yanistyle/AS_Network_List
1
0
Fork 0
mirror of https://github.com/C24Be/AS_Network_List.git synced 2026-03-26 11:20:59 +03:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: yanistyle:3448d99fa0578f1f06ddc0a6d7bd4e5e1d70cbe2
Branches Tags
yanistyle:main
..
compare: yanistyle:main
Branches Tags
yanistyle:main

39 Commits
3448d99fa0 ... main

Author SHA1 Message Date
C24Be
849e96a16d + routes 2026-03-26 09:18:49 +01:00
C24Be
ee407903b6 + routes 2026-03-26 09:16:31 +01:00
C24Be
07284f6831 + routes 2026-03-26 09:16:11 +01:00
C24Be
f407215a72 Update 2026.03.26 07:01:14 2026-03-26 07:01:14 +00:00
C24Be
3ea564dfe8 Update 2026.03.25 06:55:56 2026-03-25 06:55:56 +00:00
C24Be
af409b55cc Update 2026.03.24 19:03:32 2026-03-24 19:03:33 +00:00
C24Be
17a668eaec Block VK / usage 2026-03-24 20:02:11 +01:00
C24Be
95d70eb428 Update 2026.03.24 18:58:35 2026-03-24 18:58:35 +00:00
C24Be
82ad171e71 usage 2026-03-24 19:57:16 +01:00
C24Be
8e3a07acc5 Update 2026.03.24 18:23:22 2026-03-24 18:23:22 +00:00
C24Be
6381ea7863 Block VK / usage 2026-03-24 19:21:52 +01:00
C24Be
4a8a10d6d6 Update 2026.03.24 18:07:56 2026-03-24 18:07:56 +00:00
C24Be
d7e0f9c7b7 Block VK / usage 2026-03-24 19:06:26 +01:00
C24Be
b98e6d008c Block VK / readme 2026-03-24 19:03:08 +01:00
C24Be
7714b6ff07 Update 2026.03.24 18:01:29 2026-03-24 18:01:30 +00:00
C24Be
2d2dfccad3 Block VK / Add special lists 2026-03-24 18:59:49 +01:00
C24Be
0b170ff24a Update 2026.03.24 06:56:56 2026-03-24 06:56:56 +00:00
C24Be
204b099d9c Update 2026.03.23 07:02:16 2026-03-23 07:02:16 +00:00
C24Be
77142cde32 Update 2026.03.22 13:11:44 2026-03-22 13:11:45 +00:00
C24Be
12f1e01c61 Update 2026.03.22 06:42:46 2026-03-22 06:42:46 +00:00
C24Be
834a95b304 Update 2026.03.21 06:34:56 2026-03-21 06:34:56 +00:00
C24Be
e78fa434c8 Update 2026.03.20 06:45:28 2026-03-20 06:45:28 +00:00
C24Be
c2beed14dc Update 2026.03.19 06:50:44 2026-03-19 06:50:44 +00:00
C24Be
0261df5830 Update 2026.03.18 06:55:06 2026-03-18 06:55:06 +00:00
C24Be
619e5f7997 Update 2026.03.17 06:56:36 2026-03-17 06:56:37 +00:00
C24Be
63bb2685d4 Update 2026.03.16 07:08:36 2026-03-16 07:08:36 +00:00
C24Be
b9bd54545c Update 2026.03.15 13:13:19 2026-03-15 13:13:20 +00:00
C24Be
f67123d80d Update 2026.03.15 06:48:28 2026-03-15 06:48:28 +00:00
C24Be
9834fa3728 Update 2026.03.14 06:37:41 2026-03-14 06:37:42 +00:00
C24Be
dbbfd0db63 Update 2026.03.13 06:43:17 2026-03-13 06:43:17 +00:00
C24Be
a163fdbbb2 Update 2026.03.12 06:45:25 2026-03-12 06:45:25 +00:00
C24Be
de5d352c2a Update 2026.03.11 06:43:34 2026-03-11 06:43:34 +00:00
C24Be
292b0f0460 Update 2026.03.10 06:40:16 2026-03-10 06:40:16 +00:00
C24Be
e690b097af Update 2026.03.09 06:56:59 2026-03-09 06:56:59 +00:00
C24Be
317036fb8d Update 2026.03.08 13:08:28 2026-03-08 13:08:29 +00:00
C24Be
69549bce92 Update 2026.03.08 06:35:20 2026-03-08 06:35:20 +00:00
C24Be
2d3cc80273 Update 2026.03.07 06:31:53 2026-03-07 06:31:53 +00:00
C24Be
e26bc0890f Update 2026.03.06 06:39:18 2026-03-06 06:39:18 +00:00
C24Be
7a958c6686 Update 2026.03.05 06:42:08 2026-03-05 06:42:08 +00:00
28 changed files with 5441 additions and 17151 deletions
Expand all files Collapse all files

1
.github/workflows/update_blacklists.yml vendored
View File

@@ -33,6 +33,7 @@ jobs:
- run: ./blacklists_updater_nginx.sh - run: ./blacklists_updater_nginx.sh
- run: ./blacklists_updater_iptables.sh - run: ./blacklists_updater_iptables.sh
- run: ./blacklists_updater_nftables.sh - run: ./blacklists_updater_nftables.sh
- run: ./blacklists_updater_routes.sh
- uses: ./.github/actions/gitPush - uses: ./.github/actions/gitPush
env: env:
PUSH_FILES: blacklists/ blacklists_nginx/ blacklists_iptables/ blacklists_nftables/ PUSH_FILES: blacklists/ blacklists_nginx/ blacklists_iptables/ blacklists_nftables/

40
README.md
View File

@@ -2,6 +2,11 @@
### Blacklists are updated daily! ### Blacklists are updated daily!
> [!IMPORTANT]
> A very important feature has been added: dedicated lists of VK Cloud / VK networks that can be used to block **OUTGOING** traffic from your server (iptables/ipset and nftables formats are available).
> This can help reduce the risk of Messenger MAX being used to compromise your VPN server.
> The best security option is to avoid installing Messenger MAX at all on a phone where VPN access is configured.
This repository contains Python scripts that allow you to retrieve network lists based on either an Autonomous System (AS) name or a Network name. Also you can download and parse the whole RIPE database to get information about Networks for the further analysis. This repository contains Python scripts that allow you to retrieve network lists based on either an Autonomous System (AS) name or a Network name. Also you can download and parse the whole RIPE database to get information about Networks for the further analysis.
**Ready-to-use blacklists in multiple formats:** **Ready-to-use blacklists in multiple formats:**
@@ -9,6 +14,8 @@ This repository contains Python scripts that allow you to retrieve network lists
- [Text blacklists in `blacklists/`](https://github.com/C24Be/AS_Network_List/tree/main/blacklists) - Plain text format with IPv4/IPv6 separation - [Text blacklists in `blacklists/`](https://github.com/C24Be/AS_Network_List/tree/main/blacklists) - Plain text format with IPv4/IPv6 separation
- [Nginx configurations in `blacklists_nginx/`](https://github.com/C24Be/AS_Network_List/tree/main/blacklists_nginx) - Ready to include in your nginx config - [Nginx configurations in `blacklists_nginx/`](https://github.com/C24Be/AS_Network_List/tree/main/blacklists_nginx) - Ready to include in your nginx config
- [IPTables/IPSet files in `blacklists_iptables/`](https://github.com/C24Be/AS_Network_List/tree/main/blacklists_iptables) - Optimized for iptables with ipset - [IPTables/IPSet files in `blacklists_iptables/`](https://github.com/C24Be/AS_Network_List/tree/main/blacklists_iptables) - Optimized for iptables with ipset
- [nftables files in `blacklists_nftables/`](https://github.com/C24Be/AS_Network_List/tree/main/blacklists_nftables) - Ready-to-load sets and rules for nftables
- [Linux route files in `blacklists_route/`](https://github.com/C24Be/AS_Network_List/tree/main/blacklists_route) - VK route blackholes to loopback (IPv4/IPv6)
- [Other network and ASN lists in `auto/`](https://github.com/C24Be/AS_Network_List/tree/main/auto) - Comprehensive Russian network data - [Other network and ASN lists in `auto/`](https://github.com/C24Be/AS_Network_List/tree/main/auto) - Comprehensive Russian network data
## Files and features ## Files and features
@@ -28,6 +35,8 @@ This repository contains Python scripts that allow you to retrieve network lists
- `blacklists_updater_txt.sh`: Generates text-based blacklists with IPv4/IPv6 separation - `blacklists_updater_txt.sh`: Generates text-based blacklists with IPv4/IPv6 separation
- `blacklists_updater_nginx.sh`: Generates nginx configuration files with deny directives - `blacklists_updater_nginx.sh`: Generates nginx configuration files with deny directives
- `blacklists_updater_iptables.sh`: Generates ipset configuration files for iptables/ip6tables - `blacklists_updater_iptables.sh`: Generates ipset configuration files for iptables/ip6tables
- `blacklists_updater_nftables.sh`: Generates nftables blacklist files (mixed/v4/v6 and VK-specific)
- `blacklists_updater_routes.sh`: Generates Linux route files to send VK networks to loopback (`127.0.0.1` / `::1`)
### Generated Blacklists ### Generated Blacklists
@@ -57,8 +66,16 @@ This repository contains Python scripts that allow you to retrieve network lists
* `blacklist.nft`: nftables configuration for mixed IPv4/IPv6 (**daily generated**) * `blacklist.nft`: nftables configuration for mixed IPv4/IPv6 (**daily generated**)
* `blacklist-v4.nft`: nftables configuration for IPv4 only (**daily generated**) * `blacklist-v4.nft`: nftables configuration for IPv4 only (**daily generated**)
* `blacklist-v6.nft`: nftables configuration for IPv6 only (**daily generated**) * `blacklist-v6.nft`: nftables configuration for IPv6 only (**daily generated**)
* `blacklist-vk.nft`: nftables configuration for VK-only networks (**daily generated**)
* `blacklist-vk-v4.nft`: nftables configuration for VK-only IPv4 networks (**daily generated**)
* `blacklist-vk-v6.nft`: nftables configuration for VK-only IPv6 networks (**daily generated**)
* `README.md`: Complete usage documentation for nftables integration * `README.md`: Complete usage documentation for nftables integration
**Linux Routes Format** (`blacklists_route/` folder):
* `blacklist-vk-v4.routes`: IPv4 routes for VK-only networks to `127.0.0.1` via `lo` (**daily generated**)
* `blacklist-vk-v6.routes`: IPv6 routes for VK-only networks to `::1` via `lo` (**daily generated**)
### Reference Lists ### Reference Lists
@@ -105,10 +122,33 @@ ip6tables -I INPUT -m set --match-set blacklist-v6 src -j DROP
# Download and load into nftables # Download and load into nftables
wget https://raw.githubusercontent.com/C24Be/AS_Network_List/main/blacklists_nftables/blacklist.nft wget https://raw.githubusercontent.com/C24Be/AS_Network_List/main/blacklists_nftables/blacklist.nft
sudo nft -f blacklist.nft sudo nft -f blacklist.nft
# Protect VM from incoming blacklist sources
sudo nft add chain inet filter input '{ type filter hook input priority 0; policy accept; }'
sudo nft add rule inet filter input ip saddr @blacklist_v4 counter reject
sudo nft add rule inet filter input ip6 saddr @blacklist_v6 counter reject
# VK-only outbound blocking for VPN clients via NAT/FORWARD
wget https://raw.githubusercontent.com/C24Be/AS_Network_List/main/blacklists_nftables/blacklist-vk.nft
sudo nft -f blacklist-vk.nft
sudo nft add chain inet filter forward '{ type filter hook forward priority 0; policy accept; }'
sudo nft add rule inet filter forward iifname "<VPN_IFACE>" ip daddr @blacklist_v4 counter reject
sudo nft add rule inet filter forward iifname "<VPN_IFACE>" ip6 daddr @blacklist_v6 counter reject
# View the loaded rules # View the loaded rules
sudo nft list ruleset sudo nft list ruleset
```` ````
**For Linux Routes (VK loopback blackhole):**
```bash
# Download and apply VK route files
wget https://raw.githubusercontent.com/C24Be/AS_Network_List/main/blacklists_route/blacklist-vk-v4.routes
wget https://raw.githubusercontent.com/C24Be/AS_Network_List/main/blacklists_route/blacklist-vk-v6.routes
sudo sh blacklist-vk-v4.routes
sudo sh blacklist-vk-v6.routes
```
**For Custom Applications:** **For Custom Applications:**
```bash ```bash

9096
auto/ripe-ru-ipv4.json
View File

File diff suppressed because it is too large Load Diff

1547
auto/ripe-ru-ipv4.txt
View File

File diff suppressed because it is too large Load Diff

0
blacklists/.keep → blacklists/.keep_folder
View File

1136
blacklists/blacklist-v4.txt
View File

File diff suppressed because it is too large Load Diff

22
blacklists/blacklist-v6.txt
View File

@@ -1,22 +0,0 @@
2a00:1148::/29
2a00:1148::/32
2a00:46e0:2::/48
2a00:46e0::/32
2a00:a300::/32
2a00:b4c0::/32
2a00:bdc0:8000::/34
2a00:bdc0::/33
2a00:bdc0:c000::/35
2a00:bdc0:e002::/48
2a00:bdc0:e003::/48
2a00:bdc0:e004::/48
2a00:bdc0:e005::/48
2a00:bdc0:e007::/48
2a00:bdc0:f000::/36
2a00:bdc1::/32
2a00:bdc2::/31
2a00:bdc4::/30
2a14:25c0::/32
2a14:25c5::/32
2a14:25c6::/32
2a14:25c7::/32

1158
blacklists/blacklist.txt
View File

File diff suppressed because it is too large Load Diff

2319
blacklists/blacklist_with_comments.txt
View File

File diff suppressed because it is too large Load Diff

0
blacklists_iptables/.keep → blacklists_iptables/.keep_folder
View File

109
blacklists_iptables/README.md
View File

@@ -1,109 +0,0 @@
# IPTables/IPSet Blacklist Configurations
Auto-generated ipset configuration files for blocking networks and IP addresses with iptables/ip6tables.
## Available Files
### IPv4 Only
- **`blacklist-v4.ipset`** - Contains only IPv4 networks (806 entries)
### IPv6 Only
- **`blacklist-v6.ipset`** - Contains only IPv6 networks (3 entries)
### Mixed IPv4/IPv6
- **`blacklist.ipset`** - Contains both IPv4 and IPv6 sets (809 total entries)
## Usage
### 1. Load the IPSet
```bash
# For IPv4 only
ipset restore < blacklist-v4.ipset
# For IPv6 only
ipset restore < blacklist-v6.ipset
# For both IPv4 and IPv6 (loads both sets)
ipset restore < blacklist.ipset
```
### 2. Apply IPTables Rules
```bash
# For IPv4
iptables -I INPUT -m set --match-set blacklist-v4 src -j DROP
iptables -I FORWARD -m set --match-set blacklist-v4 src -j DROP
# For IPv6
ip6tables -I INPUT -m set --match-set blacklist-v6 src -j DROP
ip6tables -I FORWARD -m set --match-set blacklist-v6 src -j DROP
```
### 3. Persist Rules (Optional)
To make the rules persistent across reboots:
**On Debian/Ubuntu:**
```bash
# Save iptables rules
iptables-save > /etc/iptables/rules.v4
ip6tables-save > /etc/iptables/rules.v6
# Save ipset
ipset save > /etc/ipset.conf
```
**On RHEL/CentOS:**
```bash
# Save iptables rules
service iptables save
service ip6tables save
# Save ipset
ipset save > /etc/sysconfig/ipset
```
### 4. Update Existing Sets
To update the blacklist without restarting iptables:
```bash
# Flush and reload
ipset flush blacklist-v4
ipset restore < blacklist-v4.ipset
```
### 5. Remove Sets
```bash
# Remove IPv4 set
ipset flush blacklist-v4
ipset destroy blacklist-v4
# Remove IPv6 set
ipset flush blacklist-v6
ipset destroy blacklist-v6
```
## Performance Benefits
IPSet uses hash tables for O(1) lookup performance, making it ideal for large blacklists:
- Much faster than individual iptables rules
- Minimal CPU overhead
- Supports up to 65536 entries per set (configurable)
- Kernel-level implementation for maximum efficiency
## Automatic Updates
These files are automatically regenerated when the blacklists are updated via the GitHub Actions workflow.
## Source
Generated from the blacklist files in the `blacklists/` directory.

1154
blacklists_iptables/blacklist-v4.ipset
View File

File diff suppressed because it is too large Load Diff

40
blacklists_iptables/blacklist-v6.ipset
View File

@@ -1,40 +0,0 @@
# IPSet blacklist configuration (IPv6 only)
# Auto-generated from blacklist-v6.txt
# Last updated: 2026-03-04 06:38:44 UTC
#
# Usage:
# 1. Load the ipset:
# ipset restore < blacklist-v6.ipset
#
# 2. Use with iptables/ip6tables:
# iptables -I INPUT -m set --match-set blacklist-v6 src -m conntrack --ctstate NEW -j DROP
# iptables -I FORWARD -m set --match-set blacklist-v6 src -m conntrack --ctstate NEW -j DROP
#
# 3. To flush/delete the set:
# ipset flush blacklist-v6
# ipset destroy blacklist-v6
#
create blacklist-v6 hash:net family inet6 hashsize 1024 maxelem 44
add blacklist-v6 2a00:1148::/29
add blacklist-v6 2a00:1148::/32
add blacklist-v6 2a00:46e0:2::/48
add blacklist-v6 2a00:46e0::/32
add blacklist-v6 2a00:a300::/32
add blacklist-v6 2a00:b4c0::/32
add blacklist-v6 2a00:bdc0:8000::/34
add blacklist-v6 2a00:bdc0::/33
add blacklist-v6 2a00:bdc0:c000::/35
add blacklist-v6 2a00:bdc0:e002::/48
add blacklist-v6 2a00:bdc0:e003::/48
add blacklist-v6 2a00:bdc0:e004::/48
add blacklist-v6 2a00:bdc0:e005::/48
add blacklist-v6 2a00:bdc0:e007::/48
add blacklist-v6 2a00:bdc0:f000::/36
add blacklist-v6 2a00:bdc1::/32
add blacklist-v6 2a00:bdc2::/31
add blacklist-v6 2a00:bdc4::/30
add blacklist-v6 2a14:25c0::/32
add blacklist-v6 2a14:25c5::/32
add blacklist-v6 2a14:25c6::/32
add blacklist-v6 2a14:25c7::/32

1180
blacklists_iptables/blacklist.ipset
View File

File diff suppressed because it is too large Load Diff

0
blacklists_nginx/.keep → blacklists_nftables/.keep_folder
View File

185
blacklists_nftables/README.md
View File

@@ -1,185 +0,0 @@
# nftables Blacklist Configuration
This folder contains nftables blacklist configurations generated from Russian government agency network lists.
## Available Files
- `blacklist.nft` - Mixed IPv4/IPv6 blacklist (**daily generated**)
- `blacklist-v4.nft` - IPv4-only blacklist (**daily generated**)
- `blacklist-v6.nft` - IPv6-only blacklist (**daily generated**)
## Quick Start
### Download and Load
````bash
# Download the blacklist
wget https://raw.githubusercontent.com/C24Be/AS_Network_List/main/blacklists_nftables/blacklist.nft
# Load the configuration
sudo nft -f blacklist.nft
# Verify it's loaded
sudo nft list ruleset
````
### Automatic Updates
Add to crontab for daily updates:
````bash
0 2 * * * wget -O /etc/nftables.d/blacklist.nft https://raw.githubusercontent.com/C24Be/AS_Network_List/main/blacklists_nftables/blacklist.nft && nft -f /etc/nftables.d/blacklist.nft
````
## Configuration Details
The generated nftables configuration uses:
- **Sets with interval flag** for efficient CIDR matching
- **Named sets** (`blacklist_v4` and `blacklist_v6`) for easy management
- **Counter** directive to track dropped packets
- **Stateful filtering** to allow established connections
### Configuration Structure
table inet filter {
set blacklist_v4 {
type ipv4_addr
flags interval
elements = { 1.2.3.0/24, 5.6.7.0/24, ... }
}
set blacklist_v6 {
type ipv6_addr
flags interval
elements = { 2001:db8::/32, ... }
}
chain input {
type filter hook input priority 0;
policy accept;
ct state { established, related } accept
ip saddr @blacklist_v4 counter drop
ip6 saddr @blacklist_v6 counter drop
}
}
## Integration Options
### Option 1: Standalone Configuration
Load the blacklist as a complete ruleset:
````bash
sudo nft -f blacklist.nft
````
### Option 2: Include in Existing Configuration
If you have an existing nftables configuration:
1. Copy only the set definitions from the generated file
2. Add set lookups to your existing input chain:
````bash
ip saddr @blacklist_v4 counter drop
ip6 saddr @blacklist_v6 counter drop
````
### Option 3: Persistent Configuration
For systemd-based systems:
````bash
# Copy to nftables config directory
sudo cp blacklist.nft /etc/nftables.d/
# Edit /etc/nftables.conf to include:
# include "/etc/nftables.d/blacklist.nft"
# Enable and restart
sudo systemctl enable nftables
sudo systemctl restart nftables
````
## Checking IPs Against the Blacklist
Use the `check_nft_blacklist.py` script to verify if an IP is blocked:
````bash
# Check an IPv4 address
python3 check_nft_blacklist.py blacklist.nft 192.168.1.1
# Check an IPv6 address
python3 check_nft_blacklist.py blacklist.nft 2001:db8::1
````
## Monitoring
### View Dropped Packets
````bash
# View all rules with counters
sudo nft list chain inet filter input -a
# Monitor in real-time
sudo nft monitor
````
### Check Set Contents
````bash
# View IPv4 blacklist
sudo nft list set inet filter blacklist_v4
# View IPv6 blacklist
sudo nft list set inet filter blacklist_v6
````
## Advantages of nftables
- **Better Performance**: O(1) lookup time with sets vs O(n) for sequential rules
- **Lower Memory Usage**: More efficient than iptables for large rulesets
- **Atomic Updates**: All rules updated in a single transaction
- **Modern Syntax**: Cleaner, more readable configuration
- **Unified Tool**: Single tool for IPv4, IPv6, and ARP filtering
## File Format Comparison
| Format | Use Case | Performance | Memory |
|--------|----------|-------------|--------|
| **nftables** | Modern firewalls | Excellent | Low |
| **iptables** | Legacy systems | Good | Medium |
| **nginx** | Web layer | Good | Low |
## Troubleshooting
### Configuration Won't Load
````bash
# Check syntax
sudo nft -c -f blacklist.nft
# View detailed errors
sudo nft -f blacklist.nft 2>&1 | less
````
### Rules Not Blocking Traffic
````bash
# Verify sets are populated
sudo nft list set inet filter blacklist_v4 | wc -l
# Check rule priority
sudo nft list chain inet filter input
# Test with logging temporarily
sudo nft add rule inet filter input ip saddr @blacklist_v4 log prefix "BLOCKED: "
````
### Performance Issues
If experiencing performance problems with very large sets:
1. Consider splitting into multiple smaller sets
2. Use `blacklist-v4.nft` or `blacklist-v6.nft` if only one protocol is needed
3. Ensure kernel supports nftables fully (Linux 4.0+)
## Additional Resources
- [nftables Wiki](https://wiki.nftables.org/)
- [nftables Quick Reference](https://wiki.nftables.org/wiki-nftables/index.php/Quick_reference-nftables_in_10_minutes)
- [Netfilter Documentation](https://www.netfilter.org/documentation/)
## Contributing
Found an issue or have suggestions? Please open an issue or submit a pull request!

832
blacklists_nftables/blacklist-v4.nft
View File

@@ -1,832 +0,0 @@
# Autogenerated nftables blacklist
# Generated: 2026-03-04T06:38:45.108423Z
# Source: /tmp/blacklist-v4.txt
# IPv4: 804, IPv6: 0
table inet filter {
set blacklist_v4 {
type ipv4_addr
flags interval
elements = {
5.61.16.0/21,
5.61.232.0/21,
5.101.40.0/22,
5.181.60.0/22,
5.188.140.0/22,
31.44.63.64/29,
31.177.95.0/24,
31.177.104.0/22,
37.28.161.48/30,
37.29.53.16/30,
37.29.57.52/30,
37.29.57.64/30,
37.29.59.56/30,
37.139.32.0/22,
37.139.40.0/22,
45.84.128.0/22,
45.136.20.0/22,
46.20.70.160/28,
46.29.152.0/22,
46.46.142.160/28,
46.46.148.40/29,
46.47.197.128/30,
46.47.199.76/30,
46.47.203.52/30,
46.47.207.96/30,
46.47.208.84/30,
46.47.210.76/30,
46.47.211.0/24,
46.47.212.204/30,
46.47.213.0/24,
46.47.214.200/30,
46.47.219.200/30,
46.47.223.196/30,
46.47.229.0/28,
46.47.238.144/30,
46.47.249.176/29,
46.61.208.0/24,
46.228.0.232/29,
62.5.130.104/29,
62.5.132.224/29,
62.5.189.80/29,
62.5.202.60/30,
62.5.218.204/30,
62.5.224.188/30,
62.5.242.80/28,
62.28.169.168/30,
62.33.34.16/28,
62.33.87.128/28,
62.33.199.80/29,
62.63.96.32/28,
62.63.98.24/29,
62.63.100.160/30,
62.63.101.80/29,
62.76.98.0/24,
62.105.158.200/29,
62.112.110.64/28,
62.118.101.184/29,
62.118.113.232/29,
62.118.125.188/30,
62.118.127.240/28,
62.118.193.8/29,
62.118.205.68/30,
62.118.208.100/30,
62.118.209.192/30,
62.118.216.60/30,
62.118.219.184/30,
62.118.230.4/30,
62.118.233.224/29,
62.118.234.64/29,
62.118.239.128/29,
62.141.125.0/25,
62.217.160.0/20,
77.34.209.160/28,
77.35.76.80/28,
77.35.98.240/28,
77.37.128.0/17,
77.72.139.0/28,
77.82.124.112/29,
77.243.9.80/28,
78.24.159.48/29,
78.37.67.24/29,
78.37.69.160/27,
78.37.84.120/29,
78.37.97.88/29,
78.37.104.0/29,
78.107.3.208/28,
78.107.13.208/28,
78.107.16.96/28,
78.107.18.112/28,
78.107.40.160/28,
78.107.42.144/28,
78.107.51.16/28,
78.107.61.96/28,
78.107.86.32/28,
78.108.192.0/21,
78.108.200.0/24,
78.109.140.112/29,
79.133.74.160/30,
79.133.74.168/30,
79.133.75.44/30,
79.133.75.176/30,
79.137.132.0/24,
79.137.139.0/24,
79.137.140.0/24,
79.137.142.0/24,
79.137.157.0/24,
79.137.164.0/24,
79.137.167.0/24,
79.137.174.0/23,
79.137.180.0/24,
79.137.183.0/24,
79.137.240.0/21,
79.142.88.0/28,
79.143.229.0/24,
79.143.230.0/24,
79.143.232.0/24,
80.73.16.0/20,
80.73.168.80/28,
80.73.169.244/30,
80.82.43.24/29,
80.89.152.220/30,
80.237.11.88/29,
80.237.39.112/29,
80.237.98.80/28,
80.247.32.0/20,
80.254.100.40/29,
80.254.119.168/29,
81.1.195.0/28,
81.1.205.96/27,
81.2.1.0/28,
81.2.10.192/27,
81.3.168.148/30,
81.17.2.192/28,
81.17.3.16/29,
81.176.70.0/26,
81.176.235.0/27,
81.177.12.0/24,
81.177.31.64/26,
81.177.156.0/24,
81.195.36.48/28,
81.195.44.248/30,
81.195.45.64/30,
81.195.50.72/29,
81.195.90.44/30,
81.195.92.48/30,
81.195.93.192/27,
81.195.94.72/29,
81.195.105.160/28,
81.195.108.164/30,
81.195.112.36/30,
81.195.118.48/30,
81.195.118.128/30,
81.195.120.16/29,
81.195.124.52/30,
81.195.125.96/30,
81.195.148.140/30,
81.195.150.248/30,
81.195.151.0/24,
81.195.155.0/30,
81.195.161.12/30,
81.195.164.0/24,
81.195.165.64/28,
81.195.168.24/30,
81.195.177.160/30,
81.195.178.224/27,
81.195.182.64/28,
81.195.192.96/30,
81.195.231.128/26,
81.195.244.32/29,
81.195.245.0/28,
81.195.247.128/28,
81.195.250.16/29,
81.211.32.16/28,
81.222.194.200/29,
81.222.209.136/29,
81.222.210.24/29,
82.140.65.240/29,
82.142.162.104/29,
82.151.107.136/29,
82.162.72.208/28,
82.162.76.176/28,
82.162.80.192/28,
82.162.87.192/28,
82.162.90.0/28,
82.162.103.144/28,
82.162.126.96/28,
82.162.149.160/28,
82.162.157.64/28,
82.162.158.176/28,
82.162.172.112/28,
82.179.86.32/27,
82.196.69.152/30,
82.196.130.0/27,
82.198.176.16/29,
82.198.176.144/29,
82.198.176.208/29,
82.198.189.128/26,
82.198.190.64/26,
82.198.191.96/27,
82.198.191.248/29,
82.200.13.0/27,
82.200.22.136/29,
82.200.22.144/28,
82.200.64.0/24,
82.208.68.240/28,
82.208.77.104/29,
82.208.81.0/24,
82.208.93.160/27,
83.69.207.248/29,
83.149.42.64/29,
83.166.232.0/21,
83.166.248.0/21,
83.172.36.224/29,
83.217.216.0/22,
83.219.5.248/29,
83.219.6.72/29,
83.219.13.128/29,
83.219.13.184/29,
83.219.23.8/29,
83.219.23.48/29,
83.219.25.0/29,
83.219.25.112/29,
83.219.138.16/28,
83.220.53.16/28,
83.222.28.0/22,
83.229.181.192/26,
83.229.232.16/29,
84.23.52.0/22,
84.53.210.144/28,
84.204.7.144/29,
84.204.93.232/30,
84.204.143.44/30,
84.204.154.16/30,
84.204.170.220/30,
84.204.217.164/30,
84.204.245.208/29,
85.21.99.48/28,
85.21.99.64/28,
85.21.102.224/28,
85.21.103.64/28,
85.21.104.192/27,
85.21.148.0/26,
85.21.149.48/28,
85.21.155.208/28,
85.21.157.48/28,
85.21.204.208/28,
85.90.98.144/30,
85.90.99.168/29,
85.90.100.72/29,
85.90.101.112/28,
85.90.101.192/29,
85.90.102.168/29,
85.90.120.72/29,
85.90.121.72/29,
85.90.125.96/29,
85.90.127.16/29,
85.94.52.160/27,
85.94.53.32/28,
85.114.30.192/30,
85.114.30.204/30,
85.114.31.108/30,
85.114.93.88/29,
85.141.17.24/30,
85.141.17.112/30,
85.141.18.80/30,
85.141.19.56/30,
85.141.21.236/30,
85.141.28.0/30,
85.141.31.68/30,
85.141.32.96/28,
85.141.33.0/28,
85.141.33.64/28,
85.141.60.96/28,
85.141.61.160/28,
85.143.125.0/24,
85.146.204.44/30,
85.192.32.0/22,
85.198.106.0/23,
85.236.29.160/27,
86.102.72.240/28,
86.102.74.64/28,
86.102.100.48/28,
86.102.108.32/28,
86.102.109.32/27,
86.102.115.80/28,
86.102.126.80/28,
86.102.126.160/28,
87.117.18.144/29,
87.117.20.64/26,
87.117.20.128/28,
87.117.21.0/26,
87.117.21.64/28,
87.117.21.80/29,
87.117.23.128/28,
87.117.31.56/29,
87.225.56.224/28,
87.226.156.64/26,
87.226.191.0/24,
87.226.213.0/24,
87.226.239.180/30,
87.237.47.204/30,
87.239.104.0/21,
87.240.128.0/18,
87.242.112.0/22,
87.245.133.0/24,
87.249.3.64/28,
87.249.5.48/30,
87.249.7.120/29,
87.249.16.32/28,
87.249.18.60/30,
87.249.22.72/29,
87.249.28.232/29,
87.249.30.176/30,
88.83.195.248/30,
88.151.200.0/24,
88.200.208.112/29,
89.21.129.16/28,
89.21.140.104/29,
89.21.152.104/29,
89.28.253.168/29,
89.28.255.56/29,
89.106.172.160/29,
89.107.123.120/29,
89.107.123.136/29,
89.107.127.136/29,
89.109.7.176/29,
89.109.250.28/30,
89.109.250.80/30,
89.109.250.88/29,
89.109.250.96/30,
89.109.250.132/30,
89.109.250.140/30,
89.111.176.0/22,
89.175.6.64/27,
89.175.8.36/30,
89.175.8.40/29,
89.175.8.52/30,
89.175.8.68/30,
89.175.8.104/30,
89.175.8.140/30,
89.175.8.192/30,
89.175.9.4/30,
89.175.10.160/30,
89.175.165.208/28,
89.175.170.144/28,
89.175.174.136/29,
89.175.176.88/30,
89.175.176.140/30,
89.175.176.176/30,
89.175.188.184/29,
89.179.155.192/28,
89.179.179.16/28,
89.179.181.0/24,
89.208.84.0/22,
89.208.196.0/22,
89.208.208.0/22,
89.208.216.0/21,
89.208.228.0/22,
89.221.228.0/22,
89.221.232.0/21,
90.150.176.52/30,
90.150.189.32/29,
90.150.189.128/26,
90.150.189.192/27,
90.150.189.224/28,
90.150.189.248/29,
90.156.148.0/22,
90.156.212.0/22,
90.156.216.0/22,
90.156.232.0/21,
91.103.194.184/29,
91.135.212.0/22,
91.135.216.0/21,
91.195.136.0/23,
91.208.20.0/24,
91.215.168.0/22,
91.217.34.0/23,
91.219.192.0/22,
91.219.224.0/22,
91.221.140.0/23,
91.226.250.0/24,
91.227.32.0/24,
91.231.132.0/22,
91.237.76.0/24,
92.39.106.20/30,
92.39.106.168/30,
92.39.111.84/30,
92.39.128.0/21,
92.50.198.72/30,
92.50.198.124/30,
92.50.219.136/29,
92.50.238.224/29,
92.101.253.96/29,
92.101.253.152/29,
93.153.134.112/29,
93.153.135.88/30,
93.153.136.132/30,
93.153.142.4/30,
93.153.144.60/30,
93.153.171.204/30,
93.153.172.100/30,
93.153.175.44/30,
93.153.183.104/30,
93.153.194.160/29,
93.153.220.192/29,
93.153.223.8/29,
93.153.229.232/29,
93.153.244.188/30,
93.153.244.248/29,
93.153.251.0/24,
93.153.255.84/30,
93.178.104.32/29,
93.178.104.64/29,
93.178.106.0/26,
93.186.224.0/20,
93.188.20.72/29,
93.190.110.0/24,
94.25.53.56/29,
94.25.57.176/29,
94.25.57.224/28,
94.25.65.16/29,
94.25.70.64/30,
94.25.90.240/29,
94.25.95.136/30,
94.25.119.228/30,
94.100.176.0/20,
94.124.192.192/29,
94.139.244.0/22,
94.199.64.0/21,
95.53.248.0/29,
95.54.193.80/28,
95.142.192.0/20,
95.163.32.0/19,
95.163.133.0/24,
95.163.180.0/22,
95.163.208.0/21,
95.163.216.0/22,
95.163.248.0/21,
95.167.2.4/30,
95.167.4.168/29,
95.167.5.64/27,
95.167.21.104/29,
95.167.29.104/29,
95.167.54.76/30,
95.167.59.244/30,
95.167.64.20/30,
95.167.68.216/29,
95.167.69.116/30,
95.167.70.32/28,
95.167.70.136/29,
95.167.70.176/28,
95.167.72.48/30,
95.167.72.140/30,
95.167.72.204/30,
95.167.74.136/29,
95.167.74.180/30,
95.167.76.160/27,
95.167.99.48/28,
95.167.113.48/30,
95.167.114.48/30,
95.167.121.68/30,
95.167.122.128/28,
95.167.142.32/30,
95.167.157.156/30,
95.167.162.76/30,
95.167.162.236/30,
95.167.176.0/23,
95.167.213.0/24,
95.173.128.0/19,
95.213.0.0/17,
109.73.4.224/27,
109.120.180.0/22,
109.120.188.0/22,
109.124.66.128/30,
109.124.66.160/28,
109.124.71.64/29,
109.124.78.108/30,
109.124.80.132/30,
109.124.83.20/30,
109.124.87.96/29,
109.124.89.36/30,
109.124.89.140/30,
109.124.89.212/30,
109.124.90.32/30,
109.124.90.128/30,
109.124.97.4/30,
109.124.99.16/30,
109.124.99.160/28,
109.124.119.88/29,
109.204.204.232/29,
109.207.0.0/20,
109.232.187.16/29,
109.248.197.0/24,
128.140.168.0/21,
130.49.224.0/19,
145.255.238.240/28,
146.185.208.0/22,
146.185.240.0/22,
149.62.55.240/30,
155.212.192.0/20,
176.109.0.0/21,
176.112.168.0/21,
176.116.96.0/20,
178.16.156.148/30,
178.17.176.0/20,
178.20.234.224/29,
178.22.88.0/21,
178.49.148.176/29,
178.237.16.0/20,
178.237.206.0/24,
178.237.240.0/20,
178.248.232.60/32,
178.248.232.137/32,
178.248.233.26/32,
178.248.233.32/32,
178.248.233.60/32,
178.248.233.136/32,
178.248.233.244/31,
178.248.234.30/32,
178.248.234.33/32,
178.248.234.60/32,
178.248.234.79/32,
178.248.234.83/32,
178.248.234.136/32,
178.248.234.204/32,
178.248.234.228/32,
178.248.234.238/32,
178.248.235.60/32,
178.248.235.75/32,
178.248.235.244/32,
178.248.236.20/32,
178.248.236.83/32,
178.248.236.244/32,
178.248.237.18/32,
178.248.237.98/32,
178.248.237.136/32,
178.248.237.242/32,
178.248.238.55/32,
178.248.238.102/32,
178.248.238.128/31,
178.248.238.136/32,
178.248.238.155/32,
178.248.238.172/32,
178.248.238.205/32,
178.248.238.255/32,
178.248.239.215/32,
185.5.136.0/22,
185.6.244.0/22,
185.7.234.188/30,
185.16.8.0/22,
185.16.148.0/22,
185.16.244.0/22,
185.29.128.0/22,
185.32.248.0/22,
185.65.149.170/32,
185.86.144.0/22,
185.100.104.0/22,
185.130.112.0/22,
185.131.68.0/22,
185.149.160.0/22,
185.168.60.0/22,
185.179.224.0/22,
185.180.200.0/22,
185.183.172.0/22,
185.187.63.0/24,
185.224.228.0/22,
185.226.52.0/22,
185.241.192.0/22,
188.93.56.0/21,
188.128.8.240/30,
188.128.11.196/30,
188.128.89.0/30,
188.128.92.104/30,
188.128.94.204/30,
188.128.98.204/30,
188.128.101.108/30,
188.128.112.216/29,
188.128.112.240/29,
188.128.113.0/28,
188.128.114.128/28,
188.128.115.232/29,
188.128.118.224/27,
188.128.119.104/30,
188.128.122.240/30,
188.247.36.124/30,
188.247.36.128/28,
188.247.36.204/30,
193.33.230.0/23,
193.47.146.0/24,
193.203.40.0/22,
193.232.70.0/24,
194.8.70.0/23,
194.8.246.0/23,
194.67.63.200/30,
194.84.16.12/30,
194.140.247.0/24,
194.150.202.0/23,
194.165.22.0/23,
194.186.63.0/24,
194.186.112.80/28,
194.190.9.0/24,
194.215.248.0/24,
194.226.80.0/20,
194.226.116.0/22,
194.226.127.0/24,
195.3.240.0/22,
195.16.55.224/27,
195.42.75.8/29,
195.54.20.168/29,
195.54.28.72/30,
195.54.221.0/24,
195.58.5.16/29,
195.58.13.120/30,
195.58.21.196/30,
195.58.29.57/32,
195.58.30.164/30,
195.58.30.200/29,
195.80.224.0/24,
195.98.38.16/28,
195.98.43.104/29,
195.98.73.56/29,
195.98.77.100/30,
195.128.157.0/24,
195.131.7.8/29,
195.131.53.248/29,
195.131.61.80/29,
195.131.63.24/29,
195.144.226.224/28,
195.144.232.144/30,
195.144.240.128/28,
195.149.110.0/24,
195.151.25.48/29,
195.162.36.64/28,
195.170.218.24/29,
195.170.218.88/29,
195.182.142.128/26,
195.182.145.64/28,
195.182.151.212/30,
195.182.151.216/30,
195.182.155.164/30,
195.182.156.96/30,
195.209.120.0/22,
195.211.20.0/22,
195.218.175.40/29,
195.218.190.0/23,
195.226.203.0/24,
195.239.80.32/29,
195.239.113.0/24,
195.239.247.0/24,
212.13.104.116/30,
212.13.113.100/30,
212.15.105.64/28,
212.15.114.156/30,
212.15.115.80/28,
212.17.8.176/29,
212.17.9.144/28,
212.17.16.192/27,
212.17.17.176/28,
212.23.85.48/30,
212.23.85.56/29,
212.32.198.64/29,
212.48.34.176/28,
212.48.53.76/30,
212.48.53.84/30,
212.48.53.88/29,
212.48.53.100/30,
212.48.53.144/30,
212.48.53.152/29,
212.48.53.160/29,
212.48.53.184/29,
212.48.53.192/29,
212.48.53.200/30,
212.48.53.216/30,
212.48.53.236/30,
212.48.53.240/28,
212.48.54.0/30,
212.48.54.8/29,
212.48.54.16/28,
212.48.54.32/29,
212.48.54.44/30,
212.48.54.48/28,
212.48.54.64/28,
212.48.54.80/29,
212.48.54.92/30,
212.48.54.96/27,
212.48.54.128/27,
212.48.54.164/30,
212.48.54.168/29,
212.48.54.176/28,
212.48.54.196/30,
212.48.54.200/30,
212.48.54.208/28,
212.48.54.240/28,
212.48.134.192/26,
212.48.138.240/28,
212.48.141.160/27,
212.49.107.224/27,
212.49.124.0/26,
212.57.133.0/24,
212.57.159.0/24,
212.59.98.48/29,
212.59.99.96/27,
212.111.84.0/22,
212.119.174.0/23,
212.120.169.48/29,
212.120.174.88/29,
212.120.184.48/28,
212.120.184.64/29,
212.120.189.208/29,
212.120.189.224/29,
212.120.190.112/29,
212.120.190.240/29,
212.120.191.120/29,
212.120.191.248/29,
212.192.156.0/22,
212.233.72.0/21,
212.233.88.0/21,
212.233.96.0/22,
212.233.120.0/22,
213.24.34.0/24,
213.24.75.0/24,
213.24.76.0/23,
213.24.128.0/22,
213.24.143.0/24,
213.24.152.0/22,
213.24.160.0/28,
213.33.171.240/29,
213.59.59.16/29,
213.59.59.64/29,
213.59.59.120/29,
213.59.59.128/29,
213.59.59.144/29,
213.59.59.168/29,
213.59.91.48/29,
213.59.91.128/27,
213.59.91.176/28,
213.85.2.64/28,
213.85.2.80/29,
213.85.20.8/30,
213.85.20.32/30,
213.85.20.84/30,
213.85.77.64/27,
213.85.142.176/28,
213.147.55.108/30,
213.172.4.192/26,
213.172.17.252/30,
213.172.18.60/30,
213.172.18.124/30,
213.172.18.148/30,
213.172.18.160/29,
213.172.18.252/30,
213.172.27.0/30,
213.172.27.116/30,
213.172.27.160/30,
213.172.27.204/30,
213.172.27.212/30,
213.172.27.224/30,
213.172.27.252/30,
213.172.30.136/30,
213.176.232.0/22,
213.177.111.0/24,
213.183.253.56/29,
213.219.212.0/22,
213.219.237.68/30,
213.234.8.8/30,
213.234.13.60/30,
213.234.15.228/30,
213.234.15.248/30,
213.234.18.52/30,
213.242.204.76/30,
213.242.204.236/30,
213.242.205.88/30,
213.242.215.68/30,
213.242.215.192/29,
213.243.84.80/28,
213.243.106.48/28,
213.243.116.0/24,
217.16.16.0/20,
217.20.86.128/26,
217.20.86.232/29,
217.20.144.0/20,
217.23.88.168/29,
217.23.88.248/29,
217.27.142.176/30,
217.65.214.24/29,
217.65.219.160/29,
217.67.177.208/29,
217.69.128.0/20,
217.106.0.0/16,
217.107.5.8/29,
217.107.5.16/28,
217.107.5.40/29,
217.107.5.80/28,
217.107.5.96/29,
217.107.5.112/29,
217.107.200.0/21,
217.147.23.112/28,
217.148.216.156/30,
217.148.220.160/29,
217.172.18.0/23,
217.174.188.0/22,
217.195.92.16/28,
217.195.93.144/29,
217.195.94.200/29
}
}
set blacklist_v6 {
type ipv6_addr
flags interval
}
chain input {
type filter hook input priority 0;
policy accept;
ct state { established, related } accept
ip saddr @blacklist_v4 counter drop
}
}

45
blacklists_nftables/blacklist-v6.nft
View File

@@ -1,45 +0,0 @@
# Autogenerated nftables blacklist
# Generated: 2026-03-04T06:38:45.140077Z
# Source: /tmp/blacklist-v6.txt
# IPv4: 0, IPv6: 17
table inet filter {
set blacklist_v4 {
type ipv4_addr
flags interval
}
set blacklist_v6 {
type ipv6_addr
flags interval
elements = {
2a00:1148::/29,
2a00:46e0::/32,
2a00:a300::/32,
2a00:b4c0::/32,
2a00:bdc0::/33,
2a00:bdc0:8000::/34,
2a00:bdc0:c000::/35,
2a00:bdc0:e002::/47,
2a00:bdc0:e004::/47,
2a00:bdc0:e007::/48,
2a00:bdc0:f000::/36,
2a00:bdc1::/32,
2a00:bdc2::/31,
2a00:bdc4::/30,
2a14:25c0::/32,
2a14:25c5::/32,
2a14:25c6::/31
}
}
chain input {
type filter hook input priority 0;
policy accept;
ct state { established, related } accept
ip6 saddr @blacklist_v6 counter drop
}
}

852
blacklists_nftables/blacklist.nft
View File

@@ -1,852 +0,0 @@
# Autogenerated nftables blacklist
# Generated: 2026-03-04T06:38:45.058019Z
# Source: /home/runner/work/AS_Network_List/AS_Network_List/blacklists/blacklist.txt
# IPv4: 804, IPv6: 17
table inet filter {
set blacklist_v4 {
type ipv4_addr
flags interval
elements = {
5.61.16.0/21,
5.61.232.0/21,
5.101.40.0/22,
5.181.60.0/22,
5.188.140.0/22,
31.44.63.64/29,
31.177.95.0/24,
31.177.104.0/22,
37.28.161.48/30,
37.29.53.16/30,
37.29.57.52/30,
37.29.57.64/30,
37.29.59.56/30,
37.139.32.0/22,
37.139.40.0/22,
45.84.128.0/22,
45.136.20.0/22,
46.20.70.160/28,
46.29.152.0/22,
46.46.142.160/28,
46.46.148.40/29,
46.47.197.128/30,
46.47.199.76/30,
46.47.203.52/30,
46.47.207.96/30,
46.47.208.84/30,
46.47.210.76/30,
46.47.211.0/24,
46.47.212.204/30,
46.47.213.0/24,
46.47.214.200/30,
46.47.219.200/30,
46.47.223.196/30,
46.47.229.0/28,
46.47.238.144/30,
46.47.249.176/29,
46.61.208.0/24,
46.228.0.232/29,
62.5.130.104/29,
62.5.132.224/29,
62.5.189.80/29,
62.5.202.60/30,
62.5.218.204/30,
62.5.224.188/30,
62.5.242.80/28,
62.28.169.168/30,
62.33.34.16/28,
62.33.87.128/28,
62.33.199.80/29,
62.63.96.32/28,
62.63.98.24/29,
62.63.100.160/30,
62.63.101.80/29,
62.76.98.0/24,
62.105.158.200/29,
62.112.110.64/28,
62.118.101.184/29,
62.118.113.232/29,
62.118.125.188/30,
62.118.127.240/28,
62.118.193.8/29,
62.118.205.68/30,
62.118.208.100/30,
62.118.209.192/30,
62.118.216.60/30,
62.118.219.184/30,
62.118.230.4/30,
62.118.233.224/29,
62.118.234.64/29,
62.118.239.128/29,
62.141.125.0/25,
62.217.160.0/20,
77.34.209.160/28,
77.35.76.80/28,
77.35.98.240/28,
77.37.128.0/17,
77.72.139.0/28,
77.82.124.112/29,
77.243.9.80/28,
78.24.159.48/29,
78.37.67.24/29,
78.37.69.160/27,
78.37.84.120/29,
78.37.97.88/29,
78.37.104.0/29,
78.107.3.208/28,
78.107.13.208/28,
78.107.16.96/28,
78.107.18.112/28,
78.107.40.160/28,
78.107.42.144/28,
78.107.51.16/28,
78.107.61.96/28,
78.107.86.32/28,
78.108.192.0/21,
78.108.200.0/24,
78.109.140.112/29,
79.133.74.160/30,
79.133.74.168/30,
79.133.75.44/30,
79.133.75.176/30,
79.137.132.0/24,
79.137.139.0/24,
79.137.140.0/24,
79.137.142.0/24,
79.137.157.0/24,
79.137.164.0/24,
79.137.167.0/24,
79.137.174.0/23,
79.137.180.0/24,
79.137.183.0/24,
79.137.240.0/21,
79.142.88.0/28,
79.143.229.0/24,
79.143.230.0/24,
79.143.232.0/24,
80.73.16.0/20,
80.73.168.80/28,
80.73.169.244/30,
80.82.43.24/29,
80.89.152.220/30,
80.237.11.88/29,
80.237.39.112/29,
80.237.98.80/28,
80.247.32.0/20,
80.254.100.40/29,
80.254.119.168/29,
81.1.195.0/28,
81.1.205.96/27,
81.2.1.0/28,
81.2.10.192/27,
81.3.168.148/30,
81.17.2.192/28,
81.17.3.16/29,
81.176.70.0/26,
81.176.235.0/27,
81.177.12.0/24,
81.177.31.64/26,
81.177.156.0/24,
81.195.36.48/28,
81.195.44.248/30,
81.195.45.64/30,
81.195.50.72/29,
81.195.90.44/30,
81.195.92.48/30,
81.195.93.192/27,
81.195.94.72/29,
81.195.105.160/28,
81.195.108.164/30,
81.195.112.36/30,
81.195.118.48/30,
81.195.118.128/30,
81.195.120.16/29,
81.195.124.52/30,
81.195.125.96/30,
81.195.148.140/30,
81.195.150.248/30,
81.195.151.0/24,
81.195.155.0/30,
81.195.161.12/30,
81.195.164.0/24,
81.195.165.64/28,
81.195.168.24/30,
81.195.177.160/30,
81.195.178.224/27,
81.195.182.64/28,
81.195.192.96/30,
81.195.231.128/26,
81.195.244.32/29,
81.195.245.0/28,
81.195.247.128/28,
81.195.250.16/29,
81.211.32.16/28,
81.222.194.200/29,
81.222.209.136/29,
81.222.210.24/29,
82.140.65.240/29,
82.142.162.104/29,
82.151.107.136/29,
82.162.72.208/28,
82.162.76.176/28,
82.162.80.192/28,
82.162.87.192/28,
82.162.90.0/28,
82.162.103.144/28,
82.162.126.96/28,
82.162.149.160/28,
82.162.157.64/28,
82.162.158.176/28,
82.162.172.112/28,
82.179.86.32/27,
82.196.69.152/30,
82.196.130.0/27,
82.198.176.16/29,
82.198.176.144/29,
82.198.176.208/29,
82.198.189.128/26,
82.198.190.64/26,
82.198.191.96/27,
82.198.191.248/29,
82.200.13.0/27,
82.200.22.136/29,
82.200.22.144/28,
82.200.64.0/24,
82.208.68.240/28,
82.208.77.104/29,
82.208.81.0/24,
82.208.93.160/27,
83.69.207.248/29,
83.149.42.64/29,
83.166.232.0/21,
83.166.248.0/21,
83.172.36.224/29,
83.217.216.0/22,
83.219.5.248/29,
83.219.6.72/29,
83.219.13.128/29,
83.219.13.184/29,
83.219.23.8/29,
83.219.23.48/29,
83.219.25.0/29,
83.219.25.112/29,
83.219.138.16/28,
83.220.53.16/28,
83.222.28.0/22,
83.229.181.192/26,
83.229.232.16/29,
84.23.52.0/22,
84.53.210.144/28,
84.204.7.144/29,
84.204.93.232/30,
84.204.143.44/30,
84.204.154.16/30,
84.204.170.220/30,
84.204.217.164/30,
84.204.245.208/29,
85.21.99.48/28,
85.21.99.64/28,
85.21.102.224/28,
85.21.103.64/28,
85.21.104.192/27,
85.21.148.0/26,
85.21.149.48/28,
85.21.155.208/28,
85.21.157.48/28,
85.21.204.208/28,
85.90.98.144/30,
85.90.99.168/29,
85.90.100.72/29,
85.90.101.112/28,
85.90.101.192/29,
85.90.102.168/29,
85.90.120.72/29,
85.90.121.72/29,
85.90.125.96/29,
85.90.127.16/29,
85.94.52.160/27,
85.94.53.32/28,
85.114.30.192/30,
85.114.30.204/30,
85.114.31.108/30,
85.114.93.88/29,
85.141.17.24/30,
85.141.17.112/30,
85.141.18.80/30,
85.141.19.56/30,
85.141.21.236/30,
85.141.28.0/30,
85.141.31.68/30,
85.141.32.96/28,
85.141.33.0/28,
85.141.33.64/28,
85.141.60.96/28,
85.141.61.160/28,
85.143.125.0/24,
85.146.204.44/30,
85.192.32.0/22,
85.198.106.0/23,
85.236.29.160/27,
86.102.72.240/28,
86.102.74.64/28,
86.102.100.48/28,
86.102.108.32/28,
86.102.109.32/27,
86.102.115.80/28,
86.102.126.80/28,
86.102.126.160/28,
87.117.18.144/29,
87.117.20.64/26,
87.117.20.128/28,
87.117.21.0/26,
87.117.21.64/28,
87.117.21.80/29,
87.117.23.128/28,
87.117.31.56/29,
87.225.56.224/28,
87.226.156.64/26,
87.226.191.0/24,
87.226.213.0/24,
87.226.239.180/30,
87.237.47.204/30,
87.239.104.0/21,
87.240.128.0/18,
87.242.112.0/22,
87.245.133.0/24,
87.249.3.64/28,
87.249.5.48/30,
87.249.7.120/29,
87.249.16.32/28,
87.249.18.60/30,
87.249.22.72/29,
87.249.28.232/29,
87.249.30.176/30,
88.83.195.248/30,
88.151.200.0/24,
88.200.208.112/29,
89.21.129.16/28,
89.21.140.104/29,
89.21.152.104/29,
89.28.253.168/29,
89.28.255.56/29,
89.106.172.160/29,
89.107.123.120/29,
89.107.123.136/29,
89.107.127.136/29,
89.109.7.176/29,
89.109.250.28/30,
89.109.250.80/30,
89.109.250.88/29,
89.109.250.96/30,
89.109.250.132/30,
89.109.250.140/30,
89.111.176.0/22,
89.175.6.64/27,
89.175.8.36/30,
89.175.8.40/29,
89.175.8.52/30,
89.175.8.68/30,
89.175.8.104/30,
89.175.8.140/30,
89.175.8.192/30,
89.175.9.4/30,
89.175.10.160/30,
89.175.165.208/28,
89.175.170.144/28,
89.175.174.136/29,
89.175.176.88/30,
89.175.176.140/30,
89.175.176.176/30,
89.175.188.184/29,
89.179.155.192/28,
89.179.179.16/28,
89.179.181.0/24,
89.208.84.0/22,
89.208.196.0/22,
89.208.208.0/22,
89.208.216.0/21,
89.208.228.0/22,
89.221.228.0/22,
89.221.232.0/21,
90.150.176.52/30,
90.150.189.32/29,
90.150.189.128/26,
90.150.189.192/27,
90.150.189.224/28,
90.150.189.248/29,
90.156.148.0/22,
90.156.212.0/22,
90.156.216.0/22,
90.156.232.0/21,
91.103.194.184/29,
91.135.212.0/22,
91.135.216.0/21,
91.195.136.0/23,
91.208.20.0/24,
91.215.168.0/22,
91.217.34.0/23,
91.219.192.0/22,
91.219.224.0/22,
91.221.140.0/23,
91.226.250.0/24,
91.227.32.0/24,
91.231.132.0/22,
91.237.76.0/24,
92.39.106.20/30,
92.39.106.168/30,
92.39.111.84/30,
92.39.128.0/21,
92.50.198.72/30,
92.50.198.124/30,
92.50.219.136/29,
92.50.238.224/29,
92.101.253.96/29,
92.101.253.152/29,
93.153.134.112/29,
93.153.135.88/30,
93.153.136.132/30,
93.153.142.4/30,
93.153.144.60/30,
93.153.171.204/30,
93.153.172.100/30,
93.153.175.44/30,
93.153.183.104/30,
93.153.194.160/29,
93.153.220.192/29,
93.153.223.8/29,
93.153.229.232/29,
93.153.244.188/30,
93.153.244.248/29,
93.153.251.0/24,
93.153.255.84/30,
93.178.104.32/29,
93.178.104.64/29,
93.178.106.0/26,
93.186.224.0/20,
93.188.20.72/29,
93.190.110.0/24,
94.25.53.56/29,
94.25.57.176/29,
94.25.57.224/28,
94.25.65.16/29,
94.25.70.64/30,
94.25.90.240/29,
94.25.95.136/30,
94.25.119.228/30,
94.100.176.0/20,
94.124.192.192/29,
94.139.244.0/22,
94.199.64.0/21,
95.53.248.0/29,
95.54.193.80/28,
95.142.192.0/20,
95.163.32.0/19,
95.163.133.0/24,
95.163.180.0/22,
95.163.208.0/21,
95.163.216.0/22,
95.163.248.0/21,
95.167.2.4/30,
95.167.4.168/29,
95.167.5.64/27,
95.167.21.104/29,
95.167.29.104/29,
95.167.54.76/30,
95.167.59.244/30,
95.167.64.20/30,
95.167.68.216/29,
95.167.69.116/30,
95.167.70.32/28,
95.167.70.136/29,
95.167.70.176/28,
95.167.72.48/30,
95.167.72.140/30,
95.167.72.204/30,
95.167.74.136/29,
95.167.74.180/30,
95.167.76.160/27,
95.167.99.48/28,
95.167.113.48/30,
95.167.114.48/30,
95.167.121.68/30,
95.167.122.128/28,
95.167.142.32/30,
95.167.157.156/30,
95.167.162.76/30,
95.167.162.236/30,
95.167.176.0/23,
95.167.213.0/24,
95.173.128.0/19,
95.213.0.0/17,
109.73.4.224/27,
109.120.180.0/22,
109.120.188.0/22,
109.124.66.128/30,
109.124.66.160/28,
109.124.71.64/29,
109.124.78.108/30,
109.124.80.132/30,
109.124.83.20/30,
109.124.87.96/29,
109.124.89.36/30,
109.124.89.140/30,
109.124.89.212/30,
109.124.90.32/30,
109.124.90.128/30,
109.124.97.4/30,
109.124.99.16/30,
109.124.99.160/28,
109.124.119.88/29,
109.204.204.232/29,
109.207.0.0/20,
109.232.187.16/29,
109.248.197.0/24,
128.140.168.0/21,
130.49.224.0/19,
145.255.238.240/28,
146.185.208.0/22,
146.185.240.0/22,
149.62.55.240/30,
155.212.192.0/20,
176.109.0.0/21,
176.112.168.0/21,
176.116.96.0/20,
178.16.156.148/30,
178.17.176.0/20,
178.20.234.224/29,
178.22.88.0/21,
178.49.148.176/29,
178.237.16.0/20,
178.237.206.0/24,
178.237.240.0/20,
178.248.232.60/32,
178.248.232.137/32,
178.248.233.26/32,
178.248.233.32/32,
178.248.233.60/32,
178.248.233.136/32,
178.248.233.244/31,
178.248.234.30/32,
178.248.234.33/32,
178.248.234.60/32,
178.248.234.79/32,
178.248.234.83/32,
178.248.234.136/32,
178.248.234.204/32,
178.248.234.228/32,
178.248.234.238/32,
178.248.235.60/32,
178.248.235.75/32,
178.248.235.244/32,
178.248.236.20/32,
178.248.236.83/32,
178.248.236.244/32,
178.248.237.18/32,
178.248.237.98/32,
178.248.237.136/32,
178.248.237.242/32,
178.248.238.55/32,
178.248.238.102/32,
178.248.238.128/31,
178.248.238.136/32,
178.248.238.155/32,
178.248.238.172/32,
178.248.238.205/32,
178.248.238.255/32,
178.248.239.215/32,
185.5.136.0/22,
185.6.244.0/22,
185.7.234.188/30,
185.16.8.0/22,
185.16.148.0/22,
185.16.244.0/22,
185.29.128.0/22,
185.32.248.0/22,
185.65.149.170/32,
185.86.144.0/22,
185.100.104.0/22,
185.130.112.0/22,
185.131.68.0/22,
185.149.160.0/22,
185.168.60.0/22,
185.179.224.0/22,
185.180.200.0/22,
185.183.172.0/22,
185.187.63.0/24,
185.224.228.0/22,
185.226.52.0/22,
185.241.192.0/22,
188.93.56.0/21,
188.128.8.240/30,
188.128.11.196/30,
188.128.89.0/30,
188.128.92.104/30,
188.128.94.204/30,
188.128.98.204/30,
188.128.101.108/30,
188.128.112.216/29,
188.128.112.240/29,
188.128.113.0/28,
188.128.114.128/28,
188.128.115.232/29,
188.128.118.224/27,
188.128.119.104/30,
188.128.122.240/30,
188.247.36.124/30,
188.247.36.128/28,
188.247.36.204/30,
193.33.230.0/23,
193.47.146.0/24,
193.203.40.0/22,
193.232.70.0/24,
194.8.70.0/23,
194.8.246.0/23,
194.67.63.200/30,
194.84.16.12/30,
194.140.247.0/24,
194.150.202.0/23,
194.165.22.0/23,
194.186.63.0/24,
194.186.112.80/28,
194.190.9.0/24,
194.215.248.0/24,
194.226.80.0/20,
194.226.116.0/22,
194.226.127.0/24,
195.3.240.0/22,
195.16.55.224/27,
195.42.75.8/29,
195.54.20.168/29,
195.54.28.72/30,
195.54.221.0/24,
195.58.5.16/29,
195.58.13.120/30,
195.58.21.196/30,
195.58.29.57/32,
195.58.30.164/30,
195.58.30.200/29,
195.80.224.0/24,
195.98.38.16/28,
195.98.43.104/29,
195.98.73.56/29,
195.98.77.100/30,
195.128.157.0/24,
195.131.7.8/29,
195.131.53.248/29,
195.131.61.80/29,
195.131.63.24/29,
195.144.226.224/28,
195.144.232.144/30,
195.144.240.128/28,
195.149.110.0/24,
195.151.25.48/29,
195.162.36.64/28,
195.170.218.24/29,
195.170.218.88/29,
195.182.142.128/26,
195.182.145.64/28,
195.182.151.212/30,
195.182.151.216/30,
195.182.155.164/30,
195.182.156.96/30,
195.209.120.0/22,
195.211.20.0/22,
195.218.175.40/29,
195.218.190.0/23,
195.226.203.0/24,
195.239.80.32/29,
195.239.113.0/24,
195.239.247.0/24,
212.13.104.116/30,
212.13.113.100/30,
212.15.105.64/28,
212.15.114.156/30,
212.15.115.80/28,
212.17.8.176/29,
212.17.9.144/28,
212.17.16.192/27,
212.17.17.176/28,
212.23.85.48/30,
212.23.85.56/29,
212.32.198.64/29,
212.48.34.176/28,
212.48.53.76/30,
212.48.53.84/30,
212.48.53.88/29,
212.48.53.100/30,
212.48.53.144/30,
212.48.53.152/29,
212.48.53.160/29,
212.48.53.184/29,
212.48.53.192/29,
212.48.53.200/30,
212.48.53.216/30,
212.48.53.236/30,
212.48.53.240/28,
212.48.54.0/30,
212.48.54.8/29,
212.48.54.16/28,
212.48.54.32/29,
212.48.54.44/30,
212.48.54.48/28,
212.48.54.64/28,
212.48.54.80/29,
212.48.54.92/30,
212.48.54.96/27,
212.48.54.128/27,
212.48.54.164/30,
212.48.54.168/29,
212.48.54.176/28,
212.48.54.196/30,
212.48.54.200/30,
212.48.54.208/28,
212.48.54.240/28,
212.48.134.192/26,
212.48.138.240/28,
212.48.141.160/27,
212.49.107.224/27,
212.49.124.0/26,
212.57.133.0/24,
212.57.159.0/24,
212.59.98.48/29,
212.59.99.96/27,
212.111.84.0/22,
212.119.174.0/23,
212.120.169.48/29,
212.120.174.88/29,
212.120.184.48/28,
212.120.184.64/29,
212.120.189.208/29,
212.120.189.224/29,
212.120.190.112/29,
212.120.190.240/29,
212.120.191.120/29,
212.120.191.248/29,
212.192.156.0/22,
212.233.72.0/21,
212.233.88.0/21,
212.233.96.0/22,
212.233.120.0/22,
213.24.34.0/24,
213.24.75.0/24,
213.24.76.0/23,
213.24.128.0/22,
213.24.143.0/24,
213.24.152.0/22,
213.24.160.0/28,
213.33.171.240/29,
213.59.59.16/29,
213.59.59.64/29,
213.59.59.120/29,
213.59.59.128/29,
213.59.59.144/29,
213.59.59.168/29,
213.59.91.48/29,
213.59.91.128/27,
213.59.91.176/28,
213.85.2.64/28,
213.85.2.80/29,
213.85.20.8/30,
213.85.20.32/30,
213.85.20.84/30,
213.85.77.64/27,
213.85.142.176/28,
213.147.55.108/30,
213.172.4.192/26,
213.172.17.252/30,
213.172.18.60/30,
213.172.18.124/30,
213.172.18.148/30,
213.172.18.160/29,
213.172.18.252/30,
213.172.27.0/30,
213.172.27.116/30,
213.172.27.160/30,
213.172.27.204/30,
213.172.27.212/30,
213.172.27.224/30,
213.172.27.252/30,
213.172.30.136/30,
213.176.232.0/22,
213.177.111.0/24,
213.183.253.56/29,
213.219.212.0/22,
213.219.237.68/30,
213.234.8.8/30,
213.234.13.60/30,
213.234.15.228/30,
213.234.15.248/30,
213.234.18.52/30,
213.242.204.76/30,
213.242.204.236/30,
213.242.205.88/30,
213.242.215.68/30,
213.242.215.192/29,
213.243.84.80/28,
213.243.106.48/28,
213.243.116.0/24,
217.16.16.0/20,
217.20.86.128/26,
217.20.86.232/29,
217.20.144.0/20,
217.23.88.168/29,
217.23.88.248/29,
217.27.142.176/30,
217.65.214.24/29,
217.65.219.160/29,
217.67.177.208/29,
217.69.128.0/20,
217.106.0.0/16,
217.107.5.8/29,
217.107.5.16/28,
217.107.5.40/29,
217.107.5.80/28,
217.107.5.96/29,
217.107.5.112/29,
217.107.200.0/21,
217.147.23.112/28,
217.148.216.156/30,
217.148.220.160/29,
217.172.18.0/23,
217.174.188.0/22,
217.195.92.16/28,
217.195.93.144/29,
217.195.94.200/29
}
}
set blacklist_v6 {
type ipv6_addr
flags interval
elements = {
2a00:1148::/29,
2a00:46e0::/32,
2a00:a300::/32,
2a00:b4c0::/32,
2a00:bdc0::/33,
2a00:bdc0:8000::/34,
2a00:bdc0:c000::/35,
2a00:bdc0:e002::/47,
2a00:bdc0:e004::/47,
2a00:bdc0:e007::/48,
2a00:bdc0:f000::/36,
2a00:bdc1::/32,
2a00:bdc2::/31,
2a00:bdc4::/30,
2a14:25c0::/32,
2a14:25c5::/32,
2a14:25c6::/31
}
}
chain input {
type filter hook input priority 0;
policy accept;
ct state { established, related } accept
ip saddr @blacklist_v4 counter drop
ip6 saddr @blacklist_v6 counter drop
}
}

0
blacklists_nginx/.keep_folder Normal file
View File

302
blacklists_nginx/README.md
View File

@@ -1,302 +0,0 @@
# Nginx Blacklist Configurations
Auto-generated nginx configuration files for blocking networks and IP addresses.
## Available Files
### Mixed IPv4/IPv6
- **`blacklist.conf`** - Contains both IPv4 and IPv6 deny rules (809 entries)
### IPv4 Only
- **`blacklist-v4.conf`** - Contains only IPv4 deny rules (806 entries)
### IPv6 Only
- **`blacklist-v6.conf`** - Contains only IPv6 deny rules (3 entries)
## Usage
### Basic Usage
Include the desired configuration file in your nginx `server` or `location` block:
```nginx
server {
listen 80;
server_name example.com;
# Include the blacklist
include /path/to/blacklist.conf;
location / {
# your configuration
}
}
```
### Separate IPv4/IPv6 Files
For more granular control, use separate files:
```nginx
server {
listen 80;
listen [::]:80;
server_name example.com;
# Include both IPv4 and IPv6 blacklists
include /path/to/blacklist-v4.conf;
include /path/to/blacklist-v6.conf;
location / {
# your configuration
}
}
```
### HTTP Block Level
Apply the blacklist globally to all virtual hosts:
```nginx
http {
# Apply blacklist globally
include /path/to/blacklist.conf;
server {
listen 80;
server_name example.com;
# ...
}
server {
listen 80;
server_name another.com;
# ...
}
}
```
### Location Block Level
For selective blocking within specific locations:
```nginx
server {
listen 80;
server_name example.com;
location /admin {
# Apply blacklist only to admin area
include /path/to/blacklist.conf;
# ...
}
location /public {
# Public area without blacklist
# ...
}
}
```
## Testing Configuration
After adding the blacklist, always test your nginx configuration:
```bash
# Test configuration
nginx -t
# Reload nginx if test passes
nginx -s reload
# or
systemctl reload nginx
```
## Custom Response
By default, denied IPs receive a connection drop. To customize the response:
```nginx
server {
listen 80;
server_name example.com;
# Return custom error page
error_page 403 /403.html;
include /path/to/blacklist.conf;
location = /403.html {
root /usr/share/nginx/html;
internal;
}
}
```
Note: For large blacklists, using `deny` directives (as in these files) is more efficient than `if` statements.
## Performance Considerations
- **Deny directives** are processed in order and stop at the first match
- For optimal performance, most frequently matched IPs should be at the top
- Current files are sorted for consistency
- Nginx handles hundreds of deny rules efficiently
- For very large blacklists (10,000+ entries), consider using:
- Nginx GeoIP2 module for geographic blocking
- nftables/iptables at the firewall level for better performance
- Stream module for TCP/UDP level blocking
## Integration Examples
### Docker Deployment
```dockerfile
FROM nginx:alpine
# Copy blacklist
COPY blacklist.conf /etc/nginx/blacklist.conf
# Copy nginx config that includes the blacklist
COPY nginx.conf /etc/nginx/nginx.conf
EXPOSE 80 443
CMD ["nginx", "-g", "daemon off;"]
```
### Kubernetes ConfigMap
```yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: nginx-blacklist
data:
blacklist.conf: |
# Include blacklist content here
deny 109.124.119.88/29;
deny 109.124.66.128/30;
# ...
```
### Automated Updates
Set up a cron job to automatically fetch the latest blacklist:
```bash
#!/bin/bash
# /etc/cron.daily/update-nginx-blacklist
# Download latest blacklist
wget -q https://raw.githubusercontent.com/C24Be/AS_Network_List/main/blacklists_nginx/blacklist.conf \
-O /etc/nginx/blacklist.conf.new
# Test nginx configuration
nginx -t -c /etc/nginx/nginx.conf
# If test passes, reload nginx
if [ $? -eq 0 ]; then
mv /etc/nginx/blacklist.conf.new /etc/nginx/blacklist.conf
systemctl reload nginx
echo "Blacklist updated successfully"
else
rm /etc/nginx/blacklist.conf.new
echo "Nginx config test failed, blacklist not updated"
fi
```
## Logging Blocked Requests
To log denied requests:
```nginx
server {
listen 80;
server_name example.com;
# Custom log format for denied IPs
log_format blocked '$remote_addr - $remote_user [$time_local] '
'"$request" 403 0 '
'"$http_referer" "$http_user_agent"';
access_log /var/log/nginx/blocked.log blocked;
include /path/to/blacklist.conf;
location / {
# your configuration
}
}
```
## Monitoring
Check how many IPs are being blocked:
```bash
# Count deny rules
grep -c "deny" /path/to/blacklist.conf
# Check blocked access logs
tail -f /var/log/nginx/blocked.log
# Count blocked requests today
grep "$(date +%d/%b/%Y)" /var/log/nginx/access.log | grep " 403 " | wc -l
```
## Troubleshooting
### Configuration Test Fails
```bash
# Check syntax
nginx -t
# Check for duplicate includes
grep -r "include.*blacklist" /etc/nginx/
# Verify file permissions
ls -l /path/to/blacklist.conf
```
### Legitimate Users Blocked
Check if their IP is in the blacklist:
```bash
grep "YOUR_IP" /path/to/blacklist.conf
```
Whitelist specific IPs before applying the blacklist:
```nginx
server {
listen 80;
server_name example.com;
# Whitelist before blacklist
allow 192.168.1.100; # Trusted IP
# Then apply blacklist
include /path/to/blacklist.conf;
# Deny all others not explicitly allowed
# deny all; # Optional
}
```
## Automatic Updates
These files are automatically regenerated daily when the blacklists are updated via the GitHub Actions workflow.
## Source
Generated from the blacklist files in the `blacklists/` directory by `blacklists_updater_nginx.sh`.
## See Also
- [IPTables/IPSet Format](../blacklists_iptables/README.md) - For firewall-level blocking
- [Text Format](../blacklists/README.md) - For custom integrations
- [Main Repository](https://github.com/C24Be/AS_Network_List) - Complete documentation

1145
blacklists_nginx/blacklist-v4.conf
View File

File diff suppressed because it is too large Load Diff

31
blacklists_nginx/blacklist-v6.conf
View File

@@ -1,31 +0,0 @@
# Nginx blacklist configuration (IPv6 only)
# Auto-generated from blacklist-v6.txt
# Last updated: 2026-03-04 06:38:44 UTC
#
# Usage: Include this file in your nginx server or location block:
# include /path/to/blacklist-v6.conf;
#
deny 2a00:1148::/29;
deny 2a00:1148::/32;
deny 2a00:46e0:2::/48;
deny 2a00:46e0::/32;
deny 2a00:a300::/32;
deny 2a00:b4c0::/32;
deny 2a00:bdc0:8000::/34;
deny 2a00:bdc0::/33;
deny 2a00:bdc0:c000::/35;
deny 2a00:bdc0:e002::/48;
deny 2a00:bdc0:e003::/48;
deny 2a00:bdc0:e004::/48;
deny 2a00:bdc0:e005::/48;
deny 2a00:bdc0:e007::/48;
deny 2a00:bdc0:f000::/36;
deny 2a00:bdc1::/32;
deny 2a00:bdc2::/31;
deny 2a00:bdc4::/30;
deny 2a14:25c0::/32;
deny 2a14:25c5::/32;
deny 2a14:25c6::/32;
deny 2a14:25c7::/32;

1167
blacklists_nginx/blacklist.conf
View File

File diff suppressed because it is too large Load Diff

0
blacklists_routes/.keep_folder Normal file
View File

94
blacklists_updater_iptables.sh
View File

@@ -1,19 +1,46 @@
#!/bin/sh #!/bin/sh
SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)"
# Input files (generated by blacklists_updater_txt.sh) # Input files (generated by blacklists_updater_txt.sh)
blacklist_file="blacklists/blacklist.txt" blacklist_file="${SCRIPT_DIR}/blacklists/blacklist.txt"
blacklist_v4_file="blacklists/blacklist-v4.txt" blacklist_v4_file="${SCRIPT_DIR}/blacklists/blacklist-v4.txt"
blacklist_v6_file="blacklists/blacklist-v6.txt" blacklist_v6_file="${SCRIPT_DIR}/blacklists/blacklist-v6.txt"
# Source files for name-based VK filtering
auto_all_v4_file="${SCRIPT_DIR}/auto/all-ru-ipv4.txt"
auto_all_v6_file="${SCRIPT_DIR}/auto/all-ru-ipv6.txt"
auto_ripe_v4_file="${SCRIPT_DIR}/auto/ripe-ru-ipv4.txt"
vk_name_pattern='VK[[:space:]-]*CLOUD|VKCOMPANY|VKONTAKTE'
# Additional VK-only text blacklists
blacklist_vk_file="${SCRIPT_DIR}/blacklists/blacklist-vk.txt"
blacklist_vk_v4_file="${SCRIPT_DIR}/blacklists/blacklist-vk-v4.txt"
blacklist_vk_v6_file="${SCRIPT_DIR}/blacklists/blacklist-vk-v6.txt"
# Output directory and files # Output directory and files
iptables_output_dir="blacklists_iptables" iptables_output_dir="${SCRIPT_DIR}/blacklists_iptables"
iptables_output_file="${iptables_output_dir}/blacklist.ipset" iptables_output_file="${iptables_output_dir}/blacklist.ipset"
iptables_v4_output_file="${iptables_output_dir}/blacklist-v4.ipset" iptables_v4_output_file="${iptables_output_dir}/blacklist-v4.ipset"
iptables_v6_output_file="${iptables_output_dir}/blacklist-v6.ipset" iptables_v6_output_file="${iptables_output_dir}/blacklist-v6.ipset"
iptables_vk_output_file="${iptables_output_dir}/blacklist-vk.ipset"
iptables_vk_v4_output_file="${iptables_output_dir}/blacklist-vk-v4.ipset"
iptables_vk_v6_output_file="${iptables_output_dir}/blacklist-vk-v6.ipset"
# Create iptables directory if it doesn't exist # Create iptables directory if it doesn't exist
mkdir -p "${iptables_output_dir}" mkdir -p "${iptables_output_dir}"
# Build additional VK-only blacklist from network names in auto/*.txt files
tmp_vk_file="$(mktemp "${SCRIPT_DIR}/blacklists/.blacklist-vk.XXXXXX")"
for source_file in "${auto_all_v4_file}" "${auto_all_v6_file}" "${auto_ripe_v4_file}"; do
[ -f "${source_file}" ] || continue
awk -v pattern="${vk_name_pattern}" 'BEGIN { IGNORECASE = 1 } $0 ~ pattern { print $1 }' "${source_file}" >> "${tmp_vk_file}"
done
sort -u "${tmp_vk_file}" > "${blacklist_vk_file}"
grep ':' "${blacklist_vk_file}" | sort -u > "${blacklist_vk_v6_file}" || true
grep -v ':' "${blacklist_vk_file}" | sort -u > "${blacklist_vk_v4_file}" || true
rm -f "${tmp_vk_file}"
# Function to generate ipset config from input file # Function to generate ipset config from input file
generate_ipset_config() { generate_ipset_config() {
local input_file="$1" local input_file="$1"
@@ -21,6 +48,19 @@ generate_ipset_config() {
local ip_version="$3" local ip_version="$3"
local set_name="$4" local set_name="$4"
local family="$5" local family="$5"
local iptables_cmd="iptables"
local rule_primary=""
local rule_secondary=""
[ "${family}" = "inet6" ] && iptables_cmd="ip6tables"
if printf "%s" "${set_name}" | grep -q '^blacklist-vk'; then
rule_primary="${iptables_cmd} -I OUTPUT -m set --match-set ${set_name} dst -j REJECT"
rule_secondary="${iptables_cmd} -I FORWARD -m set --match-set ${set_name} dst -j REJECT"
else
rule_primary="${iptables_cmd} -I INPUT -m set --match-set ${set_name} src -m conntrack --ctstate NEW -j DROP"
rule_secondary="${iptables_cmd} -I FORWARD -m set --match-set ${set_name} src -m conntrack --ctstate NEW -j DROP"
fi
# Count entries for hash size calculation # Count entries for hash size calculation
local count=$(wc -l < "${input_file}" | tr -d ' ') local count=$(wc -l < "${input_file}" | tr -d ' ')
@@ -38,8 +78,8 @@ generate_ipset_config() {
# ipset restore < $(basename ${output_file}) # ipset restore < $(basename ${output_file})
# #
# 2. Use with iptables/ip6tables: # 2. Use with iptables/ip6tables:
# iptables -I INPUT -m set --match-set ${set_name} src -m conntrack --ctstate NEW -j DROP # ${rule_primary}
# iptables -I FORWARD -m set --match-set ${set_name} src -m conntrack --ctstate NEW -j DROP ${rule_secondary:+# ${rule_secondary}}
# #
# 3. To flush/delete the set: # 3. To flush/delete the set:
# ipset flush ${set_name} # ipset flush ${set_name}
@@ -63,6 +103,8 @@ EOF
# Generate ipset configurations from blacklist files # Generate ipset configurations from blacklist files
generate_ipset_config "${blacklist_v4_file}" "${iptables_v4_output_file}" "(IPv4 only)" "blacklist-v4" "inet" generate_ipset_config "${blacklist_v4_file}" "${iptables_v4_output_file}" "(IPv4 only)" "blacklist-v4" "inet"
generate_ipset_config "${blacklist_v6_file}" "${iptables_v6_output_file}" "(IPv6 only)" "blacklist-v6" "inet6" generate_ipset_config "${blacklist_v6_file}" "${iptables_v6_output_file}" "(IPv6 only)" "blacklist-v6" "inet6"
generate_ipset_config "${blacklist_vk_v4_file}" "${iptables_vk_v4_output_file}" "(VK names, IPv4 only)" "blacklist-vk-v4" "inet"
generate_ipset_config "${blacklist_vk_v6_file}" "${iptables_vk_v6_output_file}" "(VK names, IPv6 only)" "blacklist-vk-v6" "inet6"
# For mixed file, we need to create two sets (IPv4 and IPv6) as ipset doesn't support mixed families # For mixed file, we need to create two sets (IPv4 and IPv6) as ipset doesn't support mixed families
cat > "${iptables_output_file}" << EOF cat > "${iptables_output_file}" << EOF
@@ -94,3 +136,43 @@ tail -n +2 "${iptables_v6_output_file}" | grep -E "^(create|add)" >> "${iptables
echo "✓ Generated (mixed IPv4/IPv6): ${iptables_output_file}" echo "✓ Generated (mixed IPv4/IPv6): ${iptables_output_file}"
echo " Total entries: $(wc -l < "${blacklist_file}" | tr -d ' ')" echo " Total entries: $(wc -l < "${blacklist_file}" | tr -d ' ')"
# Generate mixed VK-only ipset file (contains both v4 and v6 sets)
cat > "${iptables_vk_output_file}" << EOF
# IPSet blacklist configuration (VK names: VK Cloud / VKCOMPANY / VKONTAKTE)
# Auto-generated from name-filtered auto/*.txt sources
# Last updated: $(date -u +"%Y-%m-%d %H:%M:%S UTC")
#
# Usage:
# 1. Load the ipset:
# ipset restore < $(basename "${iptables_vk_output_file}")
#
# 2. Use with iptables/ip6tables:
# iptables -I OUTPUT -m set --match-set blacklist-vk-v4 dst -j REJECT
# iptables -I FORWARD -m set --match-set blacklist-vk-v4 dst -j REJECT
# ip6tables -I OUTPUT -m set --match-set blacklist-vk-v6 dst -j REJECT
# ip6tables -I FORWARD -m set --match-set blacklist-vk-v6 dst -j REJECT
#
# 3. To flush/delete the sets:
# ipset flush blacklist-vk-v4 && ipset destroy blacklist-vk-v4
# ipset flush blacklist-vk-v6 && ipset destroy blacklist-vk-v6
#
EOF
tail -n +2 "${iptables_vk_v4_output_file}" | grep -E "^(create|add)" >> "${iptables_vk_output_file}"
echo "" >> "${iptables_vk_output_file}"
tail -n +2 "${iptables_vk_v6_output_file}" | grep -E "^(create|add)" >> "${iptables_vk_output_file}"
echo "✓ Generated (VK names, mixed IPv4/IPv6): ${iptables_vk_output_file}"
echo " Total entries: $(wc -l < "${blacklist_vk_file}" | tr -d ' ')"
echo ""
echo "VK outgoing block examples (iptables/ipset):"
echo " ipset restore < ${iptables_vk_output_file}"
echo " iptables -I OUTPUT -m set --match-set blacklist-vk-v4 dst -j REJECT"
echo " iptables -I FORWARD -m set --match-set blacklist-vk-v4 dst -j REJECT"
echo " ip6tables -I OUTPUT -m set --match-set blacklist-vk-v6 dst -j REJECT"
echo " ip6tables -I FORWARD -m set --match-set blacklist-vk-v6 dst -j REJECT"
echo ""
echo "Tip: Do not install Messenger MAX on the same phone/device that has VPN access configured."

59
blacklists_updater_nftables.sh
View File

@@ -7,29 +7,78 @@ SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
INPUT_FILE="$SCRIPT_DIR/blacklists/blacklist.txt" INPUT_FILE="$SCRIPT_DIR/blacklists/blacklist.txt"
OUTPUT_DIR="$SCRIPT_DIR/blacklists_nftables" OUTPUT_DIR="$SCRIPT_DIR/blacklists_nftables"
# Source files for name-based VK filtering
AUTO_ALL_V4_FILE="$SCRIPT_DIR/auto/all-ru-ipv4.txt"
AUTO_ALL_V6_FILE="$SCRIPT_DIR/auto/all-ru-ipv6.txt"
AUTO_RIPE_V4_FILE="$SCRIPT_DIR/auto/ripe-ru-ipv4.txt"
VK_NAME_PATTERN='VK[[:space:]-]*CLOUD|VKCOMPANY|VKONTAKTE'
# Additional VK-only text blacklists
VK_INPUT_FILE="$SCRIPT_DIR/blacklists/blacklist-vk.txt"
VK_INPUT_V4_FILE="$SCRIPT_DIR/blacklists/blacklist-vk-v4.txt"
VK_INPUT_V6_FILE="$SCRIPT_DIR/blacklists/blacklist-vk-v6.txt"
# Create output directory if it doesn't exist # Create output directory if it doesn't exist
mkdir -p "$OUTPUT_DIR" mkdir -p "$OUTPUT_DIR"
echo "Generating nftables blacklists..." echo "Generating nftables blacklists..."
# Build additional VK-only blacklist from network names in auto/*.txt files
TMP_VK_FILE="$(mktemp "$SCRIPT_DIR/blacklists/.blacklist-vk.XXXXXX")"
for source_file in "$AUTO_ALL_V4_FILE" "$AUTO_ALL_V6_FILE" "$AUTO_RIPE_V4_FILE"; do
[[ -f "$source_file" ]] || continue
awk -v pattern="$VK_NAME_PATTERN" 'BEGIN { IGNORECASE = 1 } $0 ~ pattern { print $1 }' "$source_file" >> "$TMP_VK_FILE"
done
sort -u "$TMP_VK_FILE" > "$VK_INPUT_FILE"
grep ':' "$VK_INPUT_FILE" | sort -u > "$VK_INPUT_V6_FILE" || true
grep -v ':' "$VK_INPUT_FILE" | sort -u > "$VK_INPUT_V4_FILE" || true
rm -f "$TMP_VK_FILE"
# Generate mixed IPv4/IPv6 blacklist # Generate mixed IPv4/IPv6 blacklist
python3 "$SCRIPT_DIR/generate_nft_blacklist.py" \ python3 "$SCRIPT_DIR/generate_nft_blacklist.py" \
"$INPUT_FILE" \ "$INPUT_FILE" \
"$OUTPUT_DIR/blacklist.nft" "$OUTPUT_DIR/blacklist.nft"
# Generate IPv4-only blacklist # Generate IPv4-only blacklist
grep -E '^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+' "$INPUT_FILE" > /tmp/blacklist-v4.txt || true TMP_V4_FILE="/tmp/blacklist-v4.txt"
TMP_V6_FILE="/tmp/blacklist-v6.txt"
grep -E '^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+' "$INPUT_FILE" > "$TMP_V4_FILE" || true
python3 "$SCRIPT_DIR/generate_nft_blacklist.py" \ python3 "$SCRIPT_DIR/generate_nft_blacklist.py" \
/tmp/blacklist-v4.txt \ "$TMP_V4_FILE" \
"$OUTPUT_DIR/blacklist-v4.nft" "$OUTPUT_DIR/blacklist-v4.nft"
# Generate IPv6-only blacklist # Generate IPv6-only blacklist
grep -E '^[0-9a-fA-F:]+:' "$INPUT_FILE" > /tmp/blacklist-v6.txt || true grep -E '^[0-9a-fA-F:]+:' "$INPUT_FILE" > "$TMP_V6_FILE" || true
python3 "$SCRIPT_DIR/generate_nft_blacklist.py" \ python3 "$SCRIPT_DIR/generate_nft_blacklist.py" \
/tmp/blacklist-v6.txt \ "$TMP_V6_FILE" \
"$OUTPUT_DIR/blacklist-v6.nft" "$OUTPUT_DIR/blacklist-v6.nft"
# Generate VK-only blacklists (network names: VK Cloud / VKCOMPANY / VKONTAKTE)
python3 "$SCRIPT_DIR/generate_nft_blacklist.py" \
"$VK_INPUT_FILE" \
"$OUTPUT_DIR/blacklist-vk.nft"
python3 "$SCRIPT_DIR/generate_nft_blacklist.py" \
"$VK_INPUT_V4_FILE" \
"$OUTPUT_DIR/blacklist-vk-v4.nft"
python3 "$SCRIPT_DIR/generate_nft_blacklist.py" \
"$VK_INPUT_V6_FILE" \
"$OUTPUT_DIR/blacklist-vk-v6.nft"
# Clean up temp files # Clean up temp files
rm -f /tmp/blacklist-v4.txt /tmp/blacklist-v6.txt rm -f "$TMP_V4_FILE" "$TMP_V6_FILE"
echo "nftables blacklists generated successfully!" echo "nftables blacklists generated successfully!"
echo ""
echo "VM incoming block examples (all lists, nftables):"
echo " sudo nft -f $OUTPUT_DIR/blacklist.nft"
echo " sudo nft add chain inet filter input '{ type filter hook input priority 0; policy accept; }'"
echo " sudo nft add rule inet filter input ip saddr @blacklist_v4 counter reject"
echo " sudo nft add rule inet filter input ip6 saddr @blacklist_v6 counter reject"
echo ""
echo "VK outbound block examples for VPN clients via NAT (nftables):"
echo " sudo nft -f $OUTPUT_DIR/blacklist-vk.nft"
echo " sudo nft add chain inet filter forward '{ type filter hook forward priority 0; policy accept; }'"
echo " sudo nft add rule inet filter forward iifname \"<VPN_IFACE>\" ip daddr @blacklist_v4 counter reject"
echo " sudo nft add rule inet filter forward iifname \"<VPN_IFACE>\" ip6 daddr @blacklist_v6 counter reject"
echo ""
echo "Tip: Do not install Messenger MAX on the same phone/device that has VPN access configured."

78
blacklists_updater_routes.sh Normal file
View File

@@ -0,0 +1,78 @@
#!/bin/sh
set -e
SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)"
# Source files for name-based VK filtering
AUTO_ALL_V4_FILE="${SCRIPT_DIR}/auto/all-ru-ipv4.txt"
AUTO_ALL_V6_FILE="${SCRIPT_DIR}/auto/all-ru-ipv6.txt"
AUTO_RIPE_V4_FILE="${SCRIPT_DIR}/auto/ripe-ru-ipv4.txt"
VK_NAME_PATTERN='VK[[:space:]-]*CLOUD|VKCOMPANY|VKONTAKTE'
# Additional VK-only text blacklists
VK_INPUT_FILE="${SCRIPT_DIR}/blacklists/blacklist-vk.txt"
VK_INPUT_V4_FILE="${SCRIPT_DIR}/blacklists/blacklist-vk-v4.txt"
VK_INPUT_V6_FILE="${SCRIPT_DIR}/blacklists/blacklist-vk-v6.txt"
# Output directory and files
ROUTES_OUTPUT_DIR="${SCRIPT_DIR}/blacklists_route"
ROUTES_V4_FILE="${ROUTES_OUTPUT_DIR}/blacklist-vk-v4.routes"
ROUTES_V6_FILE="${ROUTES_OUTPUT_DIR}/blacklist-vk-v6.routes"
mkdir -p "${ROUTES_OUTPUT_DIR}" "${SCRIPT_DIR}/blacklists"
echo "Generating VK route blacklists..."
# Build additional VK-only blacklist from network names in auto/*.txt files
TMP_VK_FILE="$(mktemp "${SCRIPT_DIR}/blacklists/.blacklist-vk.XXXXXX")"
for source_file in "${AUTO_ALL_V4_FILE}" "${AUTO_ALL_V6_FILE}" "${AUTO_RIPE_V4_FILE}"; do
[ -f "${source_file}" ] || continue
awk -v pattern="${VK_NAME_PATTERN}" 'BEGIN { IGNORECASE = 1 } $0 ~ pattern { print $1 }' "${source_file}" >> "${TMP_VK_FILE}"
done
sort -u "${TMP_VK_FILE}" > "${VK_INPUT_FILE}"
grep ':' "${VK_INPUT_FILE}" | sort -u > "${VK_INPUT_V6_FILE}" || true
grep -v ':' "${VK_INPUT_FILE}" | sort -u > "${VK_INPUT_V4_FILE}" || true
rm -f "${TMP_VK_FILE}"
# Generate IPv4 routes file (route VK prefixes to loopback via 127.0.0.1)
cat > "${ROUTES_V4_FILE}" << EOF
# Linux routes for VK networks (IPv4)
# Auto-generated by $(basename "$0")
# Last updated: $(date -u +"%Y-%m-%d %H:%M:%S UTC")
#
# Apply:
# sudo sh $(basename "${ROUTES_V4_FILE}")
#
EOF
while IFS= read -r network; do
[ -n "${network}" ] || continue
printf 'ip route replace %s via 127.0.0.1 dev lo onlink\n' "${network}" >> "${ROUTES_V4_FILE}"
done < "${VK_INPUT_V4_FILE}"
# Generate IPv6 routes file (route VK prefixes to loopback via ::1)
cat > "${ROUTES_V6_FILE}" << EOF
# Linux routes for VK networks (IPv6)
# Auto-generated by $(basename "$0")
# Last updated: $(date -u +"%Y-%m-%d %H:%M:%S UTC")
#
# Apply:
# sudo sh $(basename "${ROUTES_V6_FILE}")
#
EOF
while IFS= read -r network; do
[ -n "${network}" ] || continue
printf 'ip -6 route replace %s via ::1 dev lo\n' "${network}" >> "${ROUTES_V6_FILE}"
done < "${VK_INPUT_V6_FILE}"
echo "✓ Generated: ${ROUTES_V4_FILE} (entries: $(wc -l < "${VK_INPUT_V4_FILE}" | tr -d ' '))"
echo "✓ Generated: ${ROUTES_V6_FILE} (entries: $(wc -l < "${VK_INPUT_V6_FILE}" | tr -d ' '))"
echo ""
echo "Examples:"
echo " sudo sh ${ROUTES_V4_FILE}"
echo " sudo sh ${ROUTES_V6_FILE}"