Update 2026.03.29 13:11:56

Update 2026.03.29 06:56:52
Merge branch 'main' of https://github.com/C24Be/AS_Network_List
2026-03-29 21:58:59 +03:00 · 2026-03-29 13:11:57 +00:00 · 2026-03-29 06:56:52 +00:00 · 2026-03-28 12:15:26 +01:00 · 2026-03-28 12:15:23 +01:00 · 2026-03-28 06:52:03 +00:00
49 changed files with 8877 additions and 9443 deletions
--- a/.github/actions/gitPush/action.yaml
+++ b/.github/actions/gitPush/action.yaml
@@ -10,7 +10,7 @@ runs:
          git config --global user.email "${{ env.REPO_OWNER }}@github.com"
          if [ -n "${{ env.CUSTOM_BRANCH }}" ]; then
              git checkout "${daily_branch}" 2>/dev/null || git checkout -b "${daily_branch}"
-              git push --set origin "${daily_branch}"
+              git push --set-upstream origin "${daily_branch}"
          fi
          git add ${{ env.PUSH_FILES }}
          git diff --staged --quiet || CHANGED=true
--- a/.github/actions/gitReset/action.yaml
+++ b/.github/actions/gitReset/action.yaml
@@ -8,9 +8,9 @@ runs:
          if [ -n "${{ env.CUSTOM_BRANCH }}" ]; then
              git reset --hard
              git clean -fdx
-              git checkout "${daily_branch}"
+              git checkout "${daily_branch}" 2>/dev/null || git checkout -b "${daily_branch}"
-              git pull origin "${daily_branch}"
+              git pull origin "${daily_branch}" || true
-              git push --set origin "${daily_branch}"
+              git push --set-upstream origin "${daily_branch}"
          fi
          git reset --hard
          git clean -fdx
--- a/.github/workflows/resolve_networks.yml
+++ b/.github/workflows/resolve_networks.yml
@@ -26,7 +26,7 @@ jobs:
        with:
          fetch-depth: 0                         # this is required to fetch all history for all branches and tags
          token: ${{ env.GH_PAT }}
-          ref: ${{ github.branch }}
+          ref: ${{ github.ref_name }}
      - uses: ./.github/actions/gitReset
        env:
          CUSTOM_BRANCH: true
@@ -53,7 +53,7 @@ jobs:
        with:
          fetch-depth: 0                         # this is required to fetch all history for all branches and tags
          token: ${{ env.GH_PAT }}
-          ref: ${{ github.branch }}
+          ref: ${{ github.ref_name }}
      - uses: ./.github/actions/gitReset
        env:
          CUSTOM_BRANCH: true
@@ -80,7 +80,7 @@ jobs:
        with:
          fetch-depth: 0                         # this is required to fetch all history for all branches and tags
          token: ${{ env.GH_PAT }}
-          ref: ${{ github.branch }}
+          ref: ${{ github.ref_name }}
      - uses: ./.github/actions/gitReset
        env:
          CUSTOM_BRANCH: true
--- a/.github/workflows/update_blacklists.yml
+++ b/.github/workflows/update_blacklists.yml
@@ -33,6 +33,7 @@ jobs:
      - run: ./blacklists_updater_nginx.sh
      - run: ./blacklists_updater_iptables.sh
      - run: ./blacklists_updater_nftables.sh
      - run: ./blacklists_updater_routes.sh
      - uses: ./.github/actions/gitPush
        env:
-          PUSH_FILES: blacklists/ blacklists_nginx/ blacklists_iptables/ blacklists_nftables/
+          PUSH_FILES: blacklists/ blacklists_nginx/ blacklists_iptables/ blacklists_nftables/ blacklists_route/
--- a/README.md
+++ b/README.md
@@ -2,14 +2,22 @@
 ### Blacklists are updated daily!
 > [!IMPORTANT]
 > A very important feature has been added: dedicated lists of VK Cloud / VK networks that can be used to block **OUTGOING** traffic from your server (iptables/ipset and nftables formats are available).
 > This can help reduce the risk of Messenger MAX being used to compromise your VPN server.
 > The best security option is to avoid installing Messenger MAX at all on a phone where VPN access is configured.
 This repository contains Python scripts that allow you to retrieve network lists based on either an Autonomous System (AS) name or a Network name. Also you can download and parse the whole RIPE database to get information about Networks for the further analysis.
 ## Important Links
 **Ready-to-use blacklists in multiple formats:**
 - [Text blacklists in `blacklists/`](https://github.com/C24Be/AS_Network_List/tree/main/blacklists) - Plain text format with IPv4/IPv6 separation
 - [Nginx configurations in `blacklists_nginx/`](https://github.com/C24Be/AS_Network_List/tree/main/blacklists_nginx) - Ready to include in your nginx config
 - [IPTables/IPSet files in `blacklists_iptables/`](https://github.com/C24Be/AS_Network_List/tree/main/blacklists_iptables) - Optimized for iptables with ipset
- [Other network and ASN lists in `auto/`](https://github.com/C24Be/AS_Network_List/tree/main/auto) - Comprehensive Russian network data
+- [nftables files in `blacklists_nftables/`](https://github.com/C24Be/AS_Network_List/tree/main/blacklists_nftables) - Ready-to-load sets and rules for nftables
 - [Linux route files in `blacklists_route/`](https://github.com/C24Be/AS_Network_List/tree/main/blacklists_route) - VK route blackholes to loopback (IPv4/IPv6)
 ## Files and features
@@ -28,6 +36,8 @@ This repository contains Python scripts that allow you to retrieve network lists
 - `blacklists_updater_txt.sh`: Generates text-based blacklists with IPv4/IPv6 separation
 - `blacklists_updater_nginx.sh`: Generates nginx configuration files with deny directives
 - `blacklists_updater_iptables.sh`: Generates ipset configuration files for iptables/ip6tables
 - `blacklists_updater_nftables.sh`: Generates nftables blacklist files (mixed/v4/v6 and VK-specific)
 - `blacklists_updater_routes.sh`: Generates Linux route files to send VK networks to loopback (`127.0.0.1` / `::1`)
 ### Generated Blacklists
@@ -47,25 +57,34 @@ This repository contains Python scripts that allow you to retrieve network lists
 **IPTables/IPSet Format** (`blacklists_iptables/` folder):
 - `blacklist.ipset`: IPSet configuration for mixed IPv4/IPv6 (**daily generated**)
 - `blacklist-v4.ipset`: IPSet configuration for IPv4 only (**daily generated**)
 - `blacklist-v6.ipset`: IPSet configuration for IPv6 only (**daily generated**)
 - `blacklist-vk-v4.ipset`: IPSet configuration for VK-only IPv4 networks (**daily generated**)
 - `blacklist-vk-v6.ipset`: IPSet configuration for VK-only IPv6 networks (**daily generated**)
 - `README.md`: Complete usage documentation for iptables integration
 **nftables Format** (`blacklists_nftables/` folder):
-* `blacklist.nft`: nftables configuration for mixed IPv4/IPv6 (**daily generated**)
+* `blacklist.nft`: nftables set definitions for mixed IPv4/IPv6 (**daily generated**)
 * `blacklist-v4.nft`: nftables configuration for IPv4 only (**daily generated**)
 * `blacklist-v6.nft`: nftables configuration for IPv6 only (**daily generated**)
 * `blacklist-vk.nft`: nftables set definitions for VK-only mixed IPv4/IPv6 (**daily generated**)
 * `blacklist-vk-v4.nft`: nftables configuration for VK-only IPv4 networks (**daily generated**)
 * `blacklist-vk-v6.nft`: nftables configuration for VK-only IPv6 networks (**daily generated**)
 * `README.md`: Complete usage documentation for nftables integration
 **Linux Routes Format** (`blacklists_route/` folder):
 * `blacklist-vk-v4.routes`: IPv4 routes for VK-only networks to `127.0.0.1` via `lo` (**daily generated**)
 * `blacklist-vk-v6.routes`: IPv6 routes for VK-only networks to `::1` via `lo` (**daily generated**)
 ### Reference Lists
 **Contributors are welcome!**
 - `lists/ru-gov-netnames.txt`: A list of network names associated with the Russian government.
- `lists/ru-gov-asns.txt`: A list of AS numbers associated with the Russian government.
+- ASN candidates used for blacklists are derived automatically from `auto/all-ru-asn.txt`.
 ### Auto-Generated Data
@@ -93,22 +112,55 @@ wget https://raw.githubusercontent.com/C24Be/AS_Network_List/main/blacklists_ngi
 **For IPTables/IPSet:**
 ```bash
-# Download and load into ipset
+# Download and load IPv4/IPv6 sets into ipset
-wget https://raw.githubusercontent.com/C24Be/AS_Network_List/main/blacklists_iptables/blacklist.ipset
+wget https://raw.githubusercontent.com/C24Be/AS_Network_List/main/blacklists_iptables/blacklist-v4.ipset
-ipset restore < blacklist.ipset
+wget https://raw.githubusercontent.com/C24Be/AS_Network_List/main/blacklists_iptables/blacklist-v6.ipset
-iptables -I INPUT -m set --match-set blacklist-v4 src -j DROP
+ipset restore < blacklist-v4.ipset
-ip6tables -I INPUT -m set --match-set blacklist-v6 src -j DROP
+ipset restore < blacklist-v6.ipset
 iptables -I INPUT -m set --match-set blacklist-v4 src -m conntrack --ctstate NEW -j DROP
 ip6tables -I INPUT -m set --match-set blacklist-v6 src -m conntrack --ctstate NEW -j DROP
 ```
 **For nftables:**
 ````bash
-# Download and load into nftables
+# Download and load nftables sets
 wget https://raw.githubusercontent.com/C24Be/AS_Network_List/main/blacklists_nftables/blacklist.nft
 wget https://raw.githubusercontent.com/C24Be/AS_Network_List/main/blacklists_nftables/blacklist-v4.nft
 wget https://raw.githubusercontent.com/C24Be/AS_Network_List/main/blacklists_nftables/blacklist-v6.nft
 sudo nft -f blacklist.nft
 sudo nft -f blacklist-v4.nft
 sudo nft -f blacklist-v6.nft
 # Protect VM from incoming blacklist sources
 sudo nft add chain inet filter input '{ type filter hook input priority 0; policy accept; }'
 sudo nft add rule inet filter input ip saddr @blacklist_v4 counter reject
 sudo nft add rule inet filter input ip6 saddr @blacklist_v6 counter reject
 # VK-only outbound blocking for VPN clients via NAT/FORWARD
 wget https://raw.githubusercontent.com/C24Be/AS_Network_List/main/blacklists_nftables/blacklist-vk.nft
 wget https://raw.githubusercontent.com/C24Be/AS_Network_List/main/blacklists_nftables/blacklist-vk-v4.nft
 wget https://raw.githubusercontent.com/C24Be/AS_Network_List/main/blacklists_nftables/blacklist-vk-v6.nft
 sudo nft -f blacklist-vk.nft
 sudo nft -f blacklist-vk-v4.nft
 sudo nft -f blacklist-vk-v6.nft
 sudo nft add chain inet filter forward '{ type filter hook forward priority 0; policy accept; }'
 sudo nft add rule inet filter forward iifname "<VPN_IFACE>" ip daddr @blacklist_vk_v4 counter reject
 sudo nft add rule inet filter forward iifname "<VPN_IFACE>" ip6 daddr @blacklist_vk_v6 counter reject
 # View the loaded rules
 sudo nft list ruleset
 ````
 **For Linux Routes (VK loopback blackhole):**
 ```bash
 # Download and apply VK route files
 wget https://raw.githubusercontent.com/C24Be/AS_Network_List/main/blacklists_route/blacklist-vk-v4.routes
 wget https://raw.githubusercontent.com/C24Be/AS_Network_List/main/blacklists_route/blacklist-vk-v6.routes
 sudo sh blacklist-vk-v4.routes
 sudo sh blacklist-vk-v6.routes
 ```
 **For Custom Applications:**
 ```bash
@@ -158,16 +210,16 @@ See the README files in each folder for detailed usage instructions.
    ./network_list_from_as.py AS61280
    ```
-2. Run the script with a URL to a file in a GitHub repository as an argument:
+2. Run the script with a URL to a file with one ASN per line:
    ```bash
-    ./network_list_from_as.py https://github.com/C24Be/AS_Network_List/blob/main/lists/ru-gov-asns.txt
+    ./network_list_from_as.py https://example.com/asns.txt
    ```
    Or better use the raw file link:
    ```bash
-    ./network_list_from_as.py https://raw.githubusercontent.com/C24Be/AS_Network_List/main/lists/ru-gov-asns.txt
+    ./network_list_from_as.py https://example.com/asns-raw.txt
    ```
 3. To display a help message, use the `-h` or `--help` switch:
@@ -232,16 +284,6 @@ This repository uses GitHub Actions to automatically update blacklists:
 All blacklists are automatically regenerated and committed to ensure you always have the latest data.
 ## Blacklist Format Comparison
 | Format | Best For | Performance | Ease of Use | File Size |
 |--------|----------|-------------|-------------|-----------|
 | **Text** | Custom scripts, analysis | N/A | ⭐⭐⭐⭐⭐ | Small |
 | **Nginx** | Web servers, reverse proxies | Good | ⭐⭐⭐⭐ | Medium |
 | **IPSet** | Firewalls, large-scale blocking | Excellent | ⭐⭐⭐ | Medium |
 **Recommendation**: Use IPSet for firewall-level blocking (best performance), Nginx for web application layer, and text format for custom integrations.
 ## Additional information
 - [RIPE DB Inetnum](https://ftp.ripe.net/ripe/dbase/split/ripe.db.inetnum.gz)
--- a/auto/ripe-ru-ipv4.json
+++ b/auto/ripe-ru-ipv4.json
--- a/auto/ripe-ru-ipv4.txt
+++ b/auto/ripe-ru-ipv4.txt
--- a/blacklists/.keep
+++ b/blacklists/.keep
--- a/blacklists/blacklist-v4.txt
+++ b/blacklists/blacklist-v4.txt
@@ -30,7 +30,6 @@
 128.140.170.0/24
 128.140.171.0/24
 128.140.172.0/22
 128.140.173.0/24
 130.49.224.0/19
 145.255.238.240/28
 146.185.208.0/22
@@ -43,14 +42,9 @@
 155.212.192.0/20
 176.109.0.0/21
 176.112.168.0/21
 176.116.112.0/22
 176.116.96.0/20
 178.16.156.148/30
 178.17.176.0/23
 178.17.178.0/23
 178.17.180.0/23
 178.17.182.0/23
 178.17.184.0/22
 178.17.188.0/22
 178.20.234.224/29
 178.22.88.0/21
 178.22.89.64/26
@@ -65,7 +59,6 @@
 178.237.240.0/20
 178.237.248.0/21
 178.237.28.0/24
 178.237.29.0/24
 178.237.30.0/23
 178.248.232.137/32
 178.248.232.60/32
@@ -112,21 +105,16 @@
 185.130.112.0/23
 185.130.114.0/23
 185.131.68.0/22
 185.131.68.0/23
 185.149.160.0/24
 185.149.161.0/24
 185.149.162.0/24
 185.149.163.0/24
 185.16.10.0/23
 185.16.148.0/22
 185.16.148.0/23
 185.16.150.0/23
 185.16.244.0/22
 185.16.244.0/23
 185.16.246.0/23
 185.16.246.0/24
 185.16.247.0/24
 185.16.8.0/23
 185.168.60.0/24
 185.168.61.0/24
 185.168.62.0/24
@@ -199,14 +187,12 @@
 188.93.62.0/24
 193.203.40.0/22
 193.232.70.0/24
 193.33.230.0/23
 193.47.146.0/24
 194.140.247.0/25
 194.140.247.128/25
 194.150.202.0/23
 194.165.22.0/23
 194.186.112.80/28
 194.186.63.0/24
 194.190.9.0/24
 194.215.248.0/24
 194.226.116.0/22
@@ -243,7 +229,6 @@
 195.211.23.0/24
 195.218.175.40/29
 195.218.190.0/23
 195.226.203.0/24
 195.239.113.0/24
 195.239.247.0/24
 195.239.80.32/29
@@ -264,7 +249,6 @@
 195.98.43.104/29
 195.98.73.56/29
 195.98.77.100/30
 212.111.84.0/22
 212.119.174.0/24
 212.119.175.0/24
 212.120.169.48/29
@@ -290,10 +274,6 @@
 212.192.156.0/22
 212.23.85.48/30
 212.23.85.56/29
 212.233.120.0/22
 212.233.72.0/21
 212.233.88.0/21
 212.233.96.0/22
 212.32.198.64/29
 212.48.134.192/26
 212.48.138.240/28
@@ -398,8 +378,6 @@
 213.172.27.252/30
 213.172.30.136/30
 213.172.4.192/26
 213.176.232.0/23
 213.176.234.0/23
 213.177.111.0/24
 213.183.253.56/29
 213.219.212.0/22
@@ -455,7 +433,9 @@
 217.106.203.88/29
 217.106.93.192/26
 217.106.95.112/28
 217.107.0.0/18
 217.107.200.0/21
 217.107.208.0/20
 217.107.5.112/29
 217.107.5.16/29
 217.107.5.24/29
@@ -471,7 +451,7 @@
 217.16.16.0/21
 217.16.24.0/21
 217.172.18.0/23
-217.174.188.0/22
+217.172.20.0/22
 217.174.188.0/23
 217.195.92.16/28
 217.195.93.144/29
@@ -486,7 +466,10 @@
 217.20.158.0/24
 217.20.159.0/24
 217.20.86.128/26
 217.20.86.192/27
 217.20.86.224/29
 217.20.86.232/29
 217.20.86.240/28
 217.23.88.168/29
 217.23.88.248/29
 217.27.142.176/30
@@ -495,9 +478,7 @@
 217.67.177.208/29
 217.69.128.0/20
 217.69.128.0/21
 217.69.132.0/24
 217.69.136.0/21
 31.177.104.0/22
 31.177.95.0/24
 31.44.63.64/29
 37.139.32.0/22
@@ -520,6 +501,7 @@
 46.20.70.160/28
 46.228.0.232/29
 46.29.152.0/22
 46.29.156.0/23
 46.46.142.160/28
 46.46.148.40/29
 46.47.197.128/30
@@ -631,9 +613,6 @@
 79.137.139.0/24
 79.137.139.0/25
 79.137.139.128/25
 79.137.140.0/24
 79.137.142.0/24
 79.137.157.0/24
 79.137.157.0/25
 79.137.157.128/25
 79.137.164.0/24
@@ -653,9 +632,6 @@
 79.137.240.0/22
 79.137.244.0/22
 79.142.88.0/28
 79.143.229.0/24
 79.143.230.0/24
 79.143.232.0/24
 80.237.11.88/29
 80.237.39.112/29
 80.237.98.80/28
@@ -665,8 +641,6 @@
 80.254.100.40/29
 80.254.119.168/29
 80.73.16.0/20
 80.73.16.0/21
 80.73.16.0/24
 80.73.168.80/28
 80.73.169.244/30
 80.82.43.24/29
@@ -690,11 +664,9 @@
 81.195.125.96/30
 81.195.148.140/30
 81.195.150.248/30
 81.195.151.0/24
 81.195.151.172/30
 81.195.155.0/30
 81.195.161.12/30
 81.195.164.0/24
 81.195.165.64/28
 81.195.168.24/30
 81.195.177.160/30
@@ -873,8 +845,6 @@
 87.240.128.0/18
 87.240.128.0/19
 87.240.160.0/19
 87.240.166.0/24
 87.240.167.0/24
 87.242.112.0/22
 87.245.133.0/24
 87.249.16.32/28
@@ -942,9 +912,6 @@
 89.21.152.104/29
 89.221.228.0/22
 89.221.232.0/21
 89.221.232.0/22
 89.221.235.0/24
 89.221.236.0/22
 89.28.253.168/29
 89.28.255.56/29
 90.150.176.52/30
@@ -967,7 +934,6 @@
 90.156.148.0/22
 90.156.148.0/23
 90.156.150.0/23
 90.156.151.0/24
 90.156.212.0/22
 90.156.212.0/23
 90.156.214.0/23
@@ -976,25 +942,12 @@
 90.156.218.0/23
 90.156.232.0/21
 91.103.194.184/29
 91.135.212.0/22
 91.135.216.0/21
 91.135.220.0/24
 91.135.221.0/24
 91.195.136.0/23
 91.208.20.0/24
 91.215.168.0/22
 91.217.34.0/23
 91.219.192.0/22
 91.219.224.0/22
 91.221.140.0/23
 91.221.140.0/24
 91.221.141.0/24
 91.226.250.0/24
 91.227.32.0/24
 91.231.132.0/22
 91.231.132.0/24
 91.231.133.0/24
 91.231.134.0/24
 91.237.76.0/24
 92.101.253.152/29
 92.101.253.96/29
@@ -1039,7 +992,6 @@
 94.124.192.192/29
 94.139.244.0/22
 94.139.244.0/23
 94.139.244.0/24
 94.139.246.0/23
 94.199.64.0/21
 94.25.119.228/30
@@ -1056,9 +1008,6 @@
 95.142.201.0/24
 95.142.202.0/24
 95.142.203.0/24
 95.142.204.0/23
 95.142.207.0/24
 95.163.133.0/24
 95.163.180.0/22
 95.163.180.0/23
 95.163.182.0/23
@@ -1096,6 +1045,7 @@
 95.167.5.80/28
 95.167.54.76/30
 95.167.59.244/30
 95.167.59.248/30
 95.167.64.20/30
 95.167.68.216/29
 95.167.69.116/30
@@ -1113,7 +1063,6 @@
 95.173.128.0/20
 95.173.144.0/20
 95.213.0.0/17
 95.213.0.0/18
 95.213.0.0/20
 95.213.16.0/21
 95.213.24.0/23
@@ -1128,8 +1077,6 @@
 95.213.34.0/23
 95.213.36.0/22
 95.213.40.0/21
 95.213.44.0/24
 95.213.45.0/24
 95.213.48.0/20
 95.213.64.0/18
 95.53.248.0/29
--- a/blacklists/blacklist-v6.txt
+++ b/blacklists/blacklist-v6.txt
@@ -1,22 +1,5 @@
 2a00:1148::/29
 2a00:1148::/32
 2a00:46e0:2::/48
 2a00:46e0::/32
 2a00:a300::/32
 2a00:b4c0::/32
 2a00:bdc0:8000::/34
 2a00:bdc0::/33
 2a00:bdc0:c000::/35
 2a00:bdc0:e002::/48
 2a00:bdc0:e003::/48
 2a00:bdc0:e004::/48
 2a00:bdc0:e005::/48
 2a00:bdc0:e007::/48
 2a00:bdc0:f000::/36
 2a00:bdc1::/32
 2a00:bdc2::/31
 2a00:bdc4::/30
 2a14:25c0::/32
 2a14:25c5::/32
 2a14:25c6::/32
 2a14:25c7::/32
--- a/blacklists/blacklist-vk-v4.txt
+++ b/blacklists/blacklist-vk-v4.txt
@@ -0,0 +1,266 @@
 109.120.180.0/22
 109.120.180.0/23
 109.120.182.0/23
 109.120.188.0/22
 109.120.188.0/23
 109.120.190.0/23
 128.140.168.0/21
 128.140.168.0/23
 128.140.170.0/24
 128.140.171.0/24
 128.140.172.0/22
 130.49.224.0/19
 146.185.208.0/22
 146.185.208.0/23
 146.185.210.0/23
 146.185.240.0/22
 146.185.240.0/23
 146.185.242.0/23
 155.212.192.0/20
 176.112.168.0/21
 178.22.88.0/21
 178.22.89.64/26
 178.22.94.0/23
 178.237.16.0/20
 178.237.16.0/21
 178.237.24.0/22
 178.237.30.0/23
 185.100.104.0/22
 185.100.104.0/23
 185.100.106.0/23
 185.130.112.0/22
 185.130.112.0/23
 185.130.114.0/23
 185.131.68.0/22
 185.16.148.0/22
 185.16.148.0/23
 185.16.150.0/23
 185.16.244.0/22
 185.16.244.0/23
 185.16.246.0/23
 185.180.200.0/22
 185.187.63.0/24
 185.187.63.0/25
 185.187.63.128/25
 185.226.52.0/22
 185.226.52.0/23
 185.226.54.0/23
 185.241.192.0/22
 185.241.192.0/23
 185.241.194.0/23
 185.29.128.0/22
 185.29.130.0/24
 185.32.248.0/22
 185.32.248.0/23
 185.32.250.0/23
 185.5.136.0/22
 185.5.136.0/23
 185.5.138.0/23
 185.6.244.0/22
 185.6.244.0/23
 185.6.246.0/23
 185.86.144.0/22
 185.86.144.0/23
 185.86.146.0/23
 188.93.56.0/21
 188.93.56.0/24
 188.93.57.0/24
 188.93.58.0/24
 188.93.60.0/24
 188.93.61.0/24
 188.93.62.0/24
 193.203.40.0/22
 194.84.16.12/30
 195.211.20.0/22
 195.211.22.0/24
 195.211.23.0/24
 212.111.84.0/22
 212.233.120.0/22
 212.233.72.0/21
 212.233.88.0/21
 212.233.96.0/22
 213.219.212.0/22
 213.219.212.0/23
 213.219.214.0/23
 217.16.16.0/20
 217.16.16.0/21
 217.16.24.0/21
 217.174.188.0/23
 217.20.144.0/20
 217.20.144.0/22
 217.20.148.0/24
 217.20.149.0/24
 217.20.150.0/23
 217.20.152.0/22
 217.20.156.0/23
 217.20.158.0/24
 217.20.159.0/24
 217.69.128.0/20
 217.69.128.0/21
 217.69.136.0/21
 37.139.32.0/22
 37.139.32.0/23
 37.139.34.0/23
 37.139.40.0/22
 37.139.40.0/23
 37.139.42.0/23
 45.136.20.0/22
 45.136.20.0/23
 45.136.22.0/23
 45.84.128.0/22
 45.84.128.0/23
 45.84.130.0/23
 5.101.40.0/22
 5.101.40.0/23
 5.101.42.0/23
 5.181.60.0/22
 5.181.60.0/24
 5.181.61.0/24
 5.181.62.0/23
 5.188.140.0/22
 5.188.140.0/23
 5.188.142.0/23
 5.61.16.0/21
 5.61.16.0/22
 5.61.20.0/22
 5.61.232.0/21
 5.61.232.0/22
 5.61.236.0/23
 5.61.238.0/24
 5.61.239.0/27
 5.61.239.128/25
 5.61.239.40/29
 5.61.239.48/28
 5.61.239.64/26
 62.217.160.0/20
 62.217.160.0/21
 62.217.168.0/21
 79.137.132.0/24
 79.137.132.0/25
 79.137.132.128/25
 79.137.139.0/24
 79.137.139.0/25
 79.137.139.128/25
 79.137.157.0/25
 79.137.157.128/25
 79.137.164.0/24
 79.137.164.0/25
 79.137.164.128/25
 79.137.167.0/24
 79.137.167.0/25
 79.137.167.128/25
 79.137.174.0/23
 79.137.174.0/24
 79.137.175.0/24
 79.137.180.0/24
 79.137.180.0/25
 79.137.180.128/25
 79.137.240.0/21
 79.137.240.0/22
 79.137.244.0/22
 83.166.232.0/21
 83.166.232.0/22
 83.166.236.0/22
 83.166.248.0/21
 83.166.248.0/22
 83.166.252.0/22
 83.217.216.0/22
 83.217.216.0/23
 83.217.218.0/23
 83.222.28.0/22
 84.23.52.0/22
 84.23.52.0/23
 84.23.54.0/23
 85.114.31.108/30
 85.192.32.0/22
 85.192.32.0/23
 85.192.34.0/23
 85.198.106.0/24
 85.198.107.0/24
 87.239.104.0/21
 87.239.104.0/22
 87.239.108.0/22
 87.240.128.0/18
 87.240.128.0/19
 87.240.160.0/19
 87.242.112.0/22
 89.208.196.0/22
 89.208.196.0/23
 89.208.198.0/23
 89.208.208.0/22
 89.208.208.0/23
 89.208.210.0/23
 89.208.216.0/21
 89.208.216.0/23
 89.208.218.0/23
 89.208.220.0/22
 89.208.228.0/22
 89.208.228.0/23
 89.208.230.0/23
 89.208.84.0/22
 89.208.84.0/23
 89.208.86.0/23
 89.221.228.0/22
 89.221.232.0/21
 90.156.148.0/22
 90.156.148.0/23
 90.156.150.0/23
 90.156.212.0/22
 90.156.212.0/23
 90.156.214.0/23
 90.156.216.0/22
 90.156.216.0/23
 90.156.218.0/23
 90.156.232.0/21
 91.219.224.0/22
 91.231.132.0/22
 91.237.76.0/24
 93.153.255.84/30
 93.186.224.0/20
 93.186.224.0/21
 93.186.232.0/21
 94.100.176.0/20
 94.100.176.0/21
 94.100.184.0/21
 94.139.244.0/22
 94.139.244.0/23
 94.139.246.0/23
 95.142.192.0/20
 95.142.192.0/21
 95.142.200.0/21
 95.163.180.0/22
 95.163.180.0/23
 95.163.182.0/23
 95.163.208.0/21
 95.163.208.0/23
 95.163.210.0/23
 95.163.212.0/22
 95.163.216.0/22
 95.163.216.0/23
 95.163.218.0/23
 95.163.248.0/21
 95.163.248.0/22
 95.163.252.0/23
 95.163.254.0/23
 95.163.32.0/19
 95.163.32.0/22
 95.163.36.0/22
 95.163.40.0/21
 95.163.48.0/20
 95.213.0.0/17
 95.213.0.0/20
 95.213.16.0/21
 95.213.24.0/23
 95.213.26.0/24
 95.213.27.0/24
 95.213.28.0/24
 95.213.29.0/24
 95.213.30.0/24
 95.213.31.0/24
 95.213.32.0/24
 95.213.33.0/24
 95.213.34.0/23
 95.213.36.0/22
 95.213.40.0/21
 95.213.48.0/20
 95.213.64.0/18
--- a/blacklists/blacklist-vk-v6.txt
+++ b/blacklists/blacklist-vk-v6.txt
@@ -0,0 +1 @@
 2a00:bdc0::/29
--- a/blacklists/blacklist-vk.txt
+++ b/blacklists/blacklist-vk.txt
@@ -0,0 +1,267 @@
 109.120.180.0/22
 109.120.180.0/23
 109.120.182.0/23
 109.120.188.0/22
 109.120.188.0/23
 109.120.190.0/23
 128.140.168.0/21
 128.140.168.0/23
 128.140.170.0/24
 128.140.171.0/24
 128.140.172.0/22
 130.49.224.0/19
 146.185.208.0/22
 146.185.208.0/23
 146.185.210.0/23
 146.185.240.0/22
 146.185.240.0/23
 146.185.242.0/23
 155.212.192.0/20
 176.112.168.0/21
 178.22.88.0/21
 178.22.89.64/26
 178.22.94.0/23
 178.237.16.0/20
 178.237.16.0/21
 178.237.24.0/22
 178.237.30.0/23
 185.100.104.0/22
 185.100.104.0/23
 185.100.106.0/23
 185.130.112.0/22
 185.130.112.0/23
 185.130.114.0/23
 185.131.68.0/22
 185.16.148.0/22
 185.16.148.0/23
 185.16.150.0/23
 185.16.244.0/22
 185.16.244.0/23
 185.16.246.0/23
 185.180.200.0/22
 185.187.63.0/24
 185.187.63.0/25
 185.187.63.128/25
 185.226.52.0/22
 185.226.52.0/23
 185.226.54.0/23
 185.241.192.0/22
 185.241.192.0/23
 185.241.194.0/23
 185.29.128.0/22
 185.29.130.0/24
 185.32.248.0/22
 185.32.248.0/23
 185.32.250.0/23
 185.5.136.0/22
 185.5.136.0/23
 185.5.138.0/23
 185.6.244.0/22
 185.6.244.0/23
 185.6.246.0/23
 185.86.144.0/22
 185.86.144.0/23
 185.86.146.0/23
 188.93.56.0/21
 188.93.56.0/24
 188.93.57.0/24
 188.93.58.0/24
 188.93.60.0/24
 188.93.61.0/24
 188.93.62.0/24
 193.203.40.0/22
 194.84.16.12/30
 195.211.20.0/22
 195.211.22.0/24
 195.211.23.0/24
 212.111.84.0/22
 212.233.120.0/22
 212.233.72.0/21
 212.233.88.0/21
 212.233.96.0/22
 213.219.212.0/22
 213.219.212.0/23
 213.219.214.0/23
 217.16.16.0/20
 217.16.16.0/21
 217.16.24.0/21
 217.174.188.0/23
 217.20.144.0/20
 217.20.144.0/22
 217.20.148.0/24
 217.20.149.0/24
 217.20.150.0/23
 217.20.152.0/22
 217.20.156.0/23
 217.20.158.0/24
 217.20.159.0/24
 217.69.128.0/20
 217.69.128.0/21
 217.69.136.0/21
 2a00:bdc0::/29
 37.139.32.0/22
 37.139.32.0/23
 37.139.34.0/23
 37.139.40.0/22
 37.139.40.0/23
 37.139.42.0/23
 45.136.20.0/22
 45.136.20.0/23
 45.136.22.0/23
 45.84.128.0/22
 45.84.128.0/23
 45.84.130.0/23
 5.101.40.0/22
 5.101.40.0/23
 5.101.42.0/23
 5.181.60.0/22
 5.181.60.0/24
 5.181.61.0/24
 5.181.62.0/23
 5.188.140.0/22
 5.188.140.0/23
 5.188.142.0/23
 5.61.16.0/21
 5.61.16.0/22
 5.61.20.0/22
 5.61.232.0/21
 5.61.232.0/22
 5.61.236.0/23
 5.61.238.0/24
 5.61.239.0/27
 5.61.239.128/25
 5.61.239.40/29
 5.61.239.48/28
 5.61.239.64/26
 62.217.160.0/20
 62.217.160.0/21
 62.217.168.0/21
 79.137.132.0/24
 79.137.132.0/25
 79.137.132.128/25
 79.137.139.0/24
 79.137.139.0/25
 79.137.139.128/25
 79.137.157.0/25
 79.137.157.128/25
 79.137.164.0/24
 79.137.164.0/25
 79.137.164.128/25
 79.137.167.0/24
 79.137.167.0/25
 79.137.167.128/25
 79.137.174.0/23
 79.137.174.0/24
 79.137.175.0/24
 79.137.180.0/24
 79.137.180.0/25
 79.137.180.128/25
 79.137.240.0/21
 79.137.240.0/22
 79.137.244.0/22
 83.166.232.0/21
 83.166.232.0/22
 83.166.236.0/22
 83.166.248.0/21
 83.166.248.0/22
 83.166.252.0/22
 83.217.216.0/22
 83.217.216.0/23
 83.217.218.0/23
 83.222.28.0/22
 84.23.52.0/22
 84.23.52.0/23
 84.23.54.0/23
 85.114.31.108/30
 85.192.32.0/22
 85.192.32.0/23
 85.192.34.0/23
 85.198.106.0/24
 85.198.107.0/24
 87.239.104.0/21
 87.239.104.0/22
 87.239.108.0/22
 87.240.128.0/18
 87.240.128.0/19
 87.240.160.0/19
 87.242.112.0/22
 89.208.196.0/22
 89.208.196.0/23
 89.208.198.0/23
 89.208.208.0/22
 89.208.208.0/23
 89.208.210.0/23
 89.208.216.0/21
 89.208.216.0/23
 89.208.218.0/23
 89.208.220.0/22
 89.208.228.0/22
 89.208.228.0/23
 89.208.230.0/23
 89.208.84.0/22
 89.208.84.0/23
 89.208.86.0/23
 89.221.228.0/22
 89.221.232.0/21
 90.156.148.0/22
 90.156.148.0/23
 90.156.150.0/23
 90.156.212.0/22
 90.156.212.0/23
 90.156.214.0/23
 90.156.216.0/22
 90.156.216.0/23
 90.156.218.0/23
 90.156.232.0/21
 91.219.224.0/22
 91.231.132.0/22
 91.237.76.0/24
 93.153.255.84/30
 93.186.224.0/20
 93.186.224.0/21
 93.186.232.0/21
 94.100.176.0/20
 94.100.176.0/21
 94.100.184.0/21
 94.139.244.0/22
 94.139.244.0/23
 94.139.246.0/23
 95.142.192.0/20
 95.142.192.0/21
 95.142.200.0/21
 95.163.180.0/22
 95.163.180.0/23
 95.163.182.0/23
 95.163.208.0/21
 95.163.208.0/23
 95.163.210.0/23
 95.163.212.0/22
 95.163.216.0/22
 95.163.216.0/23
 95.163.218.0/23
 95.163.248.0/21
 95.163.248.0/22
 95.163.252.0/23
 95.163.254.0/23
 95.163.32.0/19
 95.163.32.0/22
 95.163.36.0/22
 95.163.40.0/21
 95.163.48.0/20
 95.213.0.0/17
 95.213.0.0/20
 95.213.16.0/21
 95.213.24.0/23
 95.213.26.0/24
 95.213.27.0/24
 95.213.28.0/24
 95.213.29.0/24
 95.213.30.0/24
 95.213.31.0/24
 95.213.32.0/24
 95.213.33.0/24
 95.213.34.0/23
 95.213.36.0/22
 95.213.40.0/21
 95.213.48.0/20
 95.213.64.0/18
--- a/blacklists/blacklist.txt
+++ b/blacklists/blacklist.txt
@@ -30,7 +30,6 @@
 128.140.170.0/24
 128.140.171.0/24
 128.140.172.0/22
 128.140.173.0/24
 130.49.224.0/19
 145.255.238.240/28
 146.185.208.0/22
@@ -43,14 +42,9 @@
 155.212.192.0/20
 176.109.0.0/21
 176.112.168.0/21
 176.116.112.0/22
 176.116.96.0/20
 178.16.156.148/30
 178.17.176.0/23
 178.17.178.0/23
 178.17.180.0/23
 178.17.182.0/23
 178.17.184.0/22
 178.17.188.0/22
 178.20.234.224/29
 178.22.88.0/21
 178.22.89.64/26
@@ -65,7 +59,6 @@
 178.237.240.0/20
 178.237.248.0/21
 178.237.28.0/24
 178.237.29.0/24
 178.237.30.0/23
 178.248.232.137/32
 178.248.232.60/32
@@ -112,21 +105,16 @@
 185.130.112.0/23
 185.130.114.0/23
 185.131.68.0/22
 185.131.68.0/23
 185.149.160.0/24
 185.149.161.0/24
 185.149.162.0/24
 185.149.163.0/24
 185.16.10.0/23
 185.16.148.0/22
 185.16.148.0/23
 185.16.150.0/23
 185.16.244.0/22
 185.16.244.0/23
 185.16.246.0/23
 185.16.246.0/24
 185.16.247.0/24
 185.16.8.0/23
 185.168.60.0/24
 185.168.61.0/24
 185.168.62.0/24
@@ -199,14 +187,12 @@
 188.93.62.0/24
 193.203.40.0/22
 193.232.70.0/24
 193.33.230.0/23
 193.47.146.0/24
 194.140.247.0/25
 194.140.247.128/25
 194.150.202.0/23
 194.165.22.0/23
 194.186.112.80/28
 194.186.63.0/24
 194.190.9.0/24
 194.215.248.0/24
 194.226.116.0/22
@@ -243,7 +229,6 @@
 195.211.23.0/24
 195.218.175.40/29
 195.218.190.0/23
 195.226.203.0/24
 195.239.113.0/24
 195.239.247.0/24
 195.239.80.32/29
@@ -264,7 +249,6 @@
 195.98.43.104/29
 195.98.73.56/29
 195.98.77.100/30
 212.111.84.0/22
 212.119.174.0/24
 212.119.175.0/24
 212.120.169.48/29
@@ -290,10 +274,6 @@
 212.192.156.0/22
 212.23.85.48/30
 212.23.85.56/29
 212.233.120.0/22
 212.233.72.0/21
 212.233.88.0/21
 212.233.96.0/22
 212.32.198.64/29
 212.48.134.192/26
 212.48.138.240/28
@@ -398,8 +378,6 @@
 213.172.27.252/30
 213.172.30.136/30
 213.172.4.192/26
 213.176.232.0/23
 213.176.234.0/23
 213.177.111.0/24
 213.183.253.56/29
 213.219.212.0/22
@@ -455,7 +433,9 @@
 217.106.203.88/29
 217.106.93.192/26
 217.106.95.112/28
 217.107.0.0/18
 217.107.200.0/21
 217.107.208.0/20
 217.107.5.112/29
 217.107.5.16/29
 217.107.5.24/29
@@ -471,7 +451,7 @@
 217.16.16.0/21
 217.16.24.0/21
 217.172.18.0/23
-217.174.188.0/22
+217.172.20.0/22
 217.174.188.0/23
 217.195.92.16/28
 217.195.93.144/29
@@ -486,7 +466,10 @@
 217.20.158.0/24
 217.20.159.0/24
 217.20.86.128/26
 217.20.86.192/27
 217.20.86.224/29
 217.20.86.232/29
 217.20.86.240/28
 217.23.88.168/29
 217.23.88.248/29
 217.27.142.176/30
@@ -495,31 +478,12 @@
 217.67.177.208/29
 217.69.128.0/20
 217.69.128.0/21
 217.69.132.0/24
 217.69.136.0/21
 2a00:1148::/29
 2a00:1148::/32
 2a00:46e0:2::/48
 2a00:46e0::/32
 2a00:a300::/32
 2a00:b4c0::/32
 2a00:bdc0:8000::/34
 2a00:bdc0::/33
 2a00:bdc0:c000::/35
 2a00:bdc0:e002::/48
 2a00:bdc0:e003::/48
 2a00:bdc0:e004::/48
 2a00:bdc0:e005::/48
 2a00:bdc0:e007::/48
 2a00:bdc0:f000::/36
 2a00:bdc1::/32
 2a00:bdc2::/31
 2a00:bdc4::/30
 2a14:25c0::/32
 2a14:25c5::/32
 2a14:25c6::/32
 2a14:25c7::/32
 31.177.104.0/22
 31.177.95.0/24
 31.44.63.64/29
 37.139.32.0/22
@@ -542,6 +506,7 @@
 46.20.70.160/28
 46.228.0.232/29
 46.29.152.0/22
 46.29.156.0/23
 46.46.142.160/28
 46.46.148.40/29
 46.47.197.128/30
@@ -653,9 +618,6 @@
 79.137.139.0/24
 79.137.139.0/25
 79.137.139.128/25
 79.137.140.0/24
 79.137.142.0/24
 79.137.157.0/24
 79.137.157.0/25
 79.137.157.128/25
 79.137.164.0/24
@@ -675,9 +637,6 @@
 79.137.240.0/22
 79.137.244.0/22
 79.142.88.0/28
 79.143.229.0/24
 79.143.230.0/24
 79.143.232.0/24
 80.237.11.88/29
 80.237.39.112/29
 80.237.98.80/28
@@ -687,8 +646,6 @@
 80.254.100.40/29
 80.254.119.168/29
 80.73.16.0/20
 80.73.16.0/21
 80.73.16.0/24
 80.73.168.80/28
 80.73.169.244/30
 80.82.43.24/29
@@ -712,11 +669,9 @@
 81.195.125.96/30
 81.195.148.140/30
 81.195.150.248/30
 81.195.151.0/24
 81.195.151.172/30
 81.195.155.0/30
 81.195.161.12/30
 81.195.164.0/24
 81.195.165.64/28
 81.195.168.24/30
 81.195.177.160/30
@@ -895,8 +850,6 @@
 87.240.128.0/18
 87.240.128.0/19
 87.240.160.0/19
 87.240.166.0/24
 87.240.167.0/24
 87.242.112.0/22
 87.245.133.0/24
 87.249.16.32/28
@@ -964,9 +917,6 @@
 89.21.152.104/29
 89.221.228.0/22
 89.221.232.0/21
 89.221.232.0/22
 89.221.235.0/24
 89.221.236.0/22
 89.28.253.168/29
 89.28.255.56/29
 90.150.176.52/30
@@ -989,7 +939,6 @@
 90.156.148.0/22
 90.156.148.0/23
 90.156.150.0/23
 90.156.151.0/24
 90.156.212.0/22
 90.156.212.0/23
 90.156.214.0/23
@@ -998,25 +947,12 @@
 90.156.218.0/23
 90.156.232.0/21
 91.103.194.184/29
 91.135.212.0/22
 91.135.216.0/21
 91.135.220.0/24
 91.135.221.0/24
 91.195.136.0/23
 91.208.20.0/24
 91.215.168.0/22
 91.217.34.0/23
 91.219.192.0/22
 91.219.224.0/22
 91.221.140.0/23
 91.221.140.0/24
 91.221.141.0/24
 91.226.250.0/24
 91.227.32.0/24
 91.231.132.0/22
 91.231.132.0/24
 91.231.133.0/24
 91.231.134.0/24
 91.237.76.0/24
 92.101.253.152/29
 92.101.253.96/29
@@ -1061,7 +997,6 @@
 94.124.192.192/29
 94.139.244.0/22
 94.139.244.0/23
 94.139.244.0/24
 94.139.246.0/23
 94.199.64.0/21
 94.25.119.228/30
@@ -1078,9 +1013,6 @@
 95.142.201.0/24
 95.142.202.0/24
 95.142.203.0/24
 95.142.204.0/23
 95.142.207.0/24
 95.163.133.0/24
 95.163.180.0/22
 95.163.180.0/23
 95.163.182.0/23
@@ -1118,6 +1050,7 @@
 95.167.5.80/28
 95.167.54.76/30
 95.167.59.244/30
 95.167.59.248/30
 95.167.64.20/30
 95.167.68.216/29
 95.167.69.116/30
@@ -1135,7 +1068,6 @@
 95.173.128.0/20
 95.173.144.0/20
 95.213.0.0/17
 95.213.0.0/18
 95.213.0.0/20
 95.213.16.0/21
 95.213.24.0/23
@@ -1150,8 +1082,6 @@
 95.213.34.0/23
 95.213.36.0/22
 95.213.40.0/21
 95.213.44.0/24
 95.213.45.0/24
 95.213.48.0/20
 95.213.64.0/18
 95.53.248.0/29
--- a/blacklists/blacklist_with_comments.txt
+++ b/blacklists/blacklist_with_comments.txt
@@ -1,212 +1,39 @@
 # Networks announced by AS28709
 # AS-Name (ORG): VKONTAKTE-REGIONAL-CDN (LLC VK)
 2a00:bdc0:e004::/48
 2a00:bdc0:e007::/48
 178.237.24.0/24
 178.237.21.0/24
 2a00:bdc0:e003::/48
 87.240.166.0/24
 95.213.45.0/24
 2a00:bdc0:e002::/48
 95.142.203.0/24
-178.237.28.0/24
+185.32.249.0/24
-178.237.22.0/24
+2a00:bdc0:e005::/48
-95.213.44.0/24
+178.237.21.0/24
 128.140.170.0/24
 2a00:bdc0:e007::/48
 178.237.22.0/24
 185.32.251.0/24
 95.142.202.0/24
 2a00:bdc0:e004::/48
 2a00:bdc0:e003::/48
 2a00:bdc0:e002::/48
 95.142.201.0/24
-2a00:bdc0:e005::/48
+178.237.24.0/24
 178.237.28.0/24
 # Networks announced by AS28709
 # AS-Name (ORG): VKONTAKTE-REGIONAL-CDN (LLC VK)
 95.142.203.0/24
 185.32.249.0/24
-87.240.167.0/24
+2a00:bdc0:e005::/48
 178.237.21.0/24
 128.140.170.0/24
 2a00:bdc0:e007::/48
 178.237.22.0/24
 185.32.251.0/24
 95.142.202.0/24
 2a00:bdc0:e004::/48
 2a00:bdc0:e003::/48
 2a00:bdc0:e002::/48
 95.142.201.0/24
 178.237.24.0/24
 178.237.28.0/24
 # Networks announced by AS34500
 # AS-Name (ORG): CTSPI (FGUP CTSPI MGA Russia)
 80.73.16.0/21
 80.73.16.0/20
 80.73.16.0/24
 # Networks announced by AS43038
 # AS-Name (ORG): TVK-AS (MTS PJSC)
 91.208.20.0/24
 213.176.234.0/23
 178.17.182.0/23
 178.17.178.0/23
 178.17.184.0/22
 178.17.188.0/22
 195.226.203.0/24
 178.17.180.0/23
 79.143.229.0/24
 178.17.176.0/23
 79.143.232.0/24
 79.143.230.0/24
 81.195.151.0/24
 193.33.230.0/23
 213.176.232.0/23
 # Networks announced by AS43720
 # AS-Name (ORG): TVK-AS (MTS OJSC)
 91.135.212.0/22
 91.135.221.0/24
 91.195.136.0/23
 91.135.216.0/21
 81.195.164.0/24
 91.135.220.0/24
 # Networks announced by AS47541
 # AS-Name (ORG): VKONTAKTE-SPB-AS (LLC VK)
 95.142.192.0/21
 87.240.166.0/24
 79.137.183.0/24
 2a00:bdc0:8000::/34
 2a00:bdc0:c000::/35
 95.213.0.0/17
 91.231.133.0/24
 185.32.248.0/22
 2a14:25c7::/32
 217.69.132.0/24
 2a00:bdc1::/32
 185.131.68.0/23
 95.213.45.0/24
 2a00:bdc4::/30
 91.231.132.0/24
 2a00:bdc0::/33
 95.213.44.0/24
 93.186.232.0/21
 2a14:25c5::/32
 79.137.180.0/24
 79.137.164.0/24
 87.240.167.0/24
 87.240.128.0/18
 2a00:bdc2::/31
 91.231.134.0/24
 79.137.139.0/24
 95.213.0.0/18
 93.186.224.0/21
 95.142.192.0/20
 # Networks announced by AS47542
 # AS-Name (ORG): VKONTAKTE-MSK-CDN-AS (LLC VK)
 95.142.204.0/23
 95.142.207.0/24
 87.240.166.0/24
 128.140.173.0/24
 87.240.167.0/24
 95.213.44.0/24
 2a00:bdc0:f000::/36
 95.213.45.0/24
 # Networks announced by AS47764
 # AS-Name (ORG): VK-AS (LLC VK)
 5.188.140.0/22
 5.61.16.0/21
 146.185.208.0/22
 90.156.148.0/22
 85.192.32.0/22
 90.156.151.0/24
 178.22.88.0/21
 2a00:46e0:2::/48
 217.174.188.0/22
 2a00:1148::/29
 94.139.244.0/24
 155.212.192.0/20
 185.100.104.0/22
 90.156.216.0/22
 178.237.29.0/24
 89.208.218.0/23
 185.16.244.0/22
 130.49.224.0/19
 87.239.104.0/21
 89.208.196.0/22
 89.208.216.0/23
 5.101.40.0/22
 89.208.208.0/22
 83.222.28.0/22
 90.156.212.0/22
 84.23.52.0/22
 95.163.208.0/21
 83.166.248.0/21
 185.180.200.0/22
 5.181.60.0/22
 91.231.132.0/22
 193.203.40.0/22
 94.139.244.0/22
 212.233.72.0/21
 5.61.232.0/21
 37.139.40.0/22
 95.163.216.0/22
 185.16.244.0/23
 212.233.96.0/22
 212.111.84.0/22
 2a00:1148::/32
 109.120.188.0/22
 185.16.148.0/22
 91.231.134.0/24
 176.112.168.0/21
 185.86.144.0/22
 212.233.88.0/21
 217.20.144.0/20
 128.140.168.0/21
 185.16.247.0/24
 195.218.190.0/23
 178.237.16.0/20
 45.84.128.0/22
 185.130.112.0/22
 185.5.136.0/22
 89.208.220.0/22
 146.185.240.0/22
 94.100.176.0/20
 195.211.20.0/22
 5.181.61.0/24
 89.221.235.0/24
 91.231.133.0/24
 188.93.56.0/21
 217.69.128.0/20
 185.131.68.0/22
 95.163.133.0/24
 90.156.232.0/21
 95.163.248.0/21
 89.208.84.0/22
 79.137.240.0/21
 109.120.180.0/22
 89.221.236.0/22
 213.219.212.0/22
 185.241.192.0/22
 95.163.32.0/19
 2a14:25c6::/32
 83.166.232.0/21
 2a00:46e0::/32
 2a00:b4c0::/32
 31.177.104.0/22
 212.233.120.0/22
 194.186.63.0/24
 89.221.228.0/22
 185.16.246.0/24
 79.137.174.0/23
 91.219.224.0/22
 89.221.232.0/22
 95.163.180.0/22
 37.139.32.0/22
 79.137.157.0/24
 83.217.216.0/22
 217.16.16.0/20
 87.242.112.0/22
 185.187.63.0/24
 2a14:25c0::/32
 185.226.52.0/22
 62.217.160.0/20
 89.208.228.0/22
 45.136.20.0/22
 # Networks announced by AS49281
 # AS-Name (ORG): M100 (M100 LLC)
 2a00:a300::/32
 85.198.106.0/24
 # Networks announced by AS49797
 # AS-Name (ORG): NESSLY (LLC VK)
 79.137.142.0/24
 # Networks announced by AS49988
 # AS-Name (ORG): odkl-as (LLC VK)
 85.198.107.0/24
 79.137.140.0/24
 # Networks announced by AS51932
 # AS-Name (ORG): ORVD-AS (FGUP Goskorporatsiya po OrVD)
 91.221.140.0/23
 91.221.140.0/24
 91.221.141.0/24
 # Network name: Roskomnadzor-net
 46.228.0.232/29
 87.226.213.0/24
@@ -215,7 +42,9 @@
 78.108.200.0/24
 # Network name: RU-RTCOMM-20001220
 217.106.0.0/16
 217.107.0.0/18
 217.107.200.0/21
 217.107.208.0/20
 # Network name: MMT
 46.61.208.0/24
 # Network name: RTCOMM-GNIVC
@@ -229,6 +58,7 @@
 95.173.128.0/20
 95.173.144.0/20
 176.116.96.0/20
 176.116.112.0/22
 185.183.172.0/23
 185.183.174.0/23
 194.226.80.0/21
@@ -249,6 +79,7 @@
 95.173.128.0/20
 95.173.144.0/20
 176.116.96.0/20
 176.116.112.0/22
 185.183.172.0/23
 185.183.174.0/23
 194.226.80.0/21
@@ -335,6 +166,7 @@
 95.173.128.0/20
 95.173.144.0/20
 176.116.96.0/20
 176.116.112.0/22
 185.183.172.0/23
 185.183.174.0/23
 194.226.80.0/21
@@ -344,6 +176,7 @@
 # Network name: RU_FSKN
 92.50.198.72/30
 95.167.59.244/30
 95.167.59.248/30
 # Network name: UMNS-NOVGOROD
 213.59.91.48/29
 # Network name: FOMS
@@ -365,6 +198,7 @@
 217.106.147.8/29
 # Network name: GLAVNIVZ
 46.29.152.0/22
 46.29.156.0/23
 185.168.60.0/24
 185.168.61.0/24
 185.168.62.0/24
@@ -402,7 +236,10 @@
 94.25.70.64/30
 # Network name: MNSHMAO
 217.20.86.128/26
 217.20.86.192/27
 217.20.86.224/29
 217.20.86.232/29
 217.20.86.240/28
 # Network name: UMNS-TUMEN
 213.59.59.120/29
 213.59.59.144/29
@@ -541,6 +378,7 @@
 77.37.128.0/17
 # Network name: STARNET-VPN
 217.172.18.0/23
 217.172.20.0/22
 # Network name: CCC-HC
 89.111.176.0/22
 # Network name: RU-NIC-HOSTING
@@ -1753,8 +1591,6 @@
 5.61.236.0/23
 # NET-Name: 5.61.238.0/24 VK-FRONT VKCOMPANY-MNT () [VK Services]
 5.61.238.0/24
 # NET-Name: 178.237.29.0/24 VK-FRONT VKCOMPANY-MNT () [VK Services]
 178.237.29.0/24
 # NET-Name: 95.163.32.0/22 VK-FRONT VKCOMPANY-MNT () [VK Services]
 95.163.32.0/22
 # NET-Name: 95.163.36.0/22 VK-FRONT VKCOMPANY-MNT () [VK Services]
@@ -1981,10 +1817,6 @@
 185.100.106.0/23
 # NET-Name: 217.174.188.0/23 ODNOKLASSNIKI-FRONT VKCOMPANY-MNT () [Odnoklassniki Services]
 217.174.188.0/23
 # NET-Name: 185.16.8.0/23 MY-GAMES VKCOMPANY-MNT () [my.games services NIVAL]
 185.16.8.0/23
 # NET-Name: 185.16.10.0/23 MY-GAMES VKCOMPANY-MNT () [my.games services NIVAL]
 185.16.10.0/23
 # NET-Name: 84.23.52.0/23 VKCS VKCOMPANY-MNT () [VK Cloud Solutions VK Hosting]
 84.23.52.0/23
 # NET-Name: 84.23.54.0/23 VKCS VKCOMPANY-MNT () [VK Cloud Solutions VK Hosting]
--- a/blacklists_iptables/.keep
+++ b/blacklists_iptables/.keep
--- a/blacklists_iptables/README.md
+++ b/blacklists_iptables/README.md
@@ -1,109 +0,0 @@
 # IPTables/IPSet Blacklist Configurations
 Auto-generated ipset configuration files for blocking networks and IP addresses with iptables/ip6tables.
 ## Available Files
 ### IPv4 Only
 - **`blacklist-v4.ipset`** - Contains only IPv4 networks (806 entries)
 ### IPv6 Only
 - **`blacklist-v6.ipset`** - Contains only IPv6 networks (3 entries)
 ### Mixed IPv4/IPv6
 - **`blacklist.ipset`** - Contains both IPv4 and IPv6 sets (809 total entries)
 ## Usage
 ### 1. Load the IPSet
 ```bash
 # For IPv4 only
 ipset restore < blacklist-v4.ipset
 # For IPv6 only
 ipset restore < blacklist-v6.ipset
 # For both IPv4 and IPv6 (loads both sets)
 ipset restore < blacklist.ipset
 ```
 ### 2. Apply IPTables Rules
 ```bash
 # For IPv4
 iptables -I INPUT -m set --match-set blacklist-v4 src -j DROP
 iptables -I FORWARD -m set --match-set blacklist-v4 src -j DROP
 # For IPv6
 ip6tables -I INPUT -m set --match-set blacklist-v6 src -j DROP
 ip6tables -I FORWARD -m set --match-set blacklist-v6 src -j DROP
 ```
 ### 3. Persist Rules (Optional)
 To make the rules persistent across reboots:
 **On Debian/Ubuntu:**
 ```bash
 # Save iptables rules
 iptables-save > /etc/iptables/rules.v4
 ip6tables-save > /etc/iptables/rules.v6
 # Save ipset
 ipset save > /etc/ipset.conf
 ```
 **On RHEL/CentOS:**
 ```bash
 # Save iptables rules
 service iptables save
 service ip6tables save
 # Save ipset
 ipset save > /etc/sysconfig/ipset
 ```
 ### 4. Update Existing Sets
 To update the blacklist without restarting iptables:
 ```bash
 # Flush and reload
 ipset flush blacklist-v4
 ipset restore < blacklist-v4.ipset
 ```
 ### 5. Remove Sets
 ```bash
 # Remove IPv4 set
 ipset flush blacklist-v4
 ipset destroy blacklist-v4
 # Remove IPv6 set
 ipset flush blacklist-v6
 ipset destroy blacklist-v6
 ```
 ## Performance Benefits
 IPSet uses hash tables for O(1) lookup performance, making it ideal for large blacklists:
 - Much faster than individual iptables rules
 - Minimal CPU overhead
 - Supports up to 65536 entries per set (configurable)
 - Kernel-level implementation for maximum efficiency
 ## Automatic Updates
 These files are automatically regenerated when the blacklists are updated via the GitHub Actions workflow.
 ## Source
 Generated from the blacklist files in the `blacklists/` directory.
--- a/blacklists_iptables/blacklist-v4.ipset
+++ b/blacklists_iptables/blacklist-v4.ipset
@@ -1,6 +1,6 @@
 # IPSet blacklist configuration (IPv4 only)
 # Auto-generated from blacklist-v4.txt
-# Last updated: 2026-03-04 06:38:44 UTC
+# Last updated: 2026-03-29 06:56:51 UTC
 #
 # Usage:
 #   1. Load the ipset:
@@ -15,7 +15,7 @@
 #      ipset destroy blacklist-v4
 #
-create blacklist-v4 hash:net family inet hashsize 1136 maxelem 2272
+create blacklist-v4 hash:net family inet hashsize 1083 maxelem 2166
 add blacklist-v4 109.120.180.0/22
 add blacklist-v4 109.120.180.0/23
 add blacklist-v4 109.120.182.0/23
@@ -48,7 +48,6 @@ add blacklist-v4 128.140.168.0/23
 add blacklist-v4 128.140.170.0/24
 add blacklist-v4 128.140.171.0/24
 add blacklist-v4 128.140.172.0/22
 add blacklist-v4 128.140.173.0/24
 add blacklist-v4 130.49.224.0/19
 add blacklist-v4 145.255.238.240/28
 add blacklist-v4 146.185.208.0/22
@@ -61,14 +60,9 @@ add blacklist-v4 149.62.55.240/30
 add blacklist-v4 155.212.192.0/20
 add blacklist-v4 176.109.0.0/21
 add blacklist-v4 176.112.168.0/21
 add blacklist-v4 176.116.112.0/22
 add blacklist-v4 176.116.96.0/20
 add blacklist-v4 178.16.156.148/30
 add blacklist-v4 178.17.176.0/23
 add blacklist-v4 178.17.178.0/23
 add blacklist-v4 178.17.180.0/23
 add blacklist-v4 178.17.182.0/23
 add blacklist-v4 178.17.184.0/22
 add blacklist-v4 178.17.188.0/22
 add blacklist-v4 178.20.234.224/29
 add blacklist-v4 178.22.88.0/21
 add blacklist-v4 178.22.89.64/26
@@ -83,7 +77,6 @@ add blacklist-v4 178.237.24.0/24
 add blacklist-v4 178.237.240.0/20
 add blacklist-v4 178.237.248.0/21
 add blacklist-v4 178.237.28.0/24
 add blacklist-v4 178.237.29.0/24
 add blacklist-v4 178.237.30.0/23
 add blacklist-v4 178.248.232.137/32
 add blacklist-v4 178.248.232.60/32
@@ -130,21 +123,16 @@ add blacklist-v4 185.130.112.0/22
 add blacklist-v4 185.130.112.0/23
 add blacklist-v4 185.130.114.0/23
 add blacklist-v4 185.131.68.0/22
 add blacklist-v4 185.131.68.0/23
 add blacklist-v4 185.149.160.0/24
 add blacklist-v4 185.149.161.0/24
 add blacklist-v4 185.149.162.0/24
 add blacklist-v4 185.149.163.0/24
 add blacklist-v4 185.16.10.0/23
 add blacklist-v4 185.16.148.0/22
 add blacklist-v4 185.16.148.0/23
 add blacklist-v4 185.16.150.0/23
 add blacklist-v4 185.16.244.0/22
 add blacklist-v4 185.16.244.0/23
 add blacklist-v4 185.16.246.0/23
 add blacklist-v4 185.16.246.0/24
 add blacklist-v4 185.16.247.0/24
 add blacklist-v4 185.16.8.0/23
 add blacklist-v4 185.168.60.0/24
 add blacklist-v4 185.168.61.0/24
 add blacklist-v4 185.168.62.0/24
@@ -217,14 +205,12 @@ add blacklist-v4 188.93.61.0/24
 add blacklist-v4 188.93.62.0/24
 add blacklist-v4 193.203.40.0/22
 add blacklist-v4 193.232.70.0/24
 add blacklist-v4 193.33.230.0/23
 add blacklist-v4 193.47.146.0/24
 add blacklist-v4 194.140.247.0/25
 add blacklist-v4 194.140.247.128/25
 add blacklist-v4 194.150.202.0/23
 add blacklist-v4 194.165.22.0/23
 add blacklist-v4 194.186.112.80/28
 add blacklist-v4 194.186.63.0/24
 add blacklist-v4 194.190.9.0/24
 add blacklist-v4 194.215.248.0/24
 add blacklist-v4 194.226.116.0/22
@@ -261,7 +247,6 @@ add blacklist-v4 195.211.22.0/24
 add blacklist-v4 195.211.23.0/24
 add blacklist-v4 195.218.175.40/29
 add blacklist-v4 195.218.190.0/23
 add blacklist-v4 195.226.203.0/24
 add blacklist-v4 195.239.113.0/24
 add blacklist-v4 195.239.247.0/24
 add blacklist-v4 195.239.80.32/29
@@ -282,7 +267,6 @@ add blacklist-v4 195.98.38.16/28
 add blacklist-v4 195.98.43.104/29
 add blacklist-v4 195.98.73.56/29
 add blacklist-v4 195.98.77.100/30
 add blacklist-v4 212.111.84.0/22
 add blacklist-v4 212.119.174.0/24
 add blacklist-v4 212.119.175.0/24
 add blacklist-v4 212.120.169.48/29
@@ -308,10 +292,6 @@ add blacklist-v4 212.17.9.144/28
 add blacklist-v4 212.192.156.0/22
 add blacklist-v4 212.23.85.48/30
 add blacklist-v4 212.23.85.56/29
 add blacklist-v4 212.233.120.0/22
 add blacklist-v4 212.233.72.0/21
 add blacklist-v4 212.233.88.0/21
 add blacklist-v4 212.233.96.0/22
 add blacklist-v4 212.32.198.64/29
 add blacklist-v4 212.48.134.192/26
 add blacklist-v4 212.48.138.240/28
@@ -416,8 +396,6 @@ add blacklist-v4 213.172.27.224/30
 add blacklist-v4 213.172.27.252/30
 add blacklist-v4 213.172.30.136/30
 add blacklist-v4 213.172.4.192/26
 add blacklist-v4 213.176.232.0/23
 add blacklist-v4 213.176.234.0/23
 add blacklist-v4 213.177.111.0/24
 add blacklist-v4 213.183.253.56/29
 add blacklist-v4 213.219.212.0/22
@@ -473,7 +451,9 @@ add blacklist-v4 217.106.203.240/29
 add blacklist-v4 217.106.203.88/29
 add blacklist-v4 217.106.93.192/26
 add blacklist-v4 217.106.95.112/28
 add blacklist-v4 217.107.0.0/18
 add blacklist-v4 217.107.200.0/21
 add blacklist-v4 217.107.208.0/20
 add blacklist-v4 217.107.5.112/29
 add blacklist-v4 217.107.5.16/29
 add blacklist-v4 217.107.5.24/29
@@ -489,7 +469,7 @@ add blacklist-v4 217.16.16.0/20
 add blacklist-v4 217.16.16.0/21
 add blacklist-v4 217.16.24.0/21
 add blacklist-v4 217.172.18.0/23
-add blacklist-v4 217.174.188.0/22
+add blacklist-v4 217.172.20.0/22
 add blacklist-v4 217.174.188.0/23
 add blacklist-v4 217.195.92.16/28
 add blacklist-v4 217.195.93.144/29
@@ -504,7 +484,10 @@ add blacklist-v4 217.20.156.0/23
 add blacklist-v4 217.20.158.0/24
 add blacklist-v4 217.20.159.0/24
 add blacklist-v4 217.20.86.128/26
 add blacklist-v4 217.20.86.192/27
 add blacklist-v4 217.20.86.224/29
 add blacklist-v4 217.20.86.232/29
 add blacklist-v4 217.20.86.240/28
 add blacklist-v4 217.23.88.168/29
 add blacklist-v4 217.23.88.248/29
 add blacklist-v4 217.27.142.176/30
@@ -513,9 +496,7 @@ add blacklist-v4 217.65.219.160/29
 add blacklist-v4 217.67.177.208/29
 add blacklist-v4 217.69.128.0/20
 add blacklist-v4 217.69.128.0/21
 add blacklist-v4 217.69.132.0/24
 add blacklist-v4 217.69.136.0/21
 add blacklist-v4 31.177.104.0/22
 add blacklist-v4 31.177.95.0/24
 add blacklist-v4 31.44.63.64/29
 add blacklist-v4 37.139.32.0/22
@@ -538,6 +519,7 @@ add blacklist-v4 45.84.130.0/23
 add blacklist-v4 46.20.70.160/28
 add blacklist-v4 46.228.0.232/29
 add blacklist-v4 46.29.152.0/22
 add blacklist-v4 46.29.156.0/23
 add blacklist-v4 46.46.142.160/28
 add blacklist-v4 46.46.148.40/29
 add blacklist-v4 46.47.197.128/30
@@ -649,9 +631,6 @@ add blacklist-v4 79.137.132.128/25
 add blacklist-v4 79.137.139.0/24
 add blacklist-v4 79.137.139.0/25
 add blacklist-v4 79.137.139.128/25
 add blacklist-v4 79.137.140.0/24
 add blacklist-v4 79.137.142.0/24
 add blacklist-v4 79.137.157.0/24
 add blacklist-v4 79.137.157.0/25
 add blacklist-v4 79.137.157.128/25
 add blacklist-v4 79.137.164.0/24
@@ -671,9 +650,6 @@ add blacklist-v4 79.137.240.0/21
 add blacklist-v4 79.137.240.0/22
 add blacklist-v4 79.137.244.0/22
 add blacklist-v4 79.142.88.0/28
 add blacklist-v4 79.143.229.0/24
 add blacklist-v4 79.143.230.0/24
 add blacklist-v4 79.143.232.0/24
 add blacklist-v4 80.237.11.88/29
 add blacklist-v4 80.237.39.112/29
 add blacklist-v4 80.237.98.80/28
@@ -683,8 +659,6 @@ add blacklist-v4 80.247.46.0/24
 add blacklist-v4 80.254.100.40/29
 add blacklist-v4 80.254.119.168/29
 add blacklist-v4 80.73.16.0/20
 add blacklist-v4 80.73.16.0/21
 add blacklist-v4 80.73.16.0/24
 add blacklist-v4 80.73.168.80/28
 add blacklist-v4 80.73.169.244/30
 add blacklist-v4 80.82.43.24/29
@@ -708,11 +682,9 @@ add blacklist-v4 81.195.124.52/30
 add blacklist-v4 81.195.125.96/30
 add blacklist-v4 81.195.148.140/30
 add blacklist-v4 81.195.150.248/30
 add blacklist-v4 81.195.151.0/24
 add blacklist-v4 81.195.151.172/30
 add blacklist-v4 81.195.155.0/30
 add blacklist-v4 81.195.161.12/30
 add blacklist-v4 81.195.164.0/24
 add blacklist-v4 81.195.165.64/28
 add blacklist-v4 81.195.168.24/30
 add blacklist-v4 81.195.177.160/30
@@ -891,8 +863,6 @@ add blacklist-v4 87.239.108.0/22
 add blacklist-v4 87.240.128.0/18
 add blacklist-v4 87.240.128.0/19
 add blacklist-v4 87.240.160.0/19
 add blacklist-v4 87.240.166.0/24
 add blacklist-v4 87.240.167.0/24
 add blacklist-v4 87.242.112.0/22
 add blacklist-v4 87.245.133.0/24
 add blacklist-v4 87.249.16.32/28
@@ -960,9 +930,6 @@ add blacklist-v4 89.21.140.104/29
 add blacklist-v4 89.21.152.104/29
 add blacklist-v4 89.221.228.0/22
 add blacklist-v4 89.221.232.0/21
 add blacklist-v4 89.221.232.0/22
 add blacklist-v4 89.221.235.0/24
 add blacklist-v4 89.221.236.0/22
 add blacklist-v4 89.28.253.168/29
 add blacklist-v4 89.28.255.56/29
 add blacklist-v4 90.150.176.52/30
@@ -985,7 +952,6 @@ add blacklist-v4 90.150.189.32/29
 add blacklist-v4 90.156.148.0/22
 add blacklist-v4 90.156.148.0/23
 add blacklist-v4 90.156.150.0/23
 add blacklist-v4 90.156.151.0/24
 add blacklist-v4 90.156.212.0/22
 add blacklist-v4 90.156.212.0/23
 add blacklist-v4 90.156.214.0/23
@@ -994,25 +960,12 @@ add blacklist-v4 90.156.216.0/23
 add blacklist-v4 90.156.218.0/23
 add blacklist-v4 90.156.232.0/21
 add blacklist-v4 91.103.194.184/29
 add blacklist-v4 91.135.212.0/22
 add blacklist-v4 91.135.216.0/21
 add blacklist-v4 91.135.220.0/24
 add blacklist-v4 91.135.221.0/24
 add blacklist-v4 91.195.136.0/23
 add blacklist-v4 91.208.20.0/24
 add blacklist-v4 91.215.168.0/22
 add blacklist-v4 91.217.34.0/23
 add blacklist-v4 91.219.192.0/22
 add blacklist-v4 91.219.224.0/22
 add blacklist-v4 91.221.140.0/23
 add blacklist-v4 91.221.140.0/24
 add blacklist-v4 91.221.141.0/24
 add blacklist-v4 91.226.250.0/24
 add blacklist-v4 91.227.32.0/24
 add blacklist-v4 91.231.132.0/22
 add blacklist-v4 91.231.132.0/24
 add blacklist-v4 91.231.133.0/24
 add blacklist-v4 91.231.134.0/24
 add blacklist-v4 91.237.76.0/24
 add blacklist-v4 92.101.253.152/29
 add blacklist-v4 92.101.253.96/29
@@ -1057,7 +1010,6 @@ add blacklist-v4 94.100.184.0/21
 add blacklist-v4 94.124.192.192/29
 add blacklist-v4 94.139.244.0/22
 add blacklist-v4 94.139.244.0/23
 add blacklist-v4 94.139.244.0/24
 add blacklist-v4 94.139.246.0/23
 add blacklist-v4 94.199.64.0/21
 add blacklist-v4 94.25.119.228/30
@@ -1074,9 +1026,6 @@ add blacklist-v4 95.142.200.0/21
 add blacklist-v4 95.142.201.0/24
 add blacklist-v4 95.142.202.0/24
 add blacklist-v4 95.142.203.0/24
 add blacklist-v4 95.142.204.0/23
 add blacklist-v4 95.142.207.0/24
 add blacklist-v4 95.163.133.0/24
 add blacklist-v4 95.163.180.0/22
 add blacklist-v4 95.163.180.0/23
 add blacklist-v4 95.163.182.0/23
@@ -1114,6 +1063,7 @@ add blacklist-v4 95.167.5.64/28
 add blacklist-v4 95.167.5.80/28
 add blacklist-v4 95.167.54.76/30
 add blacklist-v4 95.167.59.244/30
 add blacklist-v4 95.167.59.248/30
 add blacklist-v4 95.167.64.20/30
 add blacklist-v4 95.167.68.216/29
 add blacklist-v4 95.167.69.116/30
@@ -1131,7 +1081,6 @@ add blacklist-v4 95.173.128.0/19
 add blacklist-v4 95.173.128.0/20
 add blacklist-v4 95.173.144.0/20
 add blacklist-v4 95.213.0.0/17
 add blacklist-v4 95.213.0.0/18
 add blacklist-v4 95.213.0.0/20
 add blacklist-v4 95.213.16.0/21
 add blacklist-v4 95.213.24.0/23
@@ -1146,8 +1095,6 @@ add blacklist-v4 95.213.33.0/24
 add blacklist-v4 95.213.34.0/23
 add blacklist-v4 95.213.36.0/22
 add blacklist-v4 95.213.40.0/21
 add blacklist-v4 95.213.44.0/24
 add blacklist-v4 95.213.45.0/24
 add blacklist-v4 95.213.48.0/20
 add blacklist-v4 95.213.64.0/18
 add blacklist-v4 95.53.248.0/29
--- a/blacklists_iptables/blacklist-v6.ipset
+++ b/blacklists_iptables/blacklist-v6.ipset
@@ -1,40 +1,23 @@
 # IPSet blacklist configuration (IPv6 only)
 # Auto-generated from blacklist-v6.txt
-# Last updated: 2026-03-04 06:38:44 UTC
+# Last updated: 2026-03-29 06:56:51 UTC
 #
 # Usage:
 #   1. Load the ipset:
 #      ipset restore < blacklist-v6.ipset
 #
 #   2. Use with iptables/ip6tables:
-#      iptables -I INPUT -m set --match-set blacklist-v6 src -m conntrack --ctstate NEW -j DROP
+#      ip6tables -I INPUT -m set --match-set blacklist-v6 src -m conntrack --ctstate NEW -j DROP
-#      iptables -I FORWARD -m set --match-set blacklist-v6 src -m conntrack --ctstate NEW -j DROP
+#      ip6tables -I FORWARD -m set --match-set blacklist-v6 src -m conntrack --ctstate NEW -j DROP
 #
 #   3. To flush/delete the set:
 #      ipset flush blacklist-v6
 #      ipset destroy blacklist-v6
 #
-create blacklist-v6 hash:net family inet6 hashsize 1024 maxelem 44
+create blacklist-v6 hash:net family inet6 hashsize 1024 maxelem 10
 add blacklist-v6 2a00:1148::/29
 add blacklist-v6 2a00:1148::/32
 add blacklist-v6 2a00:46e0:2::/48
 add blacklist-v6 2a00:46e0::/32
 add blacklist-v6 2a00:a300::/32
 add blacklist-v6 2a00:b4c0::/32
 add blacklist-v6 2a00:bdc0:8000::/34
 add blacklist-v6 2a00:bdc0::/33
 add blacklist-v6 2a00:bdc0:c000::/35
 add blacklist-v6 2a00:bdc0:e002::/48
 add blacklist-v6 2a00:bdc0:e003::/48
 add blacklist-v6 2a00:bdc0:e004::/48
 add blacklist-v6 2a00:bdc0:e005::/48
 add blacklist-v6 2a00:bdc0:e007::/48
 add blacklist-v6 2a00:bdc0:f000::/36
 add blacklist-v6 2a00:bdc1::/32
 add blacklist-v6 2a00:bdc2::/31
 add blacklist-v6 2a00:bdc4::/30
 add blacklist-v6 2a14:25c0::/32
 add blacklist-v6 2a14:25c5::/32
 add blacklist-v6 2a14:25c6::/32
 add blacklist-v6 2a14:25c7::/32
--- a/blacklists_iptables/blacklist-vk-v4.ipset
+++ b/blacklists_iptables/blacklist-vk-v4.ipset
@@ -0,0 +1,284 @@
 # IPSet blacklist configuration (VK names, IPv4 only)
 # Auto-generated from blacklist-vk-v4.txt
 # Last updated: 2026-03-29 06:56:51 UTC
 #
 # Usage:
 #   1. Load the ipset:
 #      ipset restore < blacklist-vk-v4.ipset
 #
 #   2. Use with iptables/ip6tables:
 #      iptables -I OUTPUT -m set --match-set blacklist-vk-v4 dst -j REJECT
 #      iptables -I FORWARD -m set --match-set blacklist-vk-v4 dst -j REJECT
 #
 #   3. To flush/delete the set:
 #      ipset flush blacklist-vk-v4
 #      ipset destroy blacklist-vk-v4
 #
 create blacklist-vk-v4 hash:net family inet hashsize 1024 maxelem 532
 add blacklist-vk-v4 109.120.180.0/22
 add blacklist-vk-v4 109.120.180.0/23
 add blacklist-vk-v4 109.120.182.0/23
 add blacklist-vk-v4 109.120.188.0/22
 add blacklist-vk-v4 109.120.188.0/23
 add blacklist-vk-v4 109.120.190.0/23
 add blacklist-vk-v4 128.140.168.0/21
 add blacklist-vk-v4 128.140.168.0/23
 add blacklist-vk-v4 128.140.170.0/24
 add blacklist-vk-v4 128.140.171.0/24
 add blacklist-vk-v4 128.140.172.0/22
 add blacklist-vk-v4 130.49.224.0/19
 add blacklist-vk-v4 146.185.208.0/22
 add blacklist-vk-v4 146.185.208.0/23
 add blacklist-vk-v4 146.185.210.0/23
 add blacklist-vk-v4 146.185.240.0/22
 add blacklist-vk-v4 146.185.240.0/23
 add blacklist-vk-v4 146.185.242.0/23
 add blacklist-vk-v4 155.212.192.0/20
 add blacklist-vk-v4 176.112.168.0/21
 add blacklist-vk-v4 178.22.88.0/21
 add blacklist-vk-v4 178.22.89.64/26
 add blacklist-vk-v4 178.22.94.0/23
 add blacklist-vk-v4 178.237.16.0/20
 add blacklist-vk-v4 178.237.16.0/21
 add blacklist-vk-v4 178.237.24.0/22
 add blacklist-vk-v4 178.237.30.0/23
 add blacklist-vk-v4 185.100.104.0/22
 add blacklist-vk-v4 185.100.104.0/23
 add blacklist-vk-v4 185.100.106.0/23
 add blacklist-vk-v4 185.130.112.0/22
 add blacklist-vk-v4 185.130.112.0/23
 add blacklist-vk-v4 185.130.114.0/23
 add blacklist-vk-v4 185.131.68.0/22
 add blacklist-vk-v4 185.16.148.0/22
 add blacklist-vk-v4 185.16.148.0/23
 add blacklist-vk-v4 185.16.150.0/23
 add blacklist-vk-v4 185.16.244.0/22
 add blacklist-vk-v4 185.16.244.0/23
 add blacklist-vk-v4 185.16.246.0/23
 add blacklist-vk-v4 185.180.200.0/22
 add blacklist-vk-v4 185.187.63.0/24
 add blacklist-vk-v4 185.187.63.0/25
 add blacklist-vk-v4 185.187.63.128/25
 add blacklist-vk-v4 185.226.52.0/22
 add blacklist-vk-v4 185.226.52.0/23
 add blacklist-vk-v4 185.226.54.0/23
 add blacklist-vk-v4 185.241.192.0/22
 add blacklist-vk-v4 185.241.192.0/23
 add blacklist-vk-v4 185.241.194.0/23
 add blacklist-vk-v4 185.29.128.0/22
 add blacklist-vk-v4 185.29.130.0/24
 add blacklist-vk-v4 185.32.248.0/22
 add blacklist-vk-v4 185.32.248.0/23
 add blacklist-vk-v4 185.32.250.0/23
 add blacklist-vk-v4 185.5.136.0/22
 add blacklist-vk-v4 185.5.136.0/23
 add blacklist-vk-v4 185.5.138.0/23
 add blacklist-vk-v4 185.6.244.0/22
 add blacklist-vk-v4 185.6.244.0/23
 add blacklist-vk-v4 185.6.246.0/23
 add blacklist-vk-v4 185.86.144.0/22
 add blacklist-vk-v4 185.86.144.0/23
 add blacklist-vk-v4 185.86.146.0/23
 add blacklist-vk-v4 188.93.56.0/21
 add blacklist-vk-v4 188.93.56.0/24
 add blacklist-vk-v4 188.93.57.0/24
 add blacklist-vk-v4 188.93.58.0/24
 add blacklist-vk-v4 188.93.60.0/24
 add blacklist-vk-v4 188.93.61.0/24
 add blacklist-vk-v4 188.93.62.0/24
 add blacklist-vk-v4 193.203.40.0/22
 add blacklist-vk-v4 194.84.16.12/30
 add blacklist-vk-v4 195.211.20.0/22
 add blacklist-vk-v4 195.211.22.0/24
 add blacklist-vk-v4 195.211.23.0/24
 add blacklist-vk-v4 212.111.84.0/22
 add blacklist-vk-v4 212.233.120.0/22
 add blacklist-vk-v4 212.233.72.0/21
 add blacklist-vk-v4 212.233.88.0/21
 add blacklist-vk-v4 212.233.96.0/22
 add blacklist-vk-v4 213.219.212.0/22
 add blacklist-vk-v4 213.219.212.0/23
 add blacklist-vk-v4 213.219.214.0/23
 add blacklist-vk-v4 217.16.16.0/20
 add blacklist-vk-v4 217.16.16.0/21
 add blacklist-vk-v4 217.16.24.0/21
 add blacklist-vk-v4 217.174.188.0/23
 add blacklist-vk-v4 217.20.144.0/20
 add blacklist-vk-v4 217.20.144.0/22
 add blacklist-vk-v4 217.20.148.0/24
 add blacklist-vk-v4 217.20.149.0/24
 add blacklist-vk-v4 217.20.150.0/23
 add blacklist-vk-v4 217.20.152.0/22
 add blacklist-vk-v4 217.20.156.0/23
 add blacklist-vk-v4 217.20.158.0/24
 add blacklist-vk-v4 217.20.159.0/24
 add blacklist-vk-v4 217.69.128.0/20
 add blacklist-vk-v4 217.69.128.0/21
 add blacklist-vk-v4 217.69.136.0/21
 add blacklist-vk-v4 37.139.32.0/22
 add blacklist-vk-v4 37.139.32.0/23
 add blacklist-vk-v4 37.139.34.0/23
 add blacklist-vk-v4 37.139.40.0/22
 add blacklist-vk-v4 37.139.40.0/23
 add blacklist-vk-v4 37.139.42.0/23
 add blacklist-vk-v4 45.136.20.0/22
 add blacklist-vk-v4 45.136.20.0/23
 add blacklist-vk-v4 45.136.22.0/23
 add blacklist-vk-v4 45.84.128.0/22
 add blacklist-vk-v4 45.84.128.0/23
 add blacklist-vk-v4 45.84.130.0/23
 add blacklist-vk-v4 5.101.40.0/22
 add blacklist-vk-v4 5.101.40.0/23
 add blacklist-vk-v4 5.101.42.0/23
 add blacklist-vk-v4 5.181.60.0/22
 add blacklist-vk-v4 5.181.60.0/24
 add blacklist-vk-v4 5.181.61.0/24
 add blacklist-vk-v4 5.181.62.0/23
 add blacklist-vk-v4 5.188.140.0/22
 add blacklist-vk-v4 5.188.140.0/23
 add blacklist-vk-v4 5.188.142.0/23
 add blacklist-vk-v4 5.61.16.0/21
 add blacklist-vk-v4 5.61.16.0/22
 add blacklist-vk-v4 5.61.20.0/22
 add blacklist-vk-v4 5.61.232.0/21
 add blacklist-vk-v4 5.61.232.0/22
 add blacklist-vk-v4 5.61.236.0/23
 add blacklist-vk-v4 5.61.238.0/24
 add blacklist-vk-v4 5.61.239.0/27
 add blacklist-vk-v4 5.61.239.128/25
 add blacklist-vk-v4 5.61.239.40/29
 add blacklist-vk-v4 5.61.239.48/28
 add blacklist-vk-v4 5.61.239.64/26
 add blacklist-vk-v4 62.217.160.0/20
 add blacklist-vk-v4 62.217.160.0/21
 add blacklist-vk-v4 62.217.168.0/21
 add blacklist-vk-v4 79.137.132.0/24
 add blacklist-vk-v4 79.137.132.0/25
 add blacklist-vk-v4 79.137.132.128/25
 add blacklist-vk-v4 79.137.139.0/24
 add blacklist-vk-v4 79.137.139.0/25
 add blacklist-vk-v4 79.137.139.128/25
 add blacklist-vk-v4 79.137.157.0/25
 add blacklist-vk-v4 79.137.157.128/25
 add blacklist-vk-v4 79.137.164.0/24
 add blacklist-vk-v4 79.137.164.0/25
 add blacklist-vk-v4 79.137.164.128/25
 add blacklist-vk-v4 79.137.167.0/24
 add blacklist-vk-v4 79.137.167.0/25
 add blacklist-vk-v4 79.137.167.128/25
 add blacklist-vk-v4 79.137.174.0/23
 add blacklist-vk-v4 79.137.174.0/24
 add blacklist-vk-v4 79.137.175.0/24
 add blacklist-vk-v4 79.137.180.0/24
 add blacklist-vk-v4 79.137.180.0/25
 add blacklist-vk-v4 79.137.180.128/25
 add blacklist-vk-v4 79.137.240.0/21
 add blacklist-vk-v4 79.137.240.0/22
 add blacklist-vk-v4 79.137.244.0/22
 add blacklist-vk-v4 83.166.232.0/21
 add blacklist-vk-v4 83.166.232.0/22
 add blacklist-vk-v4 83.166.236.0/22
 add blacklist-vk-v4 83.166.248.0/21
 add blacklist-vk-v4 83.166.248.0/22
 add blacklist-vk-v4 83.166.252.0/22
 add blacklist-vk-v4 83.217.216.0/22
 add blacklist-vk-v4 83.217.216.0/23
 add blacklist-vk-v4 83.217.218.0/23
 add blacklist-vk-v4 83.222.28.0/22
 add blacklist-vk-v4 84.23.52.0/22
 add blacklist-vk-v4 84.23.52.0/23
 add blacklist-vk-v4 84.23.54.0/23
 add blacklist-vk-v4 85.114.31.108/30
 add blacklist-vk-v4 85.192.32.0/22
 add blacklist-vk-v4 85.192.32.0/23
 add blacklist-vk-v4 85.192.34.0/23
 add blacklist-vk-v4 85.198.106.0/24
 add blacklist-vk-v4 85.198.107.0/24
 add blacklist-vk-v4 87.239.104.0/21
 add blacklist-vk-v4 87.239.104.0/22
 add blacklist-vk-v4 87.239.108.0/22
 add blacklist-vk-v4 87.240.128.0/18
 add blacklist-vk-v4 87.240.128.0/19
 add blacklist-vk-v4 87.240.160.0/19
 add blacklist-vk-v4 87.242.112.0/22
 add blacklist-vk-v4 89.208.196.0/22
 add blacklist-vk-v4 89.208.196.0/23
 add blacklist-vk-v4 89.208.198.0/23
 add blacklist-vk-v4 89.208.208.0/22
 add blacklist-vk-v4 89.208.208.0/23
 add blacklist-vk-v4 89.208.210.0/23
 add blacklist-vk-v4 89.208.216.0/21
 add blacklist-vk-v4 89.208.216.0/23
 add blacklist-vk-v4 89.208.218.0/23
 add blacklist-vk-v4 89.208.220.0/22
 add blacklist-vk-v4 89.208.228.0/22
 add blacklist-vk-v4 89.208.228.0/23
 add blacklist-vk-v4 89.208.230.0/23
 add blacklist-vk-v4 89.208.84.0/22
 add blacklist-vk-v4 89.208.84.0/23
 add blacklist-vk-v4 89.208.86.0/23
 add blacklist-vk-v4 89.221.228.0/22
 add blacklist-vk-v4 89.221.232.0/21
 add blacklist-vk-v4 90.156.148.0/22
 add blacklist-vk-v4 90.156.148.0/23
 add blacklist-vk-v4 90.156.150.0/23
 add blacklist-vk-v4 90.156.212.0/22
 add blacklist-vk-v4 90.156.212.0/23
 add blacklist-vk-v4 90.156.214.0/23
 add blacklist-vk-v4 90.156.216.0/22
 add blacklist-vk-v4 90.156.216.0/23
 add blacklist-vk-v4 90.156.218.0/23
 add blacklist-vk-v4 90.156.232.0/21
 add blacklist-vk-v4 91.219.224.0/22
 add blacklist-vk-v4 91.231.132.0/22
 add blacklist-vk-v4 91.237.76.0/24
 add blacklist-vk-v4 93.153.255.84/30
 add blacklist-vk-v4 93.186.224.0/20
 add blacklist-vk-v4 93.186.224.0/21
 add blacklist-vk-v4 93.186.232.0/21
 add blacklist-vk-v4 94.100.176.0/20
 add blacklist-vk-v4 94.100.176.0/21
 add blacklist-vk-v4 94.100.184.0/21
 add blacklist-vk-v4 94.139.244.0/22
 add blacklist-vk-v4 94.139.244.0/23
 add blacklist-vk-v4 94.139.246.0/23
 add blacklist-vk-v4 95.142.192.0/20
 add blacklist-vk-v4 95.142.192.0/21
 add blacklist-vk-v4 95.142.200.0/21
 add blacklist-vk-v4 95.163.180.0/22
 add blacklist-vk-v4 95.163.180.0/23
 add blacklist-vk-v4 95.163.182.0/23
 add blacklist-vk-v4 95.163.208.0/21
 add blacklist-vk-v4 95.163.208.0/23
 add blacklist-vk-v4 95.163.210.0/23
 add blacklist-vk-v4 95.163.212.0/22
 add blacklist-vk-v4 95.163.216.0/22
 add blacklist-vk-v4 95.163.216.0/23
 add blacklist-vk-v4 95.163.218.0/23
 add blacklist-vk-v4 95.163.248.0/21
 add blacklist-vk-v4 95.163.248.0/22
 add blacklist-vk-v4 95.163.252.0/23
 add blacklist-vk-v4 95.163.254.0/23
 add blacklist-vk-v4 95.163.32.0/19
 add blacklist-vk-v4 95.163.32.0/22
 add blacklist-vk-v4 95.163.36.0/22
 add blacklist-vk-v4 95.163.40.0/21
 add blacklist-vk-v4 95.163.48.0/20
 add blacklist-vk-v4 95.213.0.0/17
 add blacklist-vk-v4 95.213.0.0/20
 add blacklist-vk-v4 95.213.16.0/21
 add blacklist-vk-v4 95.213.24.0/23
 add blacklist-vk-v4 95.213.26.0/24
 add blacklist-vk-v4 95.213.27.0/24
 add blacklist-vk-v4 95.213.28.0/24
 add blacklist-vk-v4 95.213.29.0/24
 add blacklist-vk-v4 95.213.30.0/24
 add blacklist-vk-v4 95.213.31.0/24
 add blacklist-vk-v4 95.213.32.0/24
 add blacklist-vk-v4 95.213.33.0/24
 add blacklist-vk-v4 95.213.34.0/23
 add blacklist-vk-v4 95.213.36.0/22
 add blacklist-vk-v4 95.213.40.0/21
 add blacklist-vk-v4 95.213.48.0/20
 add blacklist-vk-v4 95.213.64.0/18
--- a/blacklists_iptables/blacklist-vk-v6.ipset
+++ b/blacklists_iptables/blacklist-vk-v6.ipset
@@ -0,0 +1,19 @@
 # IPSet blacklist configuration (VK names, IPv6 only)
 # Auto-generated from blacklist-vk-v6.txt
 # Last updated: 2026-03-29 06:56:51 UTC
 #
 # Usage:
 #   1. Load the ipset:
 #      ipset restore < blacklist-vk-v6.ipset
 #
 #   2. Use with iptables/ip6tables:
 #      ip6tables -I OUTPUT -m set --match-set blacklist-vk-v6 dst -j REJECT
 #      ip6tables -I FORWARD -m set --match-set blacklist-vk-v6 dst -j REJECT
 #
 #   3. To flush/delete the set:
 #      ipset flush blacklist-vk-v6
 #      ipset destroy blacklist-vk-v6
 #
 create blacklist-vk-v6 hash:net family inet6 hashsize 1024 maxelem 2
 add blacklist-vk-v6 2a00:bdc0::/29
--- a/blacklists_iptables/blacklist.ipset
+++ b/blacklists_iptables/blacklist.ipset
--- a/blacklists_nftables/README.md
+++ b/blacklists_nftables/README.md
@@ -1,185 +1,52 @@
-# nftables Blacklist Configuration
+# nftables blacklists
-This folder contains nftables blacklist configurations generated from Russian government agency network lists.
+Short: ready-to-use nftables set files (general and VK-only, separated by IPv4/IPv6).
-## Available Files
+## Download links
- `blacklist.nft` - Mixed IPv4/IPv6 blacklist (**daily generated**)
+- https://raw.githubusercontent.com/C24Be/AS_Network_List/refs/heads/main/blacklists_nftables/blacklist.nft
- `blacklist-v4.nft` - IPv4-only blacklist (**daily generated**)
+- https://raw.githubusercontent.com/C24Be/AS_Network_List/refs/heads/main/blacklists_nftables/blacklist-v4.nft
- `blacklist-v6.nft` - IPv6-only blacklist (**daily generated**)
+- https://raw.githubusercontent.com/C24Be/AS_Network_List/refs/heads/main/blacklists_nftables/blacklist-v6.nft
 - https://raw.githubusercontent.com/C24Be/AS_Network_List/refs/heads/main/blacklists_nftables/blacklist-vk.nft
 - https://raw.githubusercontent.com/C24Be/AS_Network_List/refs/heads/main/blacklists_nftables/blacklist-vk-v4.nft
 - https://raw.githubusercontent.com/C24Be/AS_Network_List/refs/heads/main/blacklists_nftables/blacklist-vk-v6.nft
-## Quick Start
+## How to use
-### Download and Load
+### 1) Protect VM from incoming connections (general blacklists)
 ````bash
 # Download the blacklist
 wget https://raw.githubusercontent.com/C24Be/AS_Network_List/main/blacklists_nftables/blacklist.nft
-# Load the configuration
+Load either mixed or split general set files:
 ```bash
 sudo nft -f blacklist.nft
 # or:
 sudo nft -f blacklist-v4.nft
 sudo nft -f blacklist-v6.nft
 ```
-# Verify it's loaded
+Apply rules for inbound traffic to the VM:
 sudo nft list ruleset
 ````
-### Automatic Updates
+```bash
 sudo nft add chain inet filter input '{ type filter hook input priority 0; policy accept; }'
 sudo nft add rule inet filter input ip saddr @blacklist_v4 counter reject
 sudo nft add rule inet filter input ip6 saddr @blacklist_v6 counter reject
 ```
-Add to crontab for daily updates:
+### 2) Block VK outbound traffic for VPN clients via NAT/FORWARD
 ````bash
 0 2 * * * wget -O /etc/nftables.d/blacklist.nft https://raw.githubusercontent.com/C24Be/AS_Network_List/main/blacklists_nftables/blacklist.nft && nft -f /etc/nftables.d/blacklist.nft
 ````
-## Configuration Details
+Load either mixed or split VK set files:
-The generated nftables configuration uses:
+```bash
- **Sets with interval flag** for efficient CIDR matching
+sudo nft -f blacklist-vk.nft
- **Named sets** (`blacklist_v4` and `blacklist_v6`) for easy management
+# or:
- **Counter** directive to track dropped packets
+sudo nft -f blacklist-vk-v4.nft
- **Stateful filtering** to allow established connections
+sudo nft -f blacklist-vk-v6.nft
 ```
-### Configuration Structure
+Apply rules for forwarded client traffic (replace `<VPN_IFACE>`):
 table inet filter {
 set blacklist_v4 {
 type ipv4_addr
 flags interval
 elements = { 1.2.3.0/24, 5.6.7.0/24, ... }
 }
 set blacklist_v6 {
    type ipv6_addr
    flags interval
    elements = { 2001:db8::/32, ... }
 }
-chain input {
+```bash
-    type filter hook input priority 0;
+sudo nft add chain inet filter forward '{ type filter hook forward priority 0; policy accept; }'
-    policy accept;
+sudo nft add rule inet filter forward iifname "<VPN_IFACE>" ip daddr @blacklist_vk_v4 counter reject
-    
+sudo nft add rule inet filter forward iifname "<VPN_IFACE>" ip6 daddr @blacklist_vk_v6 counter reject
-    ct state { established, related } accept
+```
    ip saddr @blacklist_v4 counter drop
    ip6 saddr @blacklist_v6 counter drop
 }
 }
 ## Integration Options
 ### Option 1: Standalone Configuration
 Load the blacklist as a complete ruleset:
 ````bash
 sudo nft -f blacklist.nft
 ````
 ### Option 2: Include in Existing Configuration
 If you have an existing nftables configuration:
 1. Copy only the set definitions from the generated file
 2. Add set lookups to your existing input chain:
 ````bash
 ip saddr @blacklist_v4 counter drop
 ip6 saddr @blacklist_v6 counter drop
 ````
 ### Option 3: Persistent Configuration
 For systemd-based systems:
 ````bash
 # Copy to nftables config directory
 sudo cp blacklist.nft /etc/nftables.d/
 # Edit /etc/nftables.conf to include:
 # include "/etc/nftables.d/blacklist.nft"
 # Enable and restart
 sudo systemctl enable nftables
 sudo systemctl restart nftables
 ````
 ## Checking IPs Against the Blacklist
 Use the `check_nft_blacklist.py` script to verify if an IP is blocked:
 ````bash
 # Check an IPv4 address
 python3 check_nft_blacklist.py blacklist.nft 192.168.1.1
 # Check an IPv6 address
 python3 check_nft_blacklist.py blacklist.nft 2001:db8::1
 ````
 ## Monitoring
 ### View Dropped Packets
 ````bash
 # View all rules with counters
 sudo nft list chain inet filter input -a
 # Monitor in real-time
 sudo nft monitor
 ````
 ### Check Set Contents
 ````bash
 # View IPv4 blacklist
 sudo nft list set inet filter blacklist_v4
 # View IPv6 blacklist
 sudo nft list set inet filter blacklist_v6
 ````
 ## Advantages of nftables
 - **Better Performance**: O(1) lookup time with sets vs O(n) for sequential rules
 - **Lower Memory Usage**: More efficient than iptables for large rulesets
 - **Atomic Updates**: All rules updated in a single transaction
 - **Modern Syntax**: Cleaner, more readable configuration
 - **Unified Tool**: Single tool for IPv4, IPv6, and ARP filtering
 ## File Format Comparison
 | Format | Use Case | Performance | Memory |
 |--------|----------|-------------|--------|
 | **nftables** | Modern firewalls | Excellent | Low |
 | **iptables** | Legacy systems | Good | Medium |
 | **nginx** | Web layer | Good | Low |
 ## Troubleshooting
 ### Configuration Won't Load
 ````bash
 # Check syntax
 sudo nft -c -f blacklist.nft
 # View detailed errors
 sudo nft -f blacklist.nft 2>&1 | less
 ````
 ### Rules Not Blocking Traffic
 ````bash
 # Verify sets are populated
 sudo nft list set inet filter blacklist_v4 | wc -l
 # Check rule priority
 sudo nft list chain inet filter input
 # Test with logging temporarily
 sudo nft add rule inet filter input ip saddr @blacklist_v4 log prefix "BLOCKED: "
 ````
 ### Performance Issues
 If experiencing performance problems with very large sets:
 1. Consider splitting into multiple smaller sets
 2. Use `blacklist-v4.nft` or `blacklist-v6.nft` if only one protocol is needed
 3. Ensure kernel supports nftables fully (Linux 4.0+)
 ## Additional Resources
 - [nftables Wiki](https://wiki.nftables.org/)
 - [nftables Quick Reference](https://wiki.nftables.org/wiki-nftables/index.php/Quick_reference-nftables_in_10_minutes)
 - [Netfilter Documentation](https://www.netfilter.org/documentation/)
 ## Contributing
 Found an issue or have suggestions? Please open an issue or submit a pull request!
--- a/blacklists_nftables/blacklist-v4.nft
+++ b/blacklists_nftables/blacklist-v4.nft
@@ -1,7 +1,14 @@
 # Autogenerated nftables blacklist
-# Generated: 2026-03-04T06:38:45.108423Z
+# Generated: 2026-03-29T06:56:51.790157Z
 # Source: /tmp/blacklist-v4.txt
-# IPv4: 804, IPv6: 0
+# IPv4: 778, IPv6: 0
 #
 # Usage:
 #   sudo nft -f <this-file>
 #   # VM protection from incoming blacklist sources
 #   sudo nft add chain inet filter input '{ type filter hook input priority 0; policy accept; }'
 #   sudo nft add rule inet filter input ip saddr @blacklist_v4 counter reject
 #   sudo nft add rule inet filter input ip6 saddr @blacklist_v6 counter reject
 table inet filter {
@@ -16,7 +23,6 @@ table inet filter {
            5.188.140.0/22,
            31.44.63.64/29,
            31.177.95.0/24,
            31.177.104.0/22,
            37.28.161.48/30,
            37.29.53.16/30,
            37.29.57.52/30,
@@ -28,6 +34,7 @@ table inet filter {
            45.136.20.0/22,
            46.20.70.160/28,
            46.29.152.0/22,
            46.29.156.0/23,
            46.46.142.160/28,
            46.46.148.40/29,
            46.47.197.128/30,
@@ -112,8 +119,6 @@ table inet filter {
            79.133.75.176/30,
            79.137.132.0/24,
            79.137.139.0/24,
            79.137.140.0/24,
            79.137.142.0/24,
            79.137.157.0/24,
            79.137.164.0/24,
            79.137.167.0/24,
@@ -122,9 +127,6 @@ table inet filter {
            79.137.183.0/24,
            79.137.240.0/21,
            79.142.88.0/28,
            79.143.229.0/24,
            79.143.230.0/24,
            79.143.232.0/24,
            80.73.16.0/20,
            80.73.168.80/28,
            80.73.169.244/30,
@@ -166,10 +168,9 @@ table inet filter {
            81.195.125.96/30,
            81.195.148.140/30,
            81.195.150.248/30,
-            81.195.151.0/24,
+            81.195.151.172/30,
            81.195.155.0/30,
            81.195.161.12/30,
            81.195.164.0/24,
            81.195.165.64/28,
            81.195.168.24/30,
            81.195.177.160/30,
@@ -380,15 +381,9 @@ table inet filter {
            90.156.216.0/22,
            90.156.232.0/21,
            91.103.194.184/29,
            91.135.212.0/22,
            91.135.216.0/21,
            91.195.136.0/23,
            91.208.20.0/24,
            91.215.168.0/22,
            91.217.34.0/23,
            91.219.192.0/22,
            91.219.224.0/22,
            91.221.140.0/23,
            91.226.250.0/24,
            91.227.32.0/24,
            91.231.132.0/22,
@@ -442,7 +437,6 @@ table inet filter {
            95.54.193.80/28,
            95.142.192.0/20,
            95.163.32.0/19,
            95.163.133.0/24,
            95.163.180.0/22,
            95.163.208.0/21,
            95.163.216.0/22,
@@ -454,6 +448,7 @@ table inet filter {
            95.167.29.104/29,
            95.167.54.76/30,
            95.167.59.244/30,
            95.167.59.248/30,
            95.167.64.20/30,
            95.167.68.216/29,
            95.167.69.116/30,
@@ -512,8 +507,8 @@ table inet filter {
            176.109.0.0/21,
            176.112.168.0/21,
            176.116.96.0/20,
            176.116.112.0/22,
            178.16.156.148/30,
            178.17.176.0/20,
            178.20.234.224/29,
            178.22.88.0/21,
            178.49.148.176/29,
@@ -558,7 +553,6 @@ table inet filter {
            185.5.136.0/22,
            185.6.244.0/22,
            185.7.234.188/30,
            185.16.8.0/22,
            185.16.148.0/22,
            185.16.244.0/22,
            185.29.128.0/22,
@@ -596,7 +590,6 @@ table inet filter {
            188.247.36.124/30,
            188.247.36.128/28,
            188.247.36.204/30,
            193.33.230.0/23,
            193.47.146.0/24,
            193.203.40.0/22,
            193.232.70.0/24,
@@ -607,7 +600,6 @@ table inet filter {
            194.140.247.0/24,
            194.150.202.0/23,
            194.165.22.0/23,
            194.186.63.0/24,
            194.186.112.80/28,
            194.190.9.0/24,
            194.215.248.0/24,
@@ -654,7 +646,6 @@ table inet filter {
            195.211.20.0/22,
            195.218.175.40/29,
            195.218.190.0/23,
            195.226.203.0/24,
            195.239.80.32/29,
            195.239.113.0/24,
            195.239.247.0/24,
@@ -711,7 +702,6 @@ table inet filter {
            212.57.159.0/24,
            212.59.98.48/29,
            212.59.99.96/27,
            212.111.84.0/22,
            212.119.174.0/23,
            212.120.169.48/29,
            212.120.174.88/29,
@@ -724,10 +714,6 @@ table inet filter {
            212.120.191.120/29,
            212.120.191.248/29,
            212.192.156.0/22,
            212.233.72.0/21,
            212.233.88.0/21,
            212.233.96.0/22,
            212.233.120.0/22,
            213.24.34.0/24,
            213.24.75.0/24,
            213.24.76.0/23,
@@ -768,7 +754,6 @@ table inet filter {
            213.172.27.224/30,
            213.172.27.252/30,
            213.172.30.136/30,
            213.176.232.0/22,
            213.177.111.0/24,
            213.183.253.56/29,
            213.219.212.0/22,
@@ -787,8 +772,7 @@ table inet filter {
            213.243.106.48/28,
            213.243.116.0/24,
            217.16.16.0/20,
-            217.20.86.128/26,
+            217.20.86.128/25,
            217.20.86.232/29,
            217.20.144.0/20,
            217.23.88.168/29,
            217.23.88.248/29,
@@ -798,18 +782,15 @@ table inet filter {
            217.67.177.208/29,
            217.69.128.0/20,
            217.106.0.0/16,
-            217.107.5.8/29,
+            217.107.0.0/18,
            217.107.5.16/28,
            217.107.5.40/29,
            217.107.5.80/28,
            217.107.5.96/29,
            217.107.5.112/29,
            217.107.200.0/21,
            217.107.208.0/20,
            217.147.23.112/28,
            217.148.216.156/30,
            217.148.220.160/29,
            217.172.18.0/23,
-            217.174.188.0/22,
+            217.172.20.0/22,
            217.174.188.0/23,
            217.195.92.16/28,
            217.195.93.144/29,
            217.195.94.200/29
@@ -821,12 +802,4 @@ table inet filter {
        flags interval
    }
    chain input {
        type filter hook input priority 0;
        policy accept;
        ct state { established, related } accept
        ip saddr @blacklist_v4 counter drop
    }
 }
--- a/blacklists_nftables/blacklist-v6.nft
+++ b/blacklists_nftables/blacklist-v6.nft
@@ -1,7 +1,14 @@
 # Autogenerated nftables blacklist
-# Generated: 2026-03-04T06:38:45.140077Z
+# Generated: 2026-03-29T06:56:51.821007Z
 # Source: /tmp/blacklist-v6.txt
-# IPv4: 0, IPv6: 17
+# IPv4: 0, IPv6: 3
 #
 # Usage:
 #   sudo nft -f <this-file>
 #   # VM protection from incoming blacklist sources
 #   sudo nft add chain inet filter input '{ type filter hook input priority 0; policy accept; }'
 #   sudo nft add rule inet filter input ip saddr @blacklist_v4 counter reject
 #   sudo nft add rule inet filter input ip6 saddr @blacklist_v6 counter reject
 table inet filter {
@@ -14,32 +21,10 @@ table inet filter {
        type ipv6_addr
        flags interval
        elements = {
            2a00:1148::/29,
            2a00:46e0::/32,
            2a00:a300::/32,
            2a00:b4c0::/32,
            2a00:bdc0::/33,
            2a00:bdc0:8000::/34,
            2a00:bdc0:c000::/35,
            2a00:bdc0:e002::/47,
            2a00:bdc0:e004::/47,
-            2a00:bdc0:e007::/48,
+            2a00:bdc0:e007::/48
            2a00:bdc0:f000::/36,
            2a00:bdc1::/32,
            2a00:bdc2::/31,
            2a00:bdc4::/30,
            2a14:25c0::/32,
            2a14:25c5::/32,
            2a14:25c6::/31
        }
    }
    chain input {
        type filter hook input priority 0;
        policy accept;
        ct state { established, related } accept
        ip6 saddr @blacklist_v6 counter drop
    }
 }
--- a/blacklists_nftables/blacklist-vk-v4.nft
+++ b/blacklists_nftables/blacklist-vk-v4.nft
@@ -0,0 +1,119 @@
 # Autogenerated nftables blacklist
 # Generated: 2026-03-29T06:56:51.880649Z
 # Source: /home/runner/work/AS_Network_List/AS_Network_List/blacklists/blacklist-vk-v4.txt
 # IPv4: 92, IPv6: 0
 #
 # Usage:
 #   sudo nft -f <this-file>
 #   # VK egress blocking for VPN clients via NAT/FORWARD
 #   sudo nft add chain inet filter forward '{ type filter hook forward priority 0; policy accept; }'
 #   sudo nft add rule inet filter forward iifname "<VPN_IFACE>" ip daddr @blacklist_vk_v4 counter reject
 #   sudo nft add rule inet filter forward iifname "<VPN_IFACE>" ip6 daddr @blacklist_vk_v6 counter reject
 table inet filter {
    set blacklist_vk_v4 {
        type ipv4_addr
        flags interval
        elements = {
            5.61.16.0/21,
            5.61.232.0/21,
            5.101.40.0/22,
            5.181.60.0/22,
            5.188.140.0/22,
            37.139.32.0/22,
            37.139.40.0/22,
            45.84.128.0/22,
            45.136.20.0/22,
            62.217.160.0/20,
            79.137.132.0/24,
            79.137.139.0/24,
            79.137.157.0/24,
            79.137.164.0/24,
            79.137.167.0/24,
            79.137.174.0/23,
            79.137.180.0/24,
            79.137.240.0/21,
            83.166.232.0/21,
            83.166.248.0/21,
            83.217.216.0/22,
            83.222.28.0/22,
            84.23.52.0/22,
            85.114.31.108/30,
            85.192.32.0/22,
            85.198.106.0/23,
            87.239.104.0/21,
            87.240.128.0/18,
            87.242.112.0/22,
            89.208.84.0/22,
            89.208.196.0/22,
            89.208.208.0/22,
            89.208.216.0/21,
            89.208.228.0/22,
            89.221.228.0/22,
            89.221.232.0/21,
            90.156.148.0/22,
            90.156.212.0/22,
            90.156.216.0/22,
            90.156.232.0/21,
            91.219.224.0/22,
            91.231.132.0/22,
            91.237.76.0/24,
            93.153.255.84/30,
            93.186.224.0/20,
            94.100.176.0/20,
            94.139.244.0/22,
            95.142.192.0/20,
            95.163.32.0/19,
            95.163.180.0/22,
            95.163.208.0/21,
            95.163.216.0/22,
            95.163.248.0/21,
            95.213.0.0/17,
            109.120.180.0/22,
            109.120.188.0/22,
            128.140.168.0/21,
            130.49.224.0/19,
            146.185.208.0/22,
            146.185.240.0/22,
            155.212.192.0/20,
            176.112.168.0/21,
            178.22.88.0/21,
            178.237.16.0/20,
            185.5.136.0/22,
            185.6.244.0/22,
            185.16.148.0/22,
            185.16.244.0/22,
            185.29.128.0/22,
            185.32.248.0/22,
            185.86.144.0/22,
            185.100.104.0/22,
            185.130.112.0/22,
            185.131.68.0/22,
            185.180.200.0/22,
            185.187.63.0/24,
            185.226.52.0/22,
            185.241.192.0/22,
            188.93.56.0/21,
            193.203.40.0/22,
            194.84.16.12/30,
            195.211.20.0/22,
            212.111.84.0/22,
            212.233.72.0/21,
            212.233.88.0/21,
            212.233.96.0/22,
            212.233.120.0/22,
            213.219.212.0/22,
            217.16.16.0/20,
            217.20.144.0/20,
            217.69.128.0/20,
            217.174.188.0/23
        }
    }
    set blacklist_vk_v6 {
        type ipv6_addr
        flags interval
    }
 }
--- a/blacklists_nftables/blacklist-vk-v6.nft
+++ b/blacklists_nftables/blacklist-vk-v6.nft
@@ -0,0 +1,28 @@
 # Autogenerated nftables blacklist
 # Generated: 2026-03-29T06:56:51.906867Z
 # Source: /home/runner/work/AS_Network_List/AS_Network_List/blacklists/blacklist-vk-v6.txt
 # IPv4: 0, IPv6: 1
 #
 # Usage:
 #   sudo nft -f <this-file>
 #   # VK egress blocking for VPN clients via NAT/FORWARD
 #   sudo nft add chain inet filter forward '{ type filter hook forward priority 0; policy accept; }'
 #   sudo nft add rule inet filter forward iifname "<VPN_IFACE>" ip daddr @blacklist_vk_v4 counter reject
 #   sudo nft add rule inet filter forward iifname "<VPN_IFACE>" ip6 daddr @blacklist_vk_v6 counter reject
 table inet filter {
    set blacklist_vk_v4 {
        type ipv4_addr
        flags interval
    }
    set blacklist_vk_v6 {
        type ipv6_addr
        flags interval
        elements = {
            2a00:bdc0::/29
        }
    }
 }
--- a/blacklists_nftables/blacklist-vk.nft
+++ b/blacklists_nftables/blacklist-vk.nft
@@ -0,0 +1,122 @@
 # Autogenerated nftables blacklist
 # Generated: 2026-03-29T06:56:51.850694Z
 # Source: /home/runner/work/AS_Network_List/AS_Network_List/blacklists/blacklist-vk.txt
 # IPv4: 92, IPv6: 1
 #
 # Usage:
 #   sudo nft -f <this-file>
 #   # VK egress blocking for VPN clients via NAT/FORWARD
 #   sudo nft add chain inet filter forward '{ type filter hook forward priority 0; policy accept; }'
 #   sudo nft add rule inet filter forward iifname "<VPN_IFACE>" ip daddr @blacklist_vk_v4 counter reject
 #   sudo nft add rule inet filter forward iifname "<VPN_IFACE>" ip6 daddr @blacklist_vk_v6 counter reject
 table inet filter {
    set blacklist_vk_v4 {
        type ipv4_addr
        flags interval
        elements = {
            5.61.16.0/21,
            5.61.232.0/21,
            5.101.40.0/22,
            5.181.60.0/22,
            5.188.140.0/22,
            37.139.32.0/22,
            37.139.40.0/22,
            45.84.128.0/22,
            45.136.20.0/22,
            62.217.160.0/20,
            79.137.132.0/24,
            79.137.139.0/24,
            79.137.157.0/24,
            79.137.164.0/24,
            79.137.167.0/24,
            79.137.174.0/23,
            79.137.180.0/24,
            79.137.240.0/21,
            83.166.232.0/21,
            83.166.248.0/21,
            83.217.216.0/22,
            83.222.28.0/22,
            84.23.52.0/22,
            85.114.31.108/30,
            85.192.32.0/22,
            85.198.106.0/23,
            87.239.104.0/21,
            87.240.128.0/18,
            87.242.112.0/22,
            89.208.84.0/22,
            89.208.196.0/22,
            89.208.208.0/22,
            89.208.216.0/21,
            89.208.228.0/22,
            89.221.228.0/22,
            89.221.232.0/21,
            90.156.148.0/22,
            90.156.212.0/22,
            90.156.216.0/22,
            90.156.232.0/21,
            91.219.224.0/22,
            91.231.132.0/22,
            91.237.76.0/24,
            93.153.255.84/30,
            93.186.224.0/20,
            94.100.176.0/20,
            94.139.244.0/22,
            95.142.192.0/20,
            95.163.32.0/19,
            95.163.180.0/22,
            95.163.208.0/21,
            95.163.216.0/22,
            95.163.248.0/21,
            95.213.0.0/17,
            109.120.180.0/22,
            109.120.188.0/22,
            128.140.168.0/21,
            130.49.224.0/19,
            146.185.208.0/22,
            146.185.240.0/22,
            155.212.192.0/20,
            176.112.168.0/21,
            178.22.88.0/21,
            178.237.16.0/20,
            185.5.136.0/22,
            185.6.244.0/22,
            185.16.148.0/22,
            185.16.244.0/22,
            185.29.128.0/22,
            185.32.248.0/22,
            185.86.144.0/22,
            185.100.104.0/22,
            185.130.112.0/22,
            185.131.68.0/22,
            185.180.200.0/22,
            185.187.63.0/24,
            185.226.52.0/22,
            185.241.192.0/22,
            188.93.56.0/21,
            193.203.40.0/22,
            194.84.16.12/30,
            195.211.20.0/22,
            212.111.84.0/22,
            212.233.72.0/21,
            212.233.88.0/21,
            212.233.96.0/22,
            212.233.120.0/22,
            213.219.212.0/22,
            217.16.16.0/20,
            217.20.144.0/20,
            217.69.128.0/20,
            217.174.188.0/23
        }
    }
    set blacklist_vk_v6 {
        type ipv6_addr
        flags interval
        elements = {
            2a00:bdc0::/29
        }
    }
 }
--- a/blacklists_nftables/blacklist.nft
+++ b/blacklists_nftables/blacklist.nft
@@ -1,7 +1,14 @@
 # Autogenerated nftables blacklist
-# Generated: 2026-03-04T06:38:45.058019Z
+# Generated: 2026-03-29T06:56:51.740005Z
 # Source: /home/runner/work/AS_Network_List/AS_Network_List/blacklists/blacklist.txt
-# IPv4: 804, IPv6: 17
+# IPv4: 778, IPv6: 3
 #
 # Usage:
 #   sudo nft -f <this-file>
 #   # VM protection from incoming blacklist sources
 #   sudo nft add chain inet filter input '{ type filter hook input priority 0; policy accept; }'
 #   sudo nft add rule inet filter input ip saddr @blacklist_v4 counter reject
 #   sudo nft add rule inet filter input ip6 saddr @blacklist_v6 counter reject
 table inet filter {
@@ -16,7 +23,6 @@ table inet filter {
            5.188.140.0/22,
            31.44.63.64/29,
            31.177.95.0/24,
            31.177.104.0/22,
            37.28.161.48/30,
            37.29.53.16/30,
            37.29.57.52/30,
@@ -28,6 +34,7 @@ table inet filter {
            45.136.20.0/22,
            46.20.70.160/28,
            46.29.152.0/22,
            46.29.156.0/23,
            46.46.142.160/28,
            46.46.148.40/29,
            46.47.197.128/30,
@@ -112,8 +119,6 @@ table inet filter {
            79.133.75.176/30,
            79.137.132.0/24,
            79.137.139.0/24,
            79.137.140.0/24,
            79.137.142.0/24,
            79.137.157.0/24,
            79.137.164.0/24,
            79.137.167.0/24,
@@ -122,9 +127,6 @@ table inet filter {
            79.137.183.0/24,
            79.137.240.0/21,
            79.142.88.0/28,
            79.143.229.0/24,
            79.143.230.0/24,
            79.143.232.0/24,
            80.73.16.0/20,
            80.73.168.80/28,
            80.73.169.244/30,
@@ -166,10 +168,9 @@ table inet filter {
            81.195.125.96/30,
            81.195.148.140/30,
            81.195.150.248/30,
-            81.195.151.0/24,
+            81.195.151.172/30,
            81.195.155.0/30,
            81.195.161.12/30,
            81.195.164.0/24,
            81.195.165.64/28,
            81.195.168.24/30,
            81.195.177.160/30,
@@ -380,15 +381,9 @@ table inet filter {
            90.156.216.0/22,
            90.156.232.0/21,
            91.103.194.184/29,
            91.135.212.0/22,
            91.135.216.0/21,
            91.195.136.0/23,
            91.208.20.0/24,
            91.215.168.0/22,
            91.217.34.0/23,
            91.219.192.0/22,
            91.219.224.0/22,
            91.221.140.0/23,
            91.226.250.0/24,
            91.227.32.0/24,
            91.231.132.0/22,
@@ -442,7 +437,6 @@ table inet filter {
            95.54.193.80/28,
            95.142.192.0/20,
            95.163.32.0/19,
            95.163.133.0/24,
            95.163.180.0/22,
            95.163.208.0/21,
            95.163.216.0/22,
@@ -454,6 +448,7 @@ table inet filter {
            95.167.29.104/29,
            95.167.54.76/30,
            95.167.59.244/30,
            95.167.59.248/30,
            95.167.64.20/30,
            95.167.68.216/29,
            95.167.69.116/30,
@@ -512,8 +507,8 @@ table inet filter {
            176.109.0.0/21,
            176.112.168.0/21,
            176.116.96.0/20,
            176.116.112.0/22,
            178.16.156.148/30,
            178.17.176.0/20,
            178.20.234.224/29,
            178.22.88.0/21,
            178.49.148.176/29,
@@ -558,7 +553,6 @@ table inet filter {
            185.5.136.0/22,
            185.6.244.0/22,
            185.7.234.188/30,
            185.16.8.0/22,
            185.16.148.0/22,
            185.16.244.0/22,
            185.29.128.0/22,
@@ -596,7 +590,6 @@ table inet filter {
            188.247.36.124/30,
            188.247.36.128/28,
            188.247.36.204/30,
            193.33.230.0/23,
            193.47.146.0/24,
            193.203.40.0/22,
            193.232.70.0/24,
@@ -607,7 +600,6 @@ table inet filter {
            194.140.247.0/24,
            194.150.202.0/23,
            194.165.22.0/23,
            194.186.63.0/24,
            194.186.112.80/28,
            194.190.9.0/24,
            194.215.248.0/24,
@@ -654,7 +646,6 @@ table inet filter {
            195.211.20.0/22,
            195.218.175.40/29,
            195.218.190.0/23,
            195.226.203.0/24,
            195.239.80.32/29,
            195.239.113.0/24,
            195.239.247.0/24,
@@ -711,7 +702,6 @@ table inet filter {
            212.57.159.0/24,
            212.59.98.48/29,
            212.59.99.96/27,
            212.111.84.0/22,
            212.119.174.0/23,
            212.120.169.48/29,
            212.120.174.88/29,
@@ -724,10 +714,6 @@ table inet filter {
            212.120.191.120/29,
            212.120.191.248/29,
            212.192.156.0/22,
            212.233.72.0/21,
            212.233.88.0/21,
            212.233.96.0/22,
            212.233.120.0/22,
            213.24.34.0/24,
            213.24.75.0/24,
            213.24.76.0/23,
@@ -768,7 +754,6 @@ table inet filter {
            213.172.27.224/30,
            213.172.27.252/30,
            213.172.30.136/30,
            213.176.232.0/22,
            213.177.111.0/24,
            213.183.253.56/29,
            213.219.212.0/22,
@@ -787,8 +772,7 @@ table inet filter {
            213.243.106.48/28,
            213.243.116.0/24,
            217.16.16.0/20,
-            217.20.86.128/26,
+            217.20.86.128/25,
            217.20.86.232/29,
            217.20.144.0/20,
            217.23.88.168/29,
            217.23.88.248/29,
@@ -798,18 +782,15 @@ table inet filter {
            217.67.177.208/29,
            217.69.128.0/20,
            217.106.0.0/16,
-            217.107.5.8/29,
+            217.107.0.0/18,
            217.107.5.16/28,
            217.107.5.40/29,
            217.107.5.80/28,
            217.107.5.96/29,
            217.107.5.112/29,
            217.107.200.0/21,
            217.107.208.0/20,
            217.147.23.112/28,
            217.148.216.156/30,
            217.148.220.160/29,
            217.172.18.0/23,
-            217.174.188.0/22,
+            217.172.20.0/22,
            217.174.188.0/23,
            217.195.92.16/28,
            217.195.93.144/29,
            217.195.94.200/29
@@ -820,33 +801,10 @@ table inet filter {
        type ipv6_addr
        flags interval
        elements = {
            2a00:1148::/29,
            2a00:46e0::/32,
            2a00:a300::/32,
            2a00:b4c0::/32,
            2a00:bdc0::/33,
            2a00:bdc0:8000::/34,
            2a00:bdc0:c000::/35,
            2a00:bdc0:e002::/47,
            2a00:bdc0:e004::/47,
-            2a00:bdc0:e007::/48,
+            2a00:bdc0:e007::/48
            2a00:bdc0:f000::/36,
            2a00:bdc1::/32,
            2a00:bdc2::/31,
            2a00:bdc4::/30,
            2a14:25c0::/32,
            2a14:25c5::/32,
            2a14:25c6::/31
        }
    }
    chain input {
        type filter hook input priority 0;
        policy accept;
        ct state { established, related } accept
        ip saddr @blacklist_v4 counter drop
        ip6 saddr @blacklist_v6 counter drop
    }
 }
--- a/blacklists_nginx/.keep
+++ b/blacklists_nginx/.keep
--- a/blacklists_nginx/README.md
+++ b/blacklists_nginx/README.md
@@ -1,302 +1,24 @@
-# Nginx Blacklist Configurations
+# nginx blacklists
-Auto-generated nginx configuration files for blocking networks and IP addresses.
+Short: ready-to-use deny lists for nginx (mixed, IPv4-only, and IPv6-only).
-## Available Files
+## Download links
-### Mixed IPv4/IPv6
+- https://raw.githubusercontent.com/C24Be/AS_Network_List/refs/heads/main/blacklists_nginx/blacklist.conf
 - https://raw.githubusercontent.com/C24Be/AS_Network_List/refs/heads/main/blacklists_nginx/blacklist-v4.conf
 - https://raw.githubusercontent.com/C24Be/AS_Network_List/refs/heads/main/blacklists_nginx/blacklist-v6.conf
- **`blacklist.conf`** - Contains both IPv4 and IPv6 deny rules (809 entries)
+## How to use
-### IPv4 Only
+1. Download one file (`blacklist.conf`, `blacklist-v4.conf`, or `blacklist-v6.conf`).
-
+2. Include it in your `server` or `location` block:
 - **`blacklist-v4.conf`** - Contains only IPv4 deny rules (806 entries)
 ### IPv6 Only
 - **`blacklist-v6.conf`** - Contains only IPv6 deny rules (3 entries)
 ## Usage
 ### Basic Usage
 Include the desired configuration file in your nginx `server` or `location` block:
 ```nginx
-server {
+include /etc/nginx/blacklist.conf;
    listen 80;
    server_name example.com;
    # Include the blacklist
    include /path/to/blacklist.conf;
    location / {
        # your configuration
    }
 }
 ```
-### Separate IPv4/IPv6 Files
+3. Test and reload nginx:
 For more granular control, use separate files:
 ```nginx
 server {
    listen 80;
    listen [::]:80;
    server_name example.com;
    # Include both IPv4 and IPv6 blacklists
    include /path/to/blacklist-v4.conf;
    include /path/to/blacklist-v6.conf;
    location / {
        # your configuration
    }
 }
 ```
 ### HTTP Block Level
 Apply the blacklist globally to all virtual hosts:
 ```nginx
 http {
    # Apply blacklist globally
    include /path/to/blacklist.conf;
    server {
        listen 80;
        server_name example.com;
        # ...
    }
    server {
        listen 80;
        server_name another.com;
        # ...
    }
 }
 ```
 ### Location Block Level
 For selective blocking within specific locations:
 ```nginx
 server {
    listen 80;
    server_name example.com;
    location /admin {
        # Apply blacklist only to admin area
        include /path/to/blacklist.conf;
        # ...
    }
    location /public {
        # Public area without blacklist
        # ...
    }
 }
 ```
 ## Testing Configuration
 After adding the blacklist, always test your nginx configuration:
 ```bash
-# Test configuration
+sudo nginx -t && sudo systemctl reload nginx
 nginx -t
 # Reload nginx if test passes
 nginx -s reload
 # or
 systemctl reload nginx
 ```
 ## Custom Response
 By default, denied IPs receive a connection drop. To customize the response:
 ```nginx
 server {
    listen 80;
    server_name example.com;
    # Return custom error page
    error_page 403 /403.html;
    include /path/to/blacklist.conf;
    location = /403.html {
        root /usr/share/nginx/html;
        internal;
    }
 }
 ```
 Note: For large blacklists, using `deny` directives (as in these files) is more efficient than `if` statements.
 ## Performance Considerations
 - **Deny directives** are processed in order and stop at the first match
 - For optimal performance, most frequently matched IPs should be at the top
 - Current files are sorted for consistency
 - Nginx handles hundreds of deny rules efficiently
 - For very large blacklists (10,000+ entries), consider using:
  - Nginx GeoIP2 module for geographic blocking
  - nftables/iptables at the firewall level for better performance
  - Stream module for TCP/UDP level blocking
 ## Integration Examples
 ### Docker Deployment
 ```dockerfile
 FROM nginx:alpine
 # Copy blacklist
 COPY blacklist.conf /etc/nginx/blacklist.conf
 # Copy nginx config that includes the blacklist
 COPY nginx.conf /etc/nginx/nginx.conf
 EXPOSE 80 443
 CMD ["nginx", "-g", "daemon off;"]
 ```
 ### Kubernetes ConfigMap
 ```yaml
 apiVersion: v1
 kind: ConfigMap
 metadata:
  name: nginx-blacklist
 data:
  blacklist.conf: |
    # Include blacklist content here
    deny 109.124.119.88/29;
    deny 109.124.66.128/30;
    # ...
 ```
 ### Automated Updates
 Set up a cron job to automatically fetch the latest blacklist:
 ```bash
 #!/bin/bash
 # /etc/cron.daily/update-nginx-blacklist
 # Download latest blacklist
 wget -q https://raw.githubusercontent.com/C24Be/AS_Network_List/main/blacklists_nginx/blacklist.conf \
  -O /etc/nginx/blacklist.conf.new
 # Test nginx configuration
 nginx -t -c /etc/nginx/nginx.conf
 # If test passes, reload nginx
 if [ $? -eq 0 ]; then
    mv /etc/nginx/blacklist.conf.new /etc/nginx/blacklist.conf
    systemctl reload nginx
    echo "Blacklist updated successfully"
 else
    rm /etc/nginx/blacklist.conf.new
    echo "Nginx config test failed, blacklist not updated"
 fi
 ```
 ## Logging Blocked Requests
 To log denied requests:
 ```nginx
 server {
    listen 80;
    server_name example.com;
    # Custom log format for denied IPs
    log_format blocked '$remote_addr - $remote_user [$time_local] '
                      '"$request" 403 0 '
                      '"$http_referer" "$http_user_agent"';
    access_log /var/log/nginx/blocked.log blocked;
    include /path/to/blacklist.conf;
    location / {
        # your configuration
    }
 }
 ```
 ## Monitoring
 Check how many IPs are being blocked:
 ```bash
 # Count deny rules
 grep -c "deny" /path/to/blacklist.conf
 # Check blocked access logs
 tail -f /var/log/nginx/blocked.log
 # Count blocked requests today
 grep "$(date +%d/%b/%Y)" /var/log/nginx/access.log | grep " 403 " | wc -l
 ```
 ## Troubleshooting
 ### Configuration Test Fails
 ```bash
 # Check syntax
 nginx -t
 # Check for duplicate includes
 grep -r "include.*blacklist" /etc/nginx/
 # Verify file permissions
 ls -l /path/to/blacklist.conf
 ```
 ### Legitimate Users Blocked
 Check if their IP is in the blacklist:
 ```bash
 grep "YOUR_IP" /path/to/blacklist.conf
 ```
 Whitelist specific IPs before applying the blacklist:
 ```nginx
 server {
    listen 80;
    server_name example.com;
    # Whitelist before blacklist
    allow 192.168.1.100;  # Trusted IP
    # Then apply blacklist
    include /path/to/blacklist.conf;
    # Deny all others not explicitly allowed
    # deny all;  # Optional
 }
 ```
 ## Automatic Updates
 These files are automatically regenerated daily when the blacklists are updated via the GitHub Actions workflow.
 ## Source
 Generated from the blacklist files in the `blacklists/` directory by `blacklists_updater_nginx.sh`.
 ## See Also
 - [IPTables/IPSet Format](../blacklists_iptables/README.md) - For firewall-level blocking
 - [Text Format](../blacklists/README.md) - For custom integrations
 - [Main Repository](https://github.com/C24Be/AS_Network_List) - Complete documentation
--- a/blacklists_nginx/blacklist-v4.conf
+++ b/blacklists_nginx/blacklist-v4.conf
@@ -1,6 +1,6 @@
 # Nginx blacklist configuration (IPv4 only)
 # Auto-generated from blacklist-v4.txt
-# Last updated: 2026-03-04 06:38:44 UTC
+# Last updated: 2026-03-29 06:56:50 UTC
 #
 # Usage: Include this file in your nginx server or location block:
 #   include /path/to/blacklist-v4.conf;
@@ -38,7 +38,6 @@ deny 128.140.168.0/23;
 deny 128.140.170.0/24;
 deny 128.140.171.0/24;
 deny 128.140.172.0/22;
 deny 128.140.173.0/24;
 deny 130.49.224.0/19;
 deny 145.255.238.240/28;
 deny 146.185.208.0/22;
@@ -51,14 +50,9 @@ deny 149.62.55.240/30;
 deny 155.212.192.0/20;
 deny 176.109.0.0/21;
 deny 176.112.168.0/21;
 deny 176.116.112.0/22;
 deny 176.116.96.0/20;
 deny 178.16.156.148/30;
 deny 178.17.176.0/23;
 deny 178.17.178.0/23;
 deny 178.17.180.0/23;
 deny 178.17.182.0/23;
 deny 178.17.184.0/22;
 deny 178.17.188.0/22;
 deny 178.20.234.224/29;
 deny 178.22.88.0/21;
 deny 178.22.89.64/26;
@@ -73,7 +67,6 @@ deny 178.237.24.0/24;
 deny 178.237.240.0/20;
 deny 178.237.248.0/21;
 deny 178.237.28.0/24;
 deny 178.237.29.0/24;
 deny 178.237.30.0/23;
 deny 178.248.232.137/32;
 deny 178.248.232.60/32;
@@ -120,21 +113,16 @@ deny 185.130.112.0/22;
 deny 185.130.112.0/23;
 deny 185.130.114.0/23;
 deny 185.131.68.0/22;
 deny 185.131.68.0/23;
 deny 185.149.160.0/24;
 deny 185.149.161.0/24;
 deny 185.149.162.0/24;
 deny 185.149.163.0/24;
 deny 185.16.10.0/23;
 deny 185.16.148.0/22;
 deny 185.16.148.0/23;
 deny 185.16.150.0/23;
 deny 185.16.244.0/22;
 deny 185.16.244.0/23;
 deny 185.16.246.0/23;
 deny 185.16.246.0/24;
 deny 185.16.247.0/24;
 deny 185.16.8.0/23;
 deny 185.168.60.0/24;
 deny 185.168.61.0/24;
 deny 185.168.62.0/24;
@@ -207,14 +195,12 @@ deny 188.93.61.0/24;
 deny 188.93.62.0/24;
 deny 193.203.40.0/22;
 deny 193.232.70.0/24;
 deny 193.33.230.0/23;
 deny 193.47.146.0/24;
 deny 194.140.247.0/25;
 deny 194.140.247.128/25;
 deny 194.150.202.0/23;
 deny 194.165.22.0/23;
 deny 194.186.112.80/28;
 deny 194.186.63.0/24;
 deny 194.190.9.0/24;
 deny 194.215.248.0/24;
 deny 194.226.116.0/22;
@@ -251,7 +237,6 @@ deny 195.211.22.0/24;
 deny 195.211.23.0/24;
 deny 195.218.175.40/29;
 deny 195.218.190.0/23;
 deny 195.226.203.0/24;
 deny 195.239.113.0/24;
 deny 195.239.247.0/24;
 deny 195.239.80.32/29;
@@ -272,7 +257,6 @@ deny 195.98.38.16/28;
 deny 195.98.43.104/29;
 deny 195.98.73.56/29;
 deny 195.98.77.100/30;
 deny 212.111.84.0/22;
 deny 212.119.174.0/24;
 deny 212.119.175.0/24;
 deny 212.120.169.48/29;
@@ -298,10 +282,6 @@ deny 212.17.9.144/28;
 deny 212.192.156.0/22;
 deny 212.23.85.48/30;
 deny 212.23.85.56/29;
 deny 212.233.120.0/22;
 deny 212.233.72.0/21;
 deny 212.233.88.0/21;
 deny 212.233.96.0/22;
 deny 212.32.198.64/29;
 deny 212.48.134.192/26;
 deny 212.48.138.240/28;
@@ -406,8 +386,6 @@ deny 213.172.27.224/30;
 deny 213.172.27.252/30;
 deny 213.172.30.136/30;
 deny 213.172.4.192/26;
 deny 213.176.232.0/23;
 deny 213.176.234.0/23;
 deny 213.177.111.0/24;
 deny 213.183.253.56/29;
 deny 213.219.212.0/22;
@@ -463,7 +441,9 @@ deny 217.106.203.240/29;
 deny 217.106.203.88/29;
 deny 217.106.93.192/26;
 deny 217.106.95.112/28;
 deny 217.107.0.0/18;
 deny 217.107.200.0/21;
 deny 217.107.208.0/20;
 deny 217.107.5.112/29;
 deny 217.107.5.16/29;
 deny 217.107.5.24/29;
@@ -479,7 +459,7 @@ deny 217.16.16.0/20;
 deny 217.16.16.0/21;
 deny 217.16.24.0/21;
 deny 217.172.18.0/23;
-deny 217.174.188.0/22;
+deny 217.172.20.0/22;
 deny 217.174.188.0/23;
 deny 217.195.92.16/28;
 deny 217.195.93.144/29;
@@ -494,7 +474,10 @@ deny 217.20.156.0/23;
 deny 217.20.158.0/24;
 deny 217.20.159.0/24;
 deny 217.20.86.128/26;
 deny 217.20.86.192/27;
 deny 217.20.86.224/29;
 deny 217.20.86.232/29;
 deny 217.20.86.240/28;
 deny 217.23.88.168/29;
 deny 217.23.88.248/29;
 deny 217.27.142.176/30;
@@ -503,9 +486,7 @@ deny 217.65.219.160/29;
 deny 217.67.177.208/29;
 deny 217.69.128.0/20;
 deny 217.69.128.0/21;
 deny 217.69.132.0/24;
 deny 217.69.136.0/21;
 deny 31.177.104.0/22;
 deny 31.177.95.0/24;
 deny 31.44.63.64/29;
 deny 37.139.32.0/22;
@@ -528,6 +509,7 @@ deny 45.84.130.0/23;
 deny 46.20.70.160/28;
 deny 46.228.0.232/29;
 deny 46.29.152.0/22;
 deny 46.29.156.0/23;
 deny 46.46.142.160/28;
 deny 46.46.148.40/29;
 deny 46.47.197.128/30;
@@ -639,9 +621,6 @@ deny 79.137.132.128/25;
 deny 79.137.139.0/24;
 deny 79.137.139.0/25;
 deny 79.137.139.128/25;
 deny 79.137.140.0/24;
 deny 79.137.142.0/24;
 deny 79.137.157.0/24;
 deny 79.137.157.0/25;
 deny 79.137.157.128/25;
 deny 79.137.164.0/24;
@@ -661,9 +640,6 @@ deny 79.137.240.0/21;
 deny 79.137.240.0/22;
 deny 79.137.244.0/22;
 deny 79.142.88.0/28;
 deny 79.143.229.0/24;
 deny 79.143.230.0/24;
 deny 79.143.232.0/24;
 deny 80.237.11.88/29;
 deny 80.237.39.112/29;
 deny 80.237.98.80/28;
@@ -673,8 +649,6 @@ deny 80.247.46.0/24;
 deny 80.254.100.40/29;
 deny 80.254.119.168/29;
 deny 80.73.16.0/20;
 deny 80.73.16.0/21;
 deny 80.73.16.0/24;
 deny 80.73.168.80/28;
 deny 80.73.169.244/30;
 deny 80.82.43.24/29;
@@ -698,11 +672,9 @@ deny 81.195.124.52/30;
 deny 81.195.125.96/30;
 deny 81.195.148.140/30;
 deny 81.195.150.248/30;
 deny 81.195.151.0/24;
 deny 81.195.151.172/30;
 deny 81.195.155.0/30;
 deny 81.195.161.12/30;
 deny 81.195.164.0/24;
 deny 81.195.165.64/28;
 deny 81.195.168.24/30;
 deny 81.195.177.160/30;
@@ -881,8 +853,6 @@ deny 87.239.108.0/22;
 deny 87.240.128.0/18;
 deny 87.240.128.0/19;
 deny 87.240.160.0/19;
 deny 87.240.166.0/24;
 deny 87.240.167.0/24;
 deny 87.242.112.0/22;
 deny 87.245.133.0/24;
 deny 87.249.16.32/28;
@@ -950,9 +920,6 @@ deny 89.21.140.104/29;
 deny 89.21.152.104/29;
 deny 89.221.228.0/22;
 deny 89.221.232.0/21;
 deny 89.221.232.0/22;
 deny 89.221.235.0/24;
 deny 89.221.236.0/22;
 deny 89.28.253.168/29;
 deny 89.28.255.56/29;
 deny 90.150.176.52/30;
@@ -975,7 +942,6 @@ deny 90.150.189.32/29;
 deny 90.156.148.0/22;
 deny 90.156.148.0/23;
 deny 90.156.150.0/23;
 deny 90.156.151.0/24;
 deny 90.156.212.0/22;
 deny 90.156.212.0/23;
 deny 90.156.214.0/23;
@@ -984,25 +950,12 @@ deny 90.156.216.0/23;
 deny 90.156.218.0/23;
 deny 90.156.232.0/21;
 deny 91.103.194.184/29;
 deny 91.135.212.0/22;
 deny 91.135.216.0/21;
 deny 91.135.220.0/24;
 deny 91.135.221.0/24;
 deny 91.195.136.0/23;
 deny 91.208.20.0/24;
 deny 91.215.168.0/22;
 deny 91.217.34.0/23;
 deny 91.219.192.0/22;
 deny 91.219.224.0/22;
 deny 91.221.140.0/23;
 deny 91.221.140.0/24;
 deny 91.221.141.0/24;
 deny 91.226.250.0/24;
 deny 91.227.32.0/24;
 deny 91.231.132.0/22;
 deny 91.231.132.0/24;
 deny 91.231.133.0/24;
 deny 91.231.134.0/24;
 deny 91.237.76.0/24;
 deny 92.101.253.152/29;
 deny 92.101.253.96/29;
@@ -1047,7 +1000,6 @@ deny 94.100.184.0/21;
 deny 94.124.192.192/29;
 deny 94.139.244.0/22;
 deny 94.139.244.0/23;
 deny 94.139.244.0/24;
 deny 94.139.246.0/23;
 deny 94.199.64.0/21;
 deny 94.25.119.228/30;
@@ -1064,9 +1016,6 @@ deny 95.142.200.0/21;
 deny 95.142.201.0/24;
 deny 95.142.202.0/24;
 deny 95.142.203.0/24;
 deny 95.142.204.0/23;
 deny 95.142.207.0/24;
 deny 95.163.133.0/24;
 deny 95.163.180.0/22;
 deny 95.163.180.0/23;
 deny 95.163.182.0/23;
@@ -1104,6 +1053,7 @@ deny 95.167.5.64/28;
 deny 95.167.5.80/28;
 deny 95.167.54.76/30;
 deny 95.167.59.244/30;
 deny 95.167.59.248/30;
 deny 95.167.64.20/30;
 deny 95.167.68.216/29;
 deny 95.167.69.116/30;
@@ -1121,7 +1071,6 @@ deny 95.173.128.0/19;
 deny 95.173.128.0/20;
 deny 95.173.144.0/20;
 deny 95.213.0.0/17;
 deny 95.213.0.0/18;
 deny 95.213.0.0/20;
 deny 95.213.16.0/21;
 deny 95.213.24.0/23;
@@ -1136,8 +1085,6 @@ deny 95.213.33.0/24;
 deny 95.213.34.0/23;
 deny 95.213.36.0/22;
 deny 95.213.40.0/21;
 deny 95.213.44.0/24;
 deny 95.213.45.0/24;
 deny 95.213.48.0/20;
 deny 95.213.64.0/18;
 deny 95.53.248.0/29;
--- a/blacklists_nginx/blacklist-v6.conf
+++ b/blacklists_nginx/blacklist-v6.conf
@@ -1,31 +1,14 @@
 # Nginx blacklist configuration (IPv6 only)
 # Auto-generated from blacklist-v6.txt
-# Last updated: 2026-03-04 06:38:44 UTC
+# Last updated: 2026-03-29 06:56:50 UTC
 #
 # Usage: Include this file in your nginx server or location block:
 #   include /path/to/blacklist-v6.conf;
 #
 deny 2a00:1148::/29;
 deny 2a00:1148::/32;
 deny 2a00:46e0:2::/48;
 deny 2a00:46e0::/32;
 deny 2a00:a300::/32;
 deny 2a00:b4c0::/32;
 deny 2a00:bdc0:8000::/34;
 deny 2a00:bdc0::/33;
 deny 2a00:bdc0:c000::/35;
 deny 2a00:bdc0:e002::/48;
 deny 2a00:bdc0:e003::/48;
 deny 2a00:bdc0:e004::/48;
 deny 2a00:bdc0:e005::/48;
 deny 2a00:bdc0:e007::/48;
 deny 2a00:bdc0:f000::/36;
 deny 2a00:bdc1::/32;
 deny 2a00:bdc2::/31;
 deny 2a00:bdc4::/30;
 deny 2a14:25c0::/32;
 deny 2a14:25c5::/32;
 deny 2a14:25c6::/32;
 deny 2a14:25c7::/32;
--- a/blacklists_nginx/blacklist.conf
+++ b/blacklists_nginx/blacklist.conf
@@ -1,6 +1,6 @@
 # Nginx blacklist configuration (mixed IPv4/IPv6)
 # Auto-generated from blacklist.txt
-# Last updated: 2026-03-04 06:38:44 UTC
+# Last updated: 2026-03-29 06:56:50 UTC
 #
 # Usage: Include this file in your nginx server or location block:
 #   include /path/to/blacklist.conf;
@@ -38,7 +38,6 @@ deny 128.140.168.0/23;
 deny 128.140.170.0/24;
 deny 128.140.171.0/24;
 deny 128.140.172.0/22;
 deny 128.140.173.0/24;
 deny 130.49.224.0/19;
 deny 145.255.238.240/28;
 deny 146.185.208.0/22;
@@ -51,14 +50,9 @@ deny 149.62.55.240/30;
 deny 155.212.192.0/20;
 deny 176.109.0.0/21;
 deny 176.112.168.0/21;
 deny 176.116.112.0/22;
 deny 176.116.96.0/20;
 deny 178.16.156.148/30;
 deny 178.17.176.0/23;
 deny 178.17.178.0/23;
 deny 178.17.180.0/23;
 deny 178.17.182.0/23;
 deny 178.17.184.0/22;
 deny 178.17.188.0/22;
 deny 178.20.234.224/29;
 deny 178.22.88.0/21;
 deny 178.22.89.64/26;
@@ -73,7 +67,6 @@ deny 178.237.24.0/24;
 deny 178.237.240.0/20;
 deny 178.237.248.0/21;
 deny 178.237.28.0/24;
 deny 178.237.29.0/24;
 deny 178.237.30.0/23;
 deny 178.248.232.137/32;
 deny 178.248.232.60/32;
@@ -120,21 +113,16 @@ deny 185.130.112.0/22;
 deny 185.130.112.0/23;
 deny 185.130.114.0/23;
 deny 185.131.68.0/22;
 deny 185.131.68.0/23;
 deny 185.149.160.0/24;
 deny 185.149.161.0/24;
 deny 185.149.162.0/24;
 deny 185.149.163.0/24;
 deny 185.16.10.0/23;
 deny 185.16.148.0/22;
 deny 185.16.148.0/23;
 deny 185.16.150.0/23;
 deny 185.16.244.0/22;
 deny 185.16.244.0/23;
 deny 185.16.246.0/23;
 deny 185.16.246.0/24;
 deny 185.16.247.0/24;
 deny 185.16.8.0/23;
 deny 185.168.60.0/24;
 deny 185.168.61.0/24;
 deny 185.168.62.0/24;
@@ -207,14 +195,12 @@ deny 188.93.61.0/24;
 deny 188.93.62.0/24;
 deny 193.203.40.0/22;
 deny 193.232.70.0/24;
 deny 193.33.230.0/23;
 deny 193.47.146.0/24;
 deny 194.140.247.0/25;
 deny 194.140.247.128/25;
 deny 194.150.202.0/23;
 deny 194.165.22.0/23;
 deny 194.186.112.80/28;
 deny 194.186.63.0/24;
 deny 194.190.9.0/24;
 deny 194.215.248.0/24;
 deny 194.226.116.0/22;
@@ -251,7 +237,6 @@ deny 195.211.22.0/24;
 deny 195.211.23.0/24;
 deny 195.218.175.40/29;
 deny 195.218.190.0/23;
 deny 195.226.203.0/24;
 deny 195.239.113.0/24;
 deny 195.239.247.0/24;
 deny 195.239.80.32/29;
@@ -272,7 +257,6 @@ deny 195.98.38.16/28;
 deny 195.98.43.104/29;
 deny 195.98.73.56/29;
 deny 195.98.77.100/30;
 deny 212.111.84.0/22;
 deny 212.119.174.0/24;
 deny 212.119.175.0/24;
 deny 212.120.169.48/29;
@@ -298,10 +282,6 @@ deny 212.17.9.144/28;
 deny 212.192.156.0/22;
 deny 212.23.85.48/30;
 deny 212.23.85.56/29;
 deny 212.233.120.0/22;
 deny 212.233.72.0/21;
 deny 212.233.88.0/21;
 deny 212.233.96.0/22;
 deny 212.32.198.64/29;
 deny 212.48.134.192/26;
 deny 212.48.138.240/28;
@@ -406,8 +386,6 @@ deny 213.172.27.224/30;
 deny 213.172.27.252/30;
 deny 213.172.30.136/30;
 deny 213.172.4.192/26;
 deny 213.176.232.0/23;
 deny 213.176.234.0/23;
 deny 213.177.111.0/24;
 deny 213.183.253.56/29;
 deny 213.219.212.0/22;
@@ -463,7 +441,9 @@ deny 217.106.203.240/29;
 deny 217.106.203.88/29;
 deny 217.106.93.192/26;
 deny 217.106.95.112/28;
 deny 217.107.0.0/18;
 deny 217.107.200.0/21;
 deny 217.107.208.0/20;
 deny 217.107.5.112/29;
 deny 217.107.5.16/29;
 deny 217.107.5.24/29;
@@ -479,7 +459,7 @@ deny 217.16.16.0/20;
 deny 217.16.16.0/21;
 deny 217.16.24.0/21;
 deny 217.172.18.0/23;
-deny 217.174.188.0/22;
+deny 217.172.20.0/22;
 deny 217.174.188.0/23;
 deny 217.195.92.16/28;
 deny 217.195.93.144/29;
@@ -494,7 +474,10 @@ deny 217.20.156.0/23;
 deny 217.20.158.0/24;
 deny 217.20.159.0/24;
 deny 217.20.86.128/26;
 deny 217.20.86.192/27;
 deny 217.20.86.224/29;
 deny 217.20.86.232/29;
 deny 217.20.86.240/28;
 deny 217.23.88.168/29;
 deny 217.23.88.248/29;
 deny 217.27.142.176/30;
@@ -503,31 +486,12 @@ deny 217.65.219.160/29;
 deny 217.67.177.208/29;
 deny 217.69.128.0/20;
 deny 217.69.128.0/21;
 deny 217.69.132.0/24;
 deny 217.69.136.0/21;
 deny 2a00:1148::/29;
 deny 2a00:1148::/32;
 deny 2a00:46e0:2::/48;
 deny 2a00:46e0::/32;
 deny 2a00:a300::/32;
 deny 2a00:b4c0::/32;
 deny 2a00:bdc0:8000::/34;
 deny 2a00:bdc0::/33;
 deny 2a00:bdc0:c000::/35;
 deny 2a00:bdc0:e002::/48;
 deny 2a00:bdc0:e003::/48;
 deny 2a00:bdc0:e004::/48;
 deny 2a00:bdc0:e005::/48;
 deny 2a00:bdc0:e007::/48;
 deny 2a00:bdc0:f000::/36;
 deny 2a00:bdc1::/32;
 deny 2a00:bdc2::/31;
 deny 2a00:bdc4::/30;
 deny 2a14:25c0::/32;
 deny 2a14:25c5::/32;
 deny 2a14:25c6::/32;
 deny 2a14:25c7::/32;
 deny 31.177.104.0/22;
 deny 31.177.95.0/24;
 deny 31.44.63.64/29;
 deny 37.139.32.0/22;
@@ -550,6 +514,7 @@ deny 45.84.130.0/23;
 deny 46.20.70.160/28;
 deny 46.228.0.232/29;
 deny 46.29.152.0/22;
 deny 46.29.156.0/23;
 deny 46.46.142.160/28;
 deny 46.46.148.40/29;
 deny 46.47.197.128/30;
@@ -661,9 +626,6 @@ deny 79.137.132.128/25;
 deny 79.137.139.0/24;
 deny 79.137.139.0/25;
 deny 79.137.139.128/25;
 deny 79.137.140.0/24;
 deny 79.137.142.0/24;
 deny 79.137.157.0/24;
 deny 79.137.157.0/25;
 deny 79.137.157.128/25;
 deny 79.137.164.0/24;
@@ -683,9 +645,6 @@ deny 79.137.240.0/21;
 deny 79.137.240.0/22;
 deny 79.137.244.0/22;
 deny 79.142.88.0/28;
 deny 79.143.229.0/24;
 deny 79.143.230.0/24;
 deny 79.143.232.0/24;
 deny 80.237.11.88/29;
 deny 80.237.39.112/29;
 deny 80.237.98.80/28;
@@ -695,8 +654,6 @@ deny 80.247.46.0/24;
 deny 80.254.100.40/29;
 deny 80.254.119.168/29;
 deny 80.73.16.0/20;
 deny 80.73.16.0/21;
 deny 80.73.16.0/24;
 deny 80.73.168.80/28;
 deny 80.73.169.244/30;
 deny 80.82.43.24/29;
@@ -720,11 +677,9 @@ deny 81.195.124.52/30;
 deny 81.195.125.96/30;
 deny 81.195.148.140/30;
 deny 81.195.150.248/30;
 deny 81.195.151.0/24;
 deny 81.195.151.172/30;
 deny 81.195.155.0/30;
 deny 81.195.161.12/30;
 deny 81.195.164.0/24;
 deny 81.195.165.64/28;
 deny 81.195.168.24/30;
 deny 81.195.177.160/30;
@@ -903,8 +858,6 @@ deny 87.239.108.0/22;
 deny 87.240.128.0/18;
 deny 87.240.128.0/19;
 deny 87.240.160.0/19;
 deny 87.240.166.0/24;
 deny 87.240.167.0/24;
 deny 87.242.112.0/22;
 deny 87.245.133.0/24;
 deny 87.249.16.32/28;
@@ -972,9 +925,6 @@ deny 89.21.140.104/29;
 deny 89.21.152.104/29;
 deny 89.221.228.0/22;
 deny 89.221.232.0/21;
 deny 89.221.232.0/22;
 deny 89.221.235.0/24;
 deny 89.221.236.0/22;
 deny 89.28.253.168/29;
 deny 89.28.255.56/29;
 deny 90.150.176.52/30;
@@ -997,7 +947,6 @@ deny 90.150.189.32/29;
 deny 90.156.148.0/22;
 deny 90.156.148.0/23;
 deny 90.156.150.0/23;
 deny 90.156.151.0/24;
 deny 90.156.212.0/22;
 deny 90.156.212.0/23;
 deny 90.156.214.0/23;
@@ -1006,25 +955,12 @@ deny 90.156.216.0/23;
 deny 90.156.218.0/23;
 deny 90.156.232.0/21;
 deny 91.103.194.184/29;
 deny 91.135.212.0/22;
 deny 91.135.216.0/21;
 deny 91.135.220.0/24;
 deny 91.135.221.0/24;
 deny 91.195.136.0/23;
 deny 91.208.20.0/24;
 deny 91.215.168.0/22;
 deny 91.217.34.0/23;
 deny 91.219.192.0/22;
 deny 91.219.224.0/22;
 deny 91.221.140.0/23;
 deny 91.221.140.0/24;
 deny 91.221.141.0/24;
 deny 91.226.250.0/24;
 deny 91.227.32.0/24;
 deny 91.231.132.0/22;
 deny 91.231.132.0/24;
 deny 91.231.133.0/24;
 deny 91.231.134.0/24;
 deny 91.237.76.0/24;
 deny 92.101.253.152/29;
 deny 92.101.253.96/29;
@@ -1069,7 +1005,6 @@ deny 94.100.184.0/21;
 deny 94.124.192.192/29;
 deny 94.139.244.0/22;
 deny 94.139.244.0/23;
 deny 94.139.244.0/24;
 deny 94.139.246.0/23;
 deny 94.199.64.0/21;
 deny 94.25.119.228/30;
@@ -1086,9 +1021,6 @@ deny 95.142.200.0/21;
 deny 95.142.201.0/24;
 deny 95.142.202.0/24;
 deny 95.142.203.0/24;
 deny 95.142.204.0/23;
 deny 95.142.207.0/24;
 deny 95.163.133.0/24;
 deny 95.163.180.0/22;
 deny 95.163.180.0/23;
 deny 95.163.182.0/23;
@@ -1126,6 +1058,7 @@ deny 95.167.5.64/28;
 deny 95.167.5.80/28;
 deny 95.167.54.76/30;
 deny 95.167.59.244/30;
 deny 95.167.59.248/30;
 deny 95.167.64.20/30;
 deny 95.167.68.216/29;
 deny 95.167.69.116/30;
@@ -1143,7 +1076,6 @@ deny 95.173.128.0/19;
 deny 95.173.128.0/20;
 deny 95.173.144.0/20;
 deny 95.213.0.0/17;
 deny 95.213.0.0/18;
 deny 95.213.0.0/20;
 deny 95.213.16.0/21;
 deny 95.213.24.0/23;
@@ -1158,8 +1090,6 @@ deny 95.213.33.0/24;
 deny 95.213.34.0/23;
 deny 95.213.36.0/22;
 deny 95.213.40.0/21;
 deny 95.213.44.0/24;
 deny 95.213.45.0/24;
 deny 95.213.48.0/20;
 deny 95.213.64.0/18;
 deny 95.53.248.0/29;
--- a/blacklists_route/blacklist-vk-v4.routes
+++ b/blacklists_route/blacklist-vk-v4.routes
@@ -0,0 +1,274 @@
 # Linux routes for VK networks (IPv4)
 # Auto-generated by blacklists_updater_routes.sh
 # Last updated: 2026-03-29 06:56:52 UTC
 #
 # Apply:
 #   sudo sh blacklist-vk-v4.routes
 #
 ip route replace 109.120.180.0/22 via 127.0.0.1 dev lo onlink
 ip route replace 109.120.180.0/23 via 127.0.0.1 dev lo onlink
 ip route replace 109.120.182.0/23 via 127.0.0.1 dev lo onlink
 ip route replace 109.120.188.0/22 via 127.0.0.1 dev lo onlink
 ip route replace 109.120.188.0/23 via 127.0.0.1 dev lo onlink
 ip route replace 109.120.190.0/23 via 127.0.0.1 dev lo onlink
 ip route replace 128.140.168.0/21 via 127.0.0.1 dev lo onlink
 ip route replace 128.140.168.0/23 via 127.0.0.1 dev lo onlink
 ip route replace 128.140.170.0/24 via 127.0.0.1 dev lo onlink
 ip route replace 128.140.171.0/24 via 127.0.0.1 dev lo onlink
 ip route replace 128.140.172.0/22 via 127.0.0.1 dev lo onlink
 ip route replace 130.49.224.0/19 via 127.0.0.1 dev lo onlink
 ip route replace 146.185.208.0/22 via 127.0.0.1 dev lo onlink
 ip route replace 146.185.208.0/23 via 127.0.0.1 dev lo onlink
 ip route replace 146.185.210.0/23 via 127.0.0.1 dev lo onlink
 ip route replace 146.185.240.0/22 via 127.0.0.1 dev lo onlink
 ip route replace 146.185.240.0/23 via 127.0.0.1 dev lo onlink
 ip route replace 146.185.242.0/23 via 127.0.0.1 dev lo onlink
 ip route replace 155.212.192.0/20 via 127.0.0.1 dev lo onlink
 ip route replace 176.112.168.0/21 via 127.0.0.1 dev lo onlink
 ip route replace 178.22.88.0/21 via 127.0.0.1 dev lo onlink
 ip route replace 178.22.89.64/26 via 127.0.0.1 dev lo onlink
 ip route replace 178.22.94.0/23 via 127.0.0.1 dev lo onlink
 ip route replace 178.237.16.0/20 via 127.0.0.1 dev lo onlink
 ip route replace 178.237.16.0/21 via 127.0.0.1 dev lo onlink
 ip route replace 178.237.24.0/22 via 127.0.0.1 dev lo onlink
 ip route replace 178.237.30.0/23 via 127.0.0.1 dev lo onlink
 ip route replace 185.100.104.0/22 via 127.0.0.1 dev lo onlink
 ip route replace 185.100.104.0/23 via 127.0.0.1 dev lo onlink
 ip route replace 185.100.106.0/23 via 127.0.0.1 dev lo onlink
 ip route replace 185.130.112.0/22 via 127.0.0.1 dev lo onlink
 ip route replace 185.130.112.0/23 via 127.0.0.1 dev lo onlink
 ip route replace 185.130.114.0/23 via 127.0.0.1 dev lo onlink
 ip route replace 185.131.68.0/22 via 127.0.0.1 dev lo onlink
 ip route replace 185.16.148.0/22 via 127.0.0.1 dev lo onlink
 ip route replace 185.16.148.0/23 via 127.0.0.1 dev lo onlink
 ip route replace 185.16.150.0/23 via 127.0.0.1 dev lo onlink
 ip route replace 185.16.244.0/22 via 127.0.0.1 dev lo onlink
 ip route replace 185.16.244.0/23 via 127.0.0.1 dev lo onlink
 ip route replace 185.16.246.0/23 via 127.0.0.1 dev lo onlink
 ip route replace 185.180.200.0/22 via 127.0.0.1 dev lo onlink
 ip route replace 185.187.63.0/24 via 127.0.0.1 dev lo onlink
 ip route replace 185.187.63.0/25 via 127.0.0.1 dev lo onlink
 ip route replace 185.187.63.128/25 via 127.0.0.1 dev lo onlink
 ip route replace 185.226.52.0/22 via 127.0.0.1 dev lo onlink
 ip route replace 185.226.52.0/23 via 127.0.0.1 dev lo onlink
 ip route replace 185.226.54.0/23 via 127.0.0.1 dev lo onlink
 ip route replace 185.241.192.0/22 via 127.0.0.1 dev lo onlink
 ip route replace 185.241.192.0/23 via 127.0.0.1 dev lo onlink
 ip route replace 185.241.194.0/23 via 127.0.0.1 dev lo onlink
 ip route replace 185.29.128.0/22 via 127.0.0.1 dev lo onlink
 ip route replace 185.29.130.0/24 via 127.0.0.1 dev lo onlink
 ip route replace 185.32.248.0/22 via 127.0.0.1 dev lo onlink
 ip route replace 185.32.248.0/23 via 127.0.0.1 dev lo onlink
 ip route replace 185.32.250.0/23 via 127.0.0.1 dev lo onlink
 ip route replace 185.5.136.0/22 via 127.0.0.1 dev lo onlink
 ip route replace 185.5.136.0/23 via 127.0.0.1 dev lo onlink
 ip route replace 185.5.138.0/23 via 127.0.0.1 dev lo onlink
 ip route replace 185.6.244.0/22 via 127.0.0.1 dev lo onlink
 ip route replace 185.6.244.0/23 via 127.0.0.1 dev lo onlink
 ip route replace 185.6.246.0/23 via 127.0.0.1 dev lo onlink
 ip route replace 185.86.144.0/22 via 127.0.0.1 dev lo onlink
 ip route replace 185.86.144.0/23 via 127.0.0.1 dev lo onlink
 ip route replace 185.86.146.0/23 via 127.0.0.1 dev lo onlink
 ip route replace 188.93.56.0/21 via 127.0.0.1 dev lo onlink
 ip route replace 188.93.56.0/24 via 127.0.0.1 dev lo onlink
 ip route replace 188.93.57.0/24 via 127.0.0.1 dev lo onlink
 ip route replace 188.93.58.0/24 via 127.0.0.1 dev lo onlink
 ip route replace 188.93.60.0/24 via 127.0.0.1 dev lo onlink
 ip route replace 188.93.61.0/24 via 127.0.0.1 dev lo onlink
 ip route replace 188.93.62.0/24 via 127.0.0.1 dev lo onlink
 ip route replace 193.203.40.0/22 via 127.0.0.1 dev lo onlink
 ip route replace 194.84.16.12/30 via 127.0.0.1 dev lo onlink
 ip route replace 195.211.20.0/22 via 127.0.0.1 dev lo onlink
 ip route replace 195.211.22.0/24 via 127.0.0.1 dev lo onlink
 ip route replace 195.211.23.0/24 via 127.0.0.1 dev lo onlink
 ip route replace 212.111.84.0/22 via 127.0.0.1 dev lo onlink
 ip route replace 212.233.120.0/22 via 127.0.0.1 dev lo onlink
 ip route replace 212.233.72.0/21 via 127.0.0.1 dev lo onlink
 ip route replace 212.233.88.0/21 via 127.0.0.1 dev lo onlink
 ip route replace 212.233.96.0/22 via 127.0.0.1 dev lo onlink
 ip route replace 213.219.212.0/22 via 127.0.0.1 dev lo onlink
 ip route replace 213.219.212.0/23 via 127.0.0.1 dev lo onlink
 ip route replace 213.219.214.0/23 via 127.0.0.1 dev lo onlink
 ip route replace 217.16.16.0/20 via 127.0.0.1 dev lo onlink
 ip route replace 217.16.16.0/21 via 127.0.0.1 dev lo onlink
 ip route replace 217.16.24.0/21 via 127.0.0.1 dev lo onlink
 ip route replace 217.174.188.0/23 via 127.0.0.1 dev lo onlink
 ip route replace 217.20.144.0/20 via 127.0.0.1 dev lo onlink
 ip route replace 217.20.144.0/22 via 127.0.0.1 dev lo onlink
 ip route replace 217.20.148.0/24 via 127.0.0.1 dev lo onlink
 ip route replace 217.20.149.0/24 via 127.0.0.1 dev lo onlink
 ip route replace 217.20.150.0/23 via 127.0.0.1 dev lo onlink
 ip route replace 217.20.152.0/22 via 127.0.0.1 dev lo onlink
 ip route replace 217.20.156.0/23 via 127.0.0.1 dev lo onlink
 ip route replace 217.20.158.0/24 via 127.0.0.1 dev lo onlink
 ip route replace 217.20.159.0/24 via 127.0.0.1 dev lo onlink
 ip route replace 217.69.128.0/20 via 127.0.0.1 dev lo onlink
 ip route replace 217.69.128.0/21 via 127.0.0.1 dev lo onlink
 ip route replace 217.69.136.0/21 via 127.0.0.1 dev lo onlink
 ip route replace 37.139.32.0/22 via 127.0.0.1 dev lo onlink
 ip route replace 37.139.32.0/23 via 127.0.0.1 dev lo onlink
 ip route replace 37.139.34.0/23 via 127.0.0.1 dev lo onlink
 ip route replace 37.139.40.0/22 via 127.0.0.1 dev lo onlink
 ip route replace 37.139.40.0/23 via 127.0.0.1 dev lo onlink
 ip route replace 37.139.42.0/23 via 127.0.0.1 dev lo onlink
 ip route replace 45.136.20.0/22 via 127.0.0.1 dev lo onlink
 ip route replace 45.136.20.0/23 via 127.0.0.1 dev lo onlink
 ip route replace 45.136.22.0/23 via 127.0.0.1 dev lo onlink
 ip route replace 45.84.128.0/22 via 127.0.0.1 dev lo onlink
 ip route replace 45.84.128.0/23 via 127.0.0.1 dev lo onlink
 ip route replace 45.84.130.0/23 via 127.0.0.1 dev lo onlink
 ip route replace 5.101.40.0/22 via 127.0.0.1 dev lo onlink
 ip route replace 5.101.40.0/23 via 127.0.0.1 dev lo onlink
 ip route replace 5.101.42.0/23 via 127.0.0.1 dev lo onlink
 ip route replace 5.181.60.0/22 via 127.0.0.1 dev lo onlink
 ip route replace 5.181.60.0/24 via 127.0.0.1 dev lo onlink
 ip route replace 5.181.61.0/24 via 127.0.0.1 dev lo onlink
 ip route replace 5.181.62.0/23 via 127.0.0.1 dev lo onlink
 ip route replace 5.188.140.0/22 via 127.0.0.1 dev lo onlink
 ip route replace 5.188.140.0/23 via 127.0.0.1 dev lo onlink
 ip route replace 5.188.142.0/23 via 127.0.0.1 dev lo onlink
 ip route replace 5.61.16.0/21 via 127.0.0.1 dev lo onlink
 ip route replace 5.61.16.0/22 via 127.0.0.1 dev lo onlink
 ip route replace 5.61.20.0/22 via 127.0.0.1 dev lo onlink
 ip route replace 5.61.232.0/21 via 127.0.0.1 dev lo onlink
 ip route replace 5.61.232.0/22 via 127.0.0.1 dev lo onlink
 ip route replace 5.61.236.0/23 via 127.0.0.1 dev lo onlink
 ip route replace 5.61.238.0/24 via 127.0.0.1 dev lo onlink
 ip route replace 5.61.239.0/27 via 127.0.0.1 dev lo onlink
 ip route replace 5.61.239.128/25 via 127.0.0.1 dev lo onlink
 ip route replace 5.61.239.40/29 via 127.0.0.1 dev lo onlink
 ip route replace 5.61.239.48/28 via 127.0.0.1 dev lo onlink
 ip route replace 5.61.239.64/26 via 127.0.0.1 dev lo onlink
 ip route replace 62.217.160.0/20 via 127.0.0.1 dev lo onlink
 ip route replace 62.217.160.0/21 via 127.0.0.1 dev lo onlink
 ip route replace 62.217.168.0/21 via 127.0.0.1 dev lo onlink
 ip route replace 79.137.132.0/24 via 127.0.0.1 dev lo onlink
 ip route replace 79.137.132.0/25 via 127.0.0.1 dev lo onlink
 ip route replace 79.137.132.128/25 via 127.0.0.1 dev lo onlink
 ip route replace 79.137.139.0/24 via 127.0.0.1 dev lo onlink
 ip route replace 79.137.139.0/25 via 127.0.0.1 dev lo onlink
 ip route replace 79.137.139.128/25 via 127.0.0.1 dev lo onlink
 ip route replace 79.137.157.0/25 via 127.0.0.1 dev lo onlink
 ip route replace 79.137.157.128/25 via 127.0.0.1 dev lo onlink
 ip route replace 79.137.164.0/24 via 127.0.0.1 dev lo onlink
 ip route replace 79.137.164.0/25 via 127.0.0.1 dev lo onlink
 ip route replace 79.137.164.128/25 via 127.0.0.1 dev lo onlink
 ip route replace 79.137.167.0/24 via 127.0.0.1 dev lo onlink
 ip route replace 79.137.167.0/25 via 127.0.0.1 dev lo onlink
 ip route replace 79.137.167.128/25 via 127.0.0.1 dev lo onlink
 ip route replace 79.137.174.0/23 via 127.0.0.1 dev lo onlink
 ip route replace 79.137.174.0/24 via 127.0.0.1 dev lo onlink
 ip route replace 79.137.175.0/24 via 127.0.0.1 dev lo onlink
 ip route replace 79.137.180.0/24 via 127.0.0.1 dev lo onlink
 ip route replace 79.137.180.0/25 via 127.0.0.1 dev lo onlink
 ip route replace 79.137.180.128/25 via 127.0.0.1 dev lo onlink
 ip route replace 79.137.240.0/21 via 127.0.0.1 dev lo onlink
 ip route replace 79.137.240.0/22 via 127.0.0.1 dev lo onlink
 ip route replace 79.137.244.0/22 via 127.0.0.1 dev lo onlink
 ip route replace 83.166.232.0/21 via 127.0.0.1 dev lo onlink
 ip route replace 83.166.232.0/22 via 127.0.0.1 dev lo onlink
 ip route replace 83.166.236.0/22 via 127.0.0.1 dev lo onlink
 ip route replace 83.166.248.0/21 via 127.0.0.1 dev lo onlink
 ip route replace 83.166.248.0/22 via 127.0.0.1 dev lo onlink
 ip route replace 83.166.252.0/22 via 127.0.0.1 dev lo onlink
 ip route replace 83.217.216.0/22 via 127.0.0.1 dev lo onlink
 ip route replace 83.217.216.0/23 via 127.0.0.1 dev lo onlink
 ip route replace 83.217.218.0/23 via 127.0.0.1 dev lo onlink
 ip route replace 83.222.28.0/22 via 127.0.0.1 dev lo onlink
 ip route replace 84.23.52.0/22 via 127.0.0.1 dev lo onlink
 ip route replace 84.23.52.0/23 via 127.0.0.1 dev lo onlink
 ip route replace 84.23.54.0/23 via 127.0.0.1 dev lo onlink
 ip route replace 85.114.31.108/30 via 127.0.0.1 dev lo onlink
 ip route replace 85.192.32.0/22 via 127.0.0.1 dev lo onlink
 ip route replace 85.192.32.0/23 via 127.0.0.1 dev lo onlink
 ip route replace 85.192.34.0/23 via 127.0.0.1 dev lo onlink
 ip route replace 85.198.106.0/24 via 127.0.0.1 dev lo onlink
 ip route replace 85.198.107.0/24 via 127.0.0.1 dev lo onlink
 ip route replace 87.239.104.0/21 via 127.0.0.1 dev lo onlink
 ip route replace 87.239.104.0/22 via 127.0.0.1 dev lo onlink
 ip route replace 87.239.108.0/22 via 127.0.0.1 dev lo onlink
 ip route replace 87.240.128.0/18 via 127.0.0.1 dev lo onlink
 ip route replace 87.240.128.0/19 via 127.0.0.1 dev lo onlink
 ip route replace 87.240.160.0/19 via 127.0.0.1 dev lo onlink
 ip route replace 87.242.112.0/22 via 127.0.0.1 dev lo onlink
 ip route replace 89.208.196.0/22 via 127.0.0.1 dev lo onlink
 ip route replace 89.208.196.0/23 via 127.0.0.1 dev lo onlink
 ip route replace 89.208.198.0/23 via 127.0.0.1 dev lo onlink
 ip route replace 89.208.208.0/22 via 127.0.0.1 dev lo onlink
 ip route replace 89.208.208.0/23 via 127.0.0.1 dev lo onlink
 ip route replace 89.208.210.0/23 via 127.0.0.1 dev lo onlink
 ip route replace 89.208.216.0/21 via 127.0.0.1 dev lo onlink
 ip route replace 89.208.216.0/23 via 127.0.0.1 dev lo onlink
 ip route replace 89.208.218.0/23 via 127.0.0.1 dev lo onlink
 ip route replace 89.208.220.0/22 via 127.0.0.1 dev lo onlink
 ip route replace 89.208.228.0/22 via 127.0.0.1 dev lo onlink
 ip route replace 89.208.228.0/23 via 127.0.0.1 dev lo onlink
 ip route replace 89.208.230.0/23 via 127.0.0.1 dev lo onlink
 ip route replace 89.208.84.0/22 via 127.0.0.1 dev lo onlink
 ip route replace 89.208.84.0/23 via 127.0.0.1 dev lo onlink
 ip route replace 89.208.86.0/23 via 127.0.0.1 dev lo onlink
 ip route replace 89.221.228.0/22 via 127.0.0.1 dev lo onlink
 ip route replace 89.221.232.0/21 via 127.0.0.1 dev lo onlink
 ip route replace 90.156.148.0/22 via 127.0.0.1 dev lo onlink
 ip route replace 90.156.148.0/23 via 127.0.0.1 dev lo onlink
 ip route replace 90.156.150.0/23 via 127.0.0.1 dev lo onlink
 ip route replace 90.156.212.0/22 via 127.0.0.1 dev lo onlink
 ip route replace 90.156.212.0/23 via 127.0.0.1 dev lo onlink
 ip route replace 90.156.214.0/23 via 127.0.0.1 dev lo onlink
 ip route replace 90.156.216.0/22 via 127.0.0.1 dev lo onlink
 ip route replace 90.156.216.0/23 via 127.0.0.1 dev lo onlink
 ip route replace 90.156.218.0/23 via 127.0.0.1 dev lo onlink
 ip route replace 90.156.232.0/21 via 127.0.0.1 dev lo onlink
 ip route replace 91.219.224.0/22 via 127.0.0.1 dev lo onlink
 ip route replace 91.231.132.0/22 via 127.0.0.1 dev lo onlink
 ip route replace 91.237.76.0/24 via 127.0.0.1 dev lo onlink
 ip route replace 93.153.255.84/30 via 127.0.0.1 dev lo onlink
 ip route replace 93.186.224.0/20 via 127.0.0.1 dev lo onlink
 ip route replace 93.186.224.0/21 via 127.0.0.1 dev lo onlink
 ip route replace 93.186.232.0/21 via 127.0.0.1 dev lo onlink
 ip route replace 94.100.176.0/20 via 127.0.0.1 dev lo onlink
 ip route replace 94.100.176.0/21 via 127.0.0.1 dev lo onlink
 ip route replace 94.100.184.0/21 via 127.0.0.1 dev lo onlink
 ip route replace 94.139.244.0/22 via 127.0.0.1 dev lo onlink
 ip route replace 94.139.244.0/23 via 127.0.0.1 dev lo onlink
 ip route replace 94.139.246.0/23 via 127.0.0.1 dev lo onlink
 ip route replace 95.142.192.0/20 via 127.0.0.1 dev lo onlink
 ip route replace 95.142.192.0/21 via 127.0.0.1 dev lo onlink
 ip route replace 95.142.200.0/21 via 127.0.0.1 dev lo onlink
 ip route replace 95.163.180.0/22 via 127.0.0.1 dev lo onlink
 ip route replace 95.163.180.0/23 via 127.0.0.1 dev lo onlink
 ip route replace 95.163.182.0/23 via 127.0.0.1 dev lo onlink
 ip route replace 95.163.208.0/21 via 127.0.0.1 dev lo onlink
 ip route replace 95.163.208.0/23 via 127.0.0.1 dev lo onlink
 ip route replace 95.163.210.0/23 via 127.0.0.1 dev lo onlink
 ip route replace 95.163.212.0/22 via 127.0.0.1 dev lo onlink
 ip route replace 95.163.216.0/22 via 127.0.0.1 dev lo onlink
 ip route replace 95.163.216.0/23 via 127.0.0.1 dev lo onlink
 ip route replace 95.163.218.0/23 via 127.0.0.1 dev lo onlink
 ip route replace 95.163.248.0/21 via 127.0.0.1 dev lo onlink
 ip route replace 95.163.248.0/22 via 127.0.0.1 dev lo onlink
 ip route replace 95.163.252.0/23 via 127.0.0.1 dev lo onlink
 ip route replace 95.163.254.0/23 via 127.0.0.1 dev lo onlink
 ip route replace 95.163.32.0/19 via 127.0.0.1 dev lo onlink
 ip route replace 95.163.32.0/22 via 127.0.0.1 dev lo onlink
 ip route replace 95.163.36.0/22 via 127.0.0.1 dev lo onlink
 ip route replace 95.163.40.0/21 via 127.0.0.1 dev lo onlink
 ip route replace 95.163.48.0/20 via 127.0.0.1 dev lo onlink
 ip route replace 95.213.0.0/17 via 127.0.0.1 dev lo onlink
 ip route replace 95.213.0.0/20 via 127.0.0.1 dev lo onlink
 ip route replace 95.213.16.0/21 via 127.0.0.1 dev lo onlink
 ip route replace 95.213.24.0/23 via 127.0.0.1 dev lo onlink
 ip route replace 95.213.26.0/24 via 127.0.0.1 dev lo onlink
 ip route replace 95.213.27.0/24 via 127.0.0.1 dev lo onlink
 ip route replace 95.213.28.0/24 via 127.0.0.1 dev lo onlink
 ip route replace 95.213.29.0/24 via 127.0.0.1 dev lo onlink
 ip route replace 95.213.30.0/24 via 127.0.0.1 dev lo onlink
 ip route replace 95.213.31.0/24 via 127.0.0.1 dev lo onlink
 ip route replace 95.213.32.0/24 via 127.0.0.1 dev lo onlink
 ip route replace 95.213.33.0/24 via 127.0.0.1 dev lo onlink
 ip route replace 95.213.34.0/23 via 127.0.0.1 dev lo onlink
 ip route replace 95.213.36.0/22 via 127.0.0.1 dev lo onlink
 ip route replace 95.213.40.0/21 via 127.0.0.1 dev lo onlink
 ip route replace 95.213.48.0/20 via 127.0.0.1 dev lo onlink
 ip route replace 95.213.64.0/18 via 127.0.0.1 dev lo onlink
--- a/blacklists_route/blacklist-vk-v6.routes
+++ b/blacklists_route/blacklist-vk-v6.routes
@@ -0,0 +1,9 @@
 # Linux routes for VK networks (IPv6)
 # Auto-generated by blacklists_updater_routes.sh
 # Last updated: 2026-03-29 06:56:52 UTC
 #
 # Apply:
 #   sudo sh blacklist-vk-v6.routes
 #
 ip -6 route replace 2a00:bdc0::/29 via ::1 dev lo
--- a/blacklists_updater_iptables.sh
+++ b/blacklists_updater_iptables.sh
@@ -1,18 +1,43 @@
 #!/bin/sh
 SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)"
 # Input files (generated by blacklists_updater_txt.sh)
-blacklist_file="blacklists/blacklist.txt"
+blacklist_file="${SCRIPT_DIR}/blacklists/blacklist.txt"
-blacklist_v4_file="blacklists/blacklist-v4.txt"
+blacklist_v4_file="${SCRIPT_DIR}/blacklists/blacklist-v4.txt"
-blacklist_v6_file="blacklists/blacklist-v6.txt"
+blacklist_v6_file="${SCRIPT_DIR}/blacklists/blacklist-v6.txt"
 # Source files for name-based VK filtering
 auto_all_v4_file="${SCRIPT_DIR}/auto/all-ru-ipv4.txt"
 auto_all_v6_file="${SCRIPT_DIR}/auto/all-ru-ipv6.txt"
 auto_ripe_v4_file="${SCRIPT_DIR}/auto/ripe-ru-ipv4.txt"
 vk_name_pattern='vk[[:space:]-]*cloud|vkcompany|vkontakte'
 # Additional VK-only text blacklists
 blacklist_vk_file="${SCRIPT_DIR}/blacklists/blacklist-vk.txt"
 blacklist_vk_v4_file="${SCRIPT_DIR}/blacklists/blacklist-vk-v4.txt"
 blacklist_vk_v6_file="${SCRIPT_DIR}/blacklists/blacklist-vk-v6.txt"
 # Output directory and files
-iptables_output_dir="blacklists_iptables"
+iptables_output_dir="${SCRIPT_DIR}/blacklists_iptables"
 iptables_output_file="${iptables_output_dir}/blacklist.ipset"
 iptables_v4_output_file="${iptables_output_dir}/blacklist-v4.ipset"
 iptables_v6_output_file="${iptables_output_dir}/blacklist-v6.ipset"
 iptables_vk_v4_output_file="${iptables_output_dir}/blacklist-vk-v4.ipset"
 iptables_vk_v6_output_file="${iptables_output_dir}/blacklist-vk-v6.ipset"
-# Create iptables directory if it doesn't exist
+# Create required directories if they don't exist
-mkdir -p "${iptables_output_dir}"
+mkdir -p "${iptables_output_dir}" "${SCRIPT_DIR}/blacklists"
 # Build additional VK-only blacklist from network names in auto/*.txt files
 tmp_vk_file="$(mktemp "${SCRIPT_DIR}/blacklists/.blacklist-vk.XXXXXX")"
 for source_file in "${auto_all_v4_file}" "${auto_all_v6_file}" "${auto_ripe_v4_file}"; do
    [ -f "${source_file}" ] || continue
    awk -v pattern="${vk_name_pattern}" 'tolower($0) ~ pattern { print $1 }' "${source_file}" >> "${tmp_vk_file}"
 done
 sort -u "${tmp_vk_file}" > "${blacklist_vk_file}"
 grep ':' "${blacklist_vk_file}" | sort -u > "${blacklist_vk_v6_file}" || true
 grep -v ':' "${blacklist_vk_file}" | sort -u > "${blacklist_vk_v4_file}" || true
 rm -f "${tmp_vk_file}"
 # Function to generate ipset config from input file
 generate_ipset_config() {
@@ -21,6 +46,19 @@ generate_ipset_config() {
    local ip_version="$3"
    local set_name="$4"
    local family="$5"
    local iptables_cmd="iptables"
    local rule_primary=""
    local rule_secondary=""
    [ "${family}" = "inet6" ] && iptables_cmd="ip6tables"
    if printf "%s" "${set_name}" | grep -q '^blacklist-vk'; then
        rule_primary="${iptables_cmd} -I OUTPUT -m set --match-set ${set_name} dst -j REJECT"
        rule_secondary="${iptables_cmd} -I FORWARD -m set --match-set ${set_name} dst -j REJECT"
    else
        rule_primary="${iptables_cmd} -I INPUT -m set --match-set ${set_name} src -m conntrack --ctstate NEW -j DROP"
        rule_secondary="${iptables_cmd} -I FORWARD -m set --match-set ${set_name} src -m conntrack --ctstate NEW -j DROP"
    fi
    # Count entries for hash size calculation
    local count=$(wc -l < "${input_file}" | tr -d ' ')
@@ -38,8 +76,8 @@ generate_ipset_config() {
 #      ipset restore < $(basename ${output_file})
 #
 #   2. Use with iptables/ip6tables:
-#      iptables -I INPUT -m set --match-set ${set_name} src -m conntrack --ctstate NEW -j DROP
+#      ${rule_primary}
-#      iptables -I FORWARD -m set --match-set ${set_name} src -m conntrack --ctstate NEW -j DROP
+${rule_secondary:+#      ${rule_secondary}}
 #
 #   3. To flush/delete the set:
 #      ipset flush ${set_name}
@@ -63,34 +101,16 @@ EOF
 # Generate ipset configurations from blacklist files
 generate_ipset_config "${blacklist_v4_file}" "${iptables_v4_output_file}" "(IPv4 only)" "blacklist-v4" "inet"
 generate_ipset_config "${blacklist_v6_file}" "${iptables_v6_output_file}" "(IPv6 only)" "blacklist-v6" "inet6"
 generate_ipset_config "${blacklist_vk_v4_file}" "${iptables_vk_v4_output_file}" "(VK names, IPv4 only)" "blacklist-vk-v4" "inet"
 generate_ipset_config "${blacklist_vk_v6_file}" "${iptables_vk_v6_output_file}" "(VK names, IPv6 only)" "blacklist-vk-v6" "inet6"
-# For mixed file, we need to create two sets (IPv4 and IPv6) as ipset doesn't support mixed families
+echo ""
-cat > "${iptables_output_file}" << EOF
+echo "VK outgoing block examples (iptables/ipset):"
-# IPSet blacklist configuration (mixed IPv4/IPv6)
+echo "  ipset restore < ${iptables_vk_v4_output_file}"
-# Auto-generated from $(basename ${blacklist_file})
+echo "  ipset restore < ${iptables_vk_v6_output_file}"
-# Last updated: $(date -u +"%Y-%m-%d %H:%M:%S UTC")
+echo "  iptables -I OUTPUT -m set --match-set blacklist-vk-v4 dst -j REJECT"
-#
+echo "  iptables -I FORWARD -m set --match-set blacklist-vk-v4 dst -j REJECT"
-# Usage:
+echo "  ip6tables -I OUTPUT -m set --match-set blacklist-vk-v6 dst -j REJECT"
-#   1. Load the ipset:
+echo "  ip6tables -I FORWARD -m set --match-set blacklist-vk-v6 dst -j REJECT"
-#      ipset restore < $(basename ${iptables_output_file})
+echo ""
-#
+echo "Tip: Do not install Messenger MAX on the same phone/device that has VPN access configured."
 #   2. Use with iptables/ip6tables:
 #      iptables -I INPUT -m set --match-set blacklist-v4 src -m conntrack --ctstate NEW -j DROP
 #      iptables -I FORWARD -m set --match-set blacklist-v4 src -m conntrack --ctstate NEW -j DROP
 #      ip6tables -I INPUT -m set --match-set blacklist-v6 src -m conntrack --ctstate NEW -j DROP
 #      ip6tables -I FORWARD -m set --match-set blacklist-v6 src -m conntrack --ctstate NEW -j DROP
 #
 #   3. To flush/delete the sets:
 #      ipset flush blacklist-v4 && ipset destroy blacklist-v4
 #      ipset flush blacklist-v6 && ipset destroy blacklist-v6
 #
 EOF
 # Append both IPv4 and IPv6 sets to the mixed file
 tail -n +2 "${iptables_v4_output_file}" | grep -E "^(create|add)" >> "${iptables_output_file}"
 echo "" >> "${iptables_output_file}"
 tail -n +2 "${iptables_v6_output_file}" | grep -E "^(create|add)" >> "${iptables_output_file}"
 echo "✓ Generated (mixed IPv4/IPv6): ${iptables_output_file}"
 echo "  Total entries: $(wc -l < "${blacklist_file}" | tr -d ' ')"
--- a/blacklists_updater_nftables.sh
+++ b/blacklists_updater_nftables.sh
@@ -7,29 +7,82 @@ SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
 INPUT_FILE="$SCRIPT_DIR/blacklists/blacklist.txt"
 OUTPUT_DIR="$SCRIPT_DIR/blacklists_nftables"
-# Create output directory if it doesn't exist
+# Source files for name-based VK filtering
-mkdir -p "$OUTPUT_DIR"
+AUTO_ALL_V4_FILE="$SCRIPT_DIR/auto/all-ru-ipv4.txt"
 AUTO_ALL_V6_FILE="$SCRIPT_DIR/auto/all-ru-ipv6.txt"
 AUTO_RIPE_V4_FILE="$SCRIPT_DIR/auto/ripe-ru-ipv4.txt"
 VK_NAME_PATTERN='vk[[:space:]-]*cloud|vkcompany|vkontakte'
 # Additional VK-only text blacklists
 VK_INPUT_FILE="$SCRIPT_DIR/blacklists/blacklist-vk.txt"
 VK_INPUT_V4_FILE="$SCRIPT_DIR/blacklists/blacklist-vk-v4.txt"
 VK_INPUT_V6_FILE="$SCRIPT_DIR/blacklists/blacklist-vk-v6.txt"
 # Create required directories if they don't exist
 mkdir -p "$OUTPUT_DIR" "$SCRIPT_DIR/blacklists"
 echo "Generating nftables blacklists..."
-# Generate mixed IPv4/IPv6 blacklist
+# Build additional VK-only blacklist from network names in auto/*.txt files
 TMP_VK_FILE="$(mktemp "$SCRIPT_DIR/blacklists/.blacklist-vk.XXXXXX")"
 for source_file in "$AUTO_ALL_V4_FILE" "$AUTO_ALL_V6_FILE" "$AUTO_RIPE_V4_FILE"; do
    [[ -f "$source_file" ]] || continue
    awk -v pattern="$VK_NAME_PATTERN" 'tolower($0) ~ pattern { print $1 }' "$source_file" >> "$TMP_VK_FILE"
 done
 sort -u "$TMP_VK_FILE" > "$VK_INPUT_FILE"
 grep ':' "$VK_INPUT_FILE" | sort -u > "$VK_INPUT_V6_FILE" || true
 grep -v ':' "$VK_INPUT_FILE" | sort -u > "$VK_INPUT_V4_FILE" || true
 rm -f "$TMP_VK_FILE"
 # Generate mixed IPv4/IPv6 blacklist (recommended single-file load)
 python3 "$SCRIPT_DIR/generate_nft_blacklist.py" \
    "$INPUT_FILE" \
    "$OUTPUT_DIR/blacklist.nft"
 # Generate IPv4-only blacklist
-grep -E '^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+' "$INPUT_FILE" > /tmp/blacklist-v4.txt || true
+TMP_V4_FILE="/tmp/blacklist-v4.txt"
 TMP_V6_FILE="/tmp/blacklist-v6.txt"
 grep -E '^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+' "$INPUT_FILE" > "$TMP_V4_FILE" || true
 python3 "$SCRIPT_DIR/generate_nft_blacklist.py" \
-    /tmp/blacklist-v4.txt \
+    "$TMP_V4_FILE" \
    "$OUTPUT_DIR/blacklist-v4.nft"
 # Generate IPv6-only blacklist
-grep -E '^[0-9a-fA-F:]+:' "$INPUT_FILE" > /tmp/blacklist-v6.txt || true
+grep -E '^[0-9a-fA-F:]+:' "$INPUT_FILE" > "$TMP_V6_FILE" || true
 python3 "$SCRIPT_DIR/generate_nft_blacklist.py" \
-    /tmp/blacklist-v6.txt \
+    "$TMP_V6_FILE" \
    "$OUTPUT_DIR/blacklist-v6.nft"
 # Generate VK-only blacklists (network names: VK Cloud / VKCOMPANY / VKONTAKTE)
 python3 "$SCRIPT_DIR/generate_nft_blacklist.py" \
    "$VK_INPUT_FILE" \
    "$OUTPUT_DIR/blacklist-vk.nft"
 python3 "$SCRIPT_DIR/generate_nft_blacklist.py" \
    "$VK_INPUT_V4_FILE" \
    "$OUTPUT_DIR/blacklist-vk-v4.nft"
 python3 "$SCRIPT_DIR/generate_nft_blacklist.py" \
    "$VK_INPUT_V6_FILE" \
    "$OUTPUT_DIR/blacklist-vk-v6.nft"
 # Clean up temp files
-rm -f /tmp/blacklist-v4.txt /tmp/blacklist-v6.txt
+rm -f "$TMP_V4_FILE" "$TMP_V6_FILE"
 echo "nftables blacklists generated successfully!"
 echo ""
 echo "VM incoming block examples (all lists, nftables):"
 echo "  sudo nft -f $OUTPUT_DIR/blacklist.nft"
 echo "  sudo nft -f $OUTPUT_DIR/blacklist-v4.nft"
 echo "  sudo nft -f $OUTPUT_DIR/blacklist-v6.nft"
 echo "  sudo nft add chain inet filter input '{ type filter hook input priority 0; policy accept; }'"
 echo "  sudo nft add rule inet filter input ip saddr @blacklist_v4 counter reject"
 echo "  sudo nft add rule inet filter input ip6 saddr @blacklist_v6 counter reject"
 echo ""
 echo "VK outbound block examples for VPN clients via NAT (nftables):"
 echo "  sudo nft -f $OUTPUT_DIR/blacklist-vk.nft"
 echo "  sudo nft -f $OUTPUT_DIR/blacklist-vk-v4.nft"
 echo "  sudo nft -f $OUTPUT_DIR/blacklist-vk-v6.nft"
 echo "  sudo nft add chain inet filter forward '{ type filter hook forward priority 0; policy accept; }'"
 echo "  sudo nft add rule inet filter forward iifname \"<VPN_IFACE>\" ip daddr @blacklist_vk_v4 counter reject"
 echo "  sudo nft add rule inet filter forward iifname \"<VPN_IFACE>\" ip6 daddr @blacklist_vk_v6 counter reject"
 echo ""
 echo "Tip: Do not install Messenger MAX on the same phone/device that has VPN access configured."
--- a/blacklists_updater_nginx.sh
+++ b/blacklists_updater_nginx.sh
@@ -11,8 +11,8 @@ nginx_output_file="${nginx_output_dir}/blacklist.conf"
 nginx_v4_output_file="${nginx_output_dir}/blacklist-v4.conf"
 nginx_v6_output_file="${nginx_output_dir}/blacklist-v6.conf"
-# Create nginx directory if it doesn't exist
+# Create required directories if they don't exist
-mkdir -p "${nginx_output_dir}"
+mkdir -p "${nginx_output_dir}" "blacklists"
 # Function to generate nginx config from input file
 generate_nginx_config() {
--- a/blacklists_updater_routes.sh
+++ b/blacklists_updater_routes.sh
@@ -0,0 +1,78 @@
 #!/bin/sh
 set -e
 SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)"
 # Source files for name-based VK filtering
 AUTO_ALL_V4_FILE="${SCRIPT_DIR}/auto/all-ru-ipv4.txt"
 AUTO_ALL_V6_FILE="${SCRIPT_DIR}/auto/all-ru-ipv6.txt"
 AUTO_RIPE_V4_FILE="${SCRIPT_DIR}/auto/ripe-ru-ipv4.txt"
 VK_NAME_PATTERN='vk[[:space:]-]*cloud|vkcompany|vkontakte'
 # Additional VK-only text blacklists
 VK_INPUT_FILE="${SCRIPT_DIR}/blacklists/blacklist-vk.txt"
 VK_INPUT_V4_FILE="${SCRIPT_DIR}/blacklists/blacklist-vk-v4.txt"
 VK_INPUT_V6_FILE="${SCRIPT_DIR}/blacklists/blacklist-vk-v6.txt"
 # Output directory and files
 ROUTES_OUTPUT_DIR="${SCRIPT_DIR}/blacklists_route"
 ROUTES_V4_FILE="${ROUTES_OUTPUT_DIR}/blacklist-vk-v4.routes"
 ROUTES_V6_FILE="${ROUTES_OUTPUT_DIR}/blacklist-vk-v6.routes"
 mkdir -p "${ROUTES_OUTPUT_DIR}" "${SCRIPT_DIR}/blacklists"
 echo "Generating VK route blacklists..."
 # Build additional VK-only blacklist from network names in auto/*.txt files
 TMP_VK_FILE="$(mktemp "${SCRIPT_DIR}/blacklists/.blacklist-vk.XXXXXX")"
 for source_file in "${AUTO_ALL_V4_FILE}" "${AUTO_ALL_V6_FILE}" "${AUTO_RIPE_V4_FILE}"; do
 	[ -f "${source_file}" ] || continue
 	awk -v pattern="${VK_NAME_PATTERN}" 'tolower($0) ~ pattern { print $1 }' "${source_file}" >> "${TMP_VK_FILE}"
 done
 sort -u "${TMP_VK_FILE}" > "${VK_INPUT_FILE}"
 grep ':' "${VK_INPUT_FILE}" | sort -u > "${VK_INPUT_V6_FILE}" || true
 grep -v ':' "${VK_INPUT_FILE}" | sort -u > "${VK_INPUT_V4_FILE}" || true
 rm -f "${TMP_VK_FILE}"
 # Generate IPv4 routes file (route VK prefixes to loopback via 127.0.0.1)
 cat > "${ROUTES_V4_FILE}" << EOF
 # Linux routes for VK networks (IPv4)
 # Auto-generated by $(basename "$0")
 # Last updated: $(date -u +"%Y-%m-%d %H:%M:%S UTC")
 #
 # Apply:
 #   sudo sh $(basename "${ROUTES_V4_FILE}")
 #
 EOF
 while IFS= read -r network; do
 	[ -n "${network}" ] || continue
 	printf 'ip route replace %s via 127.0.0.1 dev lo onlink\n' "${network}" >> "${ROUTES_V4_FILE}"
 done < "${VK_INPUT_V4_FILE}"
 # Generate IPv6 routes file (route VK prefixes to loopback via ::1)
 cat > "${ROUTES_V6_FILE}" << EOF
 # Linux routes for VK networks (IPv6)
 # Auto-generated by $(basename "$0")
 # Last updated: $(date -u +"%Y-%m-%d %H:%M:%S UTC")
 #
 # Apply:
 #   sudo sh $(basename "${ROUTES_V6_FILE}")
 #
 EOF
 while IFS= read -r network; do
 	[ -n "${network}" ] || continue
 	printf 'ip -6 route replace %s via ::1 dev lo\n' "${network}" >> "${ROUTES_V6_FILE}"
 done < "${VK_INPUT_V6_FILE}"
 echo "✓ Generated: ${ROUTES_V4_FILE} (entries: $(wc -l < "${VK_INPUT_V4_FILE}" | tr -d ' '))"
 echo "✓ Generated: ${ROUTES_V6_FILE} (entries: $(wc -l < "${VK_INPUT_V6_FILE}" | tr -d ' '))"
 echo ""
 echo "Examples:"
 echo "  sudo sh ${ROUTES_V4_FILE}"
 echo "  sudo sh ${ROUTES_V6_FILE}"
--- a/blacklists_updater_txt.sh
+++ b/blacklists_updater_txt.sh
@@ -11,6 +11,8 @@ black_names="uvd|umvd|fgup|grchc|roskomnad|federalnaya sluzhba|ufsb|zonatelecom|
 # M100 - mail.ru
 white_names="ruvds"
 mkdir -p blacklists auto
 grep -iE "${black_names}" auto/all-ru-asn.txt   | grep -viE "${white_names}" | awk '{ print "# AS-Name: " $0 "\n" $1}' > ${auto_black_ass}
 ./network_list_from_as.py ${auto_black_ass} > ${outfile_w_comments}
 ./network_list_from_netname.py lists/ru-gov-netnames.txt >> ${outfile_w_comments}
--- a/check_nft_blacklist.py
+++ b/check_nft_blacklist.py
@@ -12,6 +12,27 @@ import re
 from ipaddress import ip_address, ip_network, AddressValueError
 from pathlib import Path
 def iter_set_blocks(content):
    current_name = None
    current_lines = []
    brace_depth = 0
    for line in content.splitlines():
        if current_name is None:
            match = re.match(r"\s*set\s+([A-Za-z0-9_]+)\s*\{", line)
            if match:
                current_name = match.group(1)
                current_lines = [line]
                brace_depth = line.count("{") - line.count("}")
            continue
        current_lines.append(line)
        brace_depth += line.count("{") - line.count("}")
        if brace_depth == 0:
            yield current_name, "\n".join(current_lines)
            current_name = None
            current_lines = []
 def parse_nft_config(config_path):
    """Extract IPv4 and IPv6 prefixes from nftables config."""
    p = Path(config_path)
@@ -22,36 +43,19 @@ def parse_nft_config(config_path):
    v4_prefixes = []
    v6_prefixes = []
-    # Parse IPv4 set (blacklist_v4)
+    for _, block in iter_set_blocks(content):
-    v4_match = re.search(
+        if "type ipv4_addr" in block:
-        r'set blacklist_v4\s*\{[^}]*elements\s*=\s*\{([^}]+)\}',
+            for match in re.finditer(r"(\d+\.\d+\.\d+\.\d+(?:/\d+)?)", block):
-        content,
+                try:
-        re.DOTALL
+                    v4_prefixes.append(ip_network(match.group(1), strict=False))
-    )
+                except Exception as e:
-    if v4_match:
+                    print(f"Warning: Could not parse IPv4 prefix '{match.group(1)}': {e}", file=sys.stderr)
-        elements = v4_match.group(1)
+        elif "type ipv6_addr" in block:
-        # Extract all CIDR notations
+            for match in re.finditer(r"([0-9a-fA-F:]+(?:/\d+)?)", block):
-        for match in re.finditer(r'(\d+\.\d+\.\d+\.\d+(?:/\d+)?)', elements):
+                try:
-            try:
+                    v6_prefixes.append(ip_network(match.group(1), strict=False))
-                v4_prefixes.append(ip_network(match.group(1), strict=False))
+                except Exception:
-            except Exception as e:
+                    pass
                print(f"Warning: Could not parse IPv4 prefix '{match.group(1)}': {e}", file=sys.stderr)
    # Parse IPv6 set (blacklist_v6)
    v6_match = re.search(
        r'set blacklist_v6\s*\{[^}]*elements\s*=\s*\{([^}]+)\}',
        content,
        re.DOTALL
    )
    if v6_match:
        elements = v6_match.group(1)
        # Extract all IPv6 CIDR notations
        for match in re.finditer(r'([0-9a-fA-F:]+(?:/\d+)?)', elements):
            try:
                v6_prefixes.append(ip_network(match.group(1), strict=False))
            except Exception as e:
                # Skip false matches from comments or other text
                pass
    return v4_prefixes, v6_prefixes
--- a/generate_nft_blacklist.py
+++ b/generate_nft_blacklist.py
@@ -13,7 +13,7 @@ Usage:
 import sys
 from ipaddress import ip_network, collapse_addresses
 from pathlib import Path
-from datetime import datetime
+from datetime import datetime, UTC
 def read_lines(path_or_dash):
    if path_or_dash == "-":
@@ -43,55 +43,69 @@ def aggregate_prefixes(lines):
    agg_v6 = list(collapse_addresses(sorted(v6, key=lambda x: (int(x.network_address), x.prefixlen))))
    return agg_v4, agg_v6, invalid
-def make_nft_config(agg_v4, agg_v6, comment=None):
+def make_nft_config(agg_v4, agg_v6, comment=None, usage_profile="vm_input"):
    if usage_profile == "vk_forward":
        set_v4_name = "blacklist_vk_v4"
        set_v6_name = "blacklist_vk_v6"
        rule_v4 = f'sudo nft add rule inet filter forward iifname "<VPN_IFACE>" ip daddr @{set_v4_name} counter reject'
        rule_v6 = f'sudo nft add rule inet filter forward iifname "<VPN_IFACE>" ip6 daddr @{set_v6_name} counter reject'
    else:
        set_v4_name = "blacklist_v4"
        set_v6_name = "blacklist_v6"
        rule_v4 = f"sudo nft add rule inet filter input ip saddr @{set_v4_name} counter reject"
        rule_v6 = f"sudo nft add rule inet filter input ip6 saddr @{set_v6_name} counter reject"
    lines = []
    lines.append("# Autogenerated nftables blacklist")
-    lines.append(f"# Generated: {datetime.utcnow().isoformat()}Z")
+    lines.append(f"# Generated: {datetime.now(UTC).isoformat().replace('+00:00', 'Z')}")
    if comment:
        lines.append(f"# {comment}")
    lines.append(f"# IPv4: {len(agg_v4)}, IPv6: {len(agg_v6)}")
    lines.append("#")
    lines.append("# Usage:")
    lines.append("#   sudo nft -f <this-file>")
    if usage_profile == "vk_forward":
        lines.append("#   # VK egress blocking for VPN clients via NAT/FORWARD")
        lines.append("#   sudo nft add chain inet filter forward '{ type filter hook forward priority 0; policy accept; }'")
        lines.append(f"#   {rule_v4}")
        lines.append(f"#   {rule_v6}")
    else:
        lines.append("#   # VM protection from incoming blacklist sources")
        lines.append("#   sudo nft add chain inet filter input '{ type filter hook input priority 0; policy accept; }'")
        lines.append(f"#   {rule_v4}")
        lines.append(f"#   {rule_v6}")
    lines.append("")
    lines.append("table inet filter {")
    lines.append("")
    # Define IPv4 blacklist set
-    lines.append("    set blacklist_v4 {")
+    lines.append(f"    set {set_v4_name} {{")
    lines.append("        type ipv4_addr")
    lines.append("        flags interval")
    if agg_v4:
        lines.append("        elements = {")
        for i, net in enumerate(agg_v4):
            comma = "," if i < len(agg_v4) - 1 else ""
-            lines.append(f"            {net.with_prefixlen}{comma}")
+            rendered_net = net.with_prefixlen if hasattr(net, "with_prefixlen") else str(net)
            lines.append(f"            {rendered_net}{comma}")
        lines.append("        }")
    lines.append("    }")
    lines.append("")
    # Define IPv6 blacklist set
-    lines.append("    set blacklist_v6 {")
+    lines.append(f"    set {set_v6_name} {{")
    lines.append("        type ipv6_addr")
    lines.append("        flags interval")
    if agg_v6:
        lines.append("        elements = {")
        for i, net in enumerate(agg_v6):
            comma = "," if i < len(agg_v6) - 1 else ""
-            lines.append(f"            {net.with_prefixlen}{comma}")
+            rendered_net = net.with_prefixlen if hasattr(net, "with_prefixlen") else str(net)
            lines.append(f"            {rendered_net}{comma}")
        lines.append("        }")
    lines.append("    }")
    lines.append("")
    # Define input chain with set lookups
    lines.append("    chain input {")
    lines.append("        type filter hook input priority 0;")
    lines.append("        policy accept;")
    lines.append("")
    lines.append("        ct state { established, related } accept")
    lines.append("")
    if agg_v4:
        lines.append("        ip saddr @blacklist_v4 counter drop")
    if agg_v6:
        lines.append("        ip6 saddr @blacklist_v6 counter drop")
    lines.append("    }")
    lines.append("}")
    return "\n".join(lines)
@@ -119,7 +133,8 @@ def main(argv):
    if not any(line.strip() and not line.strip().startswith("#") for line in lines):
        print("WARNING: input contains no prefixes (empty or only comments). Nothing to aggregate.")
-        nft_conf = make_nft_config([], [], comment="Empty input produced no prefixes")
+        profile = "vk_forward" if "vk" in Path(infile).name.lower() else "vm_input"
        nft_conf = make_nft_config([], [], comment="Empty input produced no prefixes", usage_profile=profile)
        write_output(outfile, nft_conf)
        return 0
@@ -137,7 +152,8 @@ def main(argv):
    for n in agg_v6:
        print("  v6:", n)
-    nft_conf = make_nft_config(agg_v4, agg_v6, comment=f"Source: {infile}")
+    profile = "vk_forward" if "vk" in Path(infile).name.lower() else "vm_input"
    nft_conf = make_nft_config(agg_v4, agg_v6, comment=f"Source: {infile}", usage_profile=profile)
    try:
        write_output(outfile, nft_conf)
    except Exception as e:
@@ -146,9 +162,12 @@ def main(argv):
    print("Done.")
    print("Load with: sudo nft -f <output.conf>")
-    print("View counters: sudo nft list chain inet filter input -a")
+    if profile == "vk_forward":
-    print("View sets: sudo nft list set inet filter blacklist_v4")
+        print("View sets: sudo nft list set inet filter blacklist_vk_v4")
-    print("           sudo nft list set inet filter blacklist_v6")
+        print("           sudo nft list set inet filter blacklist_vk_v6")
    else:
        print("View sets: sudo nft list set inet filter blacklist_v4")
        print("           sudo nft list set inet filter blacklist_v6")
    return 0
 if __name__ == "__main__":
--- a/network_list_from_as.py
+++ b/network_list_from_as.py
@@ -1,60 +1,94 @@
 #!/usr/bin/env python3
 import requests
 import argparse
 import re
-from cymruwhois import Client
+import sys
 import requests
 from pylib.whois import whois_query
 ASN_RE = re.compile(r"\bAS\d+\b", re.IGNORECASE)
 def get_as_prefixes(asn):
    url = f"https://stat.ripe.net/data/announced-prefixes/data.json?resource={asn}"
-    response = requests.get(url)
+    response = requests.get(url, timeout=30)
-    if response.status_code == 200:
+    response.raise_for_status()
-        data = response.json()
+    data = response.json()
-        prefixes = data['data']['prefixes']
+    prefixes = data["data"]["prefixes"]
-        return [prefix['prefix'] for prefix in prefixes]
+    return [prefix["prefix"] for prefix in prefixes]
    else:
        return []
 def convert_to_raw_github_url(url):
    return url.replace("https://github.com/", "https://raw.githubusercontent.com/").replace("/blob", "")
-def print_prefixes(asn):
+
-    line = re.sub(r'[^AS0-9]', '', asn)
+def normalize_asn(value):
-    if not args.quiet:
+    match = ASN_RE.search(value)
-        print(f"# Networks announced by {line}")
+    if match:
-        response = whois_query(line, "as-name", True)
+        return match.group(0).upper()
    return None
 def print_prefixes(asn, quiet=False):
    normalized_asn = normalize_asn(asn)
    if normalized_asn is None:
        return
    if not quiet:
        print(f"# Networks announced by {normalized_asn}")
        response = whois_query(normalized_asn, "as-name", True)
        if response is not None:
            info = response.strip()
            print(f"# AS-Name (ORG): {info}")
-    prefixes = get_as_prefixes(line)
+    prefixes = get_as_prefixes(normalized_asn)
    for prefix in prefixes:
        print(prefix)
-def extract_asses(asn_filename_or_url):
+
-    if asn_filename_or_url.startswith('AS'):
+def extract_asses(asn_filename_or_url, quiet=False):
-        print_prefixes(asn_filename_or_url)
+    if normalize_asn(asn_filename_or_url) and not asn_filename_or_url.startswith(("http://", "https://")):
        print_prefixes(asn_filename_or_url, quiet=quiet)
        return None
-    if asn_filename_or_url.startswith('http://') or asn_filename_or_url.startswith('https://'):
+    if asn_filename_or_url.startswith("http://") or asn_filename_or_url.startswith("https://"):
-        if 'github.com' in asn_filename_or_url:
+        if "github.com" in asn_filename_or_url:
            asn_filename_or_url = convert_to_raw_github_url(asn_filename_or_url)
-        response = requests.get(asn_filename_or_url)
+        response = requests.get(asn_filename_or_url, timeout=30)
-        lines = response.text.split('\n')
+        response.raise_for_status()
        lines = response.text.splitlines()
    else:
-        with open(asn_filename_or_url, 'r') as file:
+        with open(asn_filename_or_url, "r", encoding="utf-8") as file:
            lines = file.readlines()
    for line in lines:
-        if re.match(r'^AS.*', line):
+        normalized_asn = normalize_asn(line)
-            print_prefixes(line)
+        if normalized_asn:
            print_prefixes(normalized_asn, quiet=quiet)
    return None
 parser = argparse.ArgumentParser(description='./as_network_list.py -q AS61280')
 parser.add_argument('asn_filename_or_url', help='The AS number to get networks / The file or URL to extract AS numbers from.')
 parser.add_argument('-q', '--quiet', action='store_true', help='Disable all output except prefixes.')
 args = parser.parse_args()
-extract_asses(args.asn_filename_or_url)
+def build_parser():
    parser = argparse.ArgumentParser(description="./network_list_from_as.py -q AS61280")
    parser.add_argument("asn_filename_or_url", help="The AS number to get networks / The file or URL to extract AS numbers from.")
    parser.add_argument("-q", "--quiet", action="store_true", help="Disable all output except prefixes.")
    return parser
 def main(argv=None):
    parser = build_parser()
    args = parser.parse_args(argv)
    try:
        extract_asses(args.asn_filename_or_url, quiet=args.quiet)
    except requests.RequestException as exc:
        print(f"ERROR: failed to fetch ASN data: {exc}", file=sys.stderr)
        return 1
    except OSError as exc:
        print(f"ERROR: failed to read input: {exc}", file=sys.stderr)
        return 1
    return 0
 if __name__ == "__main__":
    sys.exit(main())
--- a/network_list_from_netname.py
+++ b/network_list_from_netname.py
@@ -1,41 +1,72 @@
 #!/usr/bin/env python3
 import argparse
 import requests
 import re
-from   pylib.whois import whois_query
+import sys
-from   pylib.ip    import convert_to_cidr
+
 import requests
 from pylib.ip import convert_to_cidr
 from pylib.whois import whois_query
 def convert_to_raw_github_url(url):
    return url.replace("https://github.com/", "https://raw.githubusercontent.com/").replace("/blob", "")
-def extract_netname(filename_or_url):
+
-    if filename_or_url.startswith('http://') or filename_or_url.startswith('https://'):
+def iter_netnames(lines):
-        if 'github.com' in filename_or_url:
+    for line in lines:
        stripped = line.strip()
        if not stripped or stripped.startswith("#"):
            continue
        if re.match(r"^netname:", stripped, re.IGNORECASE):
            yield stripped.split(":", 1)[1].strip()
        else:
            yield stripped
 def extract_netname(filename_or_url, quiet=False):
    if filename_or_url.startswith("http://") or filename_or_url.startswith("https://"):
        if "github.com" in filename_or_url:
            filename_or_url = convert_to_raw_github_url(filename_or_url)
-        response = requests.get(filename_or_url)
+        response = requests.get(filename_or_url, timeout=30)
-        lines = response.text.split('\n')
+        response.raise_for_status()
        lines = response.text.splitlines()
    else:
-        with open(filename_or_url, 'r') as file:
+        with open(filename_or_url, "r", encoding="utf-8") as file:
            lines = file.readlines()
-    for line in lines:
+    for netname in iter_netnames(lines):
-        if re.match(r'^netname:', line):
+        response = whois_query(netname, "inetnum")
-            netname = line.split(':')[1].strip()
+        if response is not None and len(response) > 0:
-            response = whois_query(netname, "inetnum")
+            if not quiet:
-            if response is not None and len(response) > 0:
+                print(f"# Network name: {netname}")
-                if not args.quiet:
+            for cidr in response:
-                    print(f"# Network name: {netname}")
+                for network in convert_to_cidr(cidr):
-                for cidr in response:
+                    print(network)
                    net = convert_to_cidr(cidr)
                    net = net[0]
                    print(net)
    return None
 parser = argparse.ArgumentParser(description='Extract netname from file.')
 parser.add_argument('filename_or_url', help='The file or URL to extract netnames from.')
 parser.add_argument('-q', '--quiet', action='store_true', help='Disable all output except prefixes.')
 args = parser.parse_args()
-extract_netname(args.filename_or_url)
+def build_parser():
    parser = argparse.ArgumentParser(description="Extract netname from file.")
    parser.add_argument("filename_or_url", help="The file or URL to extract netnames from.")
    parser.add_argument("-q", "--quiet", action="store_true", help="Disable all output except prefixes.")
    return parser
 def main(argv=None):
    parser = build_parser()
    args = parser.parse_args(argv)
    try:
        extract_netname(args.filename_or_url, quiet=args.quiet)
    except requests.RequestException as exc:
        print(f"ERROR: failed to fetch netname data: {exc}", file=sys.stderr)
        return 1
    except OSError as exc:
        print(f"ERROR: failed to read input: {exc}", file=sys.stderr)
        return 1
    return 0
 if __name__ == "__main__":
    sys.exit(main())
--- a/parse_ripe_db.py
+++ b/parse_ripe_db.py
@@ -1,62 +1,84 @@
 #!/usr/bin/env python3
 import argparse
 import re
 import json
-from   pylib.ip import convert_to_cidr
+import sys
 from pylib.ip import convert_to_cidr
 country = "RU"
 def normalize_record(record):
    if not record:
        return None
    if record.get("country") != country:
        return None
    normalized = dict(record)
    normalized["inetnum"] = convert_to_cidr(record["inetnum"])
    return normalized
 def parse(filename, output_text, output_json):
-    cList = []
+    c_list = []
    record = {}
-    with open(filename, 'r', encoding='latin-1') as f:
+    with open(filename, "r", encoding="latin-1") as f:
        lines = f.readlines()
-        f.close()
+
    for line in lines:
-        if re.match(r'^inetnum:', line):
+        if line.startswith("inetnum:"):
-            if record:
+            normalized = normalize_record(record)
-                record['inetnum'] = convert_to_cidr(record['inetnum'])
+            if normalized is not None:
-                if record['country'] == country:
+                c_list.append(normalized)
 #                    print(record)
                    cList.append(record)
            record = {}
-            record['inetnum'] = line.split('inetnum:', 1)[1].strip()
+            record["inetnum"] = line.split("inetnum:", 1)[1].strip()
-            record['descr'] = ''
+            record["descr"] = ""
-            record['netname'] = ''
+            record["netname"] = ""
-            record['country'] = ''
+            record["country"] = ""
-            record['org'] = ''
+            record["org"] = ""
-        if re.match(r'^netname:', line):
+        if line.startswith("netname:"):
-            record['netname'] = line.split('netname:', 1)[1].strip()
+            record["netname"] = line.split("netname:", 1)[1].strip()
-        if re.match(r'^descr:', line):
+        if line.startswith("descr:"):
-            record['descr'] = str(record['descr'].strip() + ' ' + line.split('descr:', 1)[1].strip()).strip()
+            record["descr"] = str(record["descr"].strip() + " " + line.split("descr:", 1)[1].strip()).strip()
-        if re.match(r'^mnt-by:', line):
+        if line.startswith("mnt-by:"):
-            record['netname'] = str(record['netname'].strip() + ' ' + line.split('mnt-by:', 1)[1].strip()).strip()
+            record["netname"] = str(record["netname"].strip() + " " + line.split("mnt-by:", 1)[1].strip()).strip()
-        if re.match(r'^country:', line):
+        if line.startswith("country:"):
-            record['country'] = line.split('country:', 1)[1].strip()
+            record["country"] = line.split("country:", 1)[1].strip()
-        if re.match(r'^org:', line):
+        if line.startswith("org:"):
-            record['org'] = line.split('org:', 1)[1].strip()
+            record["org"] = line.split("org:", 1)[1].strip()
    if record:
        cList.append(record)
-    with open(output_json, 'w') as f:
+    normalized = normalize_record(record)
-        json.dump(cList, f, indent=4)
+    if normalized is not None:
-        f.close()
+        c_list.append(normalized)
-    with open(output_text, 'w') as f:
+    with open(output_json, "w", encoding="utf-8") as f:
-        for record in cList:
+        json.dump(c_list, f, indent=4)
            for net in record['inetnum']:
                f.write(net + ' ' + record['netname'] + ' (' + record['org'] + ') [' + record['descr'] + ']\n')
        f.close()
-parser = argparse.ArgumentParser(description='Parse RIPE DB for getting a list of RU networks.')
+    with open(output_text, "w", encoding="utf-8") as f:
-parser.add_argument('filename', help='ripe.db.inetnum file to parse.')
+        for item in c_list:
-parser.add_argument('output_text', help='write text db to...')
+            for net in item["inetnum"]:
-parser.add_argument('output_json', help='write json do to...')
+                f.write(net + " " + item["netname"] + " (" + item["org"] + ") [" + item["descr"] + "]\n")
 args = parser.parse_args()
 if not (args.filename):
    parser.print_help()
    exit()
-parse(args.filename, args.output_text, args.output_json)
+def build_parser():
    parser = argparse.ArgumentParser(description="Parse RIPE DB for getting a list of RU networks.")
    parser.add_argument("filename", help="ripe.db.inetnum file to parse.")
    parser.add_argument("output_text", help="write text db to...")
    parser.add_argument("output_json", help="write json db to...")
    return parser
 def main(argv=None):
    parser = build_parser()
    args = parser.parse_args(argv)
    try:
        parse(args.filename, args.output_text, args.output_json)
    except OSError as exc:
        print(f"ERROR: {exc}", file=sys.stderr)
        return 1
    return 0
 if __name__ == "__main__":
    sys.exit(main())
--- a/tests/test_check_nft_blacklist.py
+++ b/tests/test_check_nft_blacklist.py
@@ -0,0 +1,26 @@
 import tempfile
 import unittest
 from pathlib import Path
 from check_nft_blacklist import check_ip_in_blacklist, parse_nft_config
 from generate_nft_blacklist import make_nft_config
 class CheckNftBlacklistTests(unittest.TestCase):
    def test_vk_sets_are_parsed(self):
        config = make_nft_config(["87.240.128.0/18"], [], usage_profile="vk_forward")
        with tempfile.TemporaryDirectory() as tmpdir:
            config_path = Path(tmpdir) / "blacklist-vk-v4.nft"
            config_path.write_text(config, encoding="utf-8")
            v4_prefixes, v6_prefixes = parse_nft_config(config_path)
            blocked, prefix = check_ip_in_blacklist("87.240.128.1", v4_prefixes, v6_prefixes)
            self.assertEqual(len(v4_prefixes), 1)
            self.assertTrue(blocked)
            self.assertEqual(str(prefix), "87.240.128.0/18")
 if __name__ == "__main__":
    unittest.main()
--- a/tests/test_generate_nft_blacklist.py
+++ b/tests/test_generate_nft_blacklist.py
@@ -0,0 +1,25 @@
 import unittest
 from generate_nft_blacklist import make_nft_config
 class GenerateNftBlacklistTests(unittest.TestCase):
    def test_general_profile_generates_plain_sets_only(self):
        config = make_nft_config(["10.0.0.0/24"], [], usage_profile="vm_input")
        self.assertIn("set blacklist_v4", config)
        self.assertNotIn("chain input", config)
        self.assertIn("ip saddr @blacklist_v4", config)
    def test_vk_profile_uses_vk_set_names_and_forward_example(self):
        config = make_nft_config(["10.0.0.0/24"], ["2001:db8::/32"], usage_profile="vk_forward")
        self.assertIn("set blacklist_vk_v4", config)
        self.assertIn("set blacklist_vk_v6", config)
        self.assertNotIn("chain forward", config)
        self.assertIn("ip daddr @blacklist_vk_v4", config)
        self.assertIn("ip6 daddr @blacklist_vk_v6", config)
 if __name__ == "__main__":
    unittest.main()
--- a/tests/test_parse_ripe_db.py
+++ b/tests/test_parse_ripe_db.py
@@ -0,0 +1,41 @@
 import json
 import tempfile
 import unittest
 from pathlib import Path
 from parse_ripe_db import parse
 class ParseRipeDbTests(unittest.TestCase):
    def test_skips_non_ru_last_record_and_normalizes_last_ru_record(self):
        sample = """\
 inetnum: 10.0.0.0 - 10.0.0.255
 netname: TEST1
 country: RU
 org: ORG-1
 descr: desc1
 inetnum: 20.0.0.0 - 20.0.0.255
 netname: TEST2
 country: US
 org: ORG-2
 """
        with tempfile.TemporaryDirectory() as tmpdir:
            source = Path(tmpdir) / "ripe.db.inetnum"
            output_text = Path(tmpdir) / "out.txt"
            output_json = Path(tmpdir) / "out.json"
            source.write_text(sample, encoding="latin-1")
            parse(str(source), str(output_text), str(output_json))
            payload = json.loads(output_json.read_text(encoding="utf-8"))
            self.assertEqual(len(payload), 1)
            self.assertEqual(payload[0]["inetnum"], ["10.0.0.0/24"])
            self.assertEqual(payload[0]["country"], "RU")
            text_lines = output_text.read_text(encoding="utf-8").splitlines()
            self.assertEqual(text_lines, ["10.0.0.0/24 TEST1 (ORG-1) [desc1]"])
 if __name__ == "__main__":
    unittest.main()
Author	SHA1	Message	Date
C24Be	7690d60023	Update 2026.03.29 13:11:56	2026-03-29 13:11:57 +00:00
C24Be	1ef2a3a21e	Update 2026.03.29 06:56:52	2026-03-29 06:56:52 +00:00
C24Be	128d6c3d19	Merge branch 'main' of https://github.com/C24Be/AS_Network_List	2026-03-28 12:15:26 +01:00
C24Be	4502515ab1	Readme	2026-03-28 12:15:23 +01:00
C24Be	740834b112	Update 2026.03.28 06:52:03	2026-03-28 06:52:03 +00:00
C24Be	c79108d476	Readme	2026-03-27 19:16:50 +01:00
C24Be	754f545764	Update 2026.03.27 18:14:06	2026-03-27 18:14:07 +00:00
C24Be	048810e560	big update	2026-03-27 19:12:07 +01:00
C24Be	cfed9adddf	big update	2026-03-27 19:11:52 +01:00
C24Be	0107142b90	Update 2026.03.27 06:59:36	2026-03-27 06:59:36 +00:00
C24Be	5d9070946d	readme	2026-03-26 11:20:52 +01:00
C24Be	4126557898	Merge branch 'main' of https://github.com/C24Be/AS_Network_List	2026-03-26 11:20:00 +01:00
C24Be	cd643625f1	readme	2026-03-26 11:19:56 +01:00
C24Be	23ca832e7d	Update 2026.03.26 09:38:27	2026-03-26 09:38:27 +00:00
C24Be	760bc7409d	readme files	2026-03-26 10:37:06 +01:00
C24Be	3922acb075	readme files	2026-03-26 10:34:02 +01:00
C24Be	17d64070c6	mini readmes	2026-03-26 10:17:04 +01:00
C24Be	c34ebee88f	Update 2026.03.26 08:47:07	2026-03-26 08:47:07 +00:00
C24Be	96f5442eea	+ routes folder to commit	2026-03-26 09:45:53 +01:00
C24Be	22bbb3dd20	some fixes	2026-03-26 09:42:48 +01:00
C24Be	943e7f2498	Merge branch 'main' of https://github.com/C24Be/AS_Network_List	2026-03-26 09:41:31 +01:00
C24Be	ecc4b2e387	some fixes	2026-03-26 09:41:27 +01:00
C24Be	72d57938c0	Update 2026.03.26 08:35:16	2026-03-26 08:35:17 +00:00
C24Be	1d0162e69f	some fixes	2026-03-26 09:33:42 +01:00
C24Be	75e044c01d	Update 2026.03.26 08:29:31	2026-03-26 08:29:31 +00:00
C24Be	3cb9156d28	some fixes	2026-03-26 09:28:25 +01:00
C24Be	011efe4bcb	some fixes	2026-03-26 09:26:41 +01:00
C24Be	849e96a16d	+ routes	2026-03-26 09:18:49 +01:00
C24Be	ee407903b6	+ routes	2026-03-26 09:16:31 +01:00
C24Be	07284f6831	+ routes	2026-03-26 09:16:11 +01:00
C24Be	f407215a72	Update 2026.03.26 07:01:14	2026-03-26 07:01:14 +00:00
C24Be	3ea564dfe8	Update 2026.03.25 06:55:56	2026-03-25 06:55:56 +00:00
C24Be	af409b55cc	Update 2026.03.24 19:03:32	2026-03-24 19:03:33 +00:00
C24Be	17a668eaec	Block VK / usage	2026-03-24 20:02:11 +01:00
C24Be	95d70eb428	Update 2026.03.24 18:58:35	2026-03-24 18:58:35 +00:00
C24Be	82ad171e71	usage	2026-03-24 19:57:16 +01:00
C24Be	8e3a07acc5	Update 2026.03.24 18:23:22	2026-03-24 18:23:22 +00:00
C24Be	6381ea7863	Block VK / usage	2026-03-24 19:21:52 +01:00
C24Be	4a8a10d6d6	Update 2026.03.24 18:07:56	2026-03-24 18:07:56 +00:00
C24Be	d7e0f9c7b7	Block VK / usage	2026-03-24 19:06:26 +01:00
C24Be	b98e6d008c	Block VK / readme	2026-03-24 19:03:08 +01:00
C24Be	7714b6ff07	Update 2026.03.24 18:01:29	2026-03-24 18:01:30 +00:00
C24Be	2d2dfccad3	Block VK / Add special lists	2026-03-24 18:59:49 +01:00
C24Be	0b170ff24a	Update 2026.03.24 06:56:56	2026-03-24 06:56:56 +00:00
C24Be	204b099d9c	Update 2026.03.23 07:02:16	2026-03-23 07:02:16 +00:00
C24Be	77142cde32	Update 2026.03.22 13:11:44	2026-03-22 13:11:45 +00:00
C24Be	12f1e01c61	Update 2026.03.22 06:42:46	2026-03-22 06:42:46 +00:00
C24Be	834a95b304	Update 2026.03.21 06:34:56	2026-03-21 06:34:56 +00:00
C24Be	e78fa434c8	Update 2026.03.20 06:45:28	2026-03-20 06:45:28 +00:00
C24Be	c2beed14dc	Update 2026.03.19 06:50:44	2026-03-19 06:50:44 +00:00
C24Be	0261df5830	Update 2026.03.18 06:55:06	2026-03-18 06:55:06 +00:00
C24Be	619e5f7997	Update 2026.03.17 06:56:36	2026-03-17 06:56:37 +00:00
C24Be	63bb2685d4	Update 2026.03.16 07:08:36	2026-03-16 07:08:36 +00:00
C24Be	b9bd54545c	Update 2026.03.15 13:13:19	2026-03-15 13:13:20 +00:00
C24Be	f67123d80d	Update 2026.03.15 06:48:28	2026-03-15 06:48:28 +00:00
C24Be	9834fa3728	Update 2026.03.14 06:37:41	2026-03-14 06:37:42 +00:00
C24Be	dbbfd0db63	Update 2026.03.13 06:43:17	2026-03-13 06:43:17 +00:00
C24Be	a163fdbbb2	Update 2026.03.12 06:45:25	2026-03-12 06:45:25 +00:00
C24Be	de5d352c2a	Update 2026.03.11 06:43:34	2026-03-11 06:43:34 +00:00
C24Be	292b0f0460	Update 2026.03.10 06:40:16	2026-03-10 06:40:16 +00:00
C24Be	e690b097af	Update 2026.03.09 06:56:59	2026-03-09 06:56:59 +00:00
C24Be	317036fb8d	Update 2026.03.08 13:08:28	2026-03-08 13:08:29 +00:00
C24Be	69549bce92	Update 2026.03.08 06:35:20	2026-03-08 06:35:20 +00:00
C24Be	2d3cc80273	Update 2026.03.07 06:31:53	2026-03-07 06:31:53 +00:00
C24Be	e26bc0890f	Update 2026.03.06 06:39:18	2026-03-06 06:39:18 +00:00
C24Be	7a958c6686	Update 2026.03.05 06:42:08	2026-03-05 06:42:08 +00:00