 45.84.128.0/22
+add blacklist-vk-v4 45.84.128.0/23
+add blacklist-vk-v4 45.84.130.0/23
+add blacklist-vk-v4 5.101.40.0/22
+add blacklist-vk-v4 5.101.40.0/23
+add blacklist-vk-v4 5.101.42.0/23
+add blacklist-vk-v4 5.181.60.0/22
+add blacklist-vk-v4 5.181.60.0/24
+add blacklist-vk-v4 5.181.61.0/24
+add blacklist-vk-v4 5.181.62.0/23
+add blacklist-vk-v4 5.188.140.0/22
+add blacklist-vk-v4 5.188.140.0/23
+add blacklist-vk-v4 5.188.142.0/23
+add blacklist-vk-v4 5.61.16.0/21
+add blacklist-vk-v4 5.61.16.0/22
+add blacklist-vk-v4 5.61.20.0/22
+add blacklist-vk-v4 5.61.232.0/21
+add blacklist-vk-v4 5.61.232.0/22
+add blacklist-vk-v4 5.61.236.0/23
+add blacklist-vk-v4 5.61.238.0/24
+add blacklist-vk-v4 5.61.239.0/27
+add blacklist-vk-v4 5.61.239.128/25
+add blacklist-vk-v4 5.61.239.40/29
+add blacklist-vk-v4 5.61.239.48/28
+add blacklist-vk-v4 5.61.239.64/26
+add blacklist-vk-v4 62.217.160.0/20
+add blacklist-vk-v4 62.217.160.0/21
+add blacklist-vk-v4 62.217.168.0/21
+add blacklist-vk-v4 79.137.132.0/24
+add blacklist-vk-v4 79.137.132.0/25
+add blacklist-vk-v4 79.137.132.128/25
+add blacklist-vk-v4 79.137.139.0/24
+add blacklist-vk-v4 79.137.139.0/25
+add blacklist-vk-v4 79.137.139.128/25
+add blacklist-vk-v4 79.137.157.0/25
+add blacklist-vk-v4 79.137.157.128/25
+add blacklist-vk-v4 79.137.164.0/24
+add blacklist-vk-v4 79.137.164.0/25
+add blacklist-vk-v4 79.137.164.128/25
+add blacklist-vk-v4 79.137.167.0/24
+add blacklist-vk-v4 79.137.167.0/25
+add blacklist-vk-v4 79.137.167.128/25
+add blacklist-vk-v4 79.137.174.0/23
+add blacklist-vk-v4 79.137.174.0/24
+add blacklist-vk-v4 79.137.175.0/24
+add blacklist-vk-v4 79.137.180.0/24
+add blacklist-vk-v4 79.137.180.0/25
+add blacklist-vk-v4 79.137.180.128/25
+add blacklist-vk-v4 79.137.240.0/21
+add blacklist-vk-v4 79.137.240.0/22
+add blacklist-vk-v4 79.137.244.0/22
+add blacklist-vk-v4 83.166.232.0/21
+add blacklist-vk-v4 83.166.232.0/22
+add blacklist-vk-v4 83.166.236.0/22
+add blacklist-vk-v4 83.166.248.0/21
+add blacklist-vk-v4 83.166.248.0/22
+add blacklist-vk-v4 83.166.252.0/22
+add blacklist-vk-v4 83.217.216.0/22
+add blacklist-vk-v4 83.217.216.0/23
+add blacklist-vk-v4 83.217.218.0/23
+add blacklist-vk-v4 83.222.28.0/22
+add blacklist-vk-v4 84.23.52.0/22
+add blacklist-vk-v4 84.23.52.0/23
+add blacklist-vk-v4 84.23.54.0/23
+add blacklist-vk-v4 85.114.31.108/30
+add blacklist-vk-v4 85.192.32.0/22
+add blacklist-vk-v4 85.192.32.0/23
+add blacklist-vk-v4 85.192.34.0/23
+add blacklist-vk-v4 85.198.106.0/24
+add blacklist-vk-v4 85.198.107.0/24
+add blacklist-vk-v4 87.239.104.0/21
+add blacklist-vk-v4 87.239.104.0/22
+add blacklist-vk-v4 87.239.108.0/22
+add blacklist-vk-v4 87.240.128.0/18
+add blacklist-vk-v4 87.240.128.0/19
+add blacklist-vk-v4 87.240.160.0/19
+add blacklist-vk-v4 87.242.112.0/22
+add blacklist-vk-v4 89.208.196.0/22
+add blacklist-vk-v4 89.208.196.0/23
+add blacklist-vk-v4 89.208.198.0/23
+add blacklist-vk-v4 89.208.208.0/22
+add blacklist-vk-v4 89.208.208.0/23
+add blacklist-vk-v4 89.208.210.0/23
+add blacklist-vk-v4 89.208.216.0/21
+add blacklist-vk-v4 89.208.216.0/23
+add blacklist-vk-v4 89.208.218.0/23
+add blacklist-vk-v4 89.208.220.0/22
+add blacklist-vk-v4 89.208.228.0/22
+add blacklist-vk-v4 89.208.228.0/23
+add blacklist-vk-v4 89.208.230.0/23
+add blacklist-vk-v4 89.208.84.0/22
+add blacklist-vk-v4 89.208.84.0/23
+add blacklist-vk-v4 89.208.86.0/23
+add blacklist-vk-v4 89.221.228.0/22
+add blacklist-vk-v4 89.221.232.0/21
+add blacklist-vk-v4 90.156.148.0/22
+add blacklist-vk-v4 90.156.148.0/23
+add blacklist-vk-v4 90.156.150.0/23
+add blacklist-vk-v4 90.156.212.0/22
+add blacklist-vk-v4 90.156.212.0/23
+add blacklist-vk-v4 90.156.214.0/23
+add blacklist-vk-v4 90.156.216.0/22
+add blacklist-vk-v4 90.156.216.0/23
+add blacklist-vk-v4 90.156.218.0/23
+add blacklist-vk-v4 90.156.232.0/21
+add blacklist-vk-v4 91.219.224.0/22
+add blacklist-vk-v4 91.231.132.0/22
+add blacklist-vk-v4 91.237.76.0/24
+add blacklist-vk-v4 93.153.255.84/30
+add blacklist-vk-v4 93.186.224.0/20
+add blacklist-vk-v4 93.186.224.0/21
+add blacklist-vk-v4 93.186.232.0/21
+add blacklist-vk-v4 94.100.176.0/20
+add blacklist-vk-v4 94.100.176.0/21
+add blacklist-vk-v4 94.100.184.0/21
+add blacklist-vk-v4 94.139.244.0/22
+add blacklist-vk-v4 94.139.244.0/23
+add blacklist-vk-v4 94.139.246.0/23
+add blacklist-vk-v4 95.142.192.0/20
+add blacklist-vk-v4 95.142.192.0/21
+add blacklist-vk-v4 95.142.200.0/21
+add blacklist-vk-v4 95.163.180.0/22
+add blacklist-vk-v4 95.163.180.0/23
+add blacklist-vk-v4 95.163.182.0/23
+add blacklist-vk-v4 95.163.208.0/21
+add blacklist-vk-v4 95.163.208.0/23
+add blacklist-vk-v4 95.163.210.0/23
+add blacklist-vk-v4 95.163.212.0/22
+add blacklist-vk-v4 95.163.216.0/22
+add blacklist-vk-v4 95.163.216.0/23
+add blacklist-vk-v4 95.163.218.0/23
+add blacklist-vk-v4 95.163.248.0/21
+add blacklist-vk-v4 95.163.248.0/22
+add blacklist-vk-v4 95.163.252.0/23
+add blacklist-vk-v4 95.163.254.0/23
+add blacklist-vk-v4 95.163.32.0/19
+add blacklist-vk-v4 95.163.32.0/22
+add blacklist-vk-v4 95.163.36.0/22
+add blacklist-vk-v4 95.163.40.0/21
+add blacklist-vk-v4 95.163.48.0/20
+add blacklist-vk-v4 95.213.0.0/17
+add blacklist-vk-v4 95.213.0.0/20
+add blacklist-vk-v4 95.213.16.0/21
+add blacklist-vk-v4 95.213.24.0/23
+add blacklist-vk-v4 95.213.26.0/24
+add blacklist-vk-v4 95.213.27.0/24
+add blacklist-vk-v4 95.213.28.0/24
+add blacklist-vk-v4 95.213.29.0/24
+add blacklist-vk-v4 95.213.30.0/24
+add blacklist-vk-v4 95.213.31.0/24
+add blacklist-vk-v4 95.213.32.0/24
+add blacklist-vk-v4 95.213.33.0/24
+add blacklist-vk-v4 95.213.34.0/23
+add blacklist-vk-v4 95.213.36.0/22
+add blacklist-vk-v4 95.213.40.0/21
+add blacklist-vk-v4 95.213.48.0/20
+add blacklist-vk-v4 95.213.64.0/18

blacklists_iptables/blacklist-vk-v6.ipset

@@ -0,0 +1,19 @@
+# IPSet blacklist configuration (VK names, IPv6 only)
+# Auto-generated from blacklist-vk-v6.txt
+# Last updated: 2026-03-31 07:05:56 UTC
+#
+# Usage:
+#   1. Load the ipset:
+#      ipset restore < blacklist-vk-v6.ipset
+#
+#   2. Use with iptables/ip6tables:
+#      ip6tables -I OUTPUT -m set --match-set blacklist-vk-v6 dst -j REJECT
+#      ip6tables -I FORWARD -m set --match-set blacklist-vk-v6 dst -j REJECT
+#
+#   3. To flush/delete the set:
+#      ipset flush blacklist-vk-v6
+#      ipset destroy blacklist-vk-v6
+#
+
+create blacklist-vk-v6 hash:net family inet6 hashsize 1024 maxelem 2
+add blacklist-vk-v6 2a00:bdc0::/29

blacklists_nftables/README.md

@@ -1,185 +1,52 @@
-# nftables Blacklist Configuration
+# nftables blacklists
 
-This folder contains nftables blacklist configurations generated from Russian government agency network lists.
+Short: ready-to-use nftables set files (general and VK-only, separated by IPv4/IPv6).
 
-## Available Files
+## Download links
 
-- `blacklist.nft` - Mixed IPv4/IPv6 blacklist (**daily generated**)
-- `blacklist-v4.nft` - IPv4-only blacklist (**daily generated**)
-- `blacklist-v6.nft` - IPv6-only blacklist (**daily generated**)
+- https://raw.githubusercontent.com/C24Be/AS_Network_List/refs/heads/main/blacklists_nftables/blacklist.nft
+- https://raw.githubusercontent.com/C24Be/AS_Network_List/refs/heads/main/blacklists_nftables/blacklist-v4.nft
+- https://raw.githubusercontent.com/C24Be/AS_Network_List/refs/heads/main/blacklists_nftables/blacklist-v6.nft
+- https://raw.githubusercontent.com/C24Be/AS_Network_List/refs/heads/main/blacklists_nftables/blacklist-vk.nft
+- https://raw.githubusercontent.com/C24Be/AS_Network_List/refs/heads/main/blacklists_nftables/blacklist-vk-v4.nft
+- https://raw.githubusercontent.com/C24Be/AS_Network_List/refs/heads/main/blacklists_nftables/blacklist-vk-v6.nft
 
-## Quick Start
+## How to use
 
-### Download and Load
-````bash
-# Download the blacklist
-wget https://raw.githubusercontent.com/C24Be/AS_Network_List/main/blacklists_nftables/blacklist.nft
+### 1) Protect VM from incoming connections (general blacklists)
 
-# Load the configuration
+Load either mixed or split general set files:
+
+```bash
 sudo nft -f blacklist.nft
+# or:
+sudo nft -f blacklist-v4.nft
+sudo nft -f blacklist-v6.nft
+```
 
-# Verify it's loaded
-sudo nft list ruleset
-````
+Apply rules for inbound traffic to the VM:
 
-### Automatic Updates
+```bash
+sudo nft add chain inet filter input '{ type filter hook input priority 0; policy accept; }'
+sudo nft add rule inet filter input ip saddr @blacklist_v4 counter reject
+sudo nft add rule inet filter input ip6 saddr @blacklist_v6 counter reject
+```
 
-Add to crontab for daily updates:
-````bash
-0 2 * * * wget -O /etc/nftables.d/blacklist.nft https://raw.githubusercontent.com/C24Be/AS_Network_List/main/blacklists_nftables/blacklist.nft && nft -f /etc/nftables.d/blacklist.nft
-````
+### 2) Block VK outbound traffic for VPN clients via NAT/FORWARD
 
-## Configuration Details
+Load either mixed or split VK set files:
 
-The generated nftables configuration uses:
-- **Sets with interval flag** for efficient CIDR matching
-- **Named sets** (`blacklist_v4` and `blacklist_v6`) for easy management
-- **Counter** directive to track dropped packets
-- **Stateful filtering** to allow established connections
+```bash
+sudo nft -f blacklist-vk.nft
+# or:
+sudo nft -f blacklist-vk-v4.nft
+sudo nft -f blacklist-vk-v6.nft
+```
 
-### Configuration Structure
-table inet filter {
-set blacklist_v4 {
-type ipv4_addr
-flags interval
-elements = { 1.2.3.0/24, 5.6.7.0/24, ... }
-}
-set blacklist_v6 {
-    type ipv6_addr
-    flags interval
-    elements = { 2001:db8::/32, ... }
-}
+Apply rules for forwarded client traffic (replace `<VPN_IFACE>`):
 
-chain input {
-    type filter hook input priority 0;
-    policy accept;
-    
-    ct state { established, related } accept
-    
-    ip saddr @blacklist_v4 counter drop
-    ip6 saddr @blacklist_v6 counter drop
-}
-}
-
-## Integration Options
-
-### Option 1: Standalone Configuration
-
-Load the blacklist as a complete ruleset:
-````bash
-sudo nft -f blacklist.nft
-````
-
-### Option 2: Include in Existing Configuration
-
-If you have an existing nftables configuration:
-
-1. Copy only the set definitions from the generated file
-2. Add set lookups to your existing input chain:
-````bash
-ip saddr @blacklist_v4 counter drop
-ip6 saddr @blacklist_v6 counter drop
-````
-
-### Option 3: Persistent Configuration
-
-For systemd-based systems:
-````bash
-# Copy to nftables config directory
-sudo cp blacklist.nft /etc/nftables.d/
-
-# Edit /etc/nftables.conf to include:
-# include "/etc/nftables.d/blacklist.nft"
-
-# Enable and restart
-sudo systemctl enable nftables
-sudo systemctl restart nftables
-````
-
-## Checking IPs Against the Blacklist
-
-Use the `check_nft_blacklist.py` script to verify if an IP is blocked:
-````bash
-# Check an IPv4 address
-python3 check_nft_blacklist.py blacklist.nft 192.168.1.1
-
-# Check an IPv6 address
-python3 check_nft_blacklist.py blacklist.nft 2001:db8::1
-````
-
-## Monitoring
-
-### View Dropped Packets
-````bash
-# View all rules with counters
-sudo nft list chain inet filter input -a
-
-# Monitor in real-time
-sudo nft monitor
-````
-
-### Check Set Contents
-````bash
-# View IPv4 blacklist
-sudo nft list set inet filter blacklist_v4
-
-# View IPv6 blacklist
-sudo nft list set inet filter blacklist_v6
-````
-
-## Advantages of nftables
-
-- **Better Performance**: O(1) lookup time with sets vs O(n) for sequential rules
-- **Lower Memory Usage**: More efficient than iptables for large rulesets
-- **Atomic Updates**: All rules updated in a single transaction
-- **Modern Syntax**: Cleaner, more readable configuration
-- **Unified Tool**: Single tool for IPv4, IPv6, and ARP filtering
-
-## File Format Comparison
-
-| Format | Use Case | Performance | Memory |
-|--------|----------|-------------|--------|
-| **nftables** | Modern firewalls | Excellent | Low |
-| **iptables** | Legacy systems | Good | Medium |
-| **nginx** | Web layer | Good | Low |
-
-## Troubleshooting
-
-### Configuration Won't Load
-````bash
-# Check syntax
-sudo nft -c -f blacklist.nft
-
-# View detailed errors
-sudo nft -f blacklist.nft 2>&1 | less
-````
-
-### Rules Not Blocking Traffic
-````bash
-# Verify sets are populated
-sudo nft list set inet filter blacklist_v4 | wc -l
-
-# Check rule priority
-sudo nft list chain inet filter input
-
-# Test with logging temporarily
-sudo nft add rule inet filter input ip saddr @blacklist_v4 log prefix "BLOCKED: "
-````
-
-### Performance Issues
-
-If experiencing performance problems with very large sets:
-
-1. Consider splitting into multiple smaller sets
-2. Use `blacklist-v4.nft` or `blacklist-v6.nft` if only one protocol is needed
-3. Ensure kernel supports nftables fully (Linux 4.0+)
-
-## Additional Resources
-
-- [nftables Wiki](https://wiki.nftables.org/)
-- [nftables Quick Reference](https://wiki.nftables.org/wiki-nftables/index.php/Quick_reference-nftables_in_10_minutes)
-- [Netfilter Documentation](https://www.netfilter.org/documentation/)
-
-## Contributing
-
-Found an issue or have suggestions? Please open an issue or submit a pull request!
+```bash
+sudo nft add chain inet filter forward '{ type filter hook forward priority 0; policy accept; }'
+sudo nft add rule inet filter forward iifname "<VPN_IFACE>" ip daddr @blacklist_vk_v4 counter reject
+sudo nft add rule inet filter forward iifname "<VPN_IFACE>" ip6 daddr @blacklist_vk_v6 counter reject
+```

blacklists_nftables/blacklist-v4.nft

@@ -1,7 +1,14 @@
 # Autogenerated nftables blacklist
-# Generated: 2026-01-25T06:23:40.464632Z
+# Generated: 2026-03-31T07:05:56.717454Z
 # Source: /tmp/blacklist-v4.txt
-# IPv4: 815, IPv6: 0
+# IPv4: 802, IPv6: 0
+#
+# Usage:
+#   sudo nft -f <this-file>
+#   # VM protection from incoming blacklist sources
+#   sudo nft add chain inet filter input '{ type filter hook input priority 0; policy accept; }'
+#   sudo nft add rule inet filter input ip saddr @blacklist_v4 counter reject
+#   sudo nft add rule inet filter input ip6 saddr @blacklist_v6 counter reject
 
 table inet filter {
 
@@ -28,6 +35,7 @@ table inet filter {
             45.136.20.0/22,
             46.20.70.160/28,
             46.29.152.0/22,
+            46.29.156.0/23,
             46.46.142.160/28,
             46.46.148.40/29,
             46.47.197.128/30,
@@ -57,7 +65,6 @@ table inet filter {
             62.28.169.168/30,
             62.33.34.16/28,
             62.33.87.128/28,
-            62.33.87.152/29,
             62.33.199.80/29,
             62.63.96.32/28,
             62.63.98.24/29,
@@ -66,17 +73,6 @@ table inet filter {
             62.76.98.0/24,
             62.105.158.200/29,
             62.112.110.64/28,
-            62.118.0.208/28,
-            62.118.15.16/28,
-            62.118.17.152/29,
-            62.118.19.40/30,
-            62.118.19.112/30,
-            62.118.21.160/29,
-            62.118.25.112/28,
-            62.118.37.4/30,
-            62.118.37.168/30,
-            62.118.37.180/30,
-            62.118.38.212/30,
             62.118.101.184/29,
             62.118.113.232/29,
             62.118.125.188/30,
@@ -119,7 +115,6 @@ table inet filter {
             78.108.200.0/24,
             78.109.140.112/29,
             79.133.74.160/30,
-            79.133.74.168/30,
             79.133.75.44/30,
             79.133.75.176/30,
             79.137.132.0/24,
@@ -181,6 +176,7 @@ table inet filter {
             81.195.151.0/24,
             81.195.155.0/30,
             81.195.161.12/30,
+            81.195.164.0/24,
             81.195.165.64/28,
             81.195.168.24/30,
             81.195.177.160/30,
@@ -295,6 +291,7 @@ table inet filter {
             85.141.60.96/28,
             85.141.61.160/28,
             85.143.125.0/24,
+            85.146.204.44/30,
             85.192.32.0/22,
             85.198.106.0/23,
             85.236.29.160/27,
@@ -389,7 +386,6 @@ table inet filter {
             90.156.212.0/22,
             90.156.216.0/22,
             90.156.232.0/21,
-            90.156.248.0/22,
             91.103.194.184/29,
             91.135.212.0/22,
             91.135.216.0/21,
@@ -404,6 +400,7 @@ table inet filter {
             91.227.32.0/24,
             91.231.132.0/22,
             91.237.76.0/24,
+            92.38.217.0/24,
             92.39.106.20/30,
             92.39.106.168/30,
             92.39.111.84/30,
@@ -465,6 +462,7 @@ table inet filter {
             95.167.29.104/29,
             95.167.54.76/30,
             95.167.59.244/30,
+            95.167.59.248/30,
             95.167.64.20/30,
             95.167.68.216/29,
             95.167.69.116/30,
@@ -520,9 +518,11 @@ table inet filter {
             146.185.240.0/22,
             149.62.55.240/30,
             155.212.192.0/20,
+            161.104.104.0/21,
             176.109.0.0/21,
             176.112.168.0/21,
             176.116.96.0/20,
+            176.116.112.0/22,
             178.16.156.148/30,
             178.17.176.0/20,
             178.20.234.224/29,
@@ -569,7 +569,6 @@ table inet filter {
             185.5.136.0/22,
             185.6.244.0/22,
             185.7.234.188/30,
-            185.16.8.0/22,
             185.16.148.0/22,
             185.16.244.0/22,
             185.29.128.0/22,
@@ -651,7 +650,6 @@ table inet filter {
             195.144.232.144/30,
             195.144.240.128/28,
             195.149.110.0/24,
-            195.151.25.48/29,
             195.162.36.64/28,
             195.170.218.24/29,
             195.170.218.88/29,
@@ -798,8 +796,7 @@ table inet filter {
             213.243.106.48/28,
             213.243.116.0/24,
             217.16.16.0/20,
-            217.20.86.128/26,
-            217.20.86.232/29,
+            217.20.86.128/25,
             217.20.144.0/20,
             217.23.88.168/29,
             217.23.88.248/29,
@@ -809,17 +806,14 @@ table inet filter {
             217.67.177.208/29,
             217.69.128.0/20,
             217.106.0.0/16,
-            217.107.5.8/29,
-            217.107.5.16/28,
-            217.107.5.40/29,
-            217.107.5.80/28,
-            217.107.5.96/29,
-            217.107.5.112/29,
+            217.107.0.0/18,
             217.107.200.0/21,
+            217.107.208.0/20,
             217.147.23.112/28,
             217.148.216.156/30,
             217.148.220.160/29,
             217.172.18.0/23,
+            217.172.20.0/22,
             217.174.188.0/22,
             217.195.92.16/28,
             217.195.93.144/29,
@@ -832,12 +826,4 @@ table inet filter {
         flags interval
     }
 
-    chain input {
-        type filter hook input priority 0;
-        policy accept;
-
-        ct state { established, related } accept
-
-        ip saddr @blacklist_v4 counter drop
-    }
 }

blacklists_nftables/blacklist-v6.nft

@@ -1,7 +1,14 @@
 # Autogenerated nftables blacklist
-# Generated: 2026-01-25T06:23:40.496188Z
+# Generated: 2026-03-31T07:05:56.749536Z
 # Source: /tmp/blacklist-v6.txt
 # IPv4: 0, IPv6: 17
+#
+# Usage:
+#   sudo nft -f <this-file>
+#   # VM protection from incoming blacklist sources
+#   sudo nft add chain inet filter input '{ type filter hook input priority 0; policy accept; }'
+#   sudo nft add rule inet filter input ip saddr @blacklist_v4 counter reject
+#   sudo nft add rule inet filter input ip6 saddr @blacklist_v6 counter reject
 
 table inet filter {
 
@@ -34,12 +41,4 @@ table inet filter {
         }
     }
 
-    chain input {
-        type filter hook input priority 0;
-        policy accept;
-
-        ct state { established, related } accept
-
-        ip6 saddr @blacklist_v6 counter drop
-    }
 }

blacklists_nftables/blacklist-vk-v4.nft

@@ -0,0 +1,120 @@
+# Autogenerated nftables blacklist
+# Generated: 2026-03-31T07:05:56.809612Z
+# Source: /home/runner/work/AS_Network_List/AS_Network_List/blacklists/blacklist-vk-v4.txt
+# IPv4: 93, IPv6: 0
+#
+# Usage:
+#   sudo nft -f <this-file>
+#   # VK egress blocking for VPN clients via NAT/FORWARD
+#   sudo nft add chain inet filter forward '{ type filter hook forward priority 0; policy accept; }'
+#   sudo nft add rule inet filter forward iifname "<VPN_IFACE>" ip daddr @blacklist_vk_v4 counter reject
+#   sudo nft add rule inet filter forward iifname "<VPN_IFACE>" ip6 daddr @blacklist_vk_v6 counter reject
+
+table inet filter {
+
+    set blacklist_vk_v4 {
+        type ipv4_addr
+        flags interval
+        elements = {
+            5.61.16.0/21,
+            5.61.232.0/21,
+            5.101.40.0/22,
+            5.181.60.0/22,
+            5.188.140.0/22,
+            37.139.32.0/22,
+            37.139.40.0/22,
+            45.84.128.0/22,
+            45.136.20.0/22,
+            62.217.160.0/20,
+            79.137.132.0/24,
+            79.137.139.0/24,
+            79.137.157.0/24,
+            79.137.164.0/24,
+            79.137.167.0/24,
+            79.137.174.0/23,
+            79.137.180.0/24,
+            79.137.240.0/21,
+            83.166.232.0/21,
+            83.166.248.0/21,
+            83.217.216.0/22,
+            83.222.28.0/22,
+            84.23.52.0/22,
+            85.114.31.108/30,
+            85.192.32.0/22,
+            85.198.106.0/23,
+            87.239.104.0/21,
+            87.240.128.0/18,
+            87.242.112.0/22,
+            89.208.84.0/22,
+            89.208.196.0/22,
+            89.208.208.0/22,
+            89.208.216.0/21,
+            89.208.228.0/22,
+            89.221.228.0/22,
+            89.221.232.0/21,
+            90.156.148.0/22,
+            90.156.212.0/22,
+            90.156.216.0/22,
+            90.156.232.0/21,
+            91.219.224.0/22,
+            91.231.132.0/22,
+            91.237.76.0/24,
+            93.153.255.84/30,
+            93.186.224.0/20,
+            94.100.176.0/20,
+            94.139.244.0/22,
+            95.142.192.0/20,
+            95.163.32.0/19,
+            95.163.180.0/22,
+            95.163.208.0/21,
+            95.163.216.0/22,
+            95.163.248.0/21,
+            95.213.0.0/17,
+            109.120.180.0/22,
+            109.120.188.0/22,
+            128.140.168.0/21,
+            130.49.224.0/19,
+            146.185.208.0/22,
+            146.185.240.0/22,
+            155.212.192.0/20,
+            161.104.104.0/21,
+            176.112.168.0/21,
+            178.22.88.0/21,
+            178.237.16.0/20,
+            185.5.136.0/22,
+            185.6.244.0/22,
+            185.16.148.0/22,
+            185.16.244.0/22,
+            185.29.128.0/22,
+            185.32.248.0/22,
+            185.86.144.0/22,
+            185.100.104.0/22,
+            185.130.112.0/22,
+            185.131.68.0/22,
+            185.180.200.0/22,
+            185.187.63.0/24,
+            185.226.52.0/22,
+            185.241.192.0/22,
+            188.93.56.0/21,
+            193.203.40.0/22,
+            194.84.16.12/30,
+            195.211.20.0/22,
+            212.111.84.0/22,
+            212.233.72.0/21,
+            212.233.88.0/21,
+            212.233.96.0/22,
+            212.233.120.0/22,
+            213.219.212.0/22,
+            217.16.16.0/20,
+            217.20.144.0/20,
+            217.69.128.0/20,
+            217.174.188.0/23
+        }
+    }
+
+    set blacklist_vk_v6 {
+        type ipv6_addr
+        flags interval
+    }
+
+}

blacklists_nftables/blacklist-vk-v6.nft

@@ -0,0 +1,28 @@
+# Autogenerated nftables blacklist
+# Generated: 2026-03-31T07:05:56.836524Z
+# Source: /home/runner/work/AS_Network_List/AS_Network_List/blacklists/blacklist-vk-v6.txt
+# IPv4: 0, IPv6: 1
+#
+# Usage:
+#   sudo nft -f <this-file>
+#   # VK egress blocking for VPN clients via NAT/FORWARD
+#   sudo nft add chain inet filter forward '{ type filter hook forward priority 0; policy accept; }'
+#   sudo nft add rule inet filter forward iifname "<VPN_IFACE>" ip daddr @blacklist_vk_v4 counter reject
+#   sudo nft add rule inet filter forward iifname "<VPN_IFACE>" ip6 daddr @blacklist_vk_v6 counter reject
+
+table inet filter {
+
+    set blacklist_vk_v4 {
+        type ipv4_addr
+        flags interval
+    }
+
+    set blacklist_vk_v6 {
+        type ipv6_addr
+        flags interval
+        elements = {
+            2a00:bdc0::/29
+        }
+    }
+
+}

blacklists_nftables/blacklist-vk.nft

@@ -0,0 +1,123 @@
+# Autogenerated nftables blacklist
+# Generated: 2026-03-31T07:05:56.779543Z
+# Source: /home/runner/work/AS_Network_List/AS_Network_List/blacklists/blacklist-vk.txt
+# IPv4: 93, IPv6: 1
+#
+# Usage:
+#   sudo nft -f <this-file>
+#   # VK egress blocking for VPN clients via NAT/FORWARD
+#   sudo nft add chain inet filter forward '{ type filter hook forward priority 0; policy accept; }'
+#   sudo nft add rule inet filter forward iifname "<VPN_IFACE>" ip daddr @blacklist_vk_v4 counter reject
+#   sudo nft add rule inet filter forward iifname "<VPN_IFACE>" ip6 daddr @blacklist_vk_v6 counter reject
+
+table inet filter {
+
+    set blacklist_vk_v4 {
+        type ipv4_addr
+        flags interval
+        elements = {
+            5.61.16.0/21,
+            5.61.232.0/21,
+            5.101.40.0/22,
+            5.181.60.0/22,
+            5.188.140.0/22,
+            37.139.32.0/22,
+            37.139.40.0/22,
+            45.84.128.0/22,
+            45.136.20.0/22,
+            62.217.160.0/20,
+            79.137.132.0/24,
+            79.137.139.0/24,
+            79.137.157.0/24,
+            79.137.164.0/24,
+            79.137.167.0/24,
+            79.137.174.0/23,
+            79.137.180.0/24,
+            79.137.240.0/21,
+            83.166.232.0/21,
+            83.166.248.0/21,
+            83.217.216.0/22,
+            83.222.28.0/22,
+            84.23.52.0/22,
+            85.114.31.108/30,
+            85.192.32.0/22,
+            85.198.106.0/23,
+            87.239.104.0/21,
+            87.240.128.0/18,
+            87.242.112.0/22,
+            89.208.84.0/22,
+            89.208.196.0/22,
+            89.208.208.0/22,
+            89.208.216.0/21,
+            89.208.228.0/22,
+            89.221.228.0/22,
+            89.221.232.0/21,
+            90.156.148.0/22,
+            90.156.212.0/22,
+            90.156.216.0/22,
+            90.156.232.0/21,
+            91.219.224.0/22,
+            91.231.132.0/22,
+            91.237.76.0/24,
+            93.153.255.84/30,
+            93.186.224.0/20,
+            94.100.176.0/20,
+            94.139.244.0/22,
+            95.142.192.0/20,
+            95.163.32.0/19,
+            95.163.180.0/22,
+            95.163.208.0/21,
+            95.163.216.0/22,
+            95.163.248.0/21,
+            95.213.0.0/17,
+            109.120.180.0/22,
+            109.120.188.0/22,
+            128.140.168.0/21,
+            130.49.224.0/19,
+            146.185.208.0/22,
+            146.185.240.0/22,
+            155.212.192.0/20,
+            161.104.104.0/21,
+            176.112.168.0/21,
+            178.22.88.0/21,
+            178.237.16.0/20,
+            185.5.136.0/22,
+            185.6.244.0/22,
+            185.16.148.0/22,
+            185.16.244.0/22,
+            185.29.128.0/22,
+            185.32.248.0/22,
+            185.86.144.0/22,
+            185.100.104.0/22,
+            185.130.112.0/22,
+            185.131.68.0/22,
+            185.180.200.0/22,
+            185.187.63.0/24,
+            185.226.52.0/22,
+            185.241.192.0/22,
+            188.93.56.0/21,
+            193.203.40.0/22,
+            194.84.16.12/30,
+            195.211.20.0/22,
+            212.111.84.0/22,
+            212.233.72.0/21,
+            212.233.88.0/21,
+            212.233.96.0/22,
+            212.233.120.0/22,
+            213.219.212.0/22,
+            217.16.16.0/20,
+            217.20.144.0/20,
+            217.69.128.0/20,
+            217.174.188.0/23
+        }
+    }
+
+    set blacklist_vk_v6 {
+        type ipv6_addr
+        flags interval
+        elements = {
+            2a00:bdc0::/29
+        }
+    }
+
+}

blacklists_nftables/blacklist.nft

@@ -1,7 +1,14 @@
 # Autogenerated nftables blacklist
-# Generated: 2026-01-25T06:23:40.418001Z
+# Generated: 2026-03-31T07:05:56.670428Z
 # Source: /home/runner/work/AS_Network_List/AS_Network_List/blacklists/blacklist.txt
-# IPv4: 815, IPv6: 17
+# IPv4: 802, IPv6: 17
+#
+# Usage:
+#   sudo nft -f <this-file>
+#   # VM protection from incoming blacklist sources
+#   sudo nft add chain inet filter input '{ type filter hook input priority 0; policy accept; }'
+#   sudo nft add rule inet filter input ip saddr @blacklist_v4 counter reject
+#   sudo nft add rule inet filter input ip6 saddr @blacklist_v6 counter reject
 
 table inet filter {
 
@@ -28,6 +35,7 @@ table inet filter {
             45.136.20.0/22,
             46.20.70.160/28,
             46.29.152.0/22,
+            46.29.156.0/23,
             46.46.142.160/28,
             46.46.148.40/29,
             46.47.197.128/30,
@@ -57,7 +65,6 @@ table inet filter {
             62.28.169.168/30,
             62.33.34.16/28,
             62.33.87.128/28,
-            62.33.87.152/29,
             62.33.199.80/29,
             62.63.96.32/28,
             62.63.98.24/29,
@@ -66,17 +73,6 @@ table inet filter {
             62.76.98.0/24,
             62.105.158.200/29,
             62.112.110.64/28,
-            62.118.0.208/28,
-            62.118.15.16/28,
-            62.118.17.152/29,
-            62.118.19.40/30,
-            62.118.19.112/30,
-            62.118.21.160/29,
-            62.118.25.112/28,
-            62.118.37.4/30,
-            62.118.37.168/30,
-            62.118.37.180/30,
-            62.118.38.212/30,
             62.118.101.184/29,
             62.118.113.232/29,
             62.118.125.188/30,
@@ -119,7 +115,6 @@ table inet filter {
             78.108.200.0/24,
             78.109.140.112/29,
             79.133.74.160/30,
-            79.133.74.168/30,
             79.133.75.44/30,
             79.133.75.176/30,
             79.137.132.0/24,
@@ -181,6 +176,7 @@ table inet filter {
             81.195.151.0/24,
             81.195.155.0/30,
             81.195.161.12/30,
+            81.195.164.0/24,
             81.195.165.64/28,
             81.195.168.24/30,
             81.195.177.160/30,
@@ -295,6 +291,7 @@ table inet filter {
             85.141.60.96/28,
             85.141.61.160/28,
             85.143.125.0/24,
+            85.146.204.44/30,
             85.192.32.0/22,
             85.198.106.0/23,
             85.236.29.160/27,
@@ -389,7 +386,6 @@ table inet filter {
             90.156.212.0/22,
             90.156.216.0/22,
             90.156.232.0/21,
-            90.156.248.0/22,
             91.103.194.184/29,
             91.135.212.0/22,
             91.135.216.0/21,
@@ -404,6 +400,7 @@ table inet filter {
             91.227.32.0/24,
             91.231.132.0/22,
             91.237.76.0/24,
+            92.38.217.0/24,
             92.39.106.20/30,
             92.39.106.168/30,
             92.39.111.84/30,
@@ -465,6 +462,7 @@ table inet filter {
             95.167.29.104/29,
             95.167.54.76/30,
             95.167.59.244/30,
+            95.167.59.248/30,
             95.167.64.20/30,
             95.167.68.216/29,
             95.167.69.116/30,
@@ -520,9 +518,11 @@ table inet filter {
             146.185.240.0/22,
             149.62.55.240/30,
             155.212.192.0/20,
+            161.104.104.0/21,
             176.109.0.0/21,
             176.112.168.0/21,
             176.116.96.0/20,
+            176.116.112.0/22,
             178.16.156.148/30,
             178.17.176.0/20,
             178.20.234.224/29,
@@ -569,7 +569,6 @@ table inet filter {
             185.5.136.0/22,
             185.6.244.0/22,
             185.7.234.188/30,
-            185.16.8.0/22,
             185.16.148.0/22,
             185.16.244.0/22,
             185.29.128.0/22,
@@ -651,7 +650,6 @@ table inet filter {
             195.144.232.144/30,
             195.144.240.128/28,
             195.149.110.0/24,
-            195.151.25.48/29,
             195.162.36.64/28,
             195.170.218.24/29,
             195.170.218.88/29,
@@ -798,8 +796,7 @@ table inet filter {
             213.243.106.48/28,
             213.243.116.0/24,
             217.16.16.0/20,
-            217.20.86.128/26,
-            217.20.86.232/29,
+            217.20.86.128/25,
             217.20.144.0/20,
             217.23.88.168/29,
             217.23.88.248/29,
@@ -809,17 +806,14 @@ table inet filter {
             217.67.177.208/29,
             217.69.128.0/20,
             217.106.0.0/16,
-            217.107.5.8/29,
-            217.107.5.16/28,
-            217.107.5.40/29,
-            217.107.5.80/28,
-            217.107.5.96/29,
-            217.107.5.112/29,
+            217.107.0.0/18,
             217.107.200.0/21,
+            217.107.208.0/20,
             217.147.23.112/28,
             217.148.216.156/30,
             217.148.220.160/29,
             217.172.18.0/23,
+            217.172.20.0/22,
             217.174.188.0/22,
             217.195.92.16/28,
             217.195.93.144/29,
@@ -851,13 +845,4 @@ table inet filter {
         }
     }
 
-    chain input {
-        type filter hook input priority 0;
-        policy accept;
-
-        ct state { established, related } accept
-
-        ip saddr @blacklist_v4 counter drop
-        ip6 saddr @blacklist_v6 counter drop
-    }
 }

blacklists_nginx/README.md

@@ -1,302 +1,24 @@
-# Nginx Blacklist Configurations
+# nginx blacklists
 
-Auto-generated nginx configuration files for blocking networks and IP addresses.
+Short: ready-to-use deny lists for nginx (mixed, IPv4-only, and IPv6-only).
 
-## Available Files
+## Download links
 
-### Mixed IPv4/IPv6
+- https://raw.githubusercontent.com/C24Be/AS_Network_List/refs/heads/main/blacklists_nginx/blacklist.conf
+- https://raw.githubusercontent.com/C24Be/AS_Network_List/refs/heads/main/blacklists_nginx/blacklist-v4.conf
+- https://raw.githubusercontent.com/C24Be/AS_Network_List/refs/heads/main/blacklists_nginx/blacklist-v6.conf
 
-- **`blacklist.conf`** - Contains both IPv4 and IPv6 deny rules (809 entries)
+## How to use
 
-### IPv4 Only
-
-- **`blacklist-v4.conf`** - Contains only IPv4 deny rules (806 entries)
-
-### IPv6 Only
-
-- **`blacklist-v6.conf`** - Contains only IPv6 deny rules (3 entries)
-
-## Usage
-
-### Basic Usage
-
-Include the desired configuration file in your nginx `server` or `location` block:
+1. Download one file (`blacklist.conf`, `blacklist-v4.conf`, or `blacklist-v6.conf`).
+2. Include it in your `server` or `location` block:
 
 ```nginx
-server {
-    listen 80;
-    server_name example.com;
-
-    # Include the blacklist
-    include /path/to/blacklist.conf;
-
-    location / {
-        # your configuration
-    }
-}
+include /etc/nginx/blacklist.conf;
 ```
 
-### Separate IPv4/IPv6 Files
-
-For more granular control, use separate files:
-
-```nginx
-server {
-    listen 80;
-    listen [::]:80;
-    server_name example.com;
-
-    # Include both IPv4 and IPv6 blacklists
-    include /path/to/blacklist-v4.conf;
-    include /path/to/blacklist-v6.conf;
-
-    location / {
-        # your configuration
-    }
-}
-```
-
-### HTTP Block Level
-
-Apply the blacklist globally to all virtual hosts:
-
-```nginx
-http {
-    # Apply blacklist globally
-    include /path/to/blacklist.conf;
-
-    server {
-        listen 80;
-        server_name example.com;
-        # ...
-    }
-
-    server {
-        listen 80;
-        server_name another.com;
-        # ...
-    }
-}
-```
-
-### Location Block Level
-
-For selective blocking within specific locations:
-
-```nginx
-server {
-    listen 80;
-    server_name example.com;
-
-    location /admin {
-        # Apply blacklist only to admin area
-        include /path/to/blacklist.conf;
-        # ...
-    }
-
-    location /public {
-        # Public area without blacklist
-        # ...
-    }
-}
-```
-
-## Testing Configuration
-
-After adding the blacklist, always test your nginx configuration:
+3. Test and reload nginx:
 
 ```bash
-# Test configuration
-nginx -t
-
-# Reload nginx if test passes
-nginx -s reload
-# or
-systemctl reload nginx
+sudo nginx -t && sudo systemctl reload nginx
 ```
-
-## Custom Response
-
-By default, denied IPs receive a connection drop. To customize the response:
-
-```nginx
-server {
-    listen 80;
-    server_name example.com;
-
-    # Return custom error page
-    error_page 403 /403.html;
-
-    include /path/to/blacklist.conf;
-
-    location = /403.html {
-        root /usr/share/nginx/html;
-        internal;
-    }
-}
-```
-
-Note: For large blacklists, using `deny` directives (as in these files) is more efficient than `if` statements.
-
-## Performance Considerations
-
-- **Deny directives** are processed in order and stop at the first match
-- For optimal performance, most frequently matched IPs should be at the top
-- Current files are sorted for consistency
-- Nginx handles hundreds of deny rules efficiently
-- For very large blacklists (10,000+ entries), consider using:
-  - Nginx GeoIP2 module for geographic blocking
-  - nftables/iptables at the firewall level for better performance
-  - Stream module for TCP/UDP level blocking
-
-## Integration Examples
-
-### Docker Deployment
-
-```dockerfile
-FROM nginx:alpine
-
-# Copy blacklist
-COPY blacklist.conf /etc/nginx/blacklist.conf
-
-# Copy nginx config that includes the blacklist
-COPY nginx.conf /etc/nginx/nginx.conf
-
-EXPOSE 80 443
-CMD ["nginx", "-g", "daemon off;"]
-```
-
-### Kubernetes ConfigMap
-
-```yaml
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: nginx-blacklist
-data:
-  blacklist.conf: |
-    # Include blacklist content here
-    deny 109.124.119.88/29;
-    deny 109.124.66.128/30;
-    # ...
-```
-
-### Automated Updates
-
-Set up a cron job to automatically fetch the latest blacklist:
-
-```bash
-#!/bin/bash
-# /etc/cron.daily/update-nginx-blacklist
-
-# Download latest blacklist
-wget -q https://raw.githubusercontent.com/C24Be/AS_Network_List/main/blacklists_nginx/blacklist.conf \
-  -O /etc/nginx/blacklist.conf.new
-
-# Test nginx configuration
-nginx -t -c /etc/nginx/nginx.conf
-
-# If test passes, reload nginx
-if [ $? -eq 0 ]; then
-    mv /etc/nginx/blacklist.conf.new /etc/nginx/blacklist.conf
-    systemctl reload nginx
-    echo "Blacklist updated successfully"
-else
-    rm /etc/nginx/blacklist.conf.new
-    echo "Nginx config test failed, blacklist not updated"
-fi
-```
-
-## Logging Blocked Requests
-
-To log denied requests:
-
-```nginx
-server {
-    listen 80;
-    server_name example.com;
-
-    # Custom log format for denied IPs
-    log_format blocked '$remote_addr - $remote_user [$time_local] '
-                      '"$request" 403 0 '
-                      '"$http_referer" "$http_user_agent"';
-
-    access_log /var/log/nginx/blocked.log blocked;
-
-    include /path/to/blacklist.conf;
-
-    location / {
-        # your configuration
-    }
-}
-```
-
-## Monitoring
-
-Check how many IPs are being blocked:
-
-```bash
-# Count deny rules
-grep -c "deny" /path/to/blacklist.conf
-
-# Check blocked access logs
-tail -f /var/log/nginx/blocked.log
-
-# Count blocked requests today
-grep "$(date +%d/%b/%Y)" /var/log/nginx/access.log | grep " 403 " | wc -l
-```
-
-## Troubleshooting
-
-### Configuration Test Fails
-
-```bash
-# Check syntax
-nginx -t
-
-# Check for duplicate includes
-grep -r "include.*blacklist" /etc/nginx/
-
-# Verify file permissions
-ls -l /path/to/blacklist.conf
-```
-
-### Legitimate Users Blocked
-
-Check if their IP is in the blacklist:
-
-```bash
-grep "YOUR_IP" /path/to/blacklist.conf
-```
-
-Whitelist specific IPs before applying the blacklist:
-
-```nginx
-server {
-    listen 80;
-    server_name example.com;
-
-    # Whitelist before blacklist
-    allow 192.168.1.100;  # Trusted IP
-
-    # Then apply blacklist
-    include /path/to/blacklist.conf;
-
-    # Deny all others not explicitly allowed
-    # deny all;  # Optional
-}
-```
-
-## Automatic Updates
-
-These files are automatically regenerated daily when the blacklists are updated via the GitHub Actions workflow.
-
-## Source
-
-Generated from the blacklist files in the `blacklists/` directory by `blacklists_updater_nginx.sh`.
-
-## See Also
-
-- [IPTables/IPSet Format](../blacklists_iptables/README.md) - For firewall-level blocking
-- [Text Format](../blacklists/README.md) - For custom integrations
-- [Main Repository](https://github.com/C24Be/AS_Network_List) - Complete documentation

blacklists_nginx/blacklist-v4.conf

@@ -1,6 +1,6 @@
 # Nginx blacklist configuration (IPv4 only)
 # Auto-generated from blacklist-v4.txt
-# Last updated: 2026-01-25 06:23:40 UTC
+# Last updated: 2026-03-31 07:05:55 UTC
 #
 # Usage: Include this file in your nginx server or location block:
 #   include /path/to/blacklist-v4.conf;
@@ -49,8 +49,10 @@ deny 146.185.240.0/23;
 deny 146.185.242.0/23;
 deny 149.62.55.240/30;
 deny 155.212.192.0/20;
+deny 161.104.104.0/21;
 deny 176.109.0.0/21;
 deny 176.112.168.0/21;
+deny 176.116.112.0/22;
 deny 176.116.96.0/20;
 deny 178.16.156.148/30;
 deny 178.17.176.0/23;
@@ -125,7 +127,6 @@ deny 185.149.160.0/24;
 deny 185.149.161.0/24;
 deny 185.149.162.0/24;
 deny 185.149.163.0/24;
-deny 185.16.10.0/23;
 deny 185.16.148.0/22;
 deny 185.16.148.0/23;
 deny 185.16.150.0/23;
@@ -134,7 +135,6 @@ deny 185.16.244.0/23;
 deny 185.16.246.0/23;
 deny 185.16.246.0/24;
 deny 185.16.247.0/24;
-deny 185.16.8.0/23;
 deny 185.168.60.0/24;
 deny 185.168.61.0/24;
 deny 185.168.62.0/24;
@@ -234,7 +234,6 @@ deny 195.144.226.224/28;
 deny 195.144.232.144/30;
 deny 195.144.240.128/28;
 deny 195.149.110.0/24;
-deny 195.151.25.48/29;
 deny 195.16.55.224/27;
 deny 195.162.36.64/28;
 deny 195.170.218.24/29;
@@ -463,7 +462,9 @@ deny 217.106.203.240/29;
 deny 217.106.203.88/29;
 deny 217.106.93.192/26;
 deny 217.106.95.112/28;
+deny 217.107.0.0/18;
 deny 217.107.200.0/21;
+deny 217.107.208.0/20;
 deny 217.107.5.112/29;
 deny 217.107.5.16/29;
 deny 217.107.5.24/29;
@@ -479,6 +480,7 @@ deny 217.16.16.0/20;
 deny 217.16.16.0/21;
 deny 217.16.24.0/21;
 deny 217.172.18.0/23;
+deny 217.172.20.0/22;
 deny 217.174.188.0/22;
 deny 217.174.188.0/23;
 deny 217.195.92.16/28;
@@ -494,7 +496,10 @@ deny 217.20.156.0/23;
 deny 217.20.158.0/24;
 deny 217.20.159.0/24;
 deny 217.20.86.128/26;
+deny 217.20.86.192/27;
+deny 217.20.86.224/29;
 deny 217.20.86.232/29;
+deny 217.20.86.240/28;
 deny 217.23.88.168/29;
 deny 217.23.88.248/29;
 deny 217.27.142.176/30;
@@ -528,6 +533,7 @@ deny 45.84.130.0/23;
 deny 46.20.70.160/28;
 deny 46.228.0.232/29;
 deny 46.29.152.0/22;
+deny 46.29.156.0/23;
 deny 46.46.142.160/28;
 deny 46.46.148.40/29;
 deny 46.47.197.128/30;
@@ -570,31 +576,20 @@ deny 5.61.239.48/28;
 deny 5.61.239.64/26;
 deny 62.105.158.200/29;
 deny 62.112.110.64/28;
-deny 62.118.0.208/28;
 deny 62.118.101.184/29;
 deny 62.118.113.232/29;
 deny 62.118.125.188/30;
 deny 62.118.127.240/28;
-deny 62.118.15.16/28;
-deny 62.118.17.152/29;
-deny 62.118.19.112/30;
-deny 62.118.19.40/30;
 deny 62.118.193.8/29;
 deny 62.118.205.68/30;
 deny 62.118.208.100/30;
 deny 62.118.209.192/30;
-deny 62.118.21.160/29;
 deny 62.118.216.60/30;
 deny 62.118.219.184/30;
 deny 62.118.230.4/30;
 deny 62.118.233.224/29;
 deny 62.118.234.64/29;
 deny 62.118.239.128/29;
-deny 62.118.25.112/28;
-deny 62.118.37.168/30;
-deny 62.118.37.180/30;
-deny 62.118.37.4/30;
-deny 62.118.38.212/30;
 deny 62.141.125.0/25;
 deny 62.217.160.0/20;
 deny 62.217.160.0/21;
@@ -603,7 +598,6 @@ deny 62.28.169.168/30;
 deny 62.33.199.80/29;
 deny 62.33.34.16/28;
 deny 62.33.87.128/28;
-deny 62.33.87.152/29;
 deny 62.5.130.104/29;
 deny 62.5.132.224/29;
 deny 62.5.189.80/29;
@@ -642,7 +636,6 @@ deny 78.37.69.160/27;
 deny 78.37.84.120/29;
 deny 78.37.97.88/29;
 deny 79.133.74.160/30;
-deny 79.133.74.168/30;
 deny 79.133.75.176/30;
 deny 79.133.75.44/30;
 deny 79.137.132.0/24;
@@ -714,6 +707,7 @@ deny 81.195.151.0/24;
 deny 81.195.151.172/30;
 deny 81.195.155.0/30;
 deny 81.195.161.12/30;
+deny 81.195.164.0/24;
 deny 81.195.165.64/28;
 deny 81.195.168.24/30;
 deny 81.195.177.160/30;
@@ -825,6 +819,7 @@ deny 85.141.33.64/28;
 deny 85.141.60.96/28;
 deny 85.141.61.160/28;
 deny 85.143.125.0/24;
+deny 85.146.204.44/30;
 deny 85.192.32.0/22;
 deny 85.192.32.0/23;
 deny 85.192.34.0/23;
@@ -993,7 +988,6 @@ deny 90.156.216.0/22;
 deny 90.156.216.0/23;
 deny 90.156.218.0/23;
 deny 90.156.232.0/21;
-deny 90.156.248.0/22;
 deny 91.103.194.184/29;
 deny 91.135.212.0/22;
 deny 91.135.216.0/21;
@@ -1017,6 +1011,7 @@ deny 91.231.134.0/24;
 deny 91.237.76.0/24;
 deny 92.101.253.152/29;
 deny 92.101.253.96/29;
+deny 92.38.217.0/24;
 deny 92.39.106.168/30;
 deny 92.39.106.20/30;
 deny 92.39.111.84/30;
@@ -1115,6 +1110,7 @@ deny 95.167.5.64/28;
 deny 95.167.5.80/28;
 deny 95.167.54.76/30;
 deny 95.167.59.244/30;
+deny 95.167.59.248/30;
 deny 95.167.64.20/30;
 deny 95.167.68.216/29;
 deny 95.167.69.116/30;

blacklists_nginx/blacklist-v6.conf

@@ -1,6 +1,6 @@
 # Nginx blacklist configuration (IPv6 only)
 # Auto-generated from blacklist-v6.txt
-# Last updated: 2026-01-25 06:23:40 UTC
+# Last updated: 2026-03-31 07:05:55 UTC
 #
 # Usage: Include this file in your nginx server or location block:
 #   include /path/to/blacklist-v6.conf;

blacklists_nginx/blacklist.conf

@@ -1,6 +1,6 @@
 # Nginx blacklist configuration (mixed IPv4/IPv6)
 # Auto-generated from blacklist.txt
-# Last updated: 2026-01-25 06:23:40 UTC
+# Last updated: 2026-03-31 07:05:55 UTC
 #
 # Usage: Include this file in your nginx server or location block:
 #   include /path/to/blacklist.conf;
@@ -49,8 +49,10 @@ deny 146.185.240.0/23;
 deny 146.185.242.0/23;
 deny 149.62.55.240/30;
 deny 155.212.192.0/20;
+deny 161.104.104.0/21;
 deny 176.109.0.0/21;
 deny 176.112.168.0/21;
+deny 176.116.112.0/22;
 deny 176.116.96.0/20;
 deny 178.16.156.148/30;
 deny 178.17.176.0/23;
@@ -125,7 +127,6 @@ deny 185.149.160.0/24;
 deny 185.149.161.0/24;
 deny 185.149.162.0/24;
 deny 185.149.163.0/24;
-deny 185.16.10.0/23;
 deny 185.16.148.0/22;
 deny 185.16.148.0/23;
 deny 185.16.150.0/23;
@@ -134,7 +135,6 @@ deny 185.16.244.0/23;
 deny 185.16.246.0/23;
 deny 185.16.246.0/24;
 deny 185.16.247.0/24;
-deny 185.16.8.0/23;
 deny 185.168.60.0/24;
 deny 185.168.61.0/24;
 deny 185.168.62.0/24;
@@ -234,7 +234,6 @@ deny 195.144.226.224/28;
 deny 195.144.232.144/30;
 deny 195.144.240.128/28;
 deny 195.149.110.0/24;
-deny 195.151.25.48/29;
 deny 195.16.55.224/27;
 deny 195.162.36.64/28;
 deny 195.170.218.24/29;
@@ -463,7 +462,9 @@ deny 217.106.203.240/29;
 deny 217.106.203.88/29;
 deny 217.106.93.192/26;
 deny 217.106.95.112/28;
+deny 217.107.0.0/18;
 deny 217.107.200.0/21;
+deny 217.107.208.0/20;
 deny 217.107.5.112/29;
 deny 217.107.5.16/29;
 deny 217.107.5.24/29;
@@ -479,6 +480,7 @@ deny 217.16.16.0/20;
 deny 217.16.16.0/21;
 deny 217.16.24.0/21;
 deny 217.172.18.0/23;
+deny 217.172.20.0/22;
 deny 217.174.188.0/22;
 deny 217.174.188.0/23;
 deny 217.195.92.16/28;
@@ -494,7 +496,10 @@ deny 217.20.156.0/23;
 deny 217.20.158.0/24;
 deny 217.20.159.0/24;
 deny 217.20.86.128/26;
+deny 217.20.86.192/27;
+deny 217.20.86.224/29;
 deny 217.20.86.232/29;
+deny 217.20.86.240/28;
 deny 217.23.88.168/29;
 deny 217.23.88.248/29;
 deny 217.27.142.176/30;
@@ -550,6 +555,7 @@ deny 45.84.130.0/23;
 deny 46.20.70.160/28;
 deny 46.228.0.232/29;
 deny 46.29.152.0/22;
+deny 46.29.156.0/23;
 deny 46.46.142.160/28;
 deny 46.46.148.40/29;
 deny 46.47.197.128/30;
@@ -592,31 +598,20 @@ deny 5.61.239.48/28;
 deny 5.61.239.64/26;
 deny 62.105.158.200/29;
 deny 62.112.110.64/28;
-deny 62.118.0.208/28;
 deny 62.118.101.184/29;
 deny 62.118.113.232/29;
 deny 62.118.125.188/30;
 deny 62.118.127.240/28;
-deny 62.118.15.16/28;
-deny 62.118.17.152/29;
-deny 62.118.19.112/30;
-deny 62.118.19.40/30;
 deny 62.118.193.8/29;
 deny 62.118.205.68/30;
 deny 62.118.208.100/30;
 deny 62.118.209.192/30;
-deny 62.118.21.160/29;
 deny 62.118.216.60/30;
 deny 62.118.219.184/30;
 deny 62.118.230.4/30;
 deny 62.118.233.224/29;
 deny 62.118.234.64/29;
 deny 62.118.239.128/29;
-deny 62.118.25.112/28;
-deny 62.118.37.168/30;
-deny 62.118.37.180/30;
-deny 62.118.37.4/30;
-deny 62.118.38.212/30;
 deny 62.141.125.0/25;
 deny 62.217.160.0/20;
 deny 62.217.160.0/21;
@@ -625,7 +620,6 @@ deny 62.28.169.168/30;
 deny 62.33.199.80/29;
 deny 62.33.34.16/28;
 deny 62.33.87.128/28;
-deny 62.33.87.152/29;
 deny 62.5.130.104/29;
 deny 62.5.132.224/29;
 deny 62.5.189.80/29;
@@ -664,7 +658,6 @@ deny 78.37.69.160/27;
 deny 78.37.84.120/29;
 deny 78.37.97.88/29;
 deny 79.133.74.160/30;
-deny 79.133.74.168/30;
 deny 79.133.75.176/30;
 deny 79.133.75.44/30;
 deny 79.137.132.0/24;
@@ -736,6 +729,7 @@ deny 81.195.151.0/24;
 deny 81.195.151.172/30;
 deny 81.195.155.0/30;
 deny 81.195.161.12/30;
+deny 81.195.164.0/24;
 deny 81.195.165.64/28;
 deny 81.195.168.24/30;
 deny 81.195.177.160/30;
@@ -847,6 +841,7 @@ deny 85.141.33.64/28;
 deny 85.141.60.96/28;
 deny 85.141.61.160/28;
 deny 85.143.125.0/24;
+deny 85.146.204.44/30;
 deny 85.192.32.0/22;
 deny 85.192.32.0/23;
 deny 85.192.34.0/23;
@@ -1015,7 +1010,6 @@ deny 90.156.216.0/22;
 deny 90.156.216.0/23;
 deny 90.156.218.0/23;
 deny 90.156.232.0/21;
-deny 90.156.248.0/22;
 deny 91.103.194.184/29;
 deny 91.135.212.0/22;
 deny 91.135.216.0/21;
@@ -1039,6 +1033,7 @@ deny 91.231.134.0/24;
 deny 91.237.76.0/24;
 deny 92.101.253.152/29;
 deny 92.101.253.96/29;
+deny 92.38.217.0/24;
 deny 92.39.106.168/30;
 deny 92.39.106.20/30;
 deny 92.39.111.84/30;
@@ -1137,6 +1132,7 @@ deny 95.167.5.64/28;
 deny 95.167.5.80/28;
 deny 95.167.54.76/30;
 deny 95.167.59.244/30;
+deny 95.167.59.248/30;
 deny 95.167.64.20/30;
 deny 95.167.68.216/29;
 deny 95.167.69.116/30;

blacklists_route/blacklist-vk-v4.routes

@@ -0,0 +1,275 @@
+# Linux routes for VK networks (IPv4)
+# Auto-generated by blacklists_updater_routes.sh
+# Last updated: 2026-03-31 07:05:57 UTC
+#
+# Apply:
+#   sudo sh blacklist-vk-v4.routes
+#
+
+ip route replace 109.120.180.0/22 via 127.0.0.1 dev lo onlink
+ip route replace 109.120.180.0/23 via 127.0.0.1 dev lo onlink
+ip route replace 109.120.182.0/23 via 127.0.0.1 dev lo onlink
+ip route replace 109.120.188.0/22 via 127.0.0.1 dev lo onlink
+ip route replace 109.120.188.0/23 via 127.0.0.1 dev lo onlink
+ip route replace 109.120.190.0/23 via 127.0.0.1 dev lo onlink
+ip route replace 128.140.168.0/21 via 127.0.0.1 dev lo onlink
+ip route replace 128.140.168.0/23 via 127.0.0.1 dev lo onlink
+ip route replace 128.140.170.0/24 via 127.0.0.1 dev lo onlink
+ip route replace 128.140.171.0/24 via 127.0.0.1 dev lo onlink
+ip route replace 128.140.172.0/22 via 127.0.0.1 dev lo onlink
+ip route replace 130.49.224.0/19 via 127.0.0.1 dev lo onlink
+ip route replace 146.185.208.0/22 via 127.0.0.1 dev lo onlink
+ip route replace 146.185.208.0/23 via 127.0.0.1 dev lo onlink
+ip route replace 146.185.210.0/23 via 127.0.0.1 dev lo onlink
+ip route replace 146.185.240.0/22 via 127.0.0.1 dev lo onlink
+ip route replace 146.185.240.0/23 via 127.0.0.1 dev lo onlink
+ip route replace 146.185.242.0/23 via 127.0.0.1 dev lo onlink
+ip route replace 155.212.192.0/20 via 127.0.0.1 dev lo onlink
+ip route replace 161.104.104.0/21 via 127.0.0.1 dev lo onlink
+ip route replace 176.112.168.0/21 via 127.0.0.1 dev lo onlink
+ip route replace 178.22.88.0/21 via 127.0.0.1 dev lo onlink
+ip route replace 178.22.89.64/26 via 127.0.0.1 dev lo onlink
+ip route replace 178.22.94.0/23 via 127.0.0.1 dev lo onlink
+ip route replace 178.237.16.0/20 via 127.0.0.1 dev lo onlink
+ip route replace 178.237.16.0/21 via 127.0.0.1 dev lo onlink
+ip route replace 178.237.24.0/22 via 127.0.0.1 dev lo onlink
+ip route replace 178.237.30.0/23 via 127.0.0.1 dev lo onlink
+ip route replace 185.100.104.0/22 via 127.0.0.1 dev lo onlink
+ip route replace 185.100.104.0/23 via 127.0.0.1 dev lo onlink
+ip route replace 185.100.106.0/23 via 127.0.0.1 dev lo onlink
+ip route replace 185.130.112.0/22 via 127.0.0.1 dev lo onlink
+ip route replace 185.130.112.0/23 via 127.0.0.1 dev lo onlink
+ip route replace 185.130.114.0/23 via 127.0.0.1 dev lo onlink
+ip route replace 185.131.68.0/22 via 127.0.0.1 dev lo onlink
+ip route replace 185.16.148.0/22 via 127.0.0.1 dev lo onlink
+ip route replace 185.16.148.0/23 via 127.0.0.1 dev lo onlink
+ip route replace 185.16.150.0/23 via 127.0.0.1 dev lo onlink
+ip route replace 185.16.244.0/22 via 127.0.0.1 dev lo onlink
+ip route replace 185.16.244.0/23 via 127.0.0.1 dev lo onlink
+ip route replace 185.16.246.0/23 via 127.0.0.1 dev lo onlink
+ip route replace 185.180.200.0/22 via 127.0.0.1 dev lo onlink
+ip route replace 185.187.63.0/24 via 127.0.0.1 dev lo onlink
+ip route replace 185.187.63.0/25 via 127.0.0.1 dev lo onlink
+ip route replace 185.187.63.128/25 via 127.0.0.1 dev lo onlink
+ip route replace 185.226.52.0/22 via 127.0.0.1 dev lo onlink
+ip route replace 185.226.52.0/23 via 127.0.0.1 dev lo onlink
+ip route replace 185.226.54.0/23 via 127.0.0.1 dev lo onlink
+ip route replace 185.241.192.0/22 via 127.0.0.1 dev lo onlink
+ip route replace 185.241.192.0/23 via 127.0.0.1 dev lo onlink
+ip route replace 185.241.194.0/23 via 127.0.0.1 dev lo onlink
+ip route replace 185.29.128.0/22 via 127.0.0.1 dev lo onlink
+ip route replace 185.29.130.0/24 via 127.0.0.1 dev lo onlink
+ip route replace 185.32.248.0/22 via 127.0.0.1 dev lo onlink
+ip route replace 185.32.248.0/23 via 127.0.0.1 dev lo onlink
+ip route replace 185.32.250.0/23 via 127.0.0.1 dev lo onlink
+ip route replace 185.5.136.0/22 via 127.0.0.1 dev lo onlink
+ip route replace 185.5.136.0/23 via 127.0.0.1 dev lo onlink
+ip route replace 185.5.138.0/23 via 127.0.0.1 dev lo onlink
+ip route replace 185.6.244.0/22 via 127.0.0.1 dev lo onlink
+ip route replace 185.6.244.0/23 via 127.0.0.1 dev lo onlink
+ip route replace 185.6.246.0/23 via 127.0.0.1 dev lo onlink
+ip route replace 185.86.144.0/22 via 127.0.0.1 dev lo onlink
+ip route replace 185.86.144.0/23 via 127.0.0.1 dev lo onlink
+ip route replace 185.86.146.0/23 via 127.0.0.1 dev lo onlink
+ip route replace 188.93.56.0/21 via 127.0.0.1 dev lo onlink
+ip route replace 188.93.56.0/24 via 127.0.0.1 dev lo onlink
+ip route replace 188.93.57.0/24 via 127.0.0.1 dev lo onlink
+ip route replace 188.93.58.0/24 via 127.0.0.1 dev lo onlink
+ip route replace 188.93.60.0/24 via 127.0.0.1 dev lo onlink
+ip route replace 188.93.61.0/24 via 127.0.0.1 dev lo onlink
+ip route replace 188.93.62.0/24 via 127.0.0.1 dev lo onlink
+ip route replace 193.203.40.0/22 via 127.0.0.1 dev lo onlink
+ip route replace 194.84.16.12/30 via 127.0.0.1 dev lo onlink
+ip route replace 195.211.20.0/22 via 127.0.0.1 dev lo onlink
+ip route replace 195.211.22.0/24 via 127.0.0.1 dev lo onlink
+ip route replace 195.211.23.0/24 via 127.0.0.1 dev lo onlink
+ip route replace 212.111.84.0/22 via 127.0.0.1 dev lo onlink
+ip route replace 212.233.120.0/22 via 127.0.0.1 dev lo onlink
+ip route replace 212.233.72.0/21 via 127.0.0.1 dev lo onlink
+ip route replace 212.233.88.0/21 via 127.0.0.1 dev lo onlink
+ip route replace 212.233.96.0/22 via 127.0.0.1 dev lo onlink
+ip route replace 213.219.212.0/22 via 127.0.0.1 dev lo onlink
+ip route replace 213.219.212.0/23 via 127.0.0.1 dev lo onlink
+ip route replace 213.219.214.0/23 via 127.0.0.1 dev lo onlink
+ip route replace 217.16.16.0/20 via 127.0.0.1 dev lo onlink
+ip route replace 217.16.16.0/21 via 127.0.0.1 dev lo onlink
+ip route replace 217.16.24.0/21 via 127.0.0.1 dev lo onlink
+ip route replace 217.174.188.0/23 via 127.0.0.1 dev lo onlink
+ip route replace 217.20.144.0/20 via 127.0.0.1 dev lo onlink
+ip route replace 217.20.144.0/22 via 127.0.0.1 dev lo onlink
+ip route replace 217.20.148.0/24 via 127.0.0.1 dev lo onlink
+ip route replace 217.20.149.0/24 via 127.0.0.1 dev lo onlink
+ip route replace 217.20.150.0/23 via 127.0.0.1 dev lo onlink
+ip route replace 217.20.152.0/22 via 127.0.0.1 dev lo onlink
+ip route replace 217.20.156.0/23 via 127.0.0.1 dev lo onlink
+ip route replace 217.20.158.0/24 via 127.0.0.1 dev lo onlink
+ip route replace 217.20.159.0/24 via 127.0.0.1 dev lo onlink
+ip route replace 217.69.128.0/20 via 127.0.0.1 dev lo onlink
+ip route replace 217.69.128.0/21 via 127.0.0.1 dev lo onlink
+ip route replace 217.69.136.0/21 via 127.0.0.1 dev lo onlink
+ip route replace 37.139.32.0/22 via 127.0.0.1 dev lo onlink
+ip route replace 37.139.32.0/23 via 127.0.0.1 dev lo onlink
+ip route replace 37.139.34.0/23 via 127.0.0.1 dev lo onlink
+ip route replace 37.139.40.0/22 via 127.0.0.1 dev lo onlink
+ip route replace 37.139.40.0/23 via 127.0.0.1 dev lo onlink
+ip route replace 37.139.42.0/23 via 127.0.0.1 dev lo onlink
+ip route replace 45.136.20.0/22 via 127.0.0.1 dev lo onlink
+ip route replace 45.136.20.0/23 via 127.0.0.1 dev lo onlink
+ip route replace 45.136.22.0/23 via 127.0.0.1 dev lo onlink
+ip route replace 45.84.128.0/22 via 127.0.0.1 dev lo onlink
+ip route replace 45.84.128.0/23 via 127.0.0.1 dev lo onlink
+ip route replace 45.84.130.0/23 via 127.0.0.1 dev lo onlink
+ip route replace 5.101.40.0/22 via 127.0.0.1 dev lo onlink
+ip route replace 5.101.40.0/23 via 127.0.0.1 dev lo onlink
+ip route replace 5.101.42.0/23 via 127.0.0.1 dev lo onlink
+ip route replace 5.181.60.0/22 via 127.0.0.1 dev lo onlink
+ip route replace 5.181.60.0/24 via 127.0.0.1 dev lo onlink
+ip route replace 5.181.61.0/24 via 127.0.0.1 dev lo onlink
+ip route replace 5.181.62.0/23 via 127.0.0.1 dev lo onlink
+ip route replace 5.188.140.0/22 via 127.0.0.1 dev lo onlink
+ip route replace 5.188.140.0/23 via 127.0.0.1 dev lo onlink
+ip route replace 5.188.142.0/23 via 127.0.0.1 dev lo onlink
+ip route replace 5.61.16.0/21 via 127.0.0.1 dev lo onlink
+ip route replace 5.61.16.0/22 via 127.0.0.1 dev lo onlink
+ip route replace 5.61.20.0/22 via 127.0.0.1 dev lo onlink
+ip route replace 5.61.232.0/21 via 127.0.0.1 dev lo onlink
+ip route replace 5.61.232.0/22 via 127.0.0.1 dev lo onlink
+ip route replace 5.61.236.0/23 via 127.0.0.1 dev lo onlink
+ip route replace 5.61.238.0/24 via 127.0.0.1 dev lo onlink
+ip route replace 5.61.239.0/27 via 127.0.0.1 dev lo onlink
+ip route replace 5.61.239.128/25 via 127.0.0.1 dev lo onlink
+ip route replace 5.61.239.40/29 via 127.0.0.1 dev lo onlink
+ip route replace 5.61.239.48/28 via 127.0.0.1 dev lo onlink
+ip route replace 5.61.239.64/26 via 127.0.0.1 dev lo onlink
+ip route replace 62.217.160.0/20 via 127.0.0.1 dev lo onlink
+ip route replace 62.217.160.0/21 via 127.0.0.1 dev lo onlink
+ip route replace 62.217.168.0/21 via 127.0.0.1 dev lo onlink
+ip route replace 79.137.132.0/24 via 127.0.0.1 dev lo onlink
+ip route replace 79.137.132.0/25 via 127.0.0.1 dev lo onlink
+ip route replace 79.137.132.128/25 via 127.0.0.1 dev lo onlink
+ip route replace 79.137.139.0/24 via 127.0.0.1 dev lo onlink
+ip route replace 79.137.139.0/25 via 127.0.0.1 dev lo onlink
+ip route replace 79.137.139.128/25 via 127.0.0.1 dev lo onlink
+ip route replace 79.137.157.0/25 via 127.0.0.1 dev lo onlink
+ip route replace 79.137.157.128/25 via 127.0.0.1 dev lo onlink
+ip route replace 79.137.164.0/24 via 127.0.0.1 dev lo onlink
+ip route replace 79.137.164.0/25 via 127.0.0.1 dev lo onlink
+ip route replace 79.137.164.128/25 via 127.0.0.1 dev lo onlink
+ip route replace 79.137.167.0/24 via 127.0.0.1 dev lo onlink
+ip route replace 79.137.167.0/25 via 127.0.0.1 dev lo onlink
+ip route replace 79.137.167.128/25 via 127.0.0.1 dev lo onlink
+ip route replace 79.137.174.0/23 via 127.0.0.1 dev lo onlink
+ip route replace 79.137.174.0/24 via 127.0.0.1 dev lo onlink
+ip route replace 79.137.175.0/24 via 127.0.0.1 dev lo onlink
+ip route replace 79.137.180.0/24 via 127.0.0.1 dev lo onlink
+ip route replace 79.137.180.0/25 via 127.0.0.1 dev lo onlink
+ip route replace 79.137.180.128/25 via 127.0.0.1 dev lo onlink
+ip route replace 79.137.240.0/21 via 127.0.0.1 dev lo onlink
+ip route replace 79.137.240.0/22 via 127.0.0.1 dev lo onlink
+ip route replace 79.137.244.0/22 via 127.0.0.1 dev lo onlink
+ip route replace 83.166.232.0/21 via 127.0.0.1 dev lo onlink
+ip route replace 83.166.232.0/22 via 127.0.0.1 dev lo onlink
+ip route replace 83.166.236.0/22 via 127.0.0.1 dev lo onlink
+ip route replace 83.166.248.0/21 via 127.0.0.1 dev lo onlink
+ip route replace 83.166.248.0/22 via 127.0.0.1 dev lo onlink
+ip route replace 83.166.252.0/22 via 127.0.0.1 dev lo onlink
+ip route replace 83.217.216.0/22 via 127.0.0.1 dev lo onlink
+ip route replace 83.217.216.0/23 via 127.0.0.1 dev lo onlink
+ip route replace 83.217.218.0/23 via 127.0.0.1 dev lo onlink
+ip route replace 83.222.28.0/22 via 127.0.0.1 dev lo onlink
+ip route replace 84.23.52.0/22 via 127.0.0.1 dev lo onlink
+ip route replace 84.23.52.0/23 via 127.0.0.1 dev lo onlink
+ip route replace 84.23.54.0/23 via 127.0.0.1 dev lo onlink
+ip route replace 85.114.31.108/30 via 127.0.0.1 dev lo onlink
+ip route replace 85.192.32.0/22 via 127.0.0.1 dev lo onlink
+ip route replace 85.192.32.0/23 via 127.0.0.1 dev lo onlink
+ip route replace 85.192.34.0/23 via 127.0.0.1 dev lo onlink
+ip route replace 85.198.106.0/24 via 127.0.0.1 dev lo onlink
+ip route replace 85.198.107.0/24 via 127.0.0.1 dev lo onlink
+ip route replace 87.239.104.0/21 via 127.0.0.1 dev lo onlink
+ip route replace 87.239.104.0/22 via 127.0.0.1 dev lo onlink
+ip route replace 87.239.108.0/22 via 127.0.0.1 dev lo onlink
+ip route replace 87.240.128.0/18 via 127.0.0.1 dev lo onlink
+ip route replace 87.240.128.0/19 via 127.0.0.1 dev lo onlink
+ip route replace 87.240.160.0/19 via 127.0.0.1 dev lo onlink
+ip route replace 87.242.112.0/22 via 127.0.0.1 dev lo onlink
+ip route replace 89.208.196.0/22 via 127.0.0.1 dev lo onlink
+ip route replace 89.208.196.0/23 via 127.0.0.1 dev lo onlink
+ip route replace 89.208.198.0/23 via 127.0.0.1 dev lo onlink
+ip route replace 89.208.208.0/22 via 127.0.0.1 dev lo onlink
+ip route replace 89.208.208.0/23 via 127.0.0.1 dev lo onlink
+ip route replace 89.208.210.0/23 via 127.0.0.1 dev lo onlink
+ip route replace 89.208.216.0/21 via 127.0.0.1 dev lo onlink
+ip route replace 89.208.216.0/23 via 127.0.0.1 dev lo onlink
+ip route replace 89.208.218.0/23 via 127.0.0.1 dev lo onlink
+ip route replace 89.208.220.0/22 via 127.0.0.1 dev lo onlink
+ip route replace 89.208.228.0/22 via 127.0.0.1 dev lo onlink
+ip route replace 89.208.228.0/23 via 127.0.0.1 dev lo onlink
+ip route replace 89.208.230.0/23 via 127.0.0.1 dev lo onlink
+ip route replace 89.208.84.0/22 via 127.0.0.1 dev lo onlink
+ip route replace 89.208.84.0/23 via 127.0.0.1 dev lo onlink
+ip route replace 89.208.86.0/23 via 127.0.0.1 dev lo onlink
+ip route replace 89.221.228.0/22 via 127.0.0.1 dev lo onlink
+ip route replace 89.221.232.0/21 via 127.0.0.1 dev lo onlink
+ip route replace 90.156.148.0/22 via 127.0.0.1 dev lo onlink
+ip route replace 90.156.148.0/23 via 127.0.0.1 dev lo onlink
+ip route replace 90.156.150.0/23 via 127.0.0.1 dev lo onlink
+ip route replace 90.156.212.0/22 via 127.0.0.1 dev lo onlink
+ip route replace 90.156.212.0/23 via 127.0.0.1 dev lo onlink
+ip route replace 90.156.214.0/23 via 127.0.0.1 dev lo onlink
+ip route replace 90.156.216.0/22 via 127.0.0.1 dev lo onlink
+ip route replace 90.156.216.0/23 via 127.0.0.1 dev lo onlink
+ip route replace 90.156.218.0/23 via 127.0.0.1 dev lo onlink
+ip route replace 90.156.232.0/21 via 127.0.0.1 dev lo onlink
+ip route replace 91.219.224.0/22 via 127.0.0.1 dev lo onlink
+ip route replace 91.231.132.0/22 via 127.0.0.1 dev lo onlink
+ip route replace 91.237.76.0/24 via 127.0.0.1 dev lo onlink
+ip route replace 93.153.255.84/30 via 127.0.0.1 dev lo onlink
+ip route replace 93.186.224.0/20 via 127.0.0.1 dev lo onlink
+ip route replace 93.186.224.0/21 via 127.0.0.1 dev lo onlink
+ip route replace 93.186.232.0/21 via 127.0.0.1 dev lo onlink
+ip route replace 94.100.176.0/20 via 127.0.0.1 dev lo onlink
+ip route replace 94.100.176.0/21 via 127.0.0.1 dev lo onlink
+ip route replace 94.100.184.0/21 via 127.0.0.1 dev lo onlink
+ip route replace 94.139.244.0/22 via 127.0.0.1 dev lo onlink
+ip route replace 94.139.244.0/23 via 127.0.0.1 dev lo onlink
+ip route replace 94.139.246.0/23 via 127.0.0.1 dev lo onlink
+ip route replace 95.142.192.0/20 via 127.0.0.1 dev lo onlink
+ip route replace 95.142.192.0/21 via 127.0.0.1 dev lo onlink
+ip route replace 95.142.200.0/21 via 127.0.0.1 dev lo onlink
+ip route replace 95.163.180.0/22 via 127.0.0.1 dev lo onlink
+ip route replace 95.163.180.0/23 via 127.0.0.1 dev lo onlink
+ip route replace 95.163.182.0/23 via 127.0.0.1 dev lo onlink
+ip route replace 95.163.208.0/21 via 127.0.0.1 dev lo onlink
+ip route replace 95.163.208.0/23 via 127.0.0.1 dev lo onlink
+ip route replace 95.163.210.0/23 via 127.0.0.1 dev lo onlink
+ip route replace 95.163.212.0/22 via 127.0.0.1 dev lo onlink
+ip route replace 95.163.216.0/22 via 127.0.0.1 dev lo onlink
+ip route replace 95.163.216.0/23 via 127.0.0.1 dev lo onlink
+ip route replace 95.163.218.0/23 via 127.0.0.1 dev lo onlink
+ip route replace 95.163.248.0/21 via 127.0.0.1 dev lo onlink
+ip route replace 95.163.248.0/22 via 127.0.0.1 dev lo onlink
+ip route replace 95.163.252.0/23 via 127.0.0.1 dev lo onlink
+ip route replace 95.163.254.0/23 via 127.0.0.1 dev lo onlink
+ip route replace 95.163.32.0/19 via 127.0.0.1 dev lo onlink
+ip route replace 95.163.32.0/22 via 127.0.0.1 dev lo onlink
+ip route replace 95.163.36.0/22 via 127.0.0.1 dev lo onlink
+ip route replace 95.163.40.0/21 via 127.0.0.1 dev lo onlink
+ip route replace 95.163.48.0/20 via 127.0.0.1 dev lo onlink
+ip route replace 95.213.0.0/17 via 127.0.0.1 dev lo onlink
+ip route replace 95.213.0.0/20 via 127.0.0.1 dev lo onlink
+ip route replace 95.213.16.0/21 via 127.0.0.1 dev lo onlink
+ip route replace 95.213.24.0/23 via 127.0.0.1 dev lo onlink
+ip route replace 95.213.26.0/24 via 127.0.0.1 dev lo onlink
+ip route replace 95.213.27.0/24 via 127.0.0.1 dev lo onlink
+ip route replace 95.213.28.0/24 via 127.0.0.1 dev lo onlink
+ip route replace 95.213.29.0/24 via 127.0.0.1 dev lo onlink
+ip route replace 95.213.30.0/24 via 127.0.0.1 dev lo onlink
+ip route replace 95.213.31.0/24 via 127.0.0.1 dev lo onlink
+ip route replace 95.213.32.0/24 via 127.0.0.1 dev lo onlink
+ip route replace 95.213.33.0/24 via 127.0.0.1 dev lo onlink
+ip route replace 95.213.34.0/23 via 127.0.0.1 dev lo onlink
+ip route replace 95.213.36.0/22 via 127.0.0.1 dev lo onlink
+ip route replace 95.213.40.0/21 via 127.0.0.1 dev lo onlink
+ip route replace 95.213.48.0/20 via 127.0.0.1 dev lo onlink
+ip route replace 95.213.64.0/18 via 127.0.0.1 dev lo onlink

blacklists_route/blacklist-vk-v6.routes

@@ -0,0 +1,9 @@
+# Linux routes for VK networks (IPv6)
+# Auto-generated by blacklists_updater_routes.sh
+# Last updated: 2026-03-31 07:05:57 UTC
+#
+# Apply:
+#   sudo sh blacklist-vk-v6.routes
+#
+
+ip -6 route replace 2a00:bdc0::/29 via ::1 dev lo

blacklists_updater_iptables.sh

@@ -1,18 +1,43 @@
 #!/bin/sh
 
+SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)"
+
 # Input files (generated by blacklists_updater_txt.sh)
-blacklist_file="blacklists/blacklist.txt"
-blacklist_v4_file="blacklists/blacklist-v4.txt"
-blacklist_v6_file="blacklists/blacklist-v6.txt"
+blacklist_file="${SCRIPT_DIR}/blacklists/blacklist.txt"
+blacklist_v4_file="${SCRIPT_DIR}/blacklists/blacklist-v4.txt"
+blacklist_v6_file="${SCRIPT_DIR}/blacklists/blacklist-v6.txt"
+
+# Source files for name-based VK filtering
+auto_all_v4_file="${SCRIPT_DIR}/auto/all-ru-ipv4.txt"
+auto_all_v6_file="${SCRIPT_DIR}/auto/all-ru-ipv6.txt"
+auto_ripe_v4_file="${SCRIPT_DIR}/auto/ripe-ru-ipv4.txt"
+vk_name_pattern='vk[[:space:]-]*cloud|vkcompany|vkontakte'
+
+# Additional VK-only text blacklists
+blacklist_vk_file="${SCRIPT_DIR}/blacklists/blacklist-vk.txt"
+blacklist_vk_v4_file="${SCRIPT_DIR}/blacklists/blacklist-vk-v4.txt"
+blacklist_vk_v6_file="${SCRIPT_DIR}/blacklists/blacklist-vk-v6.txt"
 
 # Output directory and files
-iptables_output_dir="blacklists_iptables"
-iptables_output_file="${iptables_output_dir}/blacklist.ipset"
+iptables_output_dir="${SCRIPT_DIR}/blacklists_iptables"
 iptables_v4_output_file="${iptables_output_dir}/blacklist-v4.ipset"
 iptables_v6_output_file="${iptables_output_dir}/blacklist-v6.ipset"
+iptables_vk_v4_output_file="${iptables_output_dir}/blacklist-vk-v4.ipset"
+iptables_vk_v6_output_file="${iptables_output_dir}/blacklist-vk-v6.ipset"
 
-# Create iptables directory if it doesn't exist
-mkdir -p "${iptables_output_dir}"
+# Create required directories if they don't exist
+mkdir -p "${iptables_output_dir}" "${SCRIPT_DIR}/blacklists"
+
+# Build additional VK-only blacklist from network names in auto/*.txt files
+tmp_vk_file="$(mktemp "${SCRIPT_DIR}/blacklists/.blacklist-vk.XXXXXX")"
+for source_file in "${auto_all_v4_file}" "${auto_all_v6_file}" "${auto_ripe_v4_file}"; do
+    [ -f "${source_file}" ] || continue
+    awk -v pattern="${vk_name_pattern}" 'tolower($0) ~ pattern { print $1 }' "${source_file}" >> "${tmp_vk_file}"
+done
+sort -u "${tmp_vk_file}" > "${blacklist_vk_file}"
+grep ':' "${blacklist_vk_file}" | sort -u > "${blacklist_vk_v6_file}" || true
+grep -v ':' "${blacklist_vk_file}" | sort -u > "${blacklist_vk_v4_file}" || true
+rm -f "${tmp_vk_file}"
 
 # Function to generate ipset config from input file
 generate_ipset_config() {
@@ -21,6 +46,19 @@ generate_ipset_config() {
     local ip_version="$3"
     local set_name="$4"
     local family="$5"
+    local iptables_cmd="iptables"
+    local rule_primary=""
+    local rule_secondary=""
+
+    [ "${family}" = "inet6" ] && iptables_cmd="ip6tables"
+
+    if printf "%s" "${set_name}" | grep -q '^blacklist-vk'; then
+        rule_primary="${iptables_cmd} -I OUTPUT -m set --match-set ${set_name} dst -j REJECT"
+        rule_secondary="${iptables_cmd} -I FORWARD -m set --match-set ${set_name} dst -j REJECT"
+    else
+        rule_primary="${iptables_cmd} -I INPUT -m set --match-set ${set_name} src -m conntrack --ctstate NEW -j DROP"
+        rule_secondary="${iptables_cmd} -I FORWARD -m set --match-set ${set_name} src -m conntrack --ctstate NEW -j DROP"
+    fi
 
     # Count entries for hash size calculation
     local count=$(wc -l < "${input_file}" | tr -d ' ')
@@ -38,8 +76,8 @@ generate_ipset_config() {
 #      ipset restore < $(basename ${output_file})
 #
 #   2. Use with iptables/ip6tables:
-#      iptables -I INPUT -m set --match-set ${set_name} src -m conntrack --ctstate NEW -j DROP
-#      iptables -I FORWARD -m set --match-set ${set_name} src -m conntrack --ctstate NEW -j DROP
+#      ${rule_primary}
+${rule_secondary:+#      ${rule_secondary}}
 #
 #   3. To flush/delete the set:
 #      ipset flush ${set_name}
@@ -63,34 +101,16 @@ EOF
 # Generate ipset configurations from blacklist files
 generate_ipset_config "${blacklist_v4_file}" "${iptables_v4_output_file}" "(IPv4 only)" "blacklist-v4" "inet"
 generate_ipset_config "${blacklist_v6_file}" "${iptables_v6_output_file}" "(IPv6 only)" "blacklist-v6" "inet6"
+generate_ipset_config "${blacklist_vk_v4_file}" "${iptables_vk_v4_output_file}" "(VK names, IPv4 only)" "blacklist-vk-v4" "inet"
+generate_ipset_config "${blacklist_vk_v6_file}" "${iptables_vk_v6_output_file}" "(VK names, IPv6 only)" "blacklist-vk-v6" "inet6"
 
-# For mixed file, we need to create two sets (IPv4 and IPv6) as ipset doesn't support mixed families
-cat > "${iptables_output_file}" << EOF
-# IPSet blacklist configuration (mixed IPv4/IPv6)
-# Auto-generated from $(basename ${blacklist_file})
-# Last updated: $(date -u +"%Y-%m-%d %H:%M:%S UTC")
-#
-# Usage:
-#   1. Load the ipset:
-#      ipset restore < $(basename ${iptables_output_file})
-#
-#   2. Use with iptables/ip6tables:
-#      iptables -I INPUT -m set --match-set blacklist-v4 src -m conntrack --ctstate NEW -j DROP
-#      iptables -I FORWARD -m set --match-set blacklist-v4 src -m conntrack --ctstate NEW -j DROP
-#      ip6tables -I INPUT -m set --match-set blacklist-v6 src -m conntrack --ctstate NEW -j DROP
-#      ip6tables -I FORWARD -m set --match-set blacklist-v6 src -m conntrack --ctstate NEW -j DROP
-#
-#   3. To flush/delete the sets:
-#      ipset flush blacklist-v4 && ipset destroy blacklist-v4
-#      ipset flush blacklist-v6 && ipset destroy blacklist-v6
-#
-
-EOF
-
-# Append both IPv4 and IPv6 sets to the mixed file
-tail -n +2 "${iptables_v4_output_file}" | grep -E "^(create|add)" >> "${iptables_output_file}"
-echo "" >> "${iptables_output_file}"
-tail -n +2 "${iptables_v6_output_file}" | grep -E "^(create|add)" >> "${iptables_output_file}"
-
-echo "✓ Generated (mixed IPv4/IPv6): ${iptables_output_file}"
-echo "  Total entries: $(wc -l < "${blacklist_file}" | tr -d ' ')"
+echo ""
+echo "VK outgoing block examples (iptables/ipset):"
+echo "  ipset restore < ${iptables_vk_v4_output_file}"
+echo "  ipset restore < ${iptables_vk_v6_output_file}"
+echo "  iptables -I OUTPUT -m set --match-set blacklist-vk-v4 dst -j REJECT"
+echo "  iptables -I FORWARD -m set --match-set blacklist-vk-v4 dst -j REJECT"
+echo "  ip6tables -I OUTPUT -m set --match-set blacklist-vk-v6 dst -j REJECT"
+echo "  ip6tables -I FORWARD -m set --match-set blacklist-vk-v6 dst -j REJECT"
+echo ""
+echo "Tip: Do not install Messenger MAX on the same phone/device that has VPN access configured."

blacklists_updater_nftables.sh

@@ -7,29 +7,82 @@ SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
 INPUT_FILE="$SCRIPT_DIR/blacklists/blacklist.txt"
 OUTPUT_DIR="$SCRIPT_DIR/blacklists_nftables"
 
-# Create output directory if it doesn't exist
-mkdir -p "$OUTPUT_DIR"
+# Source files for name-based VK filtering
+AUTO_ALL_V4_FILE="$SCRIPT_DIR/auto/all-ru-ipv4.txt"
+AUTO_ALL_V6_FILE="$SCRIPT_DIR/auto/all-ru-ipv6.txt"
+AUTO_RIPE_V4_FILE="$SCRIPT_DIR/auto/ripe-ru-ipv4.txt"
+VK_NAME_PATTERN='vk[[:space:]-]*cloud|vkcompany|vkontakte'
+
+# Additional VK-only text blacklists
+VK_INPUT_FILE="$SCRIPT_DIR/blacklists/blacklist-vk.txt"
+VK_INPUT_V4_FILE="$SCRIPT_DIR/blacklists/blacklist-vk-v4.txt"
+VK_INPUT_V6_FILE="$SCRIPT_DIR/blacklists/blacklist-vk-v6.txt"
+
+# Create required directories if they don't exist
+mkdir -p "$OUTPUT_DIR" "$SCRIPT_DIR/blacklists"
 
 echo "Generating nftables blacklists..."
 
-# Generate mixed IPv4/IPv6 blacklist
+# Build additional VK-only blacklist from network names in auto/*.txt files
+TMP_VK_FILE="$(mktemp "$SCRIPT_DIR/blacklists/.blacklist-vk.XXXXXX")"
+for source_file in "$AUTO_ALL_V4_FILE" "$AUTO_ALL_V6_FILE" "$AUTO_RIPE_V4_FILE"; do
+    [[ -f "$source_file" ]] || continue
+    awk -v pattern="$VK_NAME_PATTERN" 'tolower($0) ~ pattern { print $1 }' "$source_file" >> "$TMP_VK_FILE"
+done
+sort -u "$TMP_VK_FILE" > "$VK_INPUT_FILE"
+grep ':' "$VK_INPUT_FILE" | sort -u > "$VK_INPUT_V6_FILE" || true
+grep -v ':' "$VK_INPUT_FILE" | sort -u > "$VK_INPUT_V4_FILE" || true
+rm -f "$TMP_VK_FILE"
+
+# Generate mixed IPv4/IPv6 blacklist (recommended single-file load)
 python3 "$SCRIPT_DIR/generate_nft_blacklist.py" \
     "$INPUT_FILE" \
     "$OUTPUT_DIR/blacklist.nft"
 
 # Generate IPv4-only blacklist
-grep -E '^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+' "$INPUT_FILE" > /tmp/blacklist-v4.txt || true
+TMP_V4_FILE="/tmp/blacklist-v4.txt"
+TMP_V6_FILE="/tmp/blacklist-v6.txt"
+grep -E '^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+' "$INPUT_FILE" > "$TMP_V4_FILE" || true
 python3 "$SCRIPT_DIR/generate_nft_blacklist.py" \
-    /tmp/blacklist-v4.txt \
+    "$TMP_V4_FILE" \
     "$OUTPUT_DIR/blacklist-v4.nft"
 
 # Generate IPv6-only blacklist
-grep -E '^[0-9a-fA-F:]+:' "$INPUT_FILE" > /tmp/blacklist-v6.txt || true
+grep -E '^[0-9a-fA-F:]+:' "$INPUT_FILE" > "$TMP_V6_FILE" || true
 python3 "$SCRIPT_DIR/generate_nft_blacklist.py" \
-    /tmp/blacklist-v6.txt \
+    "$TMP_V6_FILE" \
     "$OUTPUT_DIR/blacklist-v6.nft"
 
+# Generate VK-only blacklists (network names: VK Cloud / VKCOMPANY / VKONTAKTE)
+python3 "$SCRIPT_DIR/generate_nft_blacklist.py" \
+    "$VK_INPUT_FILE" \
+    "$OUTPUT_DIR/blacklist-vk.nft"
+python3 "$SCRIPT_DIR/generate_nft_blacklist.py" \
+    "$VK_INPUT_V4_FILE" \
+    "$OUTPUT_DIR/blacklist-vk-v4.nft"
+python3 "$SCRIPT_DIR/generate_nft_blacklist.py" \
+    "$VK_INPUT_V6_FILE" \
+    "$OUTPUT_DIR/blacklist-vk-v6.nft"
+
 # Clean up temp files
-rm -f /tmp/blacklist-v4.txt /tmp/blacklist-v6.txt
+rm -f "$TMP_V4_FILE" "$TMP_V6_FILE"
 
 echo "nftables blacklists generated successfully!"
+echo ""
+echo "VM incoming block examples (all lists, nftables):"
+echo "  sudo nft -f $OUTPUT_DIR/blacklist.nft"
+echo "  sudo nft -f $OUTPUT_DIR/blacklist-v4.nft"
+echo "  sudo nft -f $OUTPUT_DIR/blacklist-v6.nft"
+echo "  sudo nft add chain inet filter input '{ type filter hook input priority 0; policy accept; }'"
+echo "  sudo nft add rule inet filter input ip saddr @blacklist_v4 counter reject"
+echo "  sudo nft add rule inet filter input ip6 saddr @blacklist_v6 counter reject"
+echo ""
+echo "VK outbound block examples for VPN clients via NAT (nftables):"
+echo "  sudo nft -f $OUTPUT_DIR/blacklist-vk.nft"
+echo "  sudo nft -f $OUTPUT_DIR/blacklist-vk-v4.nft"
+echo "  sudo nft -f $OUTPUT_DIR/blacklist-vk-v6.nft"
+echo "  sudo nft add chain inet filter forward '{ type filter hook forward priority 0; policy accept; }'"
+echo "  sudo nft add rule inet filter forward iifname \"<VPN_IFACE>\" ip daddr @blacklist_vk_v4 counter reject"
+echo "  sudo nft add rule inet filter forward iifname \"<VPN_IFACE>\" ip6 daddr @blacklist_vk_v6 counter reject"
+echo ""
+echo "Tip: Do not install Messenger MAX on the same phone/device that has VPN access configured."

blacklists_updater_nginx.sh

@@ -11,8 +11,8 @@ nginx_output_file="${nginx_output_dir}/blacklist.conf"
 nginx_v4_output_file="${nginx_output_dir}/blacklist-v4.conf"
 nginx_v6_output_file="${nginx_output_dir}/blacklist-v6.conf"
 
-# Create nginx directory if it doesn't exist
-mkdir -p "${nginx_output_dir}"
+# Create required directories if they don't exist
+mkdir -p "${nginx_output_dir}" "blacklists"
 
 # Function to generate nginx config from input file
 generate_nginx_config() {

blacklists_updater_routes.sh

@@ -0,0 +1,78 @@
+#!/bin/sh
+
+set -e
+
+SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)"
+
+# Source files for name-based VK filtering
+AUTO_ALL_V4_FILE="${SCRIPT_DIR}/auto/all-ru-ipv4.txt"
+AUTO_ALL_V6_FILE="${SCRIPT_DIR}/auto/all-ru-ipv6.txt"
+AUTO_RIPE_V4_FILE="${SCRIPT_DIR}/auto/ripe-ru-ipv4.txt"
+VK_NAME_PATTERN='vk[[:space:]-]*cloud|vkcompany|vkontakte'
+
+# Additional VK-only text blacklists
+VK_INPUT_FILE="${SCRIPT_DIR}/blacklists/blacklist-vk.txt"
+VK_INPUT_V4_FILE="${SCRIPT_DIR}/blacklists/blacklist-vk-v4.txt"
+VK_INPUT_V6_FILE="${SCRIPT_DIR}/blacklists/blacklist-vk-v6.txt"
+
+# Output directory and files
+ROUTES_OUTPUT_DIR="${SCRIPT_DIR}/blacklists_route"
+ROUTES_V4_FILE="${ROUTES_OUTPUT_DIR}/blacklist-vk-v4.routes"
+ROUTES_V6_FILE="${ROUTES_OUTPUT_DIR}/blacklist-vk-v6.routes"
+
+mkdir -p "${ROUTES_OUTPUT_DIR}" "${SCRIPT_DIR}/blacklists"
+
+echo "Generating VK route blacklists..."
+
+# Build additional VK-only blacklist from network names in auto/*.txt files
+TMP_VK_FILE="$(mktemp "${SCRIPT_DIR}/blacklists/.blacklist-vk.XXXXXX")"
+for source_file in "${AUTO_ALL_V4_FILE}" "${AUTO_ALL_V6_FILE}" "${AUTO_RIPE_V4_FILE}"; do
+	[ -f "${source_file}" ] || continue
+	awk -v pattern="${VK_NAME_PATTERN}" 'tolower($0) ~ pattern { print $1 }' "${source_file}" >> "${TMP_VK_FILE}"
+done
+
+sort -u "${TMP_VK_FILE}" > "${VK_INPUT_FILE}"
+grep ':' "${VK_INPUT_FILE}" | sort -u > "${VK_INPUT_V6_FILE}" || true
+grep -v ':' "${VK_INPUT_FILE}" | sort -u > "${VK_INPUT_V4_FILE}" || true
+rm -f "${TMP_VK_FILE}"
+
+# Generate IPv4 routes file (route VK prefixes to loopback via 127.0.0.1)
+cat > "${ROUTES_V4_FILE}" << EOF
+# Linux routes for VK networks (IPv4)
+# Auto-generated by $(basename "$0")
+# Last updated: $(date -u +"%Y-%m-%d %H:%M:%S UTC")
+#
+# Apply:
+#   sudo sh $(basename "${ROUTES_V4_FILE}")
+#
+
+EOF
+
+while IFS= read -r network; do
+	[ -n "${network}" ] || continue
+	printf 'ip route replace %s via 127.0.0.1 dev lo onlink\n' "${network}" >> "${ROUTES_V4_FILE}"
+done < "${VK_INPUT_V4_FILE}"
+
+# Generate IPv6 routes file (route VK prefixes to loopback via ::1)
+cat > "${ROUTES_V6_FILE}" << EOF
+# Linux routes for VK networks (IPv6)
+# Auto-generated by $(basename "$0")
+# Last updated: $(date -u +"%Y-%m-%d %H:%M:%S UTC")
+#
+# Apply:
+#   sudo sh $(basename "${ROUTES_V6_FILE}")
+#
+
+EOF
+
+while IFS= read -r network; do
+	[ -n "${network}" ] || continue
+	printf 'ip -6 route replace %s via ::1 dev lo\n' "${network}" >> "${ROUTES_V6_FILE}"
+done < "${VK_INPUT_V6_FILE}"
+
+echo "✓ Generated: ${ROUTES_V4_FILE} (entries: $(wc -l < "${VK_INPUT_V4_FILE}" | tr -d ' '))"
+echo "✓ Generated: ${ROUTES_V6_FILE} (entries: $(wc -l < "${VK_INPUT_V6_FILE}" | tr -d ' '))"
+echo ""
+echo "Examples:"
+echo "  sudo sh ${ROUTES_V4_FILE}"
+echo "  sudo sh ${ROUTES_V6_FILE}"

blacklists_updater_txt.sh

@@ -11,6 +11,8 @@ black_names="uvd|umvd|fgup|grchc|roskomnad|federalnaya sluzhba|ufsb|zonatelecom|
 # M100 - mail.ru
 white_names="ruvds"
 
+mkdir -p blacklists auto
+
 grep -iE "${black_names}" auto/all-ru-asn.txt   | grep -viE "${white_names}" | awk '{ print "# AS-Name: " $0 "\n" $1}' > ${auto_black_ass}
 ./network_list_from_as.py ${auto_black_ass} > ${outfile_w_comments}
 ./network_list_from_netname.py lists/ru-gov-netnames.txt >> ${outfile_w_comments}

check_nft_blacklist.py

@@ -12,6 +12,27 @@ import re
 from ipaddress import ip_address, ip_network, AddressValueError
 from pathlib import Path
 
+def iter_set_blocks(content):
+    current_name = None
+    current_lines = []
+    brace_depth = 0
+
+    for line in content.splitlines():
+        if current_name is None:
+            match = re.match(r"\s*set\s+([A-Za-z0-9_]+)\s*\{", line)
+            if match:
+                current_name = match.group(1)
+                current_lines = [line]
+                brace_depth = line.count("{") - line.count("}")
+            continue
+
+        current_lines.append(line)
+        brace_depth += line.count("{") - line.count("}")
+        if brace_depth == 0:
+            yield current_name, "\n".join(current_lines)
+            current_name = None
+            current_lines = []
+
 def parse_nft_config(config_path):
     """Extract IPv4 and IPv6 prefixes from nftables config."""
     p = Path(config_path)
@@ -21,37 +42,20 @@ def parse_nft_config(config_path):
     content = p.read_text(encoding="utf-8")
     v4_prefixes = []
     v6_prefixes = []
-    
-    # Parse IPv4 set (blacklist_v4)
-    v4_match = re.search(
-        r'set blacklist_v4\s*\{[^}]*elements\s*=\s*\{([^}]+)\}',
-        content,
-        re.DOTALL
-    )
-    if v4_match:
-        elements = v4_match.group(1)
-        # Extract all CIDR notations
-        for match in re.finditer(r'(\d+\.\d+\.\d+\.\d+(?:/\d+)?)', elements):
-            try:
-                v4_prefixes.append(ip_network(match.group(1), strict=False))
-            except Exception as e:
-                print(f"Warning: Could not parse IPv4 prefix '{match.group(1)}': {e}", file=sys.stderr)
-    
-    # Parse IPv6 set (blacklist_v6)
-    v6_match = re.search(
-        r'set blacklist_v6\s*\{[^}]*elements\s*=\s*\{([^}]+)\}',
-        content,
-        re.DOTALL
-    )
-    if v6_match:
-        elements = v6_match.group(1)
-        # Extract all IPv6 CIDR notations
-        for match in re.finditer(r'([0-9a-fA-F:]+(?:/\d+)?)', elements):
-            try:
-                v6_prefixes.append(ip_network(match.group(1), strict=False))
-            except Exception as e:
-                # Skip false matches from comments or other text
-                pass
+
+    for _, block in iter_set_blocks(content):
+        if "type ipv4_addr" in block:
+            for match in re.finditer(r"(\d+\.\d+\.\d+\.\d+(?:/\d+)?)", block):
+                try:
+                    v4_prefixes.append(ip_network(match.group(1), strict=False))
+                except Exception as e:
+                    print(f"Warning: Could not parse IPv4 prefix '{match.group(1)}': {e}", file=sys.stderr)
+        elif "type ipv6_addr" in block:
+            for match in re.finditer(r"([0-9a-fA-F:]+(?:/\d+)?)", block):
+                try:
+                    v6_prefixes.append(ip_network(match.group(1), strict=False))
+                except Exception:
+                    pass
     
     return v4_prefixes, v6_prefixes
 

generate_nft_blacklist.py

@@ -13,7 +13,7 @@ Usage:
 import sys
 from ipaddress import ip_network, collapse_addresses
 from pathlib import Path
-from datetime import datetime
+from datetime import datetime, UTC
 
 def read_lines(path_or_dash):
     if path_or_dash == "-":
@@ -43,55 +43,69 @@ def aggregate_prefixes(lines):
     agg_v6 = list(collapse_addresses(sorted(v6, key=lambda x: (int(x.network_address), x.prefixlen))))
     return agg_v4, agg_v6, invalid
 
-def make_nft_config(agg_v4, agg_v6, comment=None):
+def make_nft_config(agg_v4, agg_v6, comment=None, usage_profile="vm_input"):
+    if usage_profile == "vk_forward":
+        set_v4_name = "blacklist_vk_v4"
+        set_v6_name = "blacklist_vk_v6"
+        rule_v4 = f'sudo nft add rule inet filter forward iifname "<VPN_IFACE>" ip daddr @{set_v4_name} counter reject'
+        rule_v6 = f'sudo nft add rule inet filter forward iifname "<VPN_IFACE>" ip6 daddr @{set_v6_name} counter reject'
+    else:
+        set_v4_name = "blacklist_v4"
+        set_v6_name = "blacklist_v6"
+        rule_v4 = f"sudo nft add rule inet filter input ip saddr @{set_v4_name} counter reject"
+        rule_v6 = f"sudo nft add rule inet filter input ip6 saddr @{set_v6_name} counter reject"
+
     lines = []
     lines.append("# Autogenerated nftables blacklist")
-    lines.append(f"# Generated: {datetime.utcnow().isoformat()}Z")
+    lines.append(f"# Generated: {datetime.now(UTC).isoformat().replace('+00:00', 'Z')}")
     if comment:
         lines.append(f"# {comment}")
     lines.append(f"# IPv4: {len(agg_v4)}, IPv6: {len(agg_v6)}")
+    lines.append("#")
+    lines.append("# Usage:")
+    lines.append("#   sudo nft -f <this-file>")
+    if usage_profile == "vk_forward":
+        lines.append("#   # VK egress blocking for VPN clients via NAT/FORWARD")
+        lines.append("#   sudo nft add chain inet filter forward '{ type filter hook forward priority 0; policy accept; }'")
+        lines.append(f"#   {rule_v4}")
+        lines.append(f"#   {rule_v6}")
+    else:
+        lines.append("#   # VM protection from incoming blacklist sources")
+        lines.append("#   sudo nft add chain inet filter input '{ type filter hook input priority 0; policy accept; }'")
+        lines.append(f"#   {rule_v4}")
+        lines.append(f"#   {rule_v6}")
     lines.append("")
     lines.append("table inet filter {")
     lines.append("")
-    
+
     # Define IPv4 blacklist set
-    lines.append("    set blacklist_v4 {")
+    lines.append(f"    set {set_v4_name} {{")
     lines.append("        type ipv4_addr")
     lines.append("        flags interval")
     if agg_v4:
         lines.append("        elements = {")
         for i, net in enumerate(agg_v4):
             comma = "," if i < len(agg_v4) - 1 else ""
-            lines.append(f"            {net.with_prefixlen}{comma}")
+            rendered_net = net.with_prefixlen if hasattr(net, "with_prefixlen") else str(net)
+            lines.append(f"            {rendered_net}{comma}")
         lines.append("        }")
     lines.append("    }")
     lines.append("")
-    
+
     # Define IPv6 blacklist set
-    lines.append("    set blacklist_v6 {")
+    lines.append(f"    set {set_v6_name} {{")
     lines.append("        type ipv6_addr")
     lines.append("        flags interval")
     if agg_v6:
         lines.append("        elements = {")
         for i, net in enumerate(agg_v6):
             comma = "," if i < len(agg_v6) - 1 else ""
-            lines.append(f"            {net.with_prefixlen}{comma}")
+            rendered_net = net.with_prefixlen if hasattr(net, "with_prefixlen") else str(net)
+            lines.append(f"            {rendered_net}{comma}")
         lines.append("        }")
     lines.append("    }")
     lines.append("")
-    
-    # Define input chain with set lookups
-    lines.append("    chain input {")
-    lines.append("        type filter hook input priority 0;")
-    lines.append("        policy accept;")
-    lines.append("")
-    lines.append("        ct state { established, related } accept")
-    lines.append("")
-    if agg_v4:
-        lines.append("        ip saddr @blacklist_v4 counter drop")
-    if agg_v6:
-        lines.append("        ip6 saddr @blacklist_v6 counter drop")
-    lines.append("    }")
+
     lines.append("}")
     return "\n".join(lines)
 
@@ -119,7 +133,8 @@ def main(argv):
 
     if not any(line.strip() and not line.strip().startswith("#") for line in lines):
         print("WARNING: input contains no prefixes (empty or only comments). Nothing to aggregate.")
-        nft_conf = make_nft_config([], [], comment="Empty input produced no prefixes")
+        profile = "vk_forward" if "vk" in Path(infile).name.lower() else "vm_input"
+        nft_conf = make_nft_config([], [], comment="Empty input produced no prefixes", usage_profile=profile)
         write_output(outfile, nft_conf)
         return 0
 
@@ -137,7 +152,8 @@ def main(argv):
     for n in agg_v6:
         print("  v6:", n)
 
-    nft_conf = make_nft_config(agg_v4, agg_v6, comment=f"Source: {infile}")
+    profile = "vk_forward" if "vk" in Path(infile).name.lower() else "vm_input"
+    nft_conf = make_nft_config(agg_v4, agg_v6, comment=f"Source: {infile}", usage_profile=profile)
     try:
         write_output(outfile, nft_conf)
     except Exception as e:
@@ -146,9 +162,12 @@ def main(argv):
 
     print("Done.")
     print("Load with: sudo nft -f <output.conf>")
-    print("View counters: sudo nft list chain inet filter input -a")
-    print("View sets: sudo nft list set inet filter blacklist_v4")
-    print("           sudo nft list set inet filter blacklist_v6")
+    if profile == "vk_forward":
+        print("View sets: sudo nft list set inet filter blacklist_vk_v4")
+        print("           sudo nft list set inet filter blacklist_vk_v6")
+    else:
+        print("View sets: sudo nft list set inet filter blacklist_v4")
+        print("           sudo nft list set inet filter blacklist_v6")
     return 0
 
 if __name__ == "__main__":

network_list_from_as.py

@@ -1,60 +1,94 @@
 #!/usr/bin/env python3
 
-import requests
 import argparse
 import re
-from cymruwhois import Client
+import sys
+
+import requests
+
 from pylib.whois import whois_query
 
+ASN_RE = re.compile(r"\bAS\d+\b", re.IGNORECASE)
+
 def get_as_prefixes(asn):
     url = f"https://stat.ripe.net/data/announced-prefixes/data.json?resource={asn}"
-    response = requests.get(url)
-    if response.status_code == 200:
-        data = response.json()
-        prefixes = data['data']['prefixes']
-        return [prefix['prefix'] for prefix in prefixes]
-    else:
-        return []
+    response = requests.get(url, timeout=30)
+    response.raise_for_status()
+    data = response.json()
+    prefixes = data["data"]["prefixes"]
+    return [prefix["prefix"] for prefix in prefixes]
 
 def convert_to_raw_github_url(url):
     return url.replace("https://github.com/", "https://raw.githubusercontent.com/").replace("/blob", "")
 
-def print_prefixes(asn):
-    line = re.sub(r'[^AS0-9]', '', asn)
-    if not args.quiet:
-        print(f"# Networks announced by {line}")
-        response = whois_query(line, "as-name", True)
+
+def normalize_asn(value):
+    match = ASN_RE.search(value)
+    if match:
+        return match.group(0).upper()
+    return None
+
+
+def print_prefixes(asn, quiet=False):
+    normalized_asn = normalize_asn(asn)
+    if normalized_asn is None:
+        return
+
+    if not quiet:
+        print(f"# Networks announced by {normalized_asn}")
+        response = whois_query(normalized_asn, "as-name", True)
         if response is not None:
             info = response.strip()
             print(f"# AS-Name (ORG): {info}")
-    prefixes = get_as_prefixes(line)
+    prefixes = get_as_prefixes(normalized_asn)
     for prefix in prefixes:
         print(prefix)
 
-def extract_asses(asn_filename_or_url):
-    if asn_filename_or_url.startswith('AS'):
-        print_prefixes(asn_filename_or_url)
+
+def extract_asses(asn_filename_or_url, quiet=False):
+    if normalize_asn(asn_filename_or_url) and not asn_filename_or_url.startswith(("http://", "https://")):
+        print_prefixes(asn_filename_or_url, quiet=quiet)
 
         return None
 
-    if asn_filename_or_url.startswith('http://') or asn_filename_or_url.startswith('https://'):
-        if 'github.com' in asn_filename_or_url:
+    if asn_filename_or_url.startswith("http://") or asn_filename_or_url.startswith("https://"):
+        if "github.com" in asn_filename_or_url:
             asn_filename_or_url = convert_to_raw_github_url(asn_filename_or_url)
-        response = requests.get(asn_filename_or_url)
-        lines = response.text.split('\n')
+        response = requests.get(asn_filename_or_url, timeout=30)
+        response.raise_for_status()
+        lines = response.text.splitlines()
     else:
-        with open(asn_filename_or_url, 'r') as file:
+        with open(asn_filename_or_url, "r", encoding="utf-8") as file:
             lines = file.readlines()
 
     for line in lines:
-        if re.match(r'^AS.*', line):
-            print_prefixes(line)
+        normalized_asn = normalize_asn(line)
+        if normalized_asn:
+            print_prefixes(normalized_asn, quiet=quiet)
 
     return None
 
-parser = argparse.ArgumentParser(description='./as_network_list.py -q AS61280')
-parser.add_argument('asn_filename_or_url', help='The AS number to get networks / The file or URL to extract AS numbers from.')
-parser.add_argument('-q', '--quiet', action='store_true', help='Disable all output except prefixes.')
-args = parser.parse_args()
 
-extract_asses(args.asn_filename_or_url)
+def build_parser():
+    parser = argparse.ArgumentParser(description="./network_list_from_as.py -q AS61280")
+    parser.add_argument("asn_filename_or_url", help="The AS number to get networks / The file or URL to extract AS numbers from.")
+    parser.add_argument("-q", "--quiet", action="store_true", help="Disable all output except prefixes.")
+    return parser
+
+
+def main(argv=None):
+    parser = build_parser()
+    args = parser.parse_args(argv)
+    try:
+        extract_asses(args.asn_filename_or_url, quiet=args.quiet)
+    except requests.RequestException as exc:
+        print(f"ERROR: failed to fetch ASN data: {exc}", file=sys.stderr)
+        return 1
+    except OSError as exc:
+        print(f"ERROR: failed to read input: {exc}", file=sys.stderr)
+        return 1
+    return 0
+
+
+if __name__ == "__main__":
+    sys.exit(main())

network_list_from_netname.py

@@ -1,41 +1,72 @@
 #!/usr/bin/env python3
 
 import argparse
-import requests
 import re
-from   pylib.whois import whois_query
-from   pylib.ip    import convert_to_cidr
+import sys
+
+import requests
+
+from pylib.ip import convert_to_cidr
+from pylib.whois import whois_query
 
 def convert_to_raw_github_url(url):
     return url.replace("https://github.com/", "https://raw.githubusercontent.com/").replace("/blob", "")
 
-def extract_netname(filename_or_url):
-    if filename_or_url.startswith('http://') or filename_or_url.startswith('https://'):
-        if 'github.com' in filename_or_url:
+
+def iter_netnames(lines):
+    for line in lines:
+        stripped = line.strip()
+        if not stripped or stripped.startswith("#"):
+            continue
+        if re.match(r"^netname:", stripped, re.IGNORECASE):
+            yield stripped.split(":", 1)[1].strip()
+        else:
+            yield stripped
+
+
+def extract_netname(filename_or_url, quiet=False):
+    if filename_or_url.startswith("http://") or filename_or_url.startswith("https://"):
+        if "github.com" in filename_or_url:
             filename_or_url = convert_to_raw_github_url(filename_or_url)
-        response = requests.get(filename_or_url)
-        lines = response.text.split('\n')
+        response = requests.get(filename_or_url, timeout=30)
+        response.raise_for_status()
+        lines = response.text.splitlines()
     else:
-        with open(filename_or_url, 'r') as file:
+        with open(filename_or_url, "r", encoding="utf-8") as file:
             lines = file.readlines()
 
-    for line in lines:
-        if re.match(r'^netname:', line):
-            netname = line.split(':')[1].strip()
-            response = whois_query(netname, "inetnum")
-            if response is not None and len(response) > 0:
-                if not args.quiet:
-                    print(f"# Network name: {netname}")
-                for cidr in response:
-                    net = convert_to_cidr(cidr)
-                    net = net[0]
-                    print(net)
+    for netname in iter_netnames(lines):
+        response = whois_query(netname, "inetnum")
+        if response is not None and len(response) > 0:
+            if not quiet:
+                print(f"# Network name: {netname}")
+            for cidr in response:
+                for network in convert_to_cidr(cidr):
+                    print(network)
 
     return None
 
-parser = argparse.ArgumentParser(description='Extract netname from file.')
-parser.add_argument('filename_or_url', help='The file or URL to extract netnames from.')
-parser.add_argument('-q', '--quiet', action='store_true', help='Disable all output except prefixes.')
-args = parser.parse_args()
 
-extract_netname(args.filename_or_url)
+def build_parser():
+    parser = argparse.ArgumentParser(description="Extract netname from file.")
+    parser.add_argument("filename_or_url", help="The file or URL to extract netnames from.")
+    parser.add_argument("-q", "--quiet", action="store_true", help="Disable all output except prefixes.")
+    return parser
+
+
+def main(argv=None):
+    parser = build_parser()
+    args = parser.parse_args(argv)
+    try:
+        extract_netname(args.filename_or_url, quiet=args.quiet)
+    except requests.RequestException as exc:
+        print(f"ERROR: failed to fetch netname data: {exc}", file=sys.stderr)
+        return 1
+    except OSError as exc:
+        print(f"ERROR: failed to read input: {exc}", file=sys.stderr)
+        return 1
+    return 0
+
+
+if __name__ == "__main__":
+    sys.exit(main())

parse_ripe_db.py

@@ -1,62 +1,84 @@
 #!/usr/bin/env python3
 
 import argparse
-import re
 import json
-from   pylib.ip import convert_to_cidr
+import sys
+
+from pylib.ip import convert_to_cidr
 
 country = "RU"
 
+
+def normalize_record(record):
+    if not record:
+        return None
+    if record.get("country") != country:
+        return None
+
+    normalized = dict(record)
+    normalized["inetnum"] = convert_to_cidr(record["inetnum"])
+    return normalized
+
+
 def parse(filename, output_text, output_json):
-    cList = []
+    c_list = []
     record = {}
-    with open(filename, 'r', encoding='latin-1') as f:
+    with open(filename, "r", encoding="latin-1") as f:
         lines = f.readlines()
-        f.close()
+
     for line in lines:
-        if re.match(r'^inetnum:', line):
-            if record:
-                record['inetnum'] = convert_to_cidr(record['inetnum'])
-                if record['country'] == country:
-#                    print(record)
-                    cList.append(record)
+        if line.startswith("inetnum:"):
+            normalized = normalize_record(record)
+            if normalized is not None:
+                c_list.append(normalized)
             record = {}
-            record['inetnum'] = line.split('inetnum:', 1)[1].strip()
-            record['descr'] = ''
-            record['netname'] = ''
-            record['country'] = ''
-            record['org'] = ''
-        if re.match(r'^netname:', line):
-            record['netname'] = line.split('netname:', 1)[1].strip()
-        if re.match(r'^descr:', line):
-            record['descr'] = str(record['descr'].strip() + ' ' + line.split('descr:', 1)[1].strip()).strip()
-        if re.match(r'^mnt-by:', line):
-            record['netname'] = str(record['netname'].strip() + ' ' + line.split('mnt-by:', 1)[1].strip()).strip()
-        if re.match(r'^country:', line):
-            record['country'] = line.split('country:', 1)[1].strip()
-        if re.match(r'^org:', line):
-            record['org'] = line.split('org:', 1)[1].strip()
-    if record:
-        cList.append(record)
+            record["inetnum"] = line.split("inetnum:", 1)[1].strip()
+            record["descr"] = ""
+            record["netname"] = ""
+            record["country"] = ""
+            record["org"] = ""
+        if line.startswith("netname:"):
+            record["netname"] = line.split("netname:", 1)[1].strip()
+        if line.startswith("descr:"):
+            record["descr"] = str(record["descr"].strip() + " " + line.split("descr:", 1)[1].strip()).strip()
+        if line.startswith("mnt-by:"):
+            record["netname"] = str(record["netname"].strip() + " " + line.split("mnt-by:", 1)[1].strip()).strip()
+        if line.startswith("country:"):
+            record["country"] = line.split("country:", 1)[1].strip()
+        if line.startswith("org:"):
+            record["org"] = line.split("org:", 1)[1].strip()
 
-    with open(output_json, 'w') as f:
-        json.dump(cList, f, indent=4)
-        f.close()
+    normalized = normalize_record(record)
+    if normalized is not None:
+        c_list.append(normalized)
 
-    with open(output_text, 'w') as f:
-        for record in cList:
-            for net in record['inetnum']:
-                f.write(net + ' ' + record['netname'] + ' (' + record['org'] + ') [' + record['descr'] + ']\n')
-        f.close()
+    with open(output_json, "w", encoding="utf-8") as f:
+        json.dump(c_list, f, indent=4)
 
-parser = argparse.ArgumentParser(description='Parse RIPE DB for getting a list of RU networks.')
-parser.add_argument('filename', help='ripe.db.inetnum file to parse.')
-parser.add_argument('output_text', help='write text db to...')
-parser.add_argument('output_json', help='write json do to...')
-args = parser.parse_args()
+    with open(output_text, "w", encoding="utf-8") as f:
+        for item in c_list:
+            for net in item["inetnum"]:
+                f.write(net + " " + item["netname"] + " (" + item["org"] + ") [" + item["descr"] + "]\n")
 
-if not (args.filename):
-    parser.print_help()
-    exit()
 
-parse(args.filename, args.output_text, args.output_json)
+def build_parser():
+    parser = argparse.ArgumentParser(description="Parse RIPE DB for getting a list of RU networks.")
+    parser.add_argument("filename", help="ripe.db.inetnum file to parse.")
+    parser.add_argument("output_text", help="write text db to...")
+    parser.add_argument("output_json", help="write json db to...")
+    return parser
+
+
+def main(argv=None):
+    parser = build_parser()
+    args = parser.parse_args(argv)
+    try:
+        parse(args.filename, args.output_text, args.output_json)
+    except OSError as exc:
+        print(f"ERROR: {exc}", file=sys.stderr)
+        return 1
+    return 0
+
+
+if __name__ == "__main__":
+    sys.exit(main())

tests/test_check_nft_blacklist.py

@@ -0,0 +1,26 @@
+import tempfile
+import unittest
+from pathlib import Path
+
+from check_nft_blacklist import check_ip_in_blacklist, parse_nft_config
+from generate_nft_blacklist import make_nft_config
+
+
+class CheckNftBlacklistTests(unittest.TestCase):
+    def test_vk_sets_are_parsed(self):
+        config = make_nft_config(["87.240.128.0/18"], [], usage_profile="vk_forward")
+
+        with tempfile.TemporaryDirectory() as tmpdir:
+            config_path = Path(tmpdir) / "blacklist-vk-v4.nft"
+            config_path.write_text(config, encoding="utf-8")
+
+            v4_prefixes, v6_prefixes = parse_nft_config(config_path)
+            blocked, prefix = check_ip_in_blacklist("87.240.128.1", v4_prefixes, v6_prefixes)
+
+            self.assertEqual(len(v4_prefixes), 1)
+            self.assertTrue(blocked)
+            self.assertEqual(str(prefix), "87.240.128.0/18")
+
+
+if __name__ == "__main__":
+    unittest.main()

tests/test_generate_nft_blacklist.py

@@ -0,0 +1,25 @@
+import unittest
+
+from generate_nft_blacklist import make_nft_config
+
+
+class GenerateNftBlacklistTests(unittest.TestCase):
+    def test_general_profile_generates_plain_sets_only(self):
+        config = make_nft_config(["10.0.0.0/24"], [], usage_profile="vm_input")
+
+        self.assertIn("set blacklist_v4", config)
+        self.assertNotIn("chain input", config)
+        self.assertIn("ip saddr @blacklist_v4", config)
+
+    def test_vk_profile_uses_vk_set_names_and_forward_example(self):
+        config = make_nft_config(["10.0.0.0/24"], ["2001:db8::/32"], usage_profile="vk_forward")
+
+        self.assertIn("set blacklist_vk_v4", config)
+        self.assertIn("set blacklist_vk_v6", config)
+        self.assertNotIn("chain forward", config)
+        self.assertIn("ip daddr @blacklist_vk_v4", config)
+        self.assertIn("ip6 daddr @blacklist_vk_v6", config)
+
+
+if __name__ == "__main__":
+    unittest.main()

tests/test_parse_ripe_db.py

@@ -0,0 +1,41 @@
+import json
+import tempfile
+import unittest
+from pathlib import Path
+
+from parse_ripe_db import parse
+
+
+class ParseRipeDbTests(unittest.TestCase):
+    def test_skips_non_ru_last_record_and_normalizes_last_ru_record(self):
+        sample = """\
+inetnum: 10.0.0.0 - 10.0.0.255
+netname: TEST1
+country: RU
+org: ORG-1
+descr: desc1
+inetnum: 20.0.0.0 - 20.0.0.255
+netname: TEST2
+country: US
+org: ORG-2
+"""
+
+        with tempfile.TemporaryDirectory() as tmpdir:
+            source = Path(tmpdir) / "ripe.db.inetnum"
+            output_text = Path(tmpdir) / "out.txt"
+            output_json = Path(tmpdir) / "out.json"
+            source.write_text(sample, encoding="latin-1")
+
+            parse(str(source), str(output_text), str(output_json))
+
+            payload = json.loads(output_json.read_text(encoding="utf-8"))
+            self.assertEqual(len(payload), 1)
+            self.assertEqual(payload[0]["inetnum"], ["10.0.0.0/24"])
+            self.assertEqual(payload[0]["country"], "RU")
+
+            text_lines = output_text.read_text(encoding="utf-8").splitlines()
+            self.assertEqual(text_lines, ["10.0.0.0/24 TEST1 (ORG-1) [desc1]"])
+
+
+if __name__ == "__main__":
+    unittest.main()