yanistyle/AS_Network_List
1
0
Fork 0
mirror of https://github.com/C24Be/AS_Network_List.git synced 2026-03-26 11:20:59 +03:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: yanistyle:3448d99fa0578f1f06ddc0a6d7bd4e5e1d70cbe2
Branches Tags
yanistyle:main
...
compare: yanistyle:main
Branches Tags
yanistyle:main

39 Commits
3448d99fa0 ... main

Author SHA1 Message Date
C24Be
849e96a16d + routes 2026-03-26 09:18:49 +01:00
C24Be
ee407903b6 + routes 2026-03-26 09:16:31 +01:00
C24Be
07284f6831 + routes 2026-03-26 09:16:11 +01:00
C24Be
f407215a72 Update 2026.03.26 07:01:14 2026-03-26 07:01:14 +00:00
C24Be
3ea564dfe8 Update 2026.03.25 06:55:56 2026-03-25 06:55:56 +00:00
C24Be
af409b55cc Update 2026.03.24 19:03:32 2026-03-24 19:03:33 +00:00
C24Be
17a668eaec Block VK / usage 2026-03-24 20:02:11 +01:00
C24Be
95d70eb428 Update 2026.03.24 18:58:35 2026-03-24 18:58:35 +00:00
C24Be
82ad171e71 usage 2026-03-24 19:57:16 +01:00
C24Be
8e3a07acc5 Update 2026.03.24 18:23:22 2026-03-24 18:23:22 +00:00
C24Be
6381ea7863 Block VK / usage 2026-03-24 19:21:52 +01:00
C24Be
4a8a10d6d6 Update 2026.03.24 18:07:56 2026-03-24 18:07:56 +00:00
C24Be
d7e0f9c7b7 Block VK / usage 2026-03-24 19:06:26 +01:00
C24Be
b98e6d008c Block VK / readme 2026-03-24 19:03:08 +01:00
C24Be
7714b6ff07 Update 2026.03.24 18:01:29 2026-03-24 18:01:30 +00:00
C24Be
2d2dfccad3 Block VK / Add special lists 2026-03-24 18:59:49 +01:00
C24Be
0b170ff24a Update 2026.03.24 06:56:56 2026-03-24 06:56:56 +00:00
C24Be
204b099d9c Update 2026.03.23 07:02:16 2026-03-23 07:02:16 +00:00
C24Be
77142cde32 Update 2026.03.22 13:11:44 2026-03-22 13:11:45 +00:00
C24Be
12f1e01c61 Update 2026.03.22 06:42:46 2026-03-22 06:42:46 +00:00
C24Be
834a95b304 Update 2026.03.21 06:34:56 2026-03-21 06:34:56 +00:00
C24Be
e78fa434c8 Update 2026.03.20 06:45:28 2026-03-20 06:45:28 +00:00
C24Be
c2beed14dc Update 2026.03.19 06:50:44 2026-03-19 06:50:44 +00:00
C24Be
0261df5830 Update 2026.03.18 06:55:06 2026-03-18 06:55:06 +00:00
C24Be
619e5f7997 Update 2026.03.17 06:56:36 2026-03-17 06:56:37 +00:00
C24Be
63bb2685d4 Update 2026.03.16 07:08:36 2026-03-16 07:08:36 +00:00
C24Be
b9bd54545c Update 2026.03.15 13:13:19 2026-03-15 13:13:20 +00:00
C24Be
f67123d80d Update 2026.03.15 06:48:28 2026-03-15 06:48:28 +00:00
C24Be
9834fa3728 Update 2026.03.14 06:37:41 2026-03-14 06:37:42 +00:00
C24Be
dbbfd0db63 Update 2026.03.13 06:43:17 2026-03-13 06:43:17 +00:00
C24Be
a163fdbbb2 Update 2026.03.12 06:45:25 2026-03-12 06:45:25 +00:00
C24Be
de5d352c2a Update 2026.03.11 06:43:34 2026-03-11 06:43:34 +00:00
C24Be
292b0f0460 Update 2026.03.10 06:40:16 2026-03-10 06:40:16 +00:00
C24Be
e690b097af Update 2026.03.09 06:56:59 2026-03-09 06:56:59 +00:00
C24Be
317036fb8d Update 2026.03.08 13:08:28 2026-03-08 13:08:29 +00:00
C24Be
69549bce92 Update 2026.03.08 06:35:20 2026-03-08 06:35:20 +00:00
C24Be
2d3cc80273 Update 2026.03.07 06:31:53 2026-03-07 06:31:53 +00:00
C24Be
e26bc0890f Update 2026.03.06 06:39:18 2026-03-06 06:39:18 +00:00
C24Be
7a958c6686 Update 2026.03.05 06:42:08 2026-03-05 06:42:08 +00:00
28 changed files with 5441 additions and 17151 deletions
Expand all files Collapse all files

1
.github/workflows/update_blacklists.yml vendored
View File

@@ -33,6 +33,7 @@ jobs:
- run: ./blacklists_updater_nginx.sh
- run: ./blacklists_updater_iptables.sh
- run: ./blacklists_updater_nftables.sh
- run: ./blacklists_updater_routes.sh
- uses: ./.github/actions/gitPush
env:
PUSH_FILES: blacklists/ blacklists_nginx/ blacklists_iptables/ blacklists_nftables/

40
README.md
View File

@@ -2,6 +2,11 @@
### Blacklists are updated daily!
> [!IMPORTANT]
> A very important feature has been added: dedicated lists of VK Cloud / VK networks that can be used to block **OUTGOING** traffic from your server (iptables/ipset and nftables formats are available).
> This can help reduce the risk of Messenger MAX being used to compromise your VPN server.
> The best security option is to avoid installing Messenger MAX at all on a phone where VPN access is configured.
This repository contains Python scripts that allow you to retrieve network lists based on either an Autonomous System (AS) name or a Network name. Also you can download and parse the whole RIPE database to get information about Networks for the further analysis.
**Ready-to-use blacklists in multiple formats:**
@@ -9,6 +14,8 @@ This repository contains Python scripts that allow you to retrieve network lists
- [Text blacklists in `blacklists/`](https://github.com/C24Be/AS_Network_List/tree/main/blacklists) - Plain text format with IPv4/IPv6 separation
- [Nginx configurations in `blacklists_nginx/`](https://github.com/C24Be/AS_Network_List/tree/main/blacklists_nginx) - Ready to include in your nginx config
- [IPTables/IPSet files in `blacklists_iptables/`](https://github.com/C24Be/AS_Network_List/tree/main/blacklists_iptables) - Optimized for iptables with ipset
- [nftables files in `blacklists_nftables/`](https://github.com/C24Be/AS_Network_List/tree/main/blacklists_nftables) - Ready-to-load sets and rules for nftables
- [Linux route files in `blacklists_route/`](https://github.com/C24Be/AS_Network_List/tree/main/blacklists_route) - VK route blackholes to loopback (IPv4/IPv6)
- [Other network and ASN lists in `auto/`](https://github.com/C24Be/AS_Network_List/tree/main/auto) - Comprehensive Russian network data
## Files and features
@@ -28,6 +35,8 @@ This repository contains Python scripts that allow you to retrieve network lists
- `blacklists_updater_txt.sh`: Generates text-based blacklists with IPv4/IPv6 separation
- `blacklists_updater_nginx.sh`: Generates nginx configuration files with deny directives
- `blacklists_updater_iptables.sh`: Generates ipset configuration files for iptables/ip6tables
- `blacklists_updater_nftables.sh`: Generates nftables blacklist files (mixed/v4/v6 and VK-specific)
- `blacklists_updater_routes.sh`: Generates Linux route files to send VK networks to loopback (`127.0.0.1` / `::1`)
### Generated Blacklists
@@ -57,8 +66,16 @@ This repository contains Python scripts that allow you to retrieve network lists
* `blacklist.nft`: nftables configuration for mixed IPv4/IPv6 (**daily generated**)
* `blacklist-v4.nft`: nftables configuration for IPv4 only (**daily generated**)
* `blacklist-v6.nft`: nftables configuration for IPv6 only (**daily generated**)
* `blacklist-vk.nft`: nftables configuration for VK-only networks (**daily generated**)
* `blacklist-vk-v4.nft`: nftables configuration for VK-only IPv4 networks (**daily generated**)
* `blacklist-vk-v6.nft`: nftables configuration for VK-only IPv6 networks (**daily generated**)
* `README.md`: Complete usage documentation for nftables integration
**Linux Routes Format** (`blacklists_route/` folder):
* `blacklist-vk-v4.routes`: IPv4 routes for VK-only networks to `127.0.0.1` via `lo` (**daily generated**)
* `blacklist-vk-v6.routes`: IPv6 routes for VK-only networks to `::1` via `lo` (**daily generated**)
### Reference Lists
@@ -105,10 +122,33 @@ ip6tables -I INPUT -m set --match-set blacklist-v6 src -j DROP
# Download and load into nftables
wget https://raw.githubusercontent.com/C24Be/AS_Network_List/main/blacklists_nftables/blacklist.nft
sudo nft -f blacklist.nft
# Protect VM from incoming blacklist sources
sudo nft add chain inet filter input '{ type filter hook input priority 0; policy accept; }'
sudo nft add rule inet filter input ip saddr @blacklist_v4 counter reject
sudo nft add rule inet filter input ip6 saddr @blacklist_v6 counter reject
# VK-only outbound blocking for VPN clients via NAT/FORWARD
wget https://raw.githubusercontent.com/C24Be/AS_Network_List/main/blacklists_nftables/blacklist-vk.nft
sudo nft -f blacklist-vk.nft
sudo nft add chain inet filter forward '{ type filter hook forward priority 0; policy accept; }'
sudo nft add rule inet filter forward iifname "<VPN_IFACE>" ip daddr @blacklist_v4 counter reject
sudo nft add rule inet filter forward iifname "<VPN_IFACE>" ip6 daddr @blacklist_v6 counter reject
# View the loaded rules
sudo nft list ruleset
````
**For Linux Routes (VK loopback blackhole):**
```bash
# Download and apply VK route files
wget https://raw.githubusercontent.com/C24Be/AS_Network_List/main/blacklists_route/blacklist-vk-v4.routes
wget https://raw.githubusercontent.com/C24Be/AS_Network_List/main/blacklists_route/blacklist-vk-v6.routes
sudo sh blacklist-vk-v4.routes
sudo sh blacklist-vk-v6.routes
```
**For Custom Applications:**
```bash

9096
auto/ripe-ru-ipv4.json
View File

File diff suppressed because it is too large Load Diff

1547
auto/ripe-ru-ipv4.txt
View File

File diff suppressed because it is too large Load Diff

0
blacklists/.keep → blacklists/.keep_folder
View File

1136
blacklists/blacklist-v4.txt
View File

File diff suppressed because it is too large Load Diff

22
blacklists/blacklist-v6.txt
View File

@@ -1,22 +0,0 @@
2a00:1148::/29
2a00:1148::/32
2a00:46e0:2::/48
2a00:46e0::/32
2a00:a300::/32
2a00:b4c0::/32
2a00:bdc0:8000::/34
2a00:bdc0::/33
2a00:bdc0:c000::/35
2a00:bdc0:e002::/48
2a00:bdc0:e003::/48
2a00:bdc0:e004::/48
2a00:bdc0:e005::/48
2a00:bdc0:e007::/48
2a00:bdc0:f000::/36
2a00:bdc1::/32
2a00:bdc2::/31
2a00:bdc4::/30
2a14:25c0::/32
2a14:25c5::/32
2a14:25c6::/32
2a14:25c7::/32

1158
blacklists/blacklist.txt
View File

File diff suppressed because it is too large Load Diff

2319
blacklists/blacklist_with_comments.txt
View File

File diff suppressed because it is too large Load Diff

0
blacklists_iptables/.keep → blacklists_iptables/.keep_folder
View File

109
blacklists_iptables/README.md
View File

@@ -1,109 +0,0 @@
# IPTables/IPSet Blacklist Configurations
Auto-generated ipset configuration files for blocking networks and IP addresses with iptables/ip6tables.
## Available Files
### IPv4 Only
- **`blacklist-v4.ipset`** - Contains only IPv4 networks (806 entries)
### IPv6 Only
- **`blacklist-v6.ipset`** - Contains only IPv6 networks (3 entries)
### Mixed IPv4/IPv6
- **`blacklist.ipset`** - Contains both IPv4 and IPv6 sets (809 total entries)
## Usage
### 1. Load the IPSet
```bash
# For IPv4 only
ipset restore < blacklist-v4.ipset
# For IPv6 only
ipset restore < blacklist-v6.ipset
# For both IPv4 and IPv6 (loads both sets)
ipset restore < blacklist.ipset
```
### 2. Apply IPTables Rules
```bash
# For IPv4
iptables -I INPUT -m set --match-set blacklist-v4 src -j DROP
iptables -I FORWARD -m set --match-set blacklist-v4 src -j DROP
# For IPv6
ip6tables -I INPUT -m set --match-set blacklist-v6 src -j DROP
ip6tables -I FORWARD -m set --match-set blacklist-v6 src -j DROP
```
### 3. Persist Rules (Optional)
To make the rules persistent across reboots:
**On Debian/Ubuntu:**
```bash
# Save iptables rules
iptables-save > /etc/iptables/rules.v4
ip6tables-save > /etc/iptables/rules.v6
# Save ipset
ipset save > /etc/ipset.conf
```
**On RHEL/CentOS:**
```bash
# Save iptables rules
service iptables save
service ip6tables save
# Save ipset
ipset save > /etc/sysconfig/ipset
```
### 4. Update Existing Sets
To update the blacklist without restarting iptables:
```bash
# Flush and reload
ipset flush blacklist-v4
ipset restore < blacklist-v4.ipset
```
### 5. Remove Sets
```bash
# Remove IPv4 set
ipset flush blacklist-v4
ipset destroy blacklist-v4
# Remove IPv6 set
ipset flush blacklist-v6
ipset destroy blacklist-v6
```
## Performance Benefits
IPSet uses hash tables for O(1) lookup performance, making it ideal for large blacklists:
- Much faster than individual iptables rules
- Minimal CPU overhead
- Supports up to 65536 entries per set (configurable)
- Kernel-level implementation for maximum efficiency
## Automatic Updates
These files are automatically regenerated when the blacklists are updated via the GitHub Actions workflow.
## Source
Generated from the blacklist files in the `blacklists/` directory.

1154
blacklists_iptables/blacklist-v4.ipset
View File

File diff suppressed because it is too large Load Diff

40
blacklists_iptables/blacklist-v6.ipset
View File

@@ -1,40 +0,0 @@
# IPSet blacklist configuration (IPv6 only)
# Auto-generated from blacklist-v6.txt
# Last updated: 2026-03-04 06:38:44 UTC
#
# Usage:
# 1. Load the ipset:
# ipset restore < blacklist-v6.ipset
#
# 2. Use with iptables/ip6tables:
# iptables -I INPUT -m set --match-set blacklist-v6 src -m conntrack --ctstate NEW -j DROP
# iptables -I FORWARD -m set --match-set blacklist-v6 src -m conntrack --ctstate NEW -j DROP
#
# 3. To flush/delete the set:
# ipset flush blacklist-v6
# ipset destroy blacklist-v6
#
create blacklist-v6 hash:net family inet6 hashsize 1024 maxelem 44
add blacklist-v6 2a00:1148::/29
add blacklist-v6 2a00:1148::/32
add blacklist-v6 2a00:46e0:2::/48
add blacklist-v6 2a00:46e0::/32
add blacklist-v6 2a00:a300::/32
add blacklist-v6 2a00:b4c0::/32
add blacklist-v6 2a00:bdc0:8000::/34
add blacklist-v6 2a00:bdc0::/33
add blacklist-v6 2a00:bdc0:c000::/35
add blacklist-v6 2a00:bdc0:e002::/48
add blacklist-v6 2a00:bdc0:e003::/48
add blacklist-v6 2a00:bdc0:e004::/48
add blacklist-v6 2a00:bdc0:e005::/48
add blacklist-v6 2a00:bdc0:e007::/48
add blacklist-v6 2a00:bdc0:f000::/36
add blacklist-v6 2a00:bdc1::/32
add blacklist-v6 2a00:bdc2::/31
add blacklist-v6 2a00:bdc4::/30
add blacklist-v6 2a14:25c0::/32
add blacklist-v6 2a14:25c5::/32
add blacklist-v6 2a14:25c6::/32
add blacklist-v6 2a14:25c7::/32

1180
blacklists_iptables/blacklist.ipset
View File

File diff suppressed because it is too large Load Diff

0
blacklists_nginx/.keep → blacklists_nftables/.keep_folder
View File

185
blacklists_nftables/README.md
View File

@@ -1,185 +0,0 @@
# nftables Blacklist Configuration
This folder contains nftables blacklist configurations generated from Russian government agency network lists.
## Available Files
- `blacklist.nft` - Mixed IPv4/IPv6 blacklist (**daily generated**)
- `blacklist-v4.nft` - IPv4-only blacklist (**daily generated**)
- `blacklist-v6.nft` - IPv6-only blacklist (**daily generated**)
## Quick Start
### Download and Load
````bash
# Download the blacklist
wget https://raw.githubusercontent.com/C24Be/AS_Network_List/main/blacklists_nftables/blacklist.nft
# Load the configuration
sudo nft -f blacklist.nft
# Verify it's loaded
sudo nft list ruleset
````
### Automatic Updates
Add to crontab for daily updates:
````bash
0 2 * * * wget -O /etc/nftables.d/blacklist.nft https://raw.githubusercontent.com/C24Be/AS_Network_List/main/blacklists_nftables/blacklist.nft && nft -f /etc/nftables.d/blacklist.nft
````
## Configuration Details
The generated nftables configuration uses:
- **Sets with interval flag** for efficient CIDR matching
- **Named sets** (`blacklist_v4` and `blacklist_v6`) for easy management
- **Counter** directive to track dropped packets
- **Stateful filtering** to allow established connections
### Configuration Structure
table inet filter {
set blacklist_v4 {
type ipv4_addr
flags interval
elements = { 1.2.3.0/24, 5.6.7.0/24, ... }
}
set blacklist_v6 {
type ipv6_addr
flags interval
elements = { 2001:db8::/32, ... }
}
chain input {
type filter hook input priority 0;
policy accept;
ct state { established, related } accept
ip saddr @blacklist_v4 counter drop
ip6 saddr @blacklist_v6 counter drop
}
}
## Integration Options
### Option 1: Standalone Configuration
Load the blacklist as a complete ruleset:
````bash
sudo nft -f blacklist.nft
````
### Option 2: Include in Existing Configuration
If you have an existing nftables configuration:
1. Copy only the set definitions from the generated file
2. Add set lookups to your existing input chain:
````bash
ip saddr @blacklist_v4 counter drop
ip6 saddr @blacklist_v6 counter drop
````
### Option 3: Persistent Configuration
For systemd-based systems:
````bash
# Copy to nftables config directory
sudo cp blacklist.nft /etc/nftables.d/
# Edit /etc/nftables.conf to include:
# include "/etc/nftables.d/blacklist.nft"
# Enable and restart
sudo systemctl enable nftables
sudo systemctl restart nftables
````
## Checking IPs Against the Blacklist
Use the `check_nft_blacklist.py` script to verify if an IP is blocked:
````bash
# Check an IPv4 address
python3 check_nft_blacklist.py blacklist.nft 192.168.1.1
# Check an IPv6 address
python3 check_nft_blacklist.py blacklist.nft 2001:db8::1
````
## Monitoring
### View Dropped Packets
````bash
# View all rules with counters
sudo nft list chain inet filter input -a
# Monitor in real-time
sudo nft monitor
````
### Check Set Contents
````bash
# View IPv4 blacklist
sudo nft list set inet filter blacklist_v4
# View IPv6 blacklist
sudo nft list set inet filter blacklist_v6
````
## Advantages of nftables
- **Better Performance**: O(1) lookup time with sets vs O(n) for sequential rules
- **Lower Memory Usage**: More efficient than iptables for large rulesets
- **Atomic Updates**: All rules updated in a single transaction
- **Modern Syntax**: Cleaner, more readable configuration
- **Unified Tool**: Single tool for IPv4, IPv6, and ARP filtering
## File Format Comparison
| Format | Use Case | Performance | Memory |
|--------|----------|-------------|--------|
| **nftables** | Modern firewalls | Excellent | Low |
| **iptables** | Legacy systems | Good | Medium |
| **nginx** | Web layer | Good | Low |
## Troubleshooting
### Configuration Won't Load
````bash
# Check syntax
sudo nft -c -f blacklist.nft
# View detailed errors
sudo nft -f blacklist.nft 2>&1 | less
````
### Rules Not Blocking Traffic
````bash
# Verify sets are populated
sudo nft list set inet filter blacklist_v4 | wc -l
# Check rule priority
sudo nft list chain inet filter input
# Test with logging temporarily
sudo nft add rule inet filter input ip saddr @blacklist_v4 log prefix "BLOCKED: "
````
### Performance Issues
If experiencing performance problems with very large sets:
1. Consider splitting into multiple smaller sets
2. Use `blacklist-v4.nft` or `blacklist-v6.nft` if only one protocol is needed
3. Ensure kernel supports nftables fully (Linux 4.0+)
## Additional Resources
- [nftables Wiki](https://wiki.nftables.org/)
- [nftables Quick Reference](https://wiki.nftables.org/wiki-nftables/index.php/Quick_reference-nftables_in_10_minutes)
- [Netfilter Documentation](https://www.netfilter.org/documentation/)
## Contributing
Found an issue or have suggestions? Please open an issue or submit a pull request!

832
blacklists_nftables/blacklist-v4.nft
View File

@@ -1,832 +0,0 @@
# Autogenerated nftables blacklist
# Generated: 2026-03-04T06:38:45.108423Z
# Source: /tmp/blacklist-v4.txt
# IPv4: 804, IPv6: 0
table inet filter {
set blacklist_v4 {
type ipv4_addr
flags interval
elements = {
5.61.16.0/21,
5.61.232.0/21,
5.101.40.0/22,
5.181.60.0/22,
5.188.140.0/22,
31.44.63.64/29,
31.177.95.0/24,
31.177.104.0/22,
37.28.161.48/30,
37.29.53.16/30,
37.29.57.52/30,
37.29.57.64/30,
37.29.59.56/30,
37.139.32.0/22,
37.139.40.0/22,
45.84.128.0/22,
45.136.20.0/22,
46.20.70.160/28,
46.29.152.0/22,
46.46.142.160/28,
46.46.148.40/29,
46.47.197.128/30,
46.47.199.76/30,
46.47.203.52/30,
46.47.207.96/30,
46.47.208.84/30,
46.47.210.76/30,
46.47.211.0/24,
46.47.212.204/30,
46.47.213.0/24,
46.47.214.200/30,
46.47.219.200/30,
46.47.223.196/30,
46.47.229.0/28,
46.47.238.144/30,
46.47.249.176/29,
46.61.208.0/24,
46.228.0.232/29,
62.5.130.104/29,
62.5.132.224/29,
62.5.189.80/29,
62.5.202.60/30,
62.5.218.204/30,
62.5.224.188/30,
62.5.242.80/28,
62.28.169.168/30,
62.33.34.16/28,
62.33.87.128/28,
62.33.199.80/29,
62.63.96.32/28,
62.63.98.24/29,
62.63.100.160/30,
62.63.101.80/29,
62.76.98.0/24,
62.105.158.200/29,
62.112.110.64/28,
62.118.101.184/29,
62.118.113.232/29,
62.118.125.188/30,
62.118.127.240/28,
62.118.193.8/29,
62.118.205.68/30,
62.118.208.100/30,
62.118.209.192/30,
62.118.216.60/30,
62.118.219.184/30,
62.118.230.4/30,
62.118.233.224/29,
62.118.234.64/29,
62.118.239.128/29,
62.141.125.0/25,
62.217.160.0/20,
77.34.209.160/28,
77.35.76.80/28,
77.35.98.240/28,
77.37.128.0/17,
77.72.139.0/28,
77.82.124.112/29,
77.243.9.80/28,
78.24.159.48/29,
78.37.67.24/29,
78.37.69.160/27,
78.37.84.120/29,
78.37.97.88/29,
78.37.104.0/29,
78.107.3.208/28,
78.107.13.208/28,
78.107.16.96/28,
78.107.18.112/28,
78.107.40.160/28,
78.107.42.144/28,
78.107.51.16/28,
78.107.61.96/28,
78.107.86.32/28,
78.108.192.0/21,
78.108.200.0/24,
78.109.140.112/29,
79.133.74.160/30,
79.133.74.168/30,
79.133.75.44/30,
79.133.75.176/30,
79.137.132.0/24,
79.137.139.0/24,
79.137.140.0/24,
79.137.142.0/24,
79.137.157.0/24,
79.137.164.0/24,
79.137.167.0/24,
79.137.174.0/23,
79.137.180.0/24,
79.137.183.0/24,
79.137.240.0/21,
79.142.88.0/28,
79.143.229.0/24,
79.143.230.0/24,
79.143.232.0/24,
80.73.16.0/20,
80.73.168.80/28,
80.73.169.244/30,
80.82.43.24/29,
80.89.152.220/30,
80.237.11.88/29,
80.237.39.112/29,
80.237.98.80/28,
80.247.32.0/20,
80.254.100.40/29,
80.254.119.168/29,
81.1.195.0/28,
81.1.205.96/27,
81.2.1.0/28,
81.2.10.192/27,
81.3.168.148/30,
81.17.2.192/28,
81.17.3.16/29,
81.176.70.0/26,
81.176.235.0/27,
81.177.12.0/24,
81.177.31.64/26,
81.177.156.0/24,
81.195.36.48/28,
81.195.44.248/30,
81.195.45.64/30,
81.195.50.72/29,
81.195.90.44/30,
81.195.92.48/30,
81.195.93.192/27,
81.195.94.72/29,
81.195.105.160/28,
81.195.108.164/30,
81.195.112.36/30,
81.195.118.48/30,
81.195.118.128/30,
81.195.120.16/29,
81.195.124.52/30,
81.195.125.96/30,
81.195.148.140/30,
81.195.150.248/30,
81.195.151.0/24,
81.195.155.0/30,
81.195.161.12/30,
81.195.164.0/24,
81.195.165.64/28,
81.195.168.24/30,
81.195.177.160/30,
81.195.178.224/27,
81.195.182.64/28,
81.195.192.96/30,
81.195.231.128/26,
81.195.244.32/29,
81.195.245.0/28,
81.195.247.128/28,
81.195.250.16/29,
81.211.32.16/28,
81.222.194.200/29,
81.222.209.136/29,
81.222.210.24/29,
82.140.65.240/29,
82.142.162.104/29,
82.151.107.136/29,
82.162.72.208/28,
82.162.76.176/28,
82.162.80.192/28,
82.162.87.192/28,
82.162.90.0/28,
82.162.103.144/28,
82.162.126.96/28,
82.162.149.160/28,
82.162.157.64/28,
82.162.158.176/28,
82.162.172.112/28,
82.179.86.32/27,
82.196.69.152/30,
82.196.130.0/27,
82.198.176.16/29,
82.198.176.144/29,
82.198.176.208/29,
82.198.189.128/26,
82.198.190.64/26,
82.198.191.96/27,
82.198.191.248/29,
82.200.13.0/27,
82.200.22.136/29,
82.200.22.144/28,
82.200.64.0/24,
82.208.68.240/28,
82.208.77.104/29,
82.208.81.0/24,
82.208.93.160/27,
83.69.207.248/29,
83.149.42.64/29,
83.166.232.0/21,
83.166.248.0/21,
83.172.36.224/29,
83.217.216.0/22,
83.219.5.248/29,
83.219.6.72/29,
83.219.13.128/29,
83.219.13.184/29,
83.219.23.8/29,
83.219.23.48/29,
83.219.25.0/29,
83.219.25.112/29,
83.219.138.16/28,
83.220.53.16/28,
83.222.28.0/22,
83.229.181.192/26,
83.229.232.16/29,
84.23.52.0/22,
84.53.210.144/28,
84.204.7.144/29,
84.204.93.232/30,
84.204.143.44/30,
84.204.154.16/30,
84.204.170.220/30,
84.204.217.164/30,
84.204.245.208/29,
85.21.99.48/28,
85.21.99.64/28,
85.21.102.224/28,
85.21.103.64/28,
85.21.104.192/27,
85.21.148.0/26,
85.21.149.48/28,
85.21.155.208/28,
85.21.157.48/28,
85.21.204.208/28,
85.90.98.144/30,
85.90.99.168/29,
85.90.100.72/29,
85.90.101.112/28,
85.90.101.192/29,
85.90.102.168/29,
85.90.120.72/29,
85.90.121.72/29,
85.90.125.96/29,
85.90.127.16/29,
85.94.52.160/27,
85.94.53.32/28,
85.114.30.192/30,
85.114.30.204/30,
85.114.31.108/30,
85.114.93.88/29,
85.141.17.24/30,
85.141.17.112/30,
85.141.18.80/30,
85.141.19.56/30,
85.141.21.236/30,
85.141.28.0/30,
85.141.31.68/30,
85.141.32.96/28,
85.141.33.0/28,
85.141.33.64/28,
85.141.60.96/28,
85.141.61.160/28,
85.143.125.0/24,
85.146.204.44/30,
85.192.32.0/22,
85.198.106.0/23,
85.236.29.160/27,
86.102.72.240/28,
86.102.74.64/28,
86.102.100.48/28,
86.102.108.32/28,
86.102.109.32/27,
86.102.115.80/28,
86.102.126.80/28,
86.102.126.160/28,
87.117.18.144/29,
87.117.20.64/26,
87.117.20.128/28,
87.117.21.0/26,
87.117.21.64/28,
87.117.21.80/29,
87.117.23.128/28,
87.117.31.56/29,
87.225.56.224/28,
87.226.156.64/26,
87.226.191.0/24,
87.226.213.0/24,
87.226.239.180/30,
87.237.47.204/30,
87.239.104.0/21,
87.240.128.0/18,
87.242.112.0/22,
87.245.133.0/24,
87.249.3.64/28,
87.249.5.48/30,
87.249.7.120/29,
87.249.16.32/28,
87.249.18.60/30,
87.249.22.72/29,
87.249.28.232/29,
87.249.30.176/30,
88.83.195.248/30,
88.151.200.0/24,
88.200.208.112/29,
89.21.129.16/28,
89.21.140.104/29,
89.21.152.104/29,
89.28.253.168/29,
89.28.255.56/29,
89.106.172.160/29,
89.107.123.120/29,
89.107.123.136/29,
89.107.127.136/29,
89.109.7.176/29,
89.109.250.28/30,
89.109.250.80/30,
89.109.250.88/29,
89.109.250.96/30,
89.109.250.132/30,
89.109.250.140/30,
89.111.176.0/22,
89.175.6.64/27,
89.175.8.36/30,
89.175.8.40/29,
89.175.8.52/30,
89.175.8.68/30,
89.175.8.104/30,
89.175.8.140/30,
89.175.8.192/30,
89.175.9.4/30,
89.175.10.160/30,
89.175.165.208/28,
89.175.170.144/28,
89.175.174.136/29,
89.175.176.88/30,
89.175.176.140/30,
89.175.176.176/30,
89.175.188.184/29,
89.179.155.192/28,
89.179.179.16/28,
89.179.181.0/24,
89.208.84.0/22,
89.208.196.0/22,
89.208.208.0/22,
89.208.216.0/21,
89.208.228.0/22,
89.221.228.0/22,
89.221.232.0/21,
90.150.176.52/30,
90.150.189.32/29,
90.150.189.128/26,
90.150.189.192/27,
90.150.189.224/28,
90.150.189.248/29,
90.156.148.0/22,
90.156.212.0/22,
90.156.216.0/22,
90.156.232.0/21,
91.103.194.184/29,
91.135.212.0/22,
91.135.216.0/21,
91.195.136.0/23,
91.208.20.0/24,
91.215.168.0/22,
91.217.34.0/23,
91.219.192.0/22,
91.219.224.0/22,
91.221.140.0/23,
91.226.250.0/24,
91.227.32.0/24,
91.231.132.0/22,
91.237.76.0/24,
92.39.106.20/30,
92.39.106.168/30,
92.39.111.84/30,
92.39.128.0/21,
92.50.198.72/30,
92.50.198.124/30,
92.50.219.136/29,
92.50.238.224/29,
92.101.253.96/29,
92.101.253.152/29,
93.153.134.112/29,
93.153.135.88/30,
93.153.136.132/30,
93.153.142.4/30,
93.153.144.60/30,
93.153.171.204/30,
93.153.172.100/30,
93.153.175.44/30,
93.153.183.104/30,
93.153.194.160/29,
93.153.220.192/29,
93.153.223.8/29,
93.153.229.232/29,
93.153.244.188/30,
93.153.244.248/29,
93.153.251.0/24,
93.153.255.84/30,
93.178.104.32/29,
93.178.104.64/29,
93.178.106.0/26,
93.186.224.0/20,
93.188.20.72/29,
93.190.110.0/24,
94.25.53.56/29,
94.25.57.176/29,
94.25.57.224/28,
94.25.65.16/29,
94.25.70.64/30,
94.25.90.240/29,
94.25.95.136/30,
94.25.119.228/30,
94.100.176.0/20,
94.124.192.192/29,
94.139.244.0/22,
94.199.64.0/21,
95.53.248.0/29,
95.54.193.80/28,
95.142.192.0/20,
95.163.32.0/19,
95.163.133.0/24,
95.163.180.0/22,
95.163.208.0/21,
95.163.216.0/22,
95.163.248.0/21,
95.167.2.4/30,
95.167.4.168/29,
95.167.5.64/27,
95.167.21.104/29,
95.167.29.104/29,
95.167.54.76/30,
95.167.59.244/30,
95.167.64.20/30,
95.167.68.216/29,
95.167.69.116/30,
95.167.70.32/28,
95.167.70.136/29,
95.167.70.176/28,
95.167.72.48/30,
95.167.72.140/30,
95.167.72.204/30,
95.167.74.136/29,
95.167.74.180/30,
95.167.76.160/27,
95.167.99.48/28,
95.167.113.48/30,
95.167.114.48/30,
95.167.121.68/30,
95.167.122.128/28,
95.167.142.32/30,
95.167.157.156/30,
95.167.162.76/30,
95.167.162.236/30,
95.167.176.0/23,
95.167.213.0/24,
95.173.128.0/19,
95.213.0.0/17,
109.73.4.224/27,
109.120.180.0/22,
109.120.188.0/22,
109.124.66.128/30,
109.124.66.160/28,
109.124.71.64/29,
109.124.78.108/30,
109.124.80.132/30,
109.124.83.20/30,
109.124.87.96/29,
109.124.89.36/30,
109.124.89.140/30,
109.124.89.212/30,
109.124.90.32/30,
109.124.90.128/30,
109.124.97.4/30,
109.124.99.16/30,
109.124.99.160/28,
109.124.119.88/29,
109.204.204.232/29,
109.207.0.0/20,
109.232.187.16/29,
109.248.197.0/24,
128.140.168.0/21,
130.49.224.0/19,
145.255.238.240/28,
146.185.208.0/22,
146.185.240.0/22,
149.62.55.240/30,
155.212.192.0/20,
176.109.0.0/21,
176.112.168.0/21,
176.116.96.0/20,
178.16.156.148/30,
178.17.176.0/20,
178.20.234.224/29,
178.22.88.0/21,
178.49.148.176/29,
178.237.16.0/20,
178.237.206.0/24,
178.237.240.0/20,
178.248.232.60/32,
178.248.232.137/32,
178.248.233.26/32,
178.248.233.32/32,
178.248.233.60/32,
178.248.233.136/32,
178.248.233.244/31,
178.248.234.30/32,
178.248.234.33/32,
178.248.234.60/32,
178.248.234.79/32,
178.248.234.83/32,
178.248.234.136/32,
178.248.234.204/32,
178.248.234.228/32,
178.248.234.238/32,
178.248.235.60/32,
178.248.235.75/32,
178.248.235.244/32,
178.248.236.20/32,
178.248.236.83/32,
178.248.236.244/32,
178.248.237.18/32,
178.248.237.98/32,
178.248.237.136/32,
178.248.237.242/32,
178.248.238.55/32,
178.248.238.102/32,
178.248.238.128/31,
178.248.238.136/32,
178.248.238.155/32,
178.248.238.172/32,
178.248.238.205/32,
178.248.238.255/32,
178.248.239.215/32,
185.5.136.0/22,
185.6.244.0/22,
185.7.234.188/30,
185.16.8.0/22,
185.16.148.0/22,
185.16.244.0/22,
185.29.128.0/22,
185.32.248.0/22,
185.65.149.170/32,
185.86.144.0/22,
185.100.104.0/22,
185.130.112.0/22,
185.131.68.0/22,
185.149.160.0/22,
185.168.60.0/22,
185.179.224.0/22,
185.180.200.0/22,
185.183.172.0/22,
185.187.63.0/24,
185.224.228.0/22,
185.226.52.0/22,
185.241.192.0/22,
188.93.56.0/21,
188.128.8.240/30,
188.128.11.196/30,
188.128.89.0/30,
188.128.92.104/30,
188.128.94.204/30,
188.128.98.204/30,
188.128.101.108/30,
188.128.112.216/29,
188.128.112.240/29,
188.128.113.0/28,
188.128.114.128/28,
188.128.115.232/29,
188.128.118.224/27,
188.128.119.104/30,
188.128.122.240/30,
188.247.36.124/30,
188.247.36.128/28,
188.247.36.204/30,
193.33.230.0/23,
193.47.146.0/24,
193.203.40.0/22,
193.232.70.0/24,
194.8.70.0/23,
194.8.246.0/23,
194.67.63.200/30,
194.84.16.12/30,
194.140.247.0/24,
194.150.202.0/23,
194.165.22.0/23,
194.186.63.0/24,
194.186.112.80/28,
194.190.9.0/24,
194.215.248.0/24,
194.226.80.0/20,
194.226.116.0/22,
194.226.127.0/24,
195.3.240.0/22,
195.16.55.224/27,
195.42.75.8/29,
195.54.20.168/29,
195.54.28.72/30,
195.54.221.0/24,
195.58.5.16/29,
195.58.13.120/30,
195.58.21.196/30,
195.58.29.57/32,
195.58.30.164/30,
195.58.30.200/29,
195.80.224.0/24,
195.98.38.16/28,
195.98.43.104/29,
195.98.73.56/29,
195.98.77.100/30,
195.128.157.0/24,
195.131.7.8/29,
195.131.53.248/29,
195.131.61.80/29,
195.131.63.24/29,
195.144.226.224/28,
195.144.232.144/30,
195.144.240.128/28,
195.149.110.0/24,
195.151.25.48/29,
195.162.36.64/28,
195.170.218.24/29,
195.170.218.88/29,
195.182.142.128/26,
195.182.145.64/28,
195.182.151.212/30,
195.182.151.216/30,
195.182.155.164/30,
195.182.156.96/30,
195.209.120.0/22,
195.211.20.0/22,
195.218.175.40/29,
195.218.190.0/23,
195.226.203.0/24,
195.239.80.32/29,
195.239.113.0/24,
195.239.247.0/24,
212.13.104.116/30,
212.13.113.100/30,
212.15.105.64/28,
212.15.114.156/30,
212.15.115.80/28,
212.17.8.176/29,
212.17.9.144/28,
212.17.16.192/27,
212.17.17.176/28,
212.23.85.48/30,
212.23.85.56/29,
212.32.198.64/29,
212.48.34.176/28,
212.48.53.76/30,
212.48.53.84/30,
212.48.53.88/29,
212.48.53.100/30,
212.48.53.144/30,
212.48.53.152/29,
212.48.53.160/29,
212.48.53.184/29,
212.48.53.192/29,
212.48.53.200/30,
212.48.53.216/30,
212.48.53.236/30,
212.48.53.240/28,
212.48.54.0/30,
212.48.54.8/29,
212.48.54.16/28,
212.48.54.32/29,
212.48.54.44/30,
212.48.54.48/28,
212.48.54.64/28,
212.48.54.80/29,
212.48.54.92/30,
212.48.54.96/27,
212.48.54.128/27,
212.48.54.164/30,
212.48.54.168/29,
212.48.54.176/28,
212.48.54.196/30,
212.48.54.200/30,
212.48.54.208/28,
212.48.54.240/28,
212.48.134.192/26,
212.48.138.240/28,
212.48.141.160/27,
212.49.107.224/27,
212.49.124.0/26,
212.57.133.0/24,
212.57.159.0/24,
212.59.98.48/29,
212.59.99.96/27,
212.111.84.0/22,
212.119.174.0/23,
212.120.169.48/29,
212.120.174.88/29,
212.120.184.48/28,
212.120.184.64/29,
212.120.189.208/29,
212.120.189.224/29,
212.120.190.112/29,
212.120.190.240/29,
212.120.191.120/29,
212.120.191.248/29,
212.192.156.0/22,
212.233.72.0/21,
212.233.88.0/21,
212.233.96.0/22,
212.233.120.0/22,
213.24.34.0/24,
213.24.75.0/24,
213.24.76.0/23,
213.24.128.0/22,
213.24.143.0/24,
213.24.152.0/22,
213.24.160.0/28,
213.33.171.240/29,
213.59.59.16/29,
213.59.59.64/29,
213.59.59.120/29,
213.59.59.128/29,
213.59.59.144/29,
213.59.59.168/29,
213.59.91.48/29,
213.59.91.128/27,
213.59.91.176/28,
213.85.2.64/28,
213.85.2.80/29,
213.85.20.8/30,
213.85.20.32/30,
213.85.20.84/30,
213.85.77.64/27,
213.85.142.176/28,
213.147.55.108/30,
213.172.4.192/26,
213.172.17.252/30,
213.172.18.60/30,
213.172.18.124/30,
213.172.18.148/30,
213.172.18.160/29,
213.172.18.252/30,
213.172.27.0/30,
213.172.27.116/30,
213.172.27.160/30,
213.172.27.204/30,
213.172.27.212/30,
213.172.27.224/30,
213.172.27.252/30,
213.172.30.136/30,
213.176.232.0/22,
213.177.111.0/24,
213.183.253.56/29,
213.219.212.0/22,
213.219.237.68/30,
213.234.8.8/30,
213.234.13.60/30,
213.234.15.228/30,
213.234.15.248/30,
213.234.18.52/30,
213.242.204.76/30,
213.242.204.236/30,
213.242.205.88/30,
213.242.215.68/30,
213.242.215.192/29,
213.243.84.80/28,
213.243.106.48/28,
213.243.116.0/24,
217.16.16.0/20,
217.20.86.128/26,
217.20.86.232/29,
217.20.144.0/20,
217.23.88.168/29,
217.23.88.248/29,
217.27.142.176/30,
217.65.214.24/29,
217.65.219.160/29,
217.67.177.208/29,
217.69.128.0/20,
217.106.0.0/16,
217.107.5.8/29,
217.107.5.16/28,
217.107.5.40/29,
217.107.5.80/28,
217.107.5.96/29,
217.107.5.112/29,
217.107.200.0/21,
217.147.23.112/28,
217.148.216.156/30,
217.148.220.160/29,
217.172.18.0/23,
217.174.188.0/22,
217.195.92.16/28,
217.195.93.144/29,
217.195.94.200/29
}
}
set blacklist_v6 {
type ipv6_addr
flags interval
}
chain input {
type filter hook input priority 0;
policy accept;
ct state { established, related } accept
ip saddr @blacklist_v4 counter drop
}
}

45
blacklists_nftables/blacklist-v6.nft
View File

@@ -1,45 +0,0 @@
# Autogenerated nftables blacklist
# Generated: 2026-03-04T06:38:45.140077Z
# Source: /tmp/blacklist-v6.txt
# IPv4: 0, IPv6: 17
table inet filter {
set blacklist_v4 {
type ipv4_addr
flags interval
}
set blacklist_v6 {
type ipv6_addr
flags interval
elements = {
2a00:1148::/29,
2a00:46e0::/32,
2a00:a300::/32,
2a00:b4c0::/32,
2a00:bdc0::/33,
2a00:bdc0:8000::/34,
2a00:bdc0:c000::/35,
2a00:bdc0:e002::/47,
2a00:bdc0:e004::/47,
2a00:bdc0:e007::/48,
2a00:bdc0:f000::/36,
2a00:bdc1::/32,
2a00:bdc2::/31,
2a00:bdc4::/30,
2a14:25c0::/32,
2a14:25c5::/32,
2a14:25c6::/31
}
}
chain input {
type filter hook input priority 0;
policy accept;
ct state { established, related } accept
ip6 saddr @blacklist_v6 counter drop
}
}

852
blacklists_nftables/blacklist.nft
View File

@@ -1,852 +0,0 @@
# Autogenerated nftables blacklist
# Generated: 2026-03-04T06:38:45.058019Z
# Source: /home/runner/work/AS_Network_List/AS_Network_List/blacklists/blacklist.txt
# IPv4: 804, IPv6: 17
table inet filter {
set blacklist_v4 {
type ipv4_addr
flags interval
elements = {
5.61.16.0/21,
5.61.232.0/21,
5.101.40.0/22,
5.181.60.0/22,
5.188.140.0/22,
31.44.63.64/29,
31.177.95.0/24,
31.177.104.0/22,
37.28.161.48/30,
37.29.53.16/30,
37.29.57.52/30,
37.29.57.64/30,
37.29.59.56/30,
37.139.32.0/22,
37.139.40.0/22,
45.84.128.0/22,
45.136.20.0/22,
46.20.70.160/28,
46.29.152.0/22,
46.46.142.160/28,
46.46.148.40/29,
46.47.197.128/30,
46.47.199.76/30,
46.47.203.52/30,
46.47.207.96/30,
46.47.208.84/30,
46.47.210.76/30,
46.47.211.0/24,
46.47.212.204/30,
46.47.213.0/24,
46.47.214.200/30,
46.47.219.200/30,
46.47.223.196/30,
46.47.229.0/28,
46.47.238.144/30,
46.47.249.176/29,
46.61.208.0/24,
46.228.0.232/29,
62.5.130.104/29,
62.5.132.224/29,
62.5.189.80/29,
62.5.202.60/30,
62.5.218.204/30,
62.5.224.188/30,
62.5.242.80/28,
62.28.169.168/30,
62.33.34.16/28,
62.33.87.128/28,
62.33.199.80/29,
62.63.96.32/28,
62.63.98.24/29,
62.63.100.160/30,
62.63.101.80/29,
62.76.98.0/24,
62.105.158.200/29,
62.112.110.64/28,
62.118.101.184/29,
62.118.113.232/29,
62.118.125.188/30,
62.118.127.240/28,
62.118.193.8/29,
62.118.205.68/30,
62.118.208.100/30,
62.118.209.192/30,
62.118.216.60/30,
62.118.219.184/30,
62.118.230.4/30,
62.118.233.224/29,
62.118.234.64/29,
62.118.239.128/29,
62.141.125.0/25,
62.217.160.0/20,
77.34.209.160/28,
77.35.76.80/28,
77.35.98.240/28,
77.37.128.0/17,
77.72.139.0/28,
77.82.124.112/29,
77.243.9.80/28,
78.24.159.48/29,
78.37.67.24/29,
78.37.69.160/27,
78.37.84.120/29,
78.37.97.88/29,
78.37.104.0/29,
78.107.3.208/28,
78.107.13.208/28,
78.107.16.96/28,
78.107.18.112/28,
78.107.40.160/28,
78.107.42.144/28,
78.107.51.16/28,
78.107.61.96/28,
78.107.86.32/28,
78.108.192.0/21,
78.108.200.0/24,
78.109.140.112/29,
79.133.74.160/30,
79.133.74.168/30,
79.133.75.44/30,
79.133.75.176/30,
79.137.132.0/24,
79.137.139.0/24,
79.137.140.0/24,
79.137.142.0/24,
79.137.157.0/24,
79.137.164.0/24,
79.137.167.0/24,
79.137.174.0/23,
79.137.180.0/24,
79.137.183.0/24,
79.137.240.0/21,
79.142.88.0/28,
79.143.229.0/24,
79.143.230.0/24,
79.143.232.0/24,
80.73.16.0/20,
80.73.168.80/28,
80.73.169.244/30,
80.82.43.24/29,
80.89.152.220/30,
80.237.11.88/29,
80.237.39.112/29,
80.237.98.80/28,
80.247.32.0/20,
80.254.100.40/29,
80.254.119.168/29,
81.1.195.0/28,
81.1.205.96/27,
81.2.1.0/28,
81.2.10.192/27,
81.3.168.148/30,
81.17.2.192/28,
81.17.3.16/29,
81.176.70.0/26,
81.176.235.0/27,
81.177.12.0/24,
81.177.31.64/26,
81.177.156.0/24,
81.195.36.48/28,
81.195.44.248/30,
81.195.45.64/30,
81.195.50.72/29,
81.195.90.44/30,
81.195.92.48/30,
81.195.93.192/27,
81.195.94.72/29,
81.195.105.160/28,
81.195.108.164/30,
81.195.112.36/30,
81.195.118.48/30,
81.195.118.128/30,
81.195.120.16/29,
81.195.124.52/30,
81.195.125.96/30,
81.195.148.140/30,
81.195.150.248/30,
81.195.151.0/24,
81.195.155.0/30,
81.195.161.12/30,
81.195.164.0/24,
81.195.165.64/28,
81.195.168.24/30,
81.195.177.160/30,
81.195.178.224/27,
81.195.182.64/28,
81.195.192.96/30,
81.195.231.128/26,
81.195.244.32/29,
81.195.245.0/28,
81.195.247.128/28,
81.195.250.16/29,
81.211.32.16/28,
81.222.194.200/29,
81.222.209.136/29,
81.222.210.24/29,
82.140.65.240/29,
82.142.162.104/29,
82.151.107.136/29,
82.162.72.208/28,
82.162.76.176/28,
82.162.80.192/28,
82.162.87.192/28,
82.162.90.0/28,
82.162.103.144/28,
82.162.126.96/28,
82.162.149.160/28,
82.162.157.64/28,
82.162.158.176/28,
82.162.172.112/28,
82.179.86.32/27,
82.196.69.152/30,
82.196.130.0/27,
82.198.176.16/29,
82.198.176.144/29,
82.198.176.208/29,
82.198.189.128/26,
82.198.190.64/26,
82.198.191.96/27,
82.198.191.248/29,
82.200.13.0/27,
82.200.22.136/29,
82.200.22.144/28,
82.200.64.0/24,
82.208.68.240/28,
82.208.77.104/29,
82.208.81.0/24,
82.208.93.160/27,
83.69.207.248/29,
83.149.42.64/29,
83.166.232.0/21,
83.166.248.0/21,
83.172.36.224/29,
83.217.216.0/22,
83.219.5.248/29,
83.219.6.72/29,
83.219.13.128/29,
83.219.13.184/29,
83.219.23.8/29,
83.219.23.48/29,
83.219.25.0/29,
83.219.25.112/29,
83.219.138.16/28,
83.220.53.16/28,
83.222.28.0/22,
83.229.181.192/26,
83.229.232.16/29,
84.23.52.0/22,
84.53.210.144/28,
84.204.7.144/29,
84.204.93.232/30,
84.204.143.44/30,
84.204.154.16/30,
84.204.170.220/30,
84.204.217.164/30,
84.204.245.208/29,
85.21.99.48/28,
85.21.99.64/28,
85.21.102.224/28,
85.21.103.64/28,
85.21.104.192/27,
85.21.148.0/26,
85.21.149.48/28,
85.21.155.208/28,
85.21.157.48/28,
85.21.204.208/28,
85.90.98.144/30,
85.90.99.168/29,
85.90.100.72/29,
85.90.101.112/28,
85.90.101.192/29,
85.90.102.168/29,
85.90.120.72/29,
85.90.121.72/29,
85.90.125.96/29,
85.90.127.16/29,
85.94.52.160/27,
85.94.53.32/28,
85.114.30.192/30,
85.114.30.204/30,
85.114.31.108/30,
85.114.93.88/29,
85.141.17.24/30,
85.141.17.112/30,
85.141.18.80/30,
85.141.19.56/30,
85.141.21.236/30,
85.141.28.0/30,
85.141.31.68/30,
85.141.32.96/28,
85.141.33.0/28,
85.141.33.64/28,
85.141.60.96/28,
85.141.61.160/28,
85.143.125.0/24,
85.146.204.44/30,
85.192.32.0/22,
85.198.106.0/23,
85.236.29.160/27,
86.102.72.240/28,
86.102.74.64/28,
86.102.100.48/28,
86.102.108.32/28,
86.102.109.32/27,
86.102.115.80/28,
86.102.126.80/28,
86.102.126.160/28,
87.117.18.144/29,
87.117.20.64/26,
87.117.20.128/28,
87.117.21.0/26,
87.117.21.64/28,
87.117.21.80/29,
87.117.23.128/28,
87.117.31.56/29,
87.225.56.224/28,
87.226.156.64/26,
87.226.191.0/24,
87.226.213.0/24,
87.226.239.180/30,
87.237.47.204/30,
87.239.104.0/21,
87.240.128.0/18,
87.242.112.0/22,
87.245.133.0/24,
87.249.3.64/28,
87.249.5.48/30,
87.249.7.120/29,
87.249.16.32/28,
87.249.18.60/30,
87.249.22.72/29,
87.249.28.232/29,
87.249.30.176/30,
88.83.195.248/30,
88.151.200.0/24,
88.200.208.112/29,
89.21.129.16/28,
89.21.140.104/29,
89.21.152.104/29,
89.28.253.168/29,
89.28.255.56/29,
89.106.172.160/29,
89.107.123.120/29,
89.107.123.136/29,
89.107.127.136/29,
89.109.7.176/29,
89.109.250.28/30,
89.109.250.80/30,
89.109.250.88/29,
89.109.250.96/30,
89.109.250.132/30,
89.109.250.140/30,
89.111.176.0/22,
89.175.6.64/27,
89.175.8.36/30,
89.175.8.40/29,
89.175.8.52/30,
89.175.8.68/30,
89.175.8.104/30,
89.175.8.140/30,
89.175.8.192/30,
89.175.9.4/30,
89.175.10.160/30,
89.175.165.208/28,
89.175.170.144/28,
89.175.174.136/29,
89.175.176.88/30,
89.175.176.140/30,
89.175.176.176/30,
89.175.188.184/29,
89.179.155.192/28,
89.179.179.16/28,
89.179.181.0/24,
89.208.84.0/22,
89.208.196.0/22,
89.208.208.0/22,
89.208.216.0/21,
89.208.228.0/22,
89.221.228.0/22,
89.221.232.0/21,
90.150.176.52/30,
90.150.189.32/29,
90.150.189.128/26,
90.150.189.192/27,
90.150.189.224/28,
90.150.189.248/29,
90.156.148.0/22,
90.156.212.0/22,
90.156.216.0/22,
90.156.232.0/21,
91.103.194.184/29,
91.135.212.0/22,
91.135.216.0/21,
91.195.136.0/23,
91.208.20.0/24,
91.215.168.0/22,
91.217.34.0/23,
91.219.192.0/22,
91.219.224.0/22,
91.221.140.0/23,
91.226.250.0/24,
91.227.32.0/24,
91.231.132.0/22,
91.237.76.0/24,
92.39.106.20/30,
92.39.106.168/30,
92.39.111.84/30,
92.39.128.0/21,
92.50.198.72/30,
92.50.198.124/30,
92.50.219.136/29,
92.50.238.224/29,
92.101.253.96/29,
92.101.253.152/29,
93.153.134.112/29,
93.153.135.88/30,
93.153.136.132/30,
93.153.142.4/30,
93.153.144.60/30,
93.153.171.204/30,
93.153.172.100/30,
93.153.175.44/30,
93.153.183.104/30,
93.153.194.160/29,
93.153.220.192/29,
93.153.223.8/29,
93.153.229.232/29,
93.153.244.188/30,
93.153.244.248/29,
93.153.251.0/24,
93.153.255.84/30,
93.178.104.32/29,
93.178.104.64/29,
93.178.106.0/26,
93.186.224.0/20,
93.188.20.72/29,
93.190.110.0/24,
94.25.53.56/29,
94.25.57.176/29,
94.25.57.224/28,
94.25.65.16/29,
94.25.70.64/30,
94.25.90.240/29,
94.25.95.136/30,
94.25.119.228/30,
94.100.176.0/20,
94.124.192.192/29,
94.139.244.0/22,
94.199.64.0/21,
95.53.248.0/29,
95.54.193.80/28,
95.142.192.0/20,
95.163.32.0/19,
95.163.133.0/24,
95.163.180.0/22,
95.163.208.0/21,
95.163.216.0/22,
95.163.248.0/21,
95.167.2.4/30,
95.167.4.168/29,
95.167.5.64/27,
95.167.21.104/29,
95.167.29.104/29,
95.167.54.76/30,
95.167.59.244/30,
95.167.64.20/30,
95.167.68.216/29,
95.167.69.116/30,
95.167.70.32/28,
95.167.70.136/29,
95.167.70.176/28,
95.167.72.48/30,
95.167.72.140/30,
95.167.72.204/30,
95.167.74.136/29,
95.167.74.180/30,
95.167.76.160/27,
95.167.99.48/28,
95.167.113.48/30,
95.167.114.48/30,
95.167.121.68/30,
95.167.122.128/28,
95.167.142.32/30,
95.167.157.156/30,
95.167.162.76/30,
95.167.162.236/30,
95.167.176.0/23,
95.167.213.0/24,
95.173.128.0/19,
95.213.0.0/17,
109.73.4.224/27,
109.120.180.0/22,
109.120.188.0/22,
109.124.66.128/30,
109.124.66.160/28,
109.124.71.64/29,
109.124.78.108/30,
109.124.80.132/30,
109.124.83.20/30,
109.124.87.96/29,
109.124.89.36/30,
109.124.89.140/30,
109.124.89.212/30,
109.124.90.32/30,
109.124.90.128/30,
109.124.97.4/30,
109.124.99.16/30,
109.124.99.160/28,
109.124.119.88/29,
109.204.204.232/29,
109.207.0.0/20,
109.232.187.16/29,
109.248.197.0/24,
128.140.168.0/21,
130.49.224.0/19,
145.255.238.240/28,
146.185.208.0/22,
146.185.240.0/22,
149.62.55.240/30,
155.212.192.0/20,
176.109.0.0/21,
176.112.168.0/21,
176.116.96.0/20,
178.16.156.148/30,
178.17.176.0/20,
178.20.234.224/29,
178.22.88.0/21,
178.49.148.176/29,
178.237.16.0/20,
178.237.206.0/24,
178.237.240.0/20,
178.248.232.60/32,
178.248.232.137/32,
178.248.233.26/32,
178.248.233.32/32,
178.248.233.60/32,
178.248.233.136/32,
178.248.233.244/31,
178.248.234.30/32,
178.248.234.33/32,
178.248.234.60/32,
178.248.234.79/32,
178.248.234.83/32,
178.248.234.136/32,
178.248.234.204/32,
178.248.234.228/32,
178.248.234.238/32,
178.248.235.60/32,
178.248.235.75/32,
178.248.235.244/32,
178.248.236.20/32,
178.248.236.83/32,
178.248.236.244/32,
178.248.237.18/32,
178.248.237.98/32,
178.248.237.136/32,
178.248.237.242/32,
178.248.238.55/32,
178.248.238.102/32,
178.248.238.128/31,
178.248.238.136/32,
178.248.238.155/32,
178.248.238.172/32,
178.248.238.205/32,
178.248.238.255/32,
178.248.239.215/32,
185.5.136.0/22,
185.6.244.0/22,
185.7.234.188/30,
185.16.8.0/22,
185.16.148.0/22,
185.16.244.0/22,
185.29.128.0/22,
185.32.248.0/22,
185.65.149.170/32,
185.86.144.0/22,
185.100.104.0/22,
185.130.112.0/22,
185.131.68.0/22,
185.149.160.0/22,
185.168.60.0/22,
185.179.224.0/22,
185.180.200.0/22,
185.183.172.0/22,
185.187.63.0/24,
185.224.228.0/22,
185.226.52.0/22,
185.241.192.0/22,
188.93.56.0/21,
188.128.8.240/30,
188.128.11.196/30,
188.128.89.0/30,
188.128.92.104/30,
188.128.94.204/30,
188.128.98.204/30,
188.128.101.108/30,
188.128.112.216/29,
188.128.112.240/29,
188.128.113.0/28,
188.128.114.128/28,
188.128.115.232/29,
188.128.118.224/27,
188.128.119.104/30,
188.128.122.240/30,
188.247.36.124/30,
188.247.36.128/28,
188.247.36.204/30,
193.33.230.0/23,
193.47.146.0/24,
193.203.40.0/22,
193.232.70.0/24,
194.8.70.0/23,
194.8.246.0/23,
194.67.63.200/30,
194.84.16.12/30,
194.140.247.0/24,
194.150.202.0/23,
194.165.22.0/23,
194.186.63.0/24,
194.186.112.80/28,
194.190.9.0/24,
194.215.248.0/24,
194.226.80.0/20,
194.226.116.0/22,
194.226.127.0/24,
195.3.240.0/22,
195.16.55.224/27,
195.42.75.8/29,
195.54.20.168/29,
195.54.28.72/30,
195.54.221.0/24,
195.58.5.16/29,
195.58.13.120/30,
195.58.21.196/30,
195.58.29.57/32,
195.58.30.164/30,
195.58.30.200/29,
195.80.224.0/24,
195.98.38.16/28,
195.98.43.104/29,
195.98.73.56/29,
195.98.77.100/30,
195.128.157.0/24,
195.131.7.8/29,
195.131.53.248/29,
195.131.61.80/29,
195.131.63.24/29,
195.144.226.224/28,
195.144.232.144/30,
195.144.240.128/28,
195.149.110.0/24,
195.151.25.48/29,
195.162.36.64/28,
195.170.218.24/29,
195.170.218.88/29,
195.182.142.128/26,
195.182.145.64/28,
195.182.151.212/30,
195.182.151.216/30,
195.182.155.164/30,
195.182.156.96/30,
195.209.120.0/22,
195.211.20.0/22,
195.218.175.40/29,
195.218.190.0/23,
195.226.203.0/24,
195.239.80.32/29,
195.239.113.0/24,
195.239.247.0/24,
212.13.104.116/30,
212.13.113.100/30,
212.15.105.64/28,
212.15.114.156/30,
212.15.115.80/28,
212.17.8.176/29,
212.17.9.144/28,
212.17.16.192/27,
212.17.17.176/28,
212.23.85.48/30,
212.23.85.56/29,
212.32.198.64/29,
212.48.34.176/28,
212.48.53.76/30,
212.48.53.84/30,
212.48.53.88/29,
212.48.53.100/30,
212.48.53.144/30,
212.48.53.152/29,
212.48.53.160/29,
212.48.53.184/29,
212.48.53.192/29,
212.48.53.200/30,
212.48.53.216/30,
212.48.53.236/30,
212.48.53.240/28,
212.48.54.0/30,
212.48.54.8/29,
212.48.54.16/28,
212.48.54.32/29,
212.48.54.44/30,
212.48.54.48/28,
212.48.54.64/28,
212.48.54.80/29,
212.48.54.92/30,
212.48.54.96/27,
212.48.54.128/27,
212.48.54.164/30,
212.48.54.168/29,
212.48.54.176/28,
212.48.54.196/30,
212.48.54.200/30,
212.48.54.208/28,
212.48.54.240/28,
212.48.134.192/26,
212.48.138.240/28,
212.48.141.160/27,
212.49.107.224/27,
212.49.124.0/26,
212.57.133.0/24,
212.57.159.0/24,
212.59.98.48/29,
212.59.99.96/27,
212.111.84.0/22,
212.119.174.0/23,
212.120.169.48/29,
212.120.174.88/29,
212.120.184.48/28,
212.120.184.64/29,
212.120.189.208/29,
212.120.189.224/29,
212.120.190.112/29,
212.120.190.240/29,
212.120.191.120/29,
212.120.191.248/29,
212.192.156.0/22,
212.233.72.0/21,
212.233.88.0/21,
212.233.96.0/22,
212.233.120.0/22,
213.24.34.0/24,
213.24.75.0/24,
213.24.76.0/23,
213.24.128.0/22,
213.24.143.0/24,
213.24.152.0/22,
213.24.160.0/28,
213.33.171.240/29,
213.59.59.16/29,
213.59.59.64/29,
213.59.59.120/29,
213.59.59.128/29,
213.59.59.144/29,
213.59.59.168/29,
213.59.91.48/29,
213.59.91.128/27,
213.59.91.176/28,
213.85.2.64/28,
213.85.2.80/29,
213.85.20.8/30,
213.85.20.32/30,
213.85.20.84/30,
213.85.77.64/27,
213.85.142.176/28,
213.147.55.108/30,
213.172.4.192/26,
213.172.17.252/30,
213.172.18.60/30,
213.172.18.124/30,
213.172.18.148/30,
213.172.18.160/29,
213.172.18.252/30,
213.172.27.0/30,
213.172.27.116/30,
213.172.27.160/30,
213.172.27.204/30,
213.172.27.212/30,
213.172.27.224/30,
213.172.27.252/30,
213.172.30.136/30,
213.176.232.0/22,
213.177.111.0/24,
213.183.253.56/29,
213.219.212.0/22,
213.219.237.68/30,
213.234.8.8/30,
213.234.13.60/30,
213.234.15.228/30,
213.234.15.248/30,
213.234.18.52/30,
213.242.204.76/30,
213.242.204.236/30,
213.242.205.88/30,
213.242.215.68/30,
213.242.215.192/29,
213.243.84.80/28,
213.243.106.48/28,
213.243.116.0/24,
217.16.16.0/20,
217.20.86.128/26,
217.20.86.232/29,
217.20.144.0/20,
217.23.88.168/29,
217.23.88.248/29,
217.27.142.176/30,
217.65.214.24/29,
217.65.219.160/29,
217.67.177.208/29,
217.69.128.0/20,
217.106.0.0/16,
217.107.5.8/29,
217.107.5.16/28,
217.107.5.40/29,
217.107.5.80/28,
217.107.5.96/29,
217.107.5.112/29,
217.107.200.0/21,
217.147.23.112/28,
217.148.216.156/30,
217.148.220.160/29,
217.172.18.0/23,
217.174.188.0/22,
217.195.92.16/28,
217.195.93.144/29,
217.195.94.200/29
}
}
set blacklist_v6 {
type ipv6_addr
flags interval
elements = {
2a00:1148::/29,
2a00:46e0::/32,
2a00:a300::/32,
2a00:b4c0::/32,
2a00:bdc0::/33,
2a00:bdc0:8000::/34,
2a00:bdc0:c000::/35,
2a00:bdc0:e002::/47,
2a00:bdc0:e004::/47,
2a00:bdc0:e007::/48,
2a00:bdc0:f000::/36,
2a00:bdc1::/32,
2a00:bdc2::/31,
2a00:bdc4::/30,
2a14:25c0::/32,
2a14:25c5::/32,
2a14:25c6::/31
}
}
chain input {
type filter hook input priority 0;
policy accept;
ct state { established, related } accept
ip saddr @blacklist_v4 counter drop
ip6 saddr @blacklist_v6 counter drop
}
}

0
blacklists_nginx/.keep_folder Normal file
View File

302
blacklists_nginx/README.md
View File

@@ -1,302 +0,0 @@
# Nginx Blacklist Configurations
Auto-generated nginx configuration files for blocking networks and IP addresses.
## Available Files
### Mixed IPv4/IPv6
- **`blacklist.conf`** - Contains both IPv4 and IPv6 deny rules (809 entries)
### IPv4 Only
- **`blacklist-v4.conf`** - Contains only IPv4 deny rules (806 entries)
### IPv6 Only
- **`blacklist-v6.conf`** - Contains only IPv6 deny rules (3 entries)
## Usage
### Basic Usage
Include the desired configuration file in your nginx `server` or `location` block:
```nginx
server {
listen 80;
server_name example.com;
# Include the blacklist
include /path/to/blacklist.conf;
location / {
# your configuration
}
}
```
### Separate IPv4/IPv6 Files
For more granular control, use separate files:
```nginx
server {
listen 80;
listen [::]:80;
server_name example.com;
# Include both IPv4 and IPv6 blacklists
include /path/to/blacklist-v4.conf;
include /path/to/blacklist-v6.conf;
location / {
# your configuration
}
}
```
### HTTP Block Level
Apply the blacklist globally to all virtual hosts:
```nginx
http {
# Apply blacklist globally
include /path/to/blacklist.conf;
server {
listen 80;
server_name example.com;
# ...
}
server {
listen 80;
server_name another.com;
# ...
}
}
```
### Location Block Level
For selective blocking within specific locations:
```nginx
server {
listen 80;
server_name example.com;
location /admin {
# Apply blacklist only to admin area
include /path/to/blacklist.conf;
# ...
}
location /public {
# Public area without blacklist
# ...
}
}
```
## Testing Configuration
After adding the blacklist, always test your nginx configuration:
```bash
# Test configuration
nginx -t
# Reload nginx if test passes
nginx -s reload
# or
systemctl reload nginx
```
## Custom Response
By default, denied IPs receive a connection drop. To customize the response:
```nginx
server {
listen 80;
server_name example.com;
# Return custom error page
error_page 403 /403.html;
include /path/to/blacklist.conf;
location = /403.html {
root /usr/share/nginx/html;
internal;
}
}
```
Note: For large blacklists, using `deny` directives (as in these files) is more efficient than `if` statements.
## Performance Considerations
- **Deny directives** are processed in order and stop at the first match
- For optimal performance, most frequently matched IPs should be at the top
- Current files are sorted for consistency
- Nginx handles hundreds of deny rules efficiently
- For very large blacklists (10,000+ entries), consider using:
- Nginx GeoIP2 module for geographic blocking
- nftables/iptables at the firewall level for better performance
- Stream module for TCP/UDP level blocking
## Integration Examples
### Docker Deployment
```dockerfile
FROM nginx:alpine
# Copy blacklist
COPY blacklist.conf /etc/nginx/blacklist.conf
# Copy nginx config that includes the blacklist
COPY nginx.conf /etc/nginx/nginx.conf
EXPOSE 80 443
CMD ["nginx", "-g", "daemon off;"]
```
### Kubernetes ConfigMap
```yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: nginx-blacklist
data:
blacklist.conf: |
# Include blacklist content here
deny 109.124.119.88/29;
deny 109.124.66.128/30;
# ...
```
### Automated Updates
Set up a cron job to automatically fetch the latest blacklist:
```bash
#!/bin/bash
# /etc/cron.daily/update-nginx-blacklist
# Download latest blacklist
wget -q https://raw.githubusercontent.com/C24Be/AS_Network_List/main/blacklists_nginx/blacklist.conf \
-O /etc/nginx/blacklist.conf.new
# Test nginx configuration
nginx -t -c /etc/nginx/nginx.conf
# If test passes, reload nginx
if [ $? -eq 0 ]; then
mv /etc/nginx/blacklist.conf.new /etc/nginx/blacklist.conf
systemctl reload nginx
echo "Blacklist updated successfully"
else
rm /etc/nginx/blacklist.conf.new
echo "Nginx config test failed, blacklist not updated"
fi
```
## Logging Blocked Requests
To log denied requests:
```nginx
server {
listen 80;
server_name example.com;
# Custom log format for denied IPs
log_format blocked '$remote_addr - $remote_user [$time_local] '
'"$request" 403 0 '
'"$http_referer" "$http_user_agent"';
access_log /var/log/nginx/blocked.log blocked;
include /path/to/blacklist.conf;
location / {
# your configuration
}
}
```
## Monitoring
Check how many IPs are being blocked:
```bash
# Count deny rules
grep -c "deny" /path/to/blacklist.conf
# Check blocked access logs
tail -f /var/log/nginx/blocked.log
# Count blocked requests today
grep "$(date +%d/%b/%Y)" /var/log/nginx/access.log | grep " 403 " | wc -l
```
## Troubleshooting
### Configuration Test Fails
```bash
# Check syntax
nginx -t
# Check for duplicate includes
grep -r "include.*blacklist" /etc/nginx/
# Verify file permissions
ls -l /path/to/blacklist.conf
```
### Legitimate Users Blocked
Check if their IP is in the blacklist:
```bash
grep "YOUR_IP" /path/to/blacklist.conf
```
Whitelist specific IPs before applying the blacklist:
```nginx
server {
listen 80;
server_name example.com;
# Whitelist before blacklist
allow 192.168.1.100; # Trusted IP
# Then apply blacklist
include /path/to/blacklist.conf;
# Deny all others not explicitly allowed
# deny all; # Optional
}
```
## Automatic Updates
These files are automatically regenerated daily when the blacklists are updated via the GitHub Actions workflow.
## Source
Generated from the blacklist files in the `blacklists/` directory by `blacklists_updater_nginx.sh`.
## See Also
- [IPTables/IPSet Format](../blacklists_iptables/README.md) - For firewall-level blocking
- [Text Format](../blacklists/README.md) - For custom integrations
- [Main Repository](https://github.com/C24Be/AS_Network_List) - Complete documentation

1145
blacklists_nginx/blacklist-v4.conf
View File

File diff suppressed because it is too large Load Diff

31
blacklists_nginx/blacklist-v6.conf
View File

@@ -1,31 +0,0 @@
# Nginx blacklist configuration (IPv6 only)
# Auto-generated from blacklist-v6.txt
# Last updated: 2026-03-04 06:38:44 UTC
#
# Usage: Include this file in your nginx server or location block:
# include /path/to/blacklist-v6.conf;
#
deny 2a00:1148::/29;
deny 2a00:1148::/32;
deny 2a00:46e0:2::/48;
deny 2a00:46e0::/32;
deny 2a00:a300::/32;
deny 2a00:b4c0::/32;
deny 2a00:bdc0:8000::/34;
deny 2a00:bdc0::/33;
deny 2a00:bdc0:c000::/35;
deny 2a00:bdc0:e002::/48;
deny 2a00:bdc0:e003::/48;
deny 2a00:bdc0:e004::/48;
deny 2a00:bdc0:e005::/48;
deny 2a00:bdc0:e007::/48;
deny 2a00:bdc0:f000::/36;
deny 2a00:bdc1::/32;
deny 2a00:bdc2::/31;
deny 2a00:bdc4::/30;
deny 2a14:25c0::/32;
deny 2a14:25c5::/32;
deny 2a14:25c6::/32;
deny 2a14:25c7::/32;

1167
blacklists_nginx/blacklist.conf
View File

File diff suppressed because it is too large Load Diff

0
blacklists_routes/.keep_folder Normal file
View File

94
blacklists_updater_iptables.sh
View File

@@ -1,19 +1,46 @@
#!/bin/sh
SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)"
# Input files (generated by blacklists_updater_txt.sh)
blacklist_file="blacklists/blacklist.txt"
blacklist_v4_file="blacklists/blacklist-v4.txt"
blacklist_v6_file="blacklists/blacklist-v6.txt"
blacklist_file="${SCRIPT_DIR}/blacklists/blacklist.txt"
blacklist_v4_file="${SCRIPT_DIR}/blacklists/blacklist-v4.txt"
blacklist_v6_file="${SCRIPT_DIR}/blacklists/blacklist-v6.txt"
# Source files for name-based VK filtering
auto_all_v4_file="${SCRIPT_DIR}/auto/all-ru-ipv4.txt"
auto_all_v6_file="${SCRIPT_DIR}/auto/all-ru-ipv6.txt"
auto_ripe_v4_file="${SCRIPT_DIR}/auto/ripe-ru-ipv4.txt"
vk_name_pattern='VK[[:space:]-]*CLOUD|VKCOMPANY|VKONTAKTE'
# Additional VK-only text blacklists
blacklist_vk_file="${SCRIPT_DIR}/blacklists/blacklist-vk.txt"
blacklist_vk_v4_file="${SCRIPT_DIR}/blacklists/blacklist-vk-v4.txt"
blacklist_vk_v6_file="${SCRIPT_DIR}/blacklists/blacklist-vk-v6.txt"
# Output directory and files
iptables_output_dir="blacklists_iptables"
iptables_output_dir="${SCRIPT_DIR}/blacklists_iptables"
iptables_output_file="${iptables_output_dir}/blacklist.ipset"
iptables_v4_output_file="${iptables_output_dir}/blacklist-v4.ipset"
iptables_v6_output_file="${iptables_output_dir}/blacklist-v6.ipset"
iptables_vk_output_file="${iptables_output_dir}/blacklist-vk.ipset"
iptables_vk_v4_output_file="${iptables_output_dir}/blacklist-vk-v4.ipset"
iptables_vk_v6_output_file="${iptables_output_dir}/blacklist-vk-v6.ipset"
# Create iptables directory if it doesn't exist
mkdir -p "${iptables_output_dir}"
# Build additional VK-only blacklist from network names in auto/*.txt files
tmp_vk_file="$(mktemp "${SCRIPT_DIR}/blacklists/.blacklist-vk.XXXXXX")"
for source_file in "${auto_all_v4_file}" "${auto_all_v6_file}" "${auto_ripe_v4_file}"; do
[ -f "${source_file}" ] || continue
awk -v pattern="${vk_name_pattern}" 'BEGIN { IGNORECASE = 1 } $0 ~ pattern { print $1 }' "${source_file}" >> "${tmp_vk_file}"
done
sort -u "${tmp_vk_file}" > "${blacklist_vk_file}"
grep ':' "${blacklist_vk_file}" | sort -u > "${blacklist_vk_v6_file}" || true
grep -v ':' "${blacklist_vk_file}" | sort -u > "${blacklist_vk_v4_file}" || true
rm -f "${tmp_vk_file}"
# Function to generate ipset config from input file
generate_ipset_config() {
local input_file="$1"
@@ -21,6 +48,19 @@ generate_ipset_config() {
local ip_version="$3"
local set_name="$4"
local family="$5"
local iptables_cmd="iptables"
local rule_primary=""
local rule_secondary=""
[ "${family}" = "inet6" ] && iptables_cmd="ip6tables"
if printf "%s" "${set_name}" | grep -q '^blacklist-vk'; then
rule_primary="${iptables_cmd} -I OUTPUT -m set --match-set ${set_name} dst -j REJECT"
rule_secondary="${iptables_cmd} -I FORWARD -m set --match-set ${set_name} dst -j REJECT"
else
rule_primary="${iptables_cmd} -I INPUT -m set --match-set ${set_name} src -m conntrack --ctstate NEW -j DROP"
rule_secondary="${iptables_cmd} -I FORWARD -m set --match-set ${set_name} src -m conntrack --ctstate NEW -j DROP"
fi
# Count entries for hash size calculation
local count=$(wc -l < "${input_file}" | tr -d ' ')
@@ -38,8 +78,8 @@ generate_ipset_config() {
# ipset restore < $(basename ${output_file})
#
# 2. Use with iptables/ip6tables:
# iptables -I INPUT -m set --match-set ${set_name} src -m conntrack --ctstate NEW -j DROP
# iptables -I FORWARD -m set --match-set ${set_name} src -m conntrack --ctstate NEW -j DROP
# ${rule_primary}
${rule_secondary:+# ${rule_secondary}}
#
# 3. To flush/delete the set:
# ipset flush ${set_name}
@@ -63,6 +103,8 @@ EOF
# Generate ipset configurations from blacklist files
generate_ipset_config "${blacklist_v4_file}" "${iptables_v4_output_file}" "(IPv4 only)" "blacklist-v4" "inet"
generate_ipset_config "${blacklist_v6_file}" "${iptables_v6_output_file}" "(IPv6 only)" "blacklist-v6" "inet6"
generate_ipset_config "${blacklist_vk_v4_file}" "${iptables_vk_v4_output_file}" "(VK names, IPv4 only)" "blacklist-vk-v4" "inet"
generate_ipset_config "${blacklist_vk_v6_file}" "${iptables_vk_v6_output_file}" "(VK names, IPv6 only)" "blacklist-vk-v6" "inet6"
# For mixed file, we need to create two sets (IPv4 and IPv6) as ipset doesn't support mixed families
cat > "${iptables_output_file}" << EOF
@@ -94,3 +136,43 @@ tail -n +2 "${iptables_v6_output_file}" | grep -E "^(create|add)" >> "${iptables
echo "✓ Generated (mixed IPv4/IPv6): ${iptables_output_file}"
echo " Total entries: $(wc -l < "${blacklist_file}" | tr -d ' ')"
# Generate mixed VK-only ipset file (contains both v4 and v6 sets)
cat > "${iptables_vk_output_file}" << EOF
# IPSet blacklist configuration (VK names: VK Cloud / VKCOMPANY / VKONTAKTE)
# Auto-generated from name-filtered auto/*.txt sources
# Last updated: $(date -u +"%Y-%m-%d %H:%M:%S UTC")
#
# Usage:
# 1. Load the ipset:
# ipset restore < $(basename "${iptables_vk_output_file}")
#
# 2. Use with iptables/ip6tables:
# iptables -I OUTPUT -m set --match-set blacklist-vk-v4 dst -j REJECT
# iptables -I FORWARD -m set --match-set blacklist-vk-v4 dst -j REJECT
# ip6tables -I OUTPUT -m set --match-set blacklist-vk-v6 dst -j REJECT
# ip6tables -I FORWARD -m set --match-set blacklist-vk-v6 dst -j REJECT
#
# 3. To flush/delete the sets:
# ipset flush blacklist-vk-v4 && ipset destroy blacklist-vk-v4
# ipset flush blacklist-vk-v6 && ipset destroy blacklist-vk-v6
#
EOF
tail -n +2 "${iptables_vk_v4_output_file}" | grep -E "^(create|add)" >> "${iptables_vk_output_file}"
echo "" >> "${iptables_vk_output_file}"
tail -n +2 "${iptables_vk_v6_output_file}" | grep -E "^(create|add)" >> "${iptables_vk_output_file}"
echo "✓ Generated (VK names, mixed IPv4/IPv6): ${iptables_vk_output_file}"
echo " Total entries: $(wc -l < "${blacklist_vk_file}" | tr -d ' ')"
echo ""
echo "VK outgoing block examples (iptables/ipset):"
echo " ipset restore < ${iptables_vk_output_file}"
echo " iptables -I OUTPUT -m set --match-set blacklist-vk-v4 dst -j REJECT"
echo " iptables -I FORWARD -m set --match-set blacklist-vk-v4 dst -j REJECT"
echo " ip6tables -I OUTPUT -m set --match-set blacklist-vk-v6 dst -j REJECT"
echo " ip6tables -I FORWARD -m set --match-set blacklist-vk-v6 dst -j REJECT"
echo ""
echo "Tip: Do not install Messenger MAX on the same phone/device that has VPN access configured."

59
blacklists_updater_nftables.sh
View File

@@ -7,29 +7,78 @@ SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
INPUT_FILE="$SCRIPT_DIR/blacklists/blacklist.txt"
OUTPUT_DIR="$SCRIPT_DIR/blacklists_nftables"
# Source files for name-based VK filtering
AUTO_ALL_V4_FILE="$SCRIPT_DIR/auto/all-ru-ipv4.txt"
AUTO_ALL_V6_FILE="$SCRIPT_DIR/auto/all-ru-ipv6.txt"
AUTO_RIPE_V4_FILE="$SCRIPT_DIR/auto/ripe-ru-ipv4.txt"
VK_NAME_PATTERN='VK[[:space:]-]*CLOUD|VKCOMPANY|VKONTAKTE'
# Additional VK-only text blacklists
VK_INPUT_FILE="$SCRIPT_DIR/blacklists/blacklist-vk.txt"
VK_INPUT_V4_FILE="$SCRIPT_DIR/blacklists/blacklist-vk-v4.txt"
VK_INPUT_V6_FILE="$SCRIPT_DIR/blacklists/blacklist-vk-v6.txt"
# Create output directory if it doesn't exist
mkdir -p "$OUTPUT_DIR"
echo "Generating nftables blacklists..."
# Build additional VK-only blacklist from network names in auto/*.txt files
TMP_VK_FILE="$(mktemp "$SCRIPT_DIR/blacklists/.blacklist-vk.XXXXXX")"
for source_file in "$AUTO_ALL_V4_FILE" "$AUTO_ALL_V6_FILE" "$AUTO_RIPE_V4_FILE"; do
[[ -f "$source_file" ]] || continue
awk -v pattern="$VK_NAME_PATTERN" 'BEGIN { IGNORECASE = 1 } $0 ~ pattern { print $1 }' "$source_file" >> "$TMP_VK_FILE"
done
sort -u "$TMP_VK_FILE" > "$VK_INPUT_FILE"
grep ':' "$VK_INPUT_FILE" | sort -u > "$VK_INPUT_V6_FILE" || true
grep -v ':' "$VK_INPUT_FILE" | sort -u > "$VK_INPUT_V4_FILE" || true
rm -f "$TMP_VK_FILE"
# Generate mixed IPv4/IPv6 blacklist
python3 "$SCRIPT_DIR/generate_nft_blacklist.py" \
"$INPUT_FILE" \
"$OUTPUT_DIR/blacklist.nft"
# Generate IPv4-only blacklist
grep -E '^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+' "$INPUT_FILE" > /tmp/blacklist-v4.txt || true
TMP_V4_FILE="/tmp/blacklist-v4.txt"
TMP_V6_FILE="/tmp/blacklist-v6.txt"
grep -E '^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+' "$INPUT_FILE" > "$TMP_V4_FILE" || true
python3 "$SCRIPT_DIR/generate_nft_blacklist.py" \
/tmp/blacklist-v4.txt \
"$TMP_V4_FILE" \
"$OUTPUT_DIR/blacklist-v4.nft"
# Generate IPv6-only blacklist
grep -E '^[0-9a-fA-F:]+:' "$INPUT_FILE" > /tmp/blacklist-v6.txt || true
grep -E '^[0-9a-fA-F:]+:' "$INPUT_FILE" > "$TMP_V6_FILE" || true
python3 "$SCRIPT_DIR/generate_nft_blacklist.py" \
/tmp/blacklist-v6.txt \
"$TMP_V6_FILE" \
"$OUTPUT_DIR/blacklist-v6.nft"
# Generate VK-only blacklists (network names: VK Cloud / VKCOMPANY / VKONTAKTE)
python3 "$SCRIPT_DIR/generate_nft_blacklist.py" \
"$VK_INPUT_FILE" \
"$OUTPUT_DIR/blacklist-vk.nft"
python3 "$SCRIPT_DIR/generate_nft_blacklist.py" \
"$VK_INPUT_V4_FILE" \
"$OUTPUT_DIR/blacklist-vk-v4.nft"
python3 "$SCRIPT_DIR/generate_nft_blacklist.py" \
"$VK_INPUT_V6_FILE" \
"$OUTPUT_DIR/blacklist-vk-v6.nft"
# Clean up temp files
rm -f /tmp/blacklist-v4.txt /tmp/blacklist-v6.txt
rm -f "$TMP_V4_FILE" "$TMP_V6_FILE"
echo "nftables blacklists generated successfully!"
echo ""
echo "VM incoming block examples (all lists, nftables):"
echo " sudo nft -f $OUTPUT_DIR/blacklist.nft"
echo " sudo nft add chain inet filter input '{ type filter hook input priority 0; policy accept; }'"
echo " sudo nft add rule inet filter input ip saddr @blacklist_v4 counter reject"
echo " sudo nft add rule inet filter input ip6 saddr @blacklist_v6 counter reject"
echo ""
echo "VK outbound block examples for VPN clients via NAT (nftables):"
echo " sudo nft -f $OUTPUT_DIR/blacklist-vk.nft"
echo " sudo nft add chain inet filter forward '{ type filter hook forward priority 0; policy accept; }'"
echo " sudo nft add rule inet filter forward iifname \"<VPN_IFACE>\" ip daddr @blacklist_v4 counter reject"
echo " sudo nft add rule inet filter forward iifname \"<VPN_IFACE>\" ip6 daddr @blacklist_v6 counter reject"
echo ""
echo "Tip: Do not install Messenger MAX on the same phone/device that has VPN access configured."

78
blacklists_updater_routes.sh Normal file
View File

@@ -0,0 +1,78 @@
#!/bin/sh
set -e
SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)"
# Source files for name-based VK filtering
AUTO_ALL_V4_FILE="${SCRIPT_DIR}/auto/all-ru-ipv4.txt"
AUTO_ALL_V6_FILE="${SCRIPT_DIR}/auto/all-ru-ipv6.txt"
AUTO_RIPE_V4_FILE="${SCRIPT_DIR}/auto/ripe-ru-ipv4.txt"
VK_NAME_PATTERN='VK[[:space:]-]*CLOUD|VKCOMPANY|VKONTAKTE'
# Additional VK-only text blacklists
VK_INPUT_FILE="${SCRIPT_DIR}/blacklists/blacklist-vk.txt"
VK_INPUT_V4_FILE="${SCRIPT_DIR}/blacklists/blacklist-vk-v4.txt"
VK_INPUT_V6_FILE="${SCRIPT_DIR}/blacklists/blacklist-vk-v6.txt"
# Output directory and files
ROUTES_OUTPUT_DIR="${SCRIPT_DIR}/blacklists_route"
ROUTES_V4_FILE="${ROUTES_OUTPUT_DIR}/blacklist-vk-v4.routes"
ROUTES_V6_FILE="${ROUTES_OUTPUT_DIR}/blacklist-vk-v6.routes"
mkdir -p "${ROUTES_OUTPUT_DIR}" "${SCRIPT_DIR}/blacklists"
echo "Generating VK route blacklists..."
# Build additional VK-only blacklist from network names in auto/*.txt files
TMP_VK_FILE="$(mktemp "${SCRIPT_DIR}/blacklists/.blacklist-vk.XXXXXX")"
for source_file in "${AUTO_ALL_V4_FILE}" "${AUTO_ALL_V6_FILE}" "${AUTO_RIPE_V4_FILE}"; do
[ -f "${source_file}" ] || continue
awk -v pattern="${VK_NAME_PATTERN}" 'BEGIN { IGNORECASE = 1 } $0 ~ pattern { print $1 }' "${source_file}" >> "${TMP_VK_FILE}"
done
sort -u "${TMP_VK_FILE}" > "${VK_INPUT_FILE}"
grep ':' "${VK_INPUT_FILE}" | sort -u > "${VK_INPUT_V6_FILE}" || true
grep -v ':' "${VK_INPUT_FILE}" | sort -u > "${VK_INPUT_V4_FILE}" || true
rm -f "${TMP_VK_FILE}"
# Generate IPv4 routes file (route VK prefixes to loopback via 127.0.0.1)
cat > "${ROUTES_V4_FILE}" << EOF
# Linux routes for VK networks (IPv4)
# Auto-generated by $(basename "$0")
# Last updated: $(date -u +"%Y-%m-%d %H:%M:%S UTC")
#
# Apply:
# sudo sh $(basename "${ROUTES_V4_FILE}")
#
EOF
while IFS= read -r network; do
[ -n "${network}" ] || continue
printf 'ip route replace %s via 127.0.0.1 dev lo onlink\n' "${network}" >> "${ROUTES_V4_FILE}"
done < "${VK_INPUT_V4_FILE}"
# Generate IPv6 routes file (route VK prefixes to loopback via ::1)
cat > "${ROUTES_V6_FILE}" << EOF
# Linux routes for VK networks (IPv6)
# Auto-generated by $(basename "$0")
# Last updated: $(date -u +"%Y-%m-%d %H:%M:%S UTC")
#
# Apply:
# sudo sh $(basename "${ROUTES_V6_FILE}")
#
EOF
while IFS= read -r network; do
[ -n "${network}" ] || continue
printf 'ip -6 route replace %s via ::1 dev lo\n' "${network}" >> "${ROUTES_V6_FILE}"
done < "${VK_INPUT_V6_FILE}"
echo "✓ Generated: ${ROUTES_V4_FILE} (entries: $(wc -l < "${VK_INPUT_V4_FILE}" | tr -d ' '))"
echo "✓ Generated: ${ROUTES_V6_FILE} (entries: $(wc -l < "${VK_INPUT_V6_FILE}" | tr -d ' '))"
echo ""
echo "Examples:"
echo " sudo sh ${ROUTES_V4_FILE}"
echo " sudo sh ${ROUTES_V6_FILE}"