mirror of
https://github.com/C24Be/AS_Network_List.git
synced 2026-04-01 07:08:52 +03:00
Compare commits
30 Commits
849e96a16d
...
20260401
| Author | SHA1 | Date | |
|---|---|---|---|
|
3bd939dc42 | ||
|
|
0d015fc2ff | ||
|
|
dea6a75d67 | ||
|
|
7690d60023 | ||
|
|
1ef2a3a21e | ||
|
|
128d6c3d19 | ||
|
|
4502515ab1 | ||
|
|
740834b112 | ||
|
|
c79108d476 | ||
|
|
754f545764 | ||
|
|
048810e560 | ||
|
|
cfed9adddf | ||
|
|
0107142b90 | ||
|
|
5d9070946d | ||
|
|
4126557898 | ||
|
|
cd643625f1 | ||
|
|
23ca832e7d | ||
|
|
760bc7409d | ||
|
|
3922acb075 | ||
|
|
17d64070c6 | ||
|
|
c34ebee88f | ||
|
|
96f5442eea | ||
|
|
22bbb3dd20 | ||
|
|
943e7f2498 | ||
|
|
ecc4b2e387 | ||
|
|
72d57938c0 | ||
|
|
1d0162e69f | ||
|
|
75e044c01d | ||
|
|
3cb9156d28 | ||
|
|
011efe4bcb |
2
.github/actions/gitPush/action.yaml
vendored
2
.github/actions/gitPush/action.yaml
vendored
@@ -10,7 +10,7 @@ runs:
|
||||
git config --global user.email "${{ env.REPO_OWNER }}@github.com"
|
||||
if [ -n "${{ env.CUSTOM_BRANCH }}" ]; then
|
||||
git checkout "${daily_branch}" 2>/dev/null || git checkout -b "${daily_branch}"
|
||||
git push --set origin "${daily_branch}"
|
||||
git push --set-upstream origin "${daily_branch}"
|
||||
fi
|
||||
git add ${{ env.PUSH_FILES }}
|
||||
git diff --staged --quiet || CHANGED=true
|
||||
|
||||
6
.github/actions/gitReset/action.yaml
vendored
6
.github/actions/gitReset/action.yaml
vendored
@@ -8,9 +8,9 @@ runs:
|
||||
if [ -n "${{ env.CUSTOM_BRANCH }}" ]; then
|
||||
git reset --hard
|
||||
git clean -fdx
|
||||
git checkout "${daily_branch}"
|
||||
git pull origin "${daily_branch}"
|
||||
git push --set origin "${daily_branch}"
|
||||
git checkout "${daily_branch}" 2>/dev/null || git checkout -b "${daily_branch}"
|
||||
git pull origin "${daily_branch}" || true
|
||||
git push --set-upstream origin "${daily_branch}"
|
||||
fi
|
||||
git reset --hard
|
||||
git clean -fdx
|
||||
|
||||
6
.github/workflows/resolve_networks.yml
vendored
6
.github/workflows/resolve_networks.yml
vendored
@@ -26,7 +26,7 @@ jobs:
|
||||
with:
|
||||
fetch-depth: 0 # this is required to fetch all history for all branches and tags
|
||||
token: ${{ env.GH_PAT }}
|
||||
ref: ${{ github.branch }}
|
||||
ref: ${{ github.ref_name }}
|
||||
- uses: ./.github/actions/gitReset
|
||||
env:
|
||||
CUSTOM_BRANCH: true
|
||||
@@ -53,7 +53,7 @@ jobs:
|
||||
with:
|
||||
fetch-depth: 0 # this is required to fetch all history for all branches and tags
|
||||
token: ${{ env.GH_PAT }}
|
||||
ref: ${{ github.branch }}
|
||||
ref: ${{ github.ref_name }}
|
||||
- uses: ./.github/actions/gitReset
|
||||
env:
|
||||
CUSTOM_BRANCH: true
|
||||
@@ -80,7 +80,7 @@ jobs:
|
||||
with:
|
||||
fetch-depth: 0 # this is required to fetch all history for all branches and tags
|
||||
token: ${{ env.GH_PAT }}
|
||||
ref: ${{ github.branch }}
|
||||
ref: ${{ github.ref_name }}
|
||||
- uses: ./.github/actions/gitReset
|
||||
env:
|
||||
CUSTOM_BRANCH: true
|
||||
|
||||
2
.github/workflows/update_blacklists.yml
vendored
2
.github/workflows/update_blacklists.yml
vendored
@@ -36,4 +36,4 @@ jobs:
|
||||
- run: ./blacklists_updater_routes.sh
|
||||
- uses: ./.github/actions/gitPush
|
||||
env:
|
||||
PUSH_FILES: blacklists/ blacklists_nginx/ blacklists_iptables/ blacklists_nftables/
|
||||
PUSH_FILES: blacklists/ blacklists_nginx/ blacklists_iptables/ blacklists_nftables/ blacklists_route/
|
||||
|
||||
54
README.md
54
README.md
@@ -9,6 +9,8 @@
|
||||
|
||||
This repository contains Python scripts that allow you to retrieve network lists based on either an Autonomous System (AS) name or a Network name. Also you can download and parse the whole RIPE database to get information about Networks for the further analysis.
|
||||
|
||||
## Important Links
|
||||
|
||||
**Ready-to-use blacklists in multiple formats:**
|
||||
|
||||
- [Text blacklists in `blacklists/`](https://github.com/C24Be/AS_Network_List/tree/main/blacklists) - Plain text format with IPv4/IPv6 separation
|
||||
@@ -16,7 +18,6 @@ This repository contains Python scripts that allow you to retrieve network lists
|
||||
- [IPTables/IPSet files in `blacklists_iptables/`](https://github.com/C24Be/AS_Network_List/tree/main/blacklists_iptables) - Optimized for iptables with ipset
|
||||
- [nftables files in `blacklists_nftables/`](https://github.com/C24Be/AS_Network_List/tree/main/blacklists_nftables) - Ready-to-load sets and rules for nftables
|
||||
- [Linux route files in `blacklists_route/`](https://github.com/C24Be/AS_Network_List/tree/main/blacklists_route) - VK route blackholes to loopback (IPv4/IPv6)
|
||||
- [Other network and ASN lists in `auto/`](https://github.com/C24Be/AS_Network_List/tree/main/auto) - Comprehensive Russian network data
|
||||
|
||||
## Files and features
|
||||
|
||||
@@ -56,17 +57,18 @@ This repository contains Python scripts that allow you to retrieve network lists
|
||||
|
||||
**IPTables/IPSet Format** (`blacklists_iptables/` folder):
|
||||
|
||||
- `blacklist.ipset`: IPSet configuration for mixed IPv4/IPv6 (**daily generated**)
|
||||
- `blacklist-v4.ipset`: IPSet configuration for IPv4 only (**daily generated**)
|
||||
- `blacklist-v6.ipset`: IPSet configuration for IPv6 only (**daily generated**)
|
||||
- `blacklist-vk-v4.ipset`: IPSet configuration for VK-only IPv4 networks (**daily generated**)
|
||||
- `blacklist-vk-v6.ipset`: IPSet configuration for VK-only IPv6 networks (**daily generated**)
|
||||
- `README.md`: Complete usage documentation for iptables integration
|
||||
|
||||
**nftables Format** (`blacklists_nftables/` folder):
|
||||
|
||||
* `blacklist.nft`: nftables configuration for mixed IPv4/IPv6 (**daily generated**)
|
||||
* `blacklist.nft`: nftables set definitions for mixed IPv4/IPv6 (**daily generated**)
|
||||
* `blacklist-v4.nft`: nftables configuration for IPv4 only (**daily generated**)
|
||||
* `blacklist-v6.nft`: nftables configuration for IPv6 only (**daily generated**)
|
||||
* `blacklist-vk.nft`: nftables configuration for VK-only networks (**daily generated**)
|
||||
* `blacklist-vk.nft`: nftables set definitions for VK-only mixed IPv4/IPv6 (**daily generated**)
|
||||
* `blacklist-vk-v4.nft`: nftables configuration for VK-only IPv4 networks (**daily generated**)
|
||||
* `blacklist-vk-v6.nft`: nftables configuration for VK-only IPv6 networks (**daily generated**)
|
||||
* `README.md`: Complete usage documentation for nftables integration
|
||||
@@ -82,7 +84,7 @@ This repository contains Python scripts that allow you to retrieve network lists
|
||||
**Contributors are welcome!**
|
||||
|
||||
- `lists/ru-gov-netnames.txt`: A list of network names associated with the Russian government.
|
||||
- `lists/ru-gov-asns.txt`: A list of AS numbers associated with the Russian government.
|
||||
- ASN candidates used for blacklists are derived automatically from `auto/all-ru-asn.txt`.
|
||||
|
||||
### Auto-Generated Data
|
||||
|
||||
@@ -110,18 +112,24 @@ wget https://raw.githubusercontent.com/C24Be/AS_Network_List/main/blacklists_ngi
|
||||
**For IPTables/IPSet:**
|
||||
|
||||
```bash
|
||||
# Download and load into ipset
|
||||
wget https://raw.githubusercontent.com/C24Be/AS_Network_List/main/blacklists_iptables/blacklist.ipset
|
||||
ipset restore < blacklist.ipset
|
||||
iptables -I INPUT -m set --match-set blacklist-v4 src -j DROP
|
||||
ip6tables -I INPUT -m set --match-set blacklist-v6 src -j DROP
|
||||
# Download and load IPv4/IPv6 sets into ipset
|
||||
wget https://raw.githubusercontent.com/C24Be/AS_Network_List/main/blacklists_iptables/blacklist-v4.ipset
|
||||
wget https://raw.githubusercontent.com/C24Be/AS_Network_List/main/blacklists_iptables/blacklist-v6.ipset
|
||||
ipset restore < blacklist-v4.ipset
|
||||
ipset restore < blacklist-v6.ipset
|
||||
iptables -I INPUT -m set --match-set blacklist-v4 src -m conntrack --ctstate NEW -j DROP
|
||||
ip6tables -I INPUT -m set --match-set blacklist-v6 src -m conntrack --ctstate NEW -j DROP
|
||||
```
|
||||
|
||||
**For nftables:**
|
||||
````bash
|
||||
# Download and load into nftables
|
||||
# Download and load nftables sets
|
||||
wget https://raw.githubusercontent.com/C24Be/AS_Network_List/main/blacklists_nftables/blacklist.nft
|
||||
wget https://raw.githubusercontent.com/C24Be/AS_Network_List/main/blacklists_nftables/blacklist-v4.nft
|
||||
wget https://raw.githubusercontent.com/C24Be/AS_Network_List/main/blacklists_nftables/blacklist-v6.nft
|
||||
sudo nft -f blacklist.nft
|
||||
sudo nft -f blacklist-v4.nft
|
||||
sudo nft -f blacklist-v6.nft
|
||||
|
||||
# Protect VM from incoming blacklist sources
|
||||
sudo nft add chain inet filter input '{ type filter hook input priority 0; policy accept; }'
|
||||
@@ -130,10 +138,14 @@ sudo nft add rule inet filter input ip6 saddr @blacklist_v6 counter reject
|
||||
|
||||
# VK-only outbound blocking for VPN clients via NAT/FORWARD
|
||||
wget https://raw.githubusercontent.com/C24Be/AS_Network_List/main/blacklists_nftables/blacklist-vk.nft
|
||||
wget https://raw.githubusercontent.com/C24Be/AS_Network_List/main/blacklists_nftables/blacklist-vk-v4.nft
|
||||
wget https://raw.githubusercontent.com/C24Be/AS_Network_List/main/blacklists_nftables/blacklist-vk-v6.nft
|
||||
sudo nft -f blacklist-vk.nft
|
||||
sudo nft -f blacklist-vk-v4.nft
|
||||
sudo nft -f blacklist-vk-v6.nft
|
||||
sudo nft add chain inet filter forward '{ type filter hook forward priority 0; policy accept; }'
|
||||
sudo nft add rule inet filter forward iifname "<VPN_IFACE>" ip daddr @blacklist_v4 counter reject
|
||||
sudo nft add rule inet filter forward iifname "<VPN_IFACE>" ip6 daddr @blacklist_v6 counter reject
|
||||
sudo nft add rule inet filter forward iifname "<VPN_IFACE>" ip daddr @blacklist_vk_v4 counter reject
|
||||
sudo nft add rule inet filter forward iifname "<VPN_IFACE>" ip6 daddr @blacklist_vk_v6 counter reject
|
||||
|
||||
# View the loaded rules
|
||||
sudo nft list ruleset
|
||||
@@ -198,16 +210,16 @@ See the README files in each folder for detailed usage instructions.
|
||||
./network_list_from_as.py AS61280
|
||||
```
|
||||
|
||||
2. Run the script with a URL to a file in a GitHub repository as an argument:
|
||||
2. Run the script with a URL to a file with one ASN per line:
|
||||
|
||||
```bash
|
||||
./network_list_from_as.py https://github.com/C24Be/AS_Network_List/blob/main/lists/ru-gov-asns.txt
|
||||
./network_list_from_as.py https://example.com/asns.txt
|
||||
```
|
||||
|
||||
Or better use the raw file link:
|
||||
|
||||
```bash
|
||||
./network_list_from_as.py https://raw.githubusercontent.com/C24Be/AS_Network_List/main/lists/ru-gov-asns.txt
|
||||
./network_list_from_as.py https://example.com/asns-raw.txt
|
||||
```
|
||||
|
||||
3. To display a help message, use the `-h` or `--help` switch:
|
||||
@@ -272,16 +284,6 @@ This repository uses GitHub Actions to automatically update blacklists:
|
||||
|
||||
All blacklists are automatically regenerated and committed to ensure you always have the latest data.
|
||||
|
||||
## Blacklist Format Comparison
|
||||
|
||||
| Format | Best For | Performance | Ease of Use | File Size |
|
||||
|--------|----------|-------------|-------------|-----------|
|
||||
| **Text** | Custom scripts, analysis | N/A | ⭐⭐⭐⭐⭐ | Small |
|
||||
| **Nginx** | Web servers, reverse proxies | Good | ⭐⭐⭐⭐ | Medium |
|
||||
| **IPSet** | Firewalls, large-scale blocking | Excellent | ⭐⭐⭐ | Medium |
|
||||
|
||||
**Recommendation**: Use IPSet for firewall-level blocking (best performance), Nginx for web application layer, and text format for custom integrations.
|
||||
|
||||
## Additional information
|
||||
|
||||
- [RIPE DB Inetnum](https://ftp.ripe.net/ripe/dbase/split/ripe.db.inetnum.gz)
|
||||
|
||||
10915
auto/all-ru-asn.txt
10915
auto/all-ru-asn.txt
File diff suppressed because it is too large
Load Diff
9279
auto/all-ru-ipv4.txt
9279
auto/all-ru-ipv4.txt
File diff suppressed because it is too large
Load Diff
4386
auto/all-ru-ipv6.txt
4386
auto/all-ru-ipv6.txt
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
1143
blacklists/blacklist-v4.txt
Normal file
1143
blacklists/blacklist-v4.txt
Normal file
File diff suppressed because it is too large
Load Diff
22
blacklists/blacklist-v6.txt
Normal file
22
blacklists/blacklist-v6.txt
Normal file
@@ -0,0 +1,22 @@
|
||||
2a00:1148::/29
|
||||
2a00:1148::/32
|
||||
2a00:46e0:2::/48
|
||||
2a00:46e0::/32
|
||||
2a00:a300::/32
|
||||
2a00:b4c0::/32
|
||||
2a00:bdc0:8000::/34
|
||||
2a00:bdc0::/33
|
||||
2a00:bdc0:c000::/35
|
||||
2a00:bdc0:e002::/48
|
||||
2a00:bdc0:e003::/48
|
||||
2a00:bdc0:e004::/48
|
||||
2a00:bdc0:e005::/48
|
||||
2a00:bdc0:e007::/48
|
||||
2a00:bdc0:f000::/36
|
||||
2a00:bdc1::/32
|
||||
2a00:bdc2::/31
|
||||
2a00:bdc4::/30
|
||||
2a14:25c0::/32
|
||||
2a14:25c5::/32
|
||||
2a14:25c6::/32
|
||||
2a14:25c7::/32
|
||||
267
blacklists/blacklist-vk-v4.txt
Normal file
267
blacklists/blacklist-vk-v4.txt
Normal file
@@ -0,0 +1,267 @@
|
||||
109.120.180.0/22
|
||||
109.120.180.0/23
|
||||
109.120.182.0/23
|
||||
109.120.188.0/22
|
||||
109.120.188.0/23
|
||||
109.120.190.0/23
|
||||
128.140.168.0/21
|
||||
128.140.168.0/23
|
||||
128.140.170.0/24
|
||||
128.140.171.0/24
|
||||
128.140.172.0/22
|
||||
130.49.224.0/19
|
||||
146.185.208.0/22
|
||||
146.185.208.0/23
|
||||
146.185.210.0/23
|
||||
146.185.240.0/22
|
||||
146.185.240.0/23
|
||||
146.185.242.0/23
|
||||
155.212.192.0/20
|
||||
161.104.104.0/21
|
||||
176.112.168.0/21
|
||||
178.22.88.0/21
|
||||
178.22.89.64/26
|
||||
178.22.94.0/23
|
||||
178.237.16.0/20
|
||||
178.237.16.0/21
|
||||
178.237.24.0/22
|
||||
178.237.30.0/23
|
||||
185.100.104.0/22
|
||||
185.100.104.0/23
|
||||
185.100.106.0/23
|
||||
185.130.112.0/22
|
||||
185.130.112.0/23
|
||||
185.130.114.0/23
|
||||
185.131.68.0/22
|
||||
185.16.148.0/22
|
||||
185.16.148.0/23
|
||||
185.16.150.0/23
|
||||
185.16.244.0/22
|
||||
185.16.244.0/23
|
||||
185.16.246.0/23
|
||||
185.180.200.0/22
|
||||
185.187.63.0/24
|
||||
185.187.63.0/25
|
||||
185.187.63.128/25
|
||||
185.226.52.0/22
|
||||
185.226.52.0/23
|
||||
185.226.54.0/23
|
||||
185.241.192.0/22
|
||||
185.241.192.0/23
|
||||
185.241.194.0/23
|
||||
185.29.128.0/22
|
||||
185.29.130.0/24
|
||||
185.32.248.0/22
|
||||
185.32.248.0/23
|
||||
185.32.250.0/23
|
||||
185.5.136.0/22
|
||||
185.5.136.0/23
|
||||
185.5.138.0/23
|
||||
185.6.244.0/22
|
||||
185.6.244.0/23
|
||||
185.6.246.0/23
|
||||
185.86.144.0/22
|
||||
185.86.144.0/23
|
||||
185.86.146.0/23
|
||||
188.93.56.0/21
|
||||
188.93.56.0/24
|
||||
188.93.57.0/24
|
||||
188.93.58.0/24
|
||||
188.93.60.0/24
|
||||
188.93.61.0/24
|
||||
188.93.62.0/24
|
||||
193.203.40.0/22
|
||||
194.84.16.12/30
|
||||
195.211.20.0/22
|
||||
195.211.22.0/24
|
||||
195.211.23.0/24
|
||||
212.111.84.0/22
|
||||
212.233.120.0/22
|
||||
212.233.72.0/21
|
||||
212.233.88.0/21
|
||||
212.233.96.0/22
|
||||
213.219.212.0/22
|
||||
213.219.212.0/23
|
||||
213.219.214.0/23
|
||||
217.16.16.0/20
|
||||
217.16.16.0/21
|
||||
217.16.24.0/21
|
||||
217.174.188.0/23
|
||||
217.20.144.0/20
|
||||
217.20.144.0/22
|
||||
217.20.148.0/24
|
||||
217.20.149.0/24
|
||||
217.20.150.0/23
|
||||
217.20.152.0/22
|
||||
217.20.156.0/23
|
||||
217.20.158.0/24
|
||||
217.20.159.0/24
|
||||
217.69.128.0/20
|
||||
217.69.128.0/21
|
||||
217.69.136.0/21
|
||||
37.139.32.0/22
|
||||
37.139.32.0/23
|
||||
37.139.34.0/23
|
||||
37.139.40.0/22
|
||||
37.139.40.0/23
|
||||
37.139.42.0/23
|
||||
45.136.20.0/22
|
||||
45.136.20.0/23
|
||||
45.136.22.0/23
|
||||
45.84.128.0/22
|
||||
45.84.128.0/23
|
||||
45.84.130.0/23
|
||||
5.101.40.0/22
|
||||
5.101.40.0/23
|
||||
5.101.42.0/23
|
||||
5.181.60.0/22
|
||||
5.181.60.0/24
|
||||
5.181.61.0/24
|
||||
5.181.62.0/23
|
||||
5.188.140.0/22
|
||||
5.188.140.0/23
|
||||
5.188.142.0/23
|
||||
5.61.16.0/21
|
||||
5.61.16.0/22
|
||||
5.61.20.0/22
|
||||
5.61.232.0/21
|
||||
5.61.232.0/22
|
||||
5.61.236.0/23
|
||||
5.61.238.0/24
|
||||
5.61.239.0/27
|
||||
5.61.239.128/25
|
||||
5.61.239.40/29
|
||||
5.61.239.48/28
|
||||
5.61.239.64/26
|
||||
62.217.160.0/20
|
||||
62.217.160.0/21
|
||||
62.217.168.0/21
|
||||
79.137.132.0/24
|
||||
79.137.132.0/25
|
||||
79.137.132.128/25
|
||||
79.137.139.0/24
|
||||
79.137.139.0/25
|
||||
79.137.139.128/25
|
||||
79.137.157.0/25
|
||||
79.137.157.128/25
|
||||
79.137.164.0/24
|
||||
79.137.164.0/25
|
||||
79.137.164.128/25
|
||||
79.137.167.0/24
|
||||
79.137.167.0/25
|
||||
79.137.167.128/25
|
||||
79.137.174.0/23
|
||||
79.137.174.0/24
|
||||
79.137.175.0/24
|
||||
79.137.180.0/24
|
||||
79.137.180.0/25
|
||||
79.137.180.128/25
|
||||
79.137.240.0/21
|
||||
79.137.240.0/22
|
||||
79.137.244.0/22
|
||||
83.166.232.0/21
|
||||
83.166.232.0/22
|
||||
83.166.236.0/22
|
||||
83.166.248.0/21
|
||||
83.166.248.0/22
|
||||
83.166.252.0/22
|
||||
83.217.216.0/22
|
||||
83.217.216.0/23
|
||||
83.217.218.0/23
|
||||
83.222.28.0/22
|
||||
84.23.52.0/22
|
||||
84.23.52.0/23
|
||||
84.23.54.0/23
|
||||
85.114.31.108/30
|
||||
85.192.32.0/22
|
||||
85.192.32.0/23
|
||||
85.192.34.0/23
|
||||
85.198.106.0/24
|
||||
85.198.107.0/24
|
||||
87.239.104.0/21
|
||||
87.239.104.0/22
|
||||
87.239.108.0/22
|
||||
87.240.128.0/18
|
||||
87.240.128.0/19
|
||||
87.240.160.0/19
|
||||
87.242.112.0/22
|
||||
89.208.196.0/22
|
||||
89.208.196.0/23
|
||||
89.208.198.0/23
|
||||
89.208.208.0/22
|
||||
89.208.208.0/23
|
||||
89.208.210.0/23
|
||||
89.208.216.0/21
|
||||
89.208.216.0/23
|
||||
89.208.218.0/23
|
||||
89.208.220.0/22
|
||||
89.208.228.0/22
|
||||
89.208.228.0/23
|
||||
89.208.230.0/23
|
||||
89.208.84.0/22
|
||||
89.208.84.0/23
|
||||
89.208.86.0/23
|
||||
89.221.228.0/22
|
||||
89.221.232.0/21
|
||||
90.156.148.0/22
|
||||
90.156.148.0/23
|
||||
90.156.150.0/23
|
||||
90.156.212.0/22
|
||||
90.156.212.0/23
|
||||
90.156.214.0/23
|
||||
90.156.216.0/22
|
||||
90.156.216.0/23
|
||||
90.156.218.0/23
|
||||
90.156.232.0/21
|
||||
91.219.224.0/22
|
||||
91.231.132.0/22
|
||||
91.237.76.0/24
|
||||
93.153.255.84/30
|
||||
93.186.224.0/20
|
||||
93.186.224.0/21
|
||||
93.186.232.0/21
|
||||
94.100.176.0/20
|
||||
94.100.176.0/21
|
||||
94.100.184.0/21
|
||||
94.139.244.0/22
|
||||
94.139.244.0/23
|
||||
94.139.246.0/23
|
||||
95.142.192.0/20
|
||||
95.142.192.0/21
|
||||
95.142.200.0/21
|
||||
95.163.180.0/22
|
||||
95.163.180.0/23
|
||||
95.163.182.0/23
|
||||
95.163.208.0/21
|
||||
95.163.208.0/23
|
||||
95.163.210.0/23
|
||||
95.163.212.0/22
|
||||
95.163.216.0/22
|
||||
95.163.216.0/23
|
||||
95.163.218.0/23
|
||||
95.163.248.0/21
|
||||
95.163.248.0/22
|
||||
95.163.252.0/23
|
||||
95.163.254.0/23
|
||||
95.163.32.0/19
|
||||
95.163.32.0/22
|
||||
95.163.36.0/22
|
||||
95.163.40.0/21
|
||||
95.163.48.0/20
|
||||
95.213.0.0/17
|
||||
95.213.0.0/20
|
||||
95.213.16.0/21
|
||||
95.213.24.0/23
|
||||
95.213.26.0/24
|
||||
95.213.27.0/24
|
||||
95.213.28.0/24
|
||||
95.213.29.0/24
|
||||
95.213.30.0/24
|
||||
95.213.31.0/24
|
||||
95.213.32.0/24
|
||||
95.213.33.0/24
|
||||
95.213.34.0/23
|
||||
95.213.36.0/22
|
||||
95.213.40.0/21
|
||||
95.213.48.0/20
|
||||
95.213.64.0/18
|
||||
1
blacklists/blacklist-vk-v6.txt
Normal file
1
blacklists/blacklist-vk-v6.txt
Normal file
@@ -0,0 +1 @@
|
||||
2a00:bdc0::/29
|
||||
268
blacklists/blacklist-vk.txt
Normal file
268
blacklists/blacklist-vk.txt
Normal file
@@ -0,0 +1,268 @@
|
||||
109.120.180.0/22
|
||||
109.120.180.0/23
|
||||
109.120.182.0/23
|
||||
109.120.188.0/22
|
||||
109.120.188.0/23
|
||||
109.120.190.0/23
|
||||
128.140.168.0/21
|
||||
128.140.168.0/23
|
||||
128.140.170.0/24
|
||||
128.140.171.0/24
|
||||
128.140.172.0/22
|
||||
130.49.224.0/19
|
||||
146.185.208.0/22
|
||||
146.185.208.0/23
|
||||
146.185.210.0/23
|
||||
146.185.240.0/22
|
||||
146.185.240.0/23
|
||||
146.185.242.0/23
|
||||
155.212.192.0/20
|
||||
161.104.104.0/21
|
||||
176.112.168.0/21
|
||||
178.22.88.0/21
|
||||
178.22.89.64/26
|
||||
178.22.94.0/23
|
||||
178.237.16.0/20
|
||||
178.237.16.0/21
|
||||
178.237.24.0/22
|
||||
178.237.30.0/23
|
||||
185.100.104.0/22
|
||||
185.100.104.0/23
|
||||
185.100.106.0/23
|
||||
185.130.112.0/22
|
||||
185.130.112.0/23
|
||||
185.130.114.0/23
|
||||
185.131.68.0/22
|
||||
185.16.148.0/22
|
||||
185.16.148.0/23
|
||||
185.16.150.0/23
|
||||
185.16.244.0/22
|
||||
185.16.244.0/23
|
||||
185.16.246.0/23
|
||||
185.180.200.0/22
|
||||
185.187.63.0/24
|
||||
185.187.63.0/25
|
||||
185.187.63.128/25
|
||||
185.226.52.0/22
|
||||
185.226.52.0/23
|
||||
185.226.54.0/23
|
||||
185.241.192.0/22
|
||||
185.241.192.0/23
|
||||
185.241.194.0/23
|
||||
185.29.128.0/22
|
||||
185.29.130.0/24
|
||||
185.32.248.0/22
|
||||
185.32.248.0/23
|
||||
185.32.250.0/23
|
||||
185.5.136.0/22
|
||||
185.5.136.0/23
|
||||
185.5.138.0/23
|
||||
185.6.244.0/22
|
||||
185.6.244.0/23
|
||||
185.6.246.0/23
|
||||
185.86.144.0/22
|
||||
185.86.144.0/23
|
||||
185.86.146.0/23
|
||||
188.93.56.0/21
|
||||
188.93.56.0/24
|
||||
188.93.57.0/24
|
||||
188.93.58.0/24
|
||||
188.93.60.0/24
|
||||
188.93.61.0/24
|
||||
188.93.62.0/24
|
||||
193.203.40.0/22
|
||||
194.84.16.12/30
|
||||
195.211.20.0/22
|
||||
195.211.22.0/24
|
||||
195.211.23.0/24
|
||||
212.111.84.0/22
|
||||
212.233.120.0/22
|
||||
212.233.72.0/21
|
||||
212.233.88.0/21
|
||||
212.233.96.0/22
|
||||
213.219.212.0/22
|
||||
213.219.212.0/23
|
||||
213.219.214.0/23
|
||||
217.16.16.0/20
|
||||
217.16.16.0/21
|
||||
217.16.24.0/21
|
||||
217.174.188.0/23
|
||||
217.20.144.0/20
|
||||
217.20.144.0/22
|
||||
217.20.148.0/24
|
||||
217.20.149.0/24
|
||||
217.20.150.0/23
|
||||
217.20.152.0/22
|
||||
217.20.156.0/23
|
||||
217.20.158.0/24
|
||||
217.20.159.0/24
|
||||
217.69.128.0/20
|
||||
217.69.128.0/21
|
||||
217.69.136.0/21
|
||||
2a00:bdc0::/29
|
||||
37.139.32.0/22
|
||||
37.139.32.0/23
|
||||
37.139.34.0/23
|
||||
37.139.40.0/22
|
||||
37.139.40.0/23
|
||||
37.139.42.0/23
|
||||
45.136.20.0/22
|
||||
45.136.20.0/23
|
||||
45.136.22.0/23
|
||||
45.84.128.0/22
|
||||
45.84.128.0/23
|
||||
45.84.130.0/23
|
||||
5.101.40.0/22
|
||||
5.101.40.0/23
|
||||
5.101.42.0/23
|
||||
5.181.60.0/22
|
||||
5.181.60.0/24
|
||||
5.181.61.0/24
|
||||
5.181.62.0/23
|
||||
5.188.140.0/22
|
||||
5.188.140.0/23
|
||||
5.188.142.0/23
|
||||
5.61.16.0/21
|
||||
5.61.16.0/22
|
||||
5.61.20.0/22
|
||||
5.61.232.0/21
|
||||
5.61.232.0/22
|
||||
5.61.236.0/23
|
||||
5.61.238.0/24
|
||||
5.61.239.0/27
|
||||
5.61.239.128/25
|
||||
5.61.239.40/29
|
||||
5.61.239.48/28
|
||||
5.61.239.64/26
|
||||
62.217.160.0/20
|
||||
62.217.160.0/21
|
||||
62.217.168.0/21
|
||||
79.137.132.0/24
|
||||
79.137.132.0/25
|
||||
79.137.132.128/25
|
||||
79.137.139.0/24
|
||||
79.137.139.0/25
|
||||
79.137.139.128/25
|
||||
79.137.157.0/25
|
||||
79.137.157.128/25
|
||||
79.137.164.0/24
|
||||
79.137.164.0/25
|
||||
79.137.164.128/25
|
||||
79.137.167.0/24
|
||||
79.137.167.0/25
|
||||
79.137.167.128/25
|
||||
79.137.174.0/23
|
||||
79.137.174.0/24
|
||||
79.137.175.0/24
|
||||
79.137.180.0/24
|
||||
79.137.180.0/25
|
||||
79.137.180.128/25
|
||||
79.137.240.0/21
|
||||
79.137.240.0/22
|
||||
79.137.244.0/22
|
||||
83.166.232.0/21
|
||||
83.166.232.0/22
|
||||
83.166.236.0/22
|
||||
83.166.248.0/21
|
||||
83.166.248.0/22
|
||||
83.166.252.0/22
|
||||
83.217.216.0/22
|
||||
83.217.216.0/23
|
||||
83.217.218.0/23
|
||||
83.222.28.0/22
|
||||
84.23.52.0/22
|
||||
84.23.52.0/23
|
||||
84.23.54.0/23
|
||||
85.114.31.108/30
|
||||
85.192.32.0/22
|
||||
85.192.32.0/23
|
||||
85.192.34.0/23
|
||||
85.198.106.0/24
|
||||
85.198.107.0/24
|
||||
87.239.104.0/21
|
||||
87.239.104.0/22
|
||||
87.239.108.0/22
|
||||
87.240.128.0/18
|
||||
87.240.128.0/19
|
||||
87.240.160.0/19
|
||||
87.242.112.0/22
|
||||
89.208.196.0/22
|
||||
89.208.196.0/23
|
||||
89.208.198.0/23
|
||||
89.208.208.0/22
|
||||
89.208.208.0/23
|
||||
89.208.210.0/23
|
||||
89.208.216.0/21
|
||||
89.208.216.0/23
|
||||
89.208.218.0/23
|
||||
89.208.220.0/22
|
||||
89.208.228.0/22
|
||||
89.208.228.0/23
|
||||
89.208.230.0/23
|
||||
89.208.84.0/22
|
||||
89.208.84.0/23
|
||||
89.208.86.0/23
|
||||
89.221.228.0/22
|
||||
89.221.232.0/21
|
||||
90.156.148.0/22
|
||||
90.156.148.0/23
|
||||
90.156.150.0/23
|
||||
90.156.212.0/22
|
||||
90.156.212.0/23
|
||||
90.156.214.0/23
|
||||
90.156.216.0/22
|
||||
90.156.216.0/23
|
||||
90.156.218.0/23
|
||||
90.156.232.0/21
|
||||
91.219.224.0/22
|
||||
91.231.132.0/22
|
||||
91.237.76.0/24
|
||||
93.153.255.84/30
|
||||
93.186.224.0/20
|
||||
93.186.224.0/21
|
||||
93.186.232.0/21
|
||||
94.100.176.0/20
|
||||
94.100.176.0/21
|
||||
94.100.184.0/21
|
||||
94.139.244.0/22
|
||||
94.139.244.0/23
|
||||
94.139.246.0/23
|
||||
95.142.192.0/20
|
||||
95.142.192.0/21
|
||||
95.142.200.0/21
|
||||
95.163.180.0/22
|
||||
95.163.180.0/23
|
||||
95.163.182.0/23
|
||||
95.163.208.0/21
|
||||
95.163.208.0/23
|
||||
95.163.210.0/23
|
||||
95.163.212.0/22
|
||||
95.163.216.0/22
|
||||
95.163.216.0/23
|
||||
95.163.218.0/23
|
||||
95.163.248.0/21
|
||||
95.163.248.0/22
|
||||
95.163.252.0/23
|
||||
95.163.254.0/23
|
||||
95.163.32.0/19
|
||||
95.163.32.0/22
|
||||
95.163.36.0/22
|
||||
95.163.40.0/21
|
||||
95.163.48.0/20
|
||||
95.213.0.0/17
|
||||
95.213.0.0/20
|
||||
95.213.16.0/21
|
||||
95.213.24.0/23
|
||||
95.213.26.0/24
|
||||
95.213.27.0/24
|
||||
95.213.28.0/24
|
||||
95.213.29.0/24
|
||||
95.213.30.0/24
|
||||
95.213.31.0/24
|
||||
95.213.32.0/24
|
||||
95.213.33.0/24
|
||||
95.213.34.0/23
|
||||
95.213.36.0/22
|
||||
95.213.40.0/21
|
||||
95.213.48.0/20
|
||||
95.213.64.0/18
|
||||
1165
blacklists/blacklist.txt
Normal file
1165
blacklists/blacklist.txt
Normal file
File diff suppressed because it is too large
Load Diff
2527
blacklists/blacklist_with_comments.txt
Normal file
2527
blacklists/blacklist_with_comments.txt
Normal file
File diff suppressed because it is too large
Load Diff
1161
blacklists_iptables/blacklist-v4.ipset
Normal file
1161
blacklists_iptables/blacklist-v4.ipset
Normal file
File diff suppressed because it is too large
Load Diff
40
blacklists_iptables/blacklist-v6.ipset
Normal file
40
blacklists_iptables/blacklist-v6.ipset
Normal file
@@ -0,0 +1,40 @@
|
||||
# IPSet blacklist configuration (IPv6 only)
|
||||
# Auto-generated from blacklist-v6.txt
|
||||
# Last updated: 2026-03-31 07:05:56 UTC
|
||||
#
|
||||
# Usage:
|
||||
# 1. Load the ipset:
|
||||
# ipset restore < blacklist-v6.ipset
|
||||
#
|
||||
# 2. Use with iptables/ip6tables:
|
||||
# ip6tables -I INPUT -m set --match-set blacklist-v6 src -m conntrack --ctstate NEW -j DROP
|
||||
# ip6tables -I FORWARD -m set --match-set blacklist-v6 src -m conntrack --ctstate NEW -j DROP
|
||||
#
|
||||
# 3. To flush/delete the set:
|
||||
# ipset flush blacklist-v6
|
||||
# ipset destroy blacklist-v6
|
||||
#
|
||||
|
||||
create blacklist-v6 hash:net family inet6 hashsize 1024 maxelem 44
|
||||
add blacklist-v6 2a00:1148::/29
|
||||
add blacklist-v6 2a00:1148::/32
|
||||
add blacklist-v6 2a00:46e0:2::/48
|
||||
add blacklist-v6 2a00:46e0::/32
|
||||
add blacklist-v6 2a00:a300::/32
|
||||
add blacklist-v6 2a00:b4c0::/32
|
||||
add blacklist-v6 2a00:bdc0:8000::/34
|
||||
add blacklist-v6 2a00:bdc0::/33
|
||||
add blacklist-v6 2a00:bdc0:c000::/35
|
||||
add blacklist-v6 2a00:bdc0:e002::/48
|
||||
add blacklist-v6 2a00:bdc0:e003::/48
|
||||
add blacklist-v6 2a00:bdc0:e004::/48
|
||||
add blacklist-v6 2a00:bdc0:e005::/48
|
||||
add blacklist-v6 2a00:bdc0:e007::/48
|
||||
add blacklist-v6 2a00:bdc0:f000::/36
|
||||
add blacklist-v6 2a00:bdc1::/32
|
||||
add blacklist-v6 2a00:bdc2::/31
|
||||
add blacklist-v6 2a00:bdc4::/30
|
||||
add blacklist-v6 2a14:25c0::/32
|
||||
add blacklist-v6 2a14:25c5::/32
|
||||
add blacklist-v6 2a14:25c6::/32
|
||||
add blacklist-v6 2a14:25c7::/32
|
||||
285
blacklists_iptables/blacklist-vk-v4.ipset
Normal file
285
blacklists_iptables/blacklist-vk-v4.ipset
Normal file
@@ -0,0 +1,285 @@
|
||||
# IPSet blacklist configuration (VK names, IPv4 only)
|
||||
# Auto-generated from blacklist-vk-v4.txt
|
||||
# Last updated: 2026-03-31 07:05:56 UTC
|
||||
#
|
||||
# Usage:
|
||||
# 1. Load the ipset:
|
||||
# ipset restore < blacklist-vk-v4.ipset
|
||||
#
|
||||
# 2. Use with iptables/ip6tables:
|
||||
# iptables -I OUTPUT -m set --match-set blacklist-vk-v4 dst -j REJECT
|
||||
# iptables -I FORWARD -m set --match-set blacklist-vk-v4 dst -j REJECT
|
||||
#
|
||||
# 3. To flush/delete the set:
|
||||
# ipset flush blacklist-vk-v4
|
||||
# ipset destroy blacklist-vk-v4
|
||||
#
|
||||
|
||||
create blacklist-vk-v4 hash:net family inet hashsize 1024 maxelem 534
|
||||
add blacklist-vk-v4 109.120.180.0/22
|
||||
add blacklist-vk-v4 109.120.180.0/23
|
||||
add blacklist-vk-v4 109.120.182.0/23
|
||||
add blacklist-vk-v4 109.120.188.0/22
|
||||
add blacklist-vk-v4 109.120.188.0/23
|
||||
add blacklist-vk-v4 109.120.190.0/23
|
||||
add blacklist-vk-v4 128.140.168.0/21
|
||||
add blacklist-vk-v4 128.140.168.0/23
|
||||
add blacklist-vk-v4 128.140.170.0/24
|
||||
add blacklist-vk-v4 128.140.171.0/24
|
||||
add blacklist-vk-v4 128.140.172.0/22
|
||||
add blacklist-vk-v4 130.49.224.0/19
|
||||
add blacklist-vk-v4 146.185.208.0/22
|
||||
add blacklist-vk-v4 146.185.208.0/23
|
||||
add blacklist-vk-v4 146.185.210.0/23
|
||||
add blacklist-vk-v4 146.185.240.0/22
|
||||
add blacklist-vk-v4 146.185.240.0/23
|
||||
add blacklist-vk-v4 146.185.242.0/23
|
||||
add blacklist-vk-v4 155.212.192.0/20
|
||||
add blacklist-vk-v4 161.104.104.0/21
|
||||
add blacklist-vk-v4 176.112.168.0/21
|
||||
add blacklist-vk-v4 178.22.88.0/21
|
||||
add blacklist-vk-v4 178.22.89.64/26
|
||||
add blacklist-vk-v4 178.22.94.0/23
|
||||
add blacklist-vk-v4 178.237.16.0/20
|
||||
add blacklist-vk-v4 178.237.16.0/21
|
||||
add blacklist-vk-v4 178.237.24.0/22
|
||||
add blacklist-vk-v4 178.237.30.0/23
|
||||
add blacklist-vk-v4 185.100.104.0/22
|
||||
add blacklist-vk-v4 185.100.104.0/23
|
||||
add blacklist-vk-v4 185.100.106.0/23
|
||||
add blacklist-vk-v4 185.130.112.0/22
|
||||
add blacklist-vk-v4 185.130.112.0/23
|
||||
add blacklist-vk-v4 185.130.114.0/23
|
||||
add blacklist-vk-v4 185.131.68.0/22
|
||||
add blacklist-vk-v4 185.16.148.0/22
|
||||
add blacklist-vk-v4 185.16.148.0/23
|
||||
add blacklist-vk-v4 185.16.150.0/23
|
||||
add blacklist-vk-v4 185.16.244.0/22
|
||||
add blacklist-vk-v4 185.16.244.0/23
|
||||
add blacklist-vk-v4 185.16.246.0/23
|
||||
add blacklist-vk-v4 185.180.200.0/22
|
||||
add blacklist-vk-v4 185.187.63.0/24
|
||||
add blacklist-vk-v4 185.187.63.0/25
|
||||
add blacklist-vk-v4 185.187.63.128/25
|
||||
add blacklist-vk-v4 185.226.52.0/22
|
||||
add blacklist-vk-v4 185.226.52.0/23
|
||||
add blacklist-vk-v4 185.226.54.0/23
|
||||
add blacklist-vk-v4 185.241.192.0/22
|
||||
add blacklist-vk-v4 185.241.192.0/23
|
||||
add blacklist-vk-v4 185.241.194.0/23
|
||||
add blacklist-vk-v4 185.29.128.0/22
|
||||
add blacklist-vk-v4 185.29.130.0/24
|
||||
add blacklist-vk-v4 185.32.248.0/22
|
||||
add blacklist-vk-v4 185.32.248.0/23
|
||||
add blacklist-vk-v4 185.32.250.0/23
|
||||
add blacklist-vk-v4 185.5.136.0/22
|
||||
add blacklist-vk-v4 185.5.136.0/23
|
||||
add blacklist-vk-v4 185.5.138.0/23
|
||||
add blacklist-vk-v4 185.6.244.0/22
|
||||
add blacklist-vk-v4 185.6.244.0/23
|
||||
add blacklist-vk-v4 185.6.246.0/23
|
||||
add blacklist-vk-v4 185.86.144.0/22
|
||||
add blacklist-vk-v4 185.86.144.0/23
|
||||
add blacklist-vk-v4 185.86.146.0/23
|
||||
add blacklist-vk-v4 188.93.56.0/21
|
||||
add blacklist-vk-v4 188.93.56.0/24
|
||||
add blacklist-vk-v4 188.93.57.0/24
|
||||
add blacklist-vk-v4 188.93.58.0/24
|
||||
add blacklist-vk-v4 188.93.60.0/24
|
||||
add blacklist-vk-v4 188.93.61.0/24
|
||||
add blacklist-vk-v4 188.93.62.0/24
|
||||
add blacklist-vk-v4 193.203.40.0/22
|
||||
add blacklist-vk-v4 194.84.16.12/30
|
||||
add blacklist-vk-v4 195.211.20.0/22
|
||||
add blacklist-vk-v4 195.211.22.0/24
|
||||
add blacklist-vk-v4 195.211.23.0/24
|
||||
add blacklist-vk-v4 212.111.84.0/22
|
||||
add blacklist-vk-v4 212.233.120.0/22
|
||||
add blacklist-vk-v4 212.233.72.0/21
|
||||
add blacklist-vk-v4 212.233.88.0/21
|
||||
add blacklist-vk-v4 212.233.96.0/22
|
||||
add blacklist-vk-v4 213.219.212.0/22
|
||||
add blacklist-vk-v4 213.219.212.0/23
|
||||
add blacklist-vk-v4 213.219.214.0/23
|
||||
add blacklist-vk-v4 217.16.16.0/20
|
||||
add blacklist-vk-v4 217.16.16.0/21
|
||||
add blacklist-vk-v4 217.16.24.0/21
|
||||
add blacklist-vk-v4 217.174.188.0/23
|
||||
add blacklist-vk-v4 217.20.144.0/20
|
||||
add blacklist-vk-v4 217.20.144.0/22
|
||||
add blacklist-vk-v4 217.20.148.0/24
|
||||
add blacklist-vk-v4 217.20.149.0/24
|
||||
add blacklist-vk-v4 217.20.150.0/23
|
||||
add blacklist-vk-v4 217.20.152.0/22
|
||||
add blacklist-vk-v4 217.20.156.0/23
|
||||
add blacklist-vk-v4 217.20.158.0/24
|
||||
add blacklist-vk-v4 217.20.159.0/24
|
||||
add blacklist-vk-v4 217.69.128.0/20
|
||||
add blacklist-vk-v4 217.69.128.0/21
|
||||
add blacklist-vk-v4 217.69.136.0/21
|
||||
add blacklist-vk-v4 37.139.32.0/22
|
||||
add blacklist-vk-v4 37.139.32.0/23
|
||||
add blacklist-vk-v4 37.139.34.0/23
|
||||
add blacklist-vk-v4 37.139.40.0/22
|
||||
add blacklist-vk-v4 37.139.40.0/23
|
||||
add blacklist-vk-v4 37.139.42.0/23
|
||||
add blacklist-vk-v4 45.136.20.0/22
|
||||
add blacklist-vk-v4 45.136.20.0/23
|
||||
add blacklist-vk-v4 45.136.22.0/23
|
||||
add blacklist-vk-v4 45.84.128.0/22
|
||||
add blacklist-vk-v4 45.84.128.0/23
|
||||
add blacklist-vk-v4 45.84.130.0/23
|
||||
add blacklist-vk-v4 5.101.40.0/22
|
||||
add blacklist-vk-v4 5.101.40.0/23
|
||||
add blacklist-vk-v4 5.101.42.0/23
|
||||
add blacklist-vk-v4 5.181.60.0/22
|
||||
add blacklist-vk-v4 5.181.60.0/24
|
||||
add blacklist-vk-v4 5.181.61.0/24
|
||||
add blacklist-vk-v4 5.181.62.0/23
|
||||
add blacklist-vk-v4 5.188.140.0/22
|
||||
add blacklist-vk-v4 5.188.140.0/23
|
||||
add blacklist-vk-v4 5.188.142.0/23
|
||||
add blacklist-vk-v4 5.61.16.0/21
|
||||
add blacklist-vk-v4 5.61.16.0/22
|
||||
add blacklist-vk-v4 5.61.20.0/22
|
||||
add blacklist-vk-v4 5.61.232.0/21
|
||||
add blacklist-vk-v4 5.61.232.0/22
|
||||
add blacklist-vk-v4 5.61.236.0/23
|
||||
add blacklist-vk-v4 5.61.238.0/24
|
||||
add blacklist-vk-v4 5.61.239.0/27
|
||||
add blacklist-vk-v4 5.61.239.128/25
|
||||
add blacklist-vk-v4 5.61.239.40/29
|
||||
add blacklist-vk-v4 5.61.239.48/28
|
||||
add blacklist-vk-v4 5.61.239.64/26
|
||||
add blacklist-vk-v4 62.217.160.0/20
|
||||
add blacklist-vk-v4 62.217.160.0/21
|
||||
add blacklist-vk-v4 62.217.168.0/21
|
||||
add blacklist-vk-v4 79.137.132.0/24
|
||||
add blacklist-vk-v4 79.137.132.0/25
|
||||
add blacklist-vk-v4 79.137.132.128/25
|
||||
add blacklist-vk-v4 79.137.139.0/24
|
||||
add blacklist-vk-v4 79.137.139.0/25
|
||||
add blacklist-vk-v4 79.137.139.128/25
|
||||
add blacklist-vk-v4 79.137.157.0/25
|
||||
add blacklist-vk-v4 79.137.157.128/25
|
||||
add blacklist-vk-v4 79.137.164.0/24
|
||||
add blacklist-vk-v4 79.137.164.0/25
|
||||
add blacklist-vk-v4 79.137.164.128/25
|
||||
add blacklist-vk-v4 79.137.167.0/24
|
||||
add blacklist-vk-v4 79.137.167.0/25
|
||||
add blacklist-vk-v4 79.137.167.128/25
|
||||
add blacklist-vk-v4 79.137.174.0/23
|
||||
add blacklist-vk-v4 79.137.174.0/24
|
||||
add blacklist-vk-v4 79.137.175.0/24
|
||||
add blacklist-vk-v4 79.137.180.0/24
|
||||
add blacklist-vk-v4 79.137.180.0/25
|
||||
add blacklist-vk-v4 79.137.180.128/25
|
||||
add blacklist-vk-v4 79.137.240.0/21
|
||||
add blacklist-vk-v4 79.137.240.0/22
|
||||
add blacklist-vk-v4 79.137.244.0/22
|
||||
add blacklist-vk-v4 83.166.232.0/21
|
||||
add blacklist-vk-v4 83.166.232.0/22
|
||||
add blacklist-vk-v4 83.166.236.0/22
|
||||
add blacklist-vk-v4 83.166.248.0/21
|
||||
add blacklist-vk-v4 83.166.248.0/22
|
||||
add blacklist-vk-v4 83.166.252.0/22
|
||||
add blacklist-vk-v4 83.217.216.0/22
|
||||
add blacklist-vk-v4 83.217.216.0/23
|
||||
add blacklist-vk-v4 83.217.218.0/23
|
||||
add blacklist-vk-v4 83.222.28.0/22
|
||||
add blacklist-vk-v4 84.23.52.0/22
|
||||
add blacklist-vk-v4 84.23.52.0/23
|
||||
add blacklist-vk-v4 84.23.54.0/23
|
||||
add blacklist-vk-v4 85.114.31.108/30
|
||||
add blacklist-vk-v4 85.192.32.0/22
|
||||
add blacklist-vk-v4 85.192.32.0/23
|
||||
add blacklist-vk-v4 85.192.34.0/23
|
||||
add blacklist-vk-v4 85.198.106.0/24
|
||||
add blacklist-vk-v4 85.198.107.0/24
|
||||
add blacklist-vk-v4 87.239.104.0/21
|
||||
add blacklist-vk-v4 87.239.104.0/22
|
||||
add blacklist-vk-v4 87.239.108.0/22
|
||||
add blacklist-vk-v4 87.240.128.0/18
|
||||
add blacklist-vk-v4 87.240.128.0/19
|
||||
add blacklist-vk-v4 87.240.160.0/19
|
||||
add blacklist-vk-v4 87.242.112.0/22
|
||||
add blacklist-vk-v4 89.208.196.0/22
|
||||
add blacklist-vk-v4 89.208.196.0/23
|
||||
add blacklist-vk-v4 89.208.198.0/23
|
||||
add blacklist-vk-v4 89.208.208.0/22
|
||||
add blacklist-vk-v4 89.208.208.0/23
|
||||
add blacklist-vk-v4 89.208.210.0/23
|
||||
add blacklist-vk-v4 89.208.216.0/21
|
||||
add blacklist-vk-v4 89.208.216.0/23
|
||||
add blacklist-vk-v4 89.208.218.0/23
|
||||
add blacklist-vk-v4 89.208.220.0/22
|
||||
add blacklist-vk-v4 89.208.228.0/22
|
||||
add blacklist-vk-v4 89.208.228.0/23
|
||||
add blacklist-vk-v4 89.208.230.0/23
|
||||
add blacklist-vk-v4 89.208.84.0/22
|
||||
add blacklist-vk-v4 89.208.84.0/23
|
||||
add blacklist-vk-v4 89.208.86.0/23
|
||||
add blacklist-vk-v4 89.221.228.0/22
|
||||
add blacklist-vk-v4 89.221.232.0/21
|
||||
add blacklist-vk-v4 90.156.148.0/22
|
||||
add blacklist-vk-v4 90.156.148.0/23
|
||||
add blacklist-vk-v4 90.156.150.0/23
|
||||
add blacklist-vk-v4 90.156.212.0/22
|
||||
add blacklist-vk-v4 90.156.212.0/23
|
||||
add blacklist-vk-v4 90.156.214.0/23
|
||||
add blacklist-vk-v4 90.156.216.0/22
|
||||
add blacklist-vk-v4 90.156.216.0/23
|
||||
add blacklist-vk-v4 90.156.218.0/23
|
||||
add blacklist-vk-v4 90.156.232.0/21
|
||||
add blacklist-vk-v4 91.219.224.0/22
|
||||
add blacklist-vk-v4 91.231.132.0/22
|
||||
add blacklist-vk-v4 91.237.76.0/24
|
||||
add blacklist-vk-v4 93.153.255.84/30
|
||||
add blacklist-vk-v4 93.186.224.0/20
|
||||
add blacklist-vk-v4 93.186.224.0/21
|
||||
add blacklist-vk-v4 93.186.232.0/21
|
||||
add blacklist-vk-v4 94.100.176.0/20
|
||||
add blacklist-vk-v4 94.100.176.0/21
|
||||
add blacklist-vk-v4 94.100.184.0/21
|
||||
add blacklist-vk-v4 94.139.244.0/22
|
||||
add blacklist-vk-v4 94.139.244.0/23
|
||||
add blacklist-vk-v4 94.139.246.0/23
|
||||
add blacklist-vk-v4 95.142.192.0/20
|
||||
add blacklist-vk-v4 95.142.192.0/21
|
||||
add blacklist-vk-v4 95.142.200.0/21
|
||||
add blacklist-vk-v4 95.163.180.0/22
|
||||
add blacklist-vk-v4 95.163.180.0/23
|
||||
add blacklist-vk-v4 95.163.182.0/23
|
||||
add blacklist-vk-v4 95.163.208.0/21
|
||||
add blacklist-vk-v4 95.163.208.0/23
|
||||
add blacklist-vk-v4 95.163.210.0/23
|
||||
add blacklist-vk-v4 95.163.212.0/22
|
||||
add blacklist-vk-v4 95.163.216.0/22
|
||||
add blacklist-vk-v4 95.163.216.0/23
|
||||
add blacklist-vk-v4 95.163.218.0/23
|
||||
add blacklist-vk-v4 95.163.248.0/21
|
||||
add blacklist-vk-v4 95.163.248.0/22
|
||||
add blacklist-vk-v4 95.163.252.0/23
|
||||
add blacklist-vk-v4 95.163.254.0/23
|
||||
add blacklist-vk-v4 95.163.32.0/19
|
||||
add blacklist-vk-v4 95.163.32.0/22
|
||||
add blacklist-vk-v4 95.163.36.0/22
|
||||
add blacklist-vk-v4 95.163.40.0/21
|
||||
add blacklist-vk-v4 95.163.48.0/20
|
||||
add blacklist-vk-v4 95.213.0.0/17
|
||||
add blacklist-vk-v4 95.213.0.0/20
|
||||
add blacklist-vk-v4 95.213.16.0/21
|
||||
add blacklist-vk-v4 95.213.24.0/23
|
||||
add blacklist-vk-v4 95.213.26.0/24
|
||||
add blacklist-vk-v4 95.213.27.0/24
|
||||
add blacklist-vk-v4 95.213.28.0/24
|
||||
add blacklist-vk-v4 95.213.29.0/24
|
||||
add blacklist-vk-v4 95.213.30.0/24
|
||||
add blacklist-vk-v4 95.213.31.0/24
|
||||
add blacklist-vk-v4 95.213.32.0/24
|
||||
add blacklist-vk-v4 95.213.33.0/24
|
||||
add blacklist-vk-v4 95.213.34.0/23
|
||||
add blacklist-vk-v4 95.213.36.0/22
|
||||
add blacklist-vk-v4 95.213.40.0/21
|
||||
add blacklist-vk-v4 95.213.48.0/20
|
||||
add blacklist-vk-v4 95.213.64.0/18
|
||||
19
blacklists_iptables/blacklist-vk-v6.ipset
Normal file
19
blacklists_iptables/blacklist-vk-v6.ipset
Normal file
@@ -0,0 +1,19 @@
|
||||
# IPSet blacklist configuration (VK names, IPv6 only)
|
||||
# Auto-generated from blacklist-vk-v6.txt
|
||||
# Last updated: 2026-03-31 07:05:56 UTC
|
||||
#
|
||||
# Usage:
|
||||
# 1. Load the ipset:
|
||||
# ipset restore < blacklist-vk-v6.ipset
|
||||
#
|
||||
# 2. Use with iptables/ip6tables:
|
||||
# ip6tables -I OUTPUT -m set --match-set blacklist-vk-v6 dst -j REJECT
|
||||
# ip6tables -I FORWARD -m set --match-set blacklist-vk-v6 dst -j REJECT
|
||||
#
|
||||
# 3. To flush/delete the set:
|
||||
# ipset flush blacklist-vk-v6
|
||||
# ipset destroy blacklist-vk-v6
|
||||
#
|
||||
|
||||
create blacklist-vk-v6 hash:net family inet6 hashsize 1024 maxelem 2
|
||||
add blacklist-vk-v6 2a00:bdc0::/29
|
||||
52
blacklists_nftables/README.md
Normal file
52
blacklists_nftables/README.md
Normal file
@@ -0,0 +1,52 @@
|
||||
# nftables blacklists
|
||||
|
||||
Short: ready-to-use nftables set files (general and VK-only, separated by IPv4/IPv6).
|
||||
|
||||
## Download links
|
||||
|
||||
- https://raw.githubusercontent.com/C24Be/AS_Network_List/refs/heads/main/blacklists_nftables/blacklist.nft
|
||||
- https://raw.githubusercontent.com/C24Be/AS_Network_List/refs/heads/main/blacklists_nftables/blacklist-v4.nft
|
||||
- https://raw.githubusercontent.com/C24Be/AS_Network_List/refs/heads/main/blacklists_nftables/blacklist-v6.nft
|
||||
- https://raw.githubusercontent.com/C24Be/AS_Network_List/refs/heads/main/blacklists_nftables/blacklist-vk.nft
|
||||
- https://raw.githubusercontent.com/C24Be/AS_Network_List/refs/heads/main/blacklists_nftables/blacklist-vk-v4.nft
|
||||
- https://raw.githubusercontent.com/C24Be/AS_Network_List/refs/heads/main/blacklists_nftables/blacklist-vk-v6.nft
|
||||
|
||||
## How to use
|
||||
|
||||
### 1) Protect VM from incoming connections (general blacklists)
|
||||
|
||||
Load either mixed or split general set files:
|
||||
|
||||
```bash
|
||||
sudo nft -f blacklist.nft
|
||||
# or:
|
||||
sudo nft -f blacklist-v4.nft
|
||||
sudo nft -f blacklist-v6.nft
|
||||
```
|
||||
|
||||
Apply rules for inbound traffic to the VM:
|
||||
|
||||
```bash
|
||||
sudo nft add chain inet filter input '{ type filter hook input priority 0; policy accept; }'
|
||||
sudo nft add rule inet filter input ip saddr @blacklist_v4 counter reject
|
||||
sudo nft add rule inet filter input ip6 saddr @blacklist_v6 counter reject
|
||||
```
|
||||
|
||||
### 2) Block VK outbound traffic for VPN clients via NAT/FORWARD
|
||||
|
||||
Load either mixed or split VK set files:
|
||||
|
||||
```bash
|
||||
sudo nft -f blacklist-vk.nft
|
||||
# or:
|
||||
sudo nft -f blacklist-vk-v4.nft
|
||||
sudo nft -f blacklist-vk-v6.nft
|
||||
```
|
||||
|
||||
Apply rules for forwarded client traffic (replace `<VPN_IFACE>`):
|
||||
|
||||
```bash
|
||||
sudo nft add chain inet filter forward '{ type filter hook forward priority 0; policy accept; }'
|
||||
sudo nft add rule inet filter forward iifname "<VPN_IFACE>" ip daddr @blacklist_vk_v4 counter reject
|
||||
sudo nft add rule inet filter forward iifname "<VPN_IFACE>" ip6 daddr @blacklist_vk_v6 counter reject
|
||||
```
|
||||
829
blacklists_nftables/blacklist-v4.nft
Normal file
829
blacklists_nftables/blacklist-v4.nft
Normal file
@@ -0,0 +1,829 @@
|
||||
# Autogenerated nftables blacklist
|
||||
# Generated: 2026-03-31T07:05:56.717454Z
|
||||
# Source: /tmp/blacklist-v4.txt
|
||||
# IPv4: 802, IPv6: 0
|
||||
#
|
||||
# Usage:
|
||||
# sudo nft -f <this-file>
|
||||
# # VM protection from incoming blacklist sources
|
||||
# sudo nft add chain inet filter input '{ type filter hook input priority 0; policy accept; }'
|
||||
# sudo nft add rule inet filter input ip saddr @blacklist_v4 counter reject
|
||||
# sudo nft add rule inet filter input ip6 saddr @blacklist_v6 counter reject
|
||||
|
||||
table inet filter {
|
||||
|
||||
set blacklist_v4 {
|
||||
type ipv4_addr
|
||||
flags interval
|
||||
elements = {
|
||||
5.61.16.0/21,
|
||||
5.61.232.0/21,
|
||||
5.101.40.0/22,
|
||||
5.181.60.0/22,
|
||||
5.188.140.0/22,
|
||||
31.44.63.64/29,
|
||||
31.177.95.0/24,
|
||||
31.177.104.0/22,
|
||||
37.28.161.48/30,
|
||||
37.29.53.16/30,
|
||||
37.29.57.52/30,
|
||||
37.29.57.64/30,
|
||||
37.29.59.56/30,
|
||||
37.139.32.0/22,
|
||||
37.139.40.0/22,
|
||||
45.84.128.0/22,
|
||||
45.136.20.0/22,
|
||||
46.20.70.160/28,
|
||||
46.29.152.0/22,
|
||||
46.29.156.0/23,
|
||||
46.46.142.160/28,
|
||||
46.46.148.40/29,
|
||||
46.47.197.128/30,
|
||||
46.47.199.76/30,
|
||||
46.47.203.52/30,
|
||||
46.47.207.96/30,
|
||||
46.47.208.84/30,
|
||||
46.47.210.76/30,
|
||||
46.47.211.0/24,
|
||||
46.47.212.204/30,
|
||||
46.47.213.0/24,
|
||||
46.47.214.200/30,
|
||||
46.47.219.200/30,
|
||||
46.47.223.196/30,
|
||||
46.47.229.0/28,
|
||||
46.47.238.144/30,
|
||||
46.47.249.176/29,
|
||||
46.61.208.0/24,
|
||||
46.228.0.232/29,
|
||||
62.5.130.104/29,
|
||||
62.5.132.224/29,
|
||||
62.5.189.80/29,
|
||||
62.5.202.60/30,
|
||||
62.5.218.204/30,
|
||||
62.5.224.188/30,
|
||||
62.5.242.80/28,
|
||||
62.28.169.168/30,
|
||||
62.33.34.16/28,
|
||||
62.33.87.128/28,
|
||||
62.33.199.80/29,
|
||||
62.63.96.32/28,
|
||||
62.63.98.24/29,
|
||||
62.63.100.160/30,
|
||||
62.63.101.80/29,
|
||||
62.76.98.0/24,
|
||||
62.105.158.200/29,
|
||||
62.112.110.64/28,
|
||||
62.118.101.184/29,
|
||||
62.118.113.232/29,
|
||||
62.118.125.188/30,
|
||||
62.118.127.240/28,
|
||||
62.118.193.8/29,
|
||||
62.118.205.68/30,
|
||||
62.118.208.100/30,
|
||||
62.118.209.192/30,
|
||||
62.118.216.60/30,
|
||||
62.118.219.184/30,
|
||||
62.118.230.4/30,
|
||||
62.118.233.224/29,
|
||||
62.118.234.64/29,
|
||||
62.118.239.128/29,
|
||||
62.141.125.0/25,
|
||||
62.217.160.0/20,
|
||||
77.34.209.160/28,
|
||||
77.35.76.80/28,
|
||||
77.35.98.240/28,
|
||||
77.37.128.0/17,
|
||||
77.72.139.0/28,
|
||||
77.82.124.112/29,
|
||||
77.243.9.80/28,
|
||||
78.24.159.48/29,
|
||||
78.37.67.24/29,
|
||||
78.37.69.160/27,
|
||||
78.37.84.120/29,
|
||||
78.37.97.88/29,
|
||||
78.37.104.0/29,
|
||||
78.107.3.208/28,
|
||||
78.107.13.208/28,
|
||||
78.107.16.96/28,
|
||||
78.107.18.112/28,
|
||||
78.107.40.160/28,
|
||||
78.107.42.144/28,
|
||||
78.107.51.16/28,
|
||||
78.107.61.96/28,
|
||||
78.107.86.32/28,
|
||||
78.108.192.0/21,
|
||||
78.108.200.0/24,
|
||||
78.109.140.112/29,
|
||||
79.133.74.160/30,
|
||||
79.133.75.44/30,
|
||||
79.133.75.176/30,
|
||||
79.137.132.0/24,
|
||||
79.137.139.0/24,
|
||||
79.137.140.0/24,
|
||||
79.137.142.0/24,
|
||||
79.137.157.0/24,
|
||||
79.137.164.0/24,
|
||||
79.137.167.0/24,
|
||||
79.137.174.0/23,
|
||||
79.137.180.0/24,
|
||||
79.137.183.0/24,
|
||||
79.137.240.0/21,
|
||||
79.142.88.0/28,
|
||||
79.143.229.0/24,
|
||||
79.143.230.0/24,
|
||||
79.143.232.0/24,
|
||||
80.73.16.0/20,
|
||||
80.73.168.80/28,
|
||||
80.73.169.244/30,
|
||||
80.82.43.24/29,
|
||||
80.89.152.220/30,
|
||||
80.237.11.88/29,
|
||||
80.237.39.112/29,
|
||||
80.237.98.80/28,
|
||||
80.247.32.0/20,
|
||||
80.254.100.40/29,
|
||||
80.254.119.168/29,
|
||||
81.1.195.0/28,
|
||||
81.1.205.96/27,
|
||||
81.2.1.0/28,
|
||||
81.2.10.192/27,
|
||||
81.3.168.148/30,
|
||||
81.17.2.192/28,
|
||||
81.17.3.16/29,
|
||||
81.176.70.0/26,
|
||||
81.176.235.0/27,
|
||||
81.177.12.0/24,
|
||||
81.177.31.64/26,
|
||||
81.177.156.0/24,
|
||||
81.195.36.48/28,
|
||||
81.195.44.248/30,
|
||||
81.195.45.64/30,
|
||||
81.195.50.72/29,
|
||||
81.195.90.44/30,
|
||||
81.195.92.48/30,
|
||||
81.195.93.192/27,
|
||||
81.195.94.72/29,
|
||||
81.195.105.160/28,
|
||||
81.195.108.164/30,
|
||||
81.195.112.36/30,
|
||||
81.195.118.48/30,
|
||||
81.195.118.128/30,
|
||||
81.195.120.16/29,
|
||||
81.195.124.52/30,
|
||||
81.195.125.96/30,
|
||||
81.195.148.140/30,
|
||||
81.195.150.248/30,
|
||||
81.195.151.0/24,
|
||||
81.195.155.0/30,
|
||||
81.195.161.12/30,
|
||||
81.195.164.0/24,
|
||||
81.195.165.64/28,
|
||||
81.195.168.24/30,
|
||||
81.195.177.160/30,
|
||||
81.195.178.224/27,
|
||||
81.195.182.64/28,
|
||||
81.195.192.96/30,
|
||||
81.195.231.128/26,
|
||||
81.195.244.32/29,
|
||||
81.195.245.0/28,
|
||||
81.195.247.128/28,
|
||||
81.195.250.16/29,
|
||||
81.211.32.16/28,
|
||||
81.222.194.200/29,
|
||||
81.222.209.136/29,
|
||||
81.222.210.24/29,
|
||||
82.140.65.240/29,
|
||||
82.142.162.104/29,
|
||||
82.151.107.136/29,
|
||||
82.162.72.208/28,
|
||||
82.162.76.176/28,
|
||||
82.162.80.192/28,
|
||||
82.162.87.192/28,
|
||||
82.162.90.0/28,
|
||||
82.162.103.144/28,
|
||||
82.162.126.96/28,
|
||||
82.162.149.160/28,
|
||||
82.162.157.64/28,
|
||||
82.162.158.176/28,
|
||||
82.162.172.112/28,
|
||||
82.179.86.32/27,
|
||||
82.196.69.152/30,
|
||||
82.196.130.0/27,
|
||||
82.198.176.16/29,
|
||||
82.198.176.144/29,
|
||||
82.198.176.208/29,
|
||||
82.198.189.128/26,
|
||||
82.198.190.64/26,
|
||||
82.198.191.96/27,
|
||||
82.198.191.248/29,
|
||||
82.200.13.0/27,
|
||||
82.200.22.136/29,
|
||||
82.200.22.144/28,
|
||||
82.200.64.0/24,
|
||||
82.208.68.240/28,
|
||||
82.208.77.104/29,
|
||||
82.208.81.0/24,
|
||||
82.208.93.160/27,
|
||||
83.69.207.248/29,
|
||||
83.149.42.64/29,
|
||||
83.166.232.0/21,
|
||||
83.166.248.0/21,
|
||||
83.172.36.224/29,
|
||||
83.217.216.0/22,
|
||||
83.219.5.248/29,
|
||||
83.219.6.72/29,
|
||||
83.219.13.128/29,
|
||||
83.219.13.184/29,
|
||||
83.219.23.8/29,
|
||||
83.219.23.48/29,
|
||||
83.219.25.0/29,
|
||||
83.219.25.112/29,
|
||||
83.219.138.16/28,
|
||||
83.220.53.16/28,
|
||||
83.222.28.0/22,
|
||||
83.229.181.192/26,
|
||||
83.229.232.16/29,
|
||||
84.23.52.0/22,
|
||||
84.53.210.144/28,
|
||||
84.204.7.144/29,
|
||||
84.204.93.232/30,
|
||||
84.204.143.44/30,
|
||||
84.204.154.16/30,
|
||||
84.204.170.220/30,
|
||||
84.204.217.164/30,
|
||||
84.204.245.208/29,
|
||||
85.21.99.48/28,
|
||||
85.21.99.64/28,
|
||||
85.21.102.224/28,
|
||||
85.21.103.64/28,
|
||||
85.21.104.192/27,
|
||||
85.21.148.0/26,
|
||||
85.21.149.48/28,
|
||||
85.21.155.208/28,
|
||||
85.21.157.48/28,
|
||||
85.21.204.208/28,
|
||||
85.90.98.144/30,
|
||||
85.90.99.168/29,
|
||||
85.90.100.72/29,
|
||||
85.90.101.112/28,
|
||||
85.90.101.192/29,
|
||||
85.90.102.168/29,
|
||||
85.90.120.72/29,
|
||||
85.90.121.72/29,
|
||||
85.90.125.96/29,
|
||||
85.90.127.16/29,
|
||||
85.94.52.160/27,
|
||||
85.94.53.32/28,
|
||||
85.114.30.192/30,
|
||||
85.114.30.204/30,
|
||||
85.114.31.108/30,
|
||||
85.114.93.88/29,
|
||||
85.141.17.24/30,
|
||||
85.141.17.112/30,
|
||||
85.141.18.80/30,
|
||||
85.141.19.56/30,
|
||||
85.141.21.236/30,
|
||||
85.141.28.0/30,
|
||||
85.141.31.68/30,
|
||||
85.141.32.96/28,
|
||||
85.141.33.0/28,
|
||||
85.141.33.64/28,
|
||||
85.141.60.96/28,
|
||||
85.141.61.160/28,
|
||||
85.143.125.0/24,
|
||||
85.146.204.44/30,
|
||||
85.192.32.0/22,
|
||||
85.198.106.0/23,
|
||||
85.236.29.160/27,
|
||||
86.102.72.240/28,
|
||||
86.102.74.64/28,
|
||||
86.102.100.48/28,
|
||||
86.102.108.32/28,
|
||||
86.102.109.32/27,
|
||||
86.102.115.80/28,
|
||||
86.102.126.80/28,
|
||||
86.102.126.160/28,
|
||||
87.117.18.144/29,
|
||||
87.117.20.64/26,
|
||||
87.117.20.128/28,
|
||||
87.117.21.0/26,
|
||||
87.117.21.64/28,
|
||||
87.117.21.80/29,
|
||||
87.117.23.128/28,
|
||||
87.117.31.56/29,
|
||||
87.225.56.224/28,
|
||||
87.226.156.64/26,
|
||||
87.226.191.0/24,
|
||||
87.226.213.0/24,
|
||||
87.226.239.180/30,
|
||||
87.237.47.204/30,
|
||||
87.239.104.0/21,
|
||||
87.240.128.0/18,
|
||||
87.242.112.0/22,
|
||||
87.245.133.0/24,
|
||||
87.249.3.64/28,
|
||||
87.249.5.48/30,
|
||||
87.249.7.120/29,
|
||||
87.249.16.32/28,
|
||||
87.249.18.60/30,
|
||||
87.249.22.72/29,
|
||||
87.249.28.232/29,
|
||||
87.249.30.176/30,
|
||||
88.83.195.248/30,
|
||||
88.151.200.0/24,
|
||||
88.200.208.112/29,
|
||||
89.21.129.16/28,
|
||||
89.21.140.104/29,
|
||||
89.21.152.104/29,
|
||||
89.28.253.168/29,
|
||||
89.28.255.56/29,
|
||||
89.106.172.160/29,
|
||||
89.107.123.120/29,
|
||||
89.107.123.136/29,
|
||||
89.107.127.136/29,
|
||||
89.109.7.176/29,
|
||||
89.109.250.28/30,
|
||||
89.109.250.80/30,
|
||||
89.109.250.88/29,
|
||||
89.109.250.96/30,
|
||||
89.109.250.132/30,
|
||||
89.109.250.140/30,
|
||||
89.111.176.0/22,
|
||||
89.175.6.64/27,
|
||||
89.175.8.36/30,
|
||||
89.175.8.40/29,
|
||||
89.175.8.52/30,
|
||||
89.175.8.68/30,
|
||||
89.175.8.104/30,
|
||||
89.175.8.140/30,
|
||||
89.175.8.192/30,
|
||||
89.175.9.4/30,
|
||||
89.175.10.160/30,
|
||||
89.175.165.208/28,
|
||||
89.175.170.144/28,
|
||||
89.175.174.136/29,
|
||||
89.175.176.88/30,
|
||||
89.175.176.140/30,
|
||||
89.175.176.176/30,
|
||||
89.175.188.184/29,
|
||||
89.179.155.192/28,
|
||||
89.179.179.16/28,
|
||||
89.179.181.0/24,
|
||||
89.208.84.0/22,
|
||||
89.208.196.0/22,
|
||||
89.208.208.0/22,
|
||||
89.208.216.0/21,
|
||||
89.208.228.0/22,
|
||||
89.221.228.0/22,
|
||||
89.221.232.0/21,
|
||||
90.150.176.52/30,
|
||||
90.150.189.32/29,
|
||||
90.150.189.128/26,
|
||||
90.150.189.192/27,
|
||||
90.150.189.224/28,
|
||||
90.150.189.248/29,
|
||||
90.156.148.0/22,
|
||||
90.156.212.0/22,
|
||||
90.156.216.0/22,
|
||||
90.156.232.0/21,
|
||||
91.103.194.184/29,
|
||||
91.135.212.0/22,
|
||||
91.135.216.0/21,
|
||||
91.195.136.0/23,
|
||||
91.208.20.0/24,
|
||||
91.215.168.0/22,
|
||||
91.217.34.0/23,
|
||||
91.219.192.0/22,
|
||||
91.219.224.0/22,
|
||||
91.221.140.0/23,
|
||||
91.226.250.0/24,
|
||||
91.227.32.0/24,
|
||||
91.231.132.0/22,
|
||||
91.237.76.0/24,
|
||||
92.38.217.0/24,
|
||||
92.39.106.20/30,
|
||||
92.39.106.168/30,
|
||||
92.39.111.84/30,
|
||||
92.39.128.0/21,
|
||||
92.50.198.72/30,
|
||||
92.50.198.124/30,
|
||||
92.50.219.136/29,
|
||||
92.50.238.224/29,
|
||||
92.101.253.96/29,
|
||||
92.101.253.152/29,
|
||||
93.153.134.112/29,
|
||||
93.153.135.88/30,
|
||||
93.153.136.132/30,
|
||||
93.153.142.4/30,
|
||||
93.153.144.60/30,
|
||||
93.153.171.204/30,
|
||||
93.153.172.100/30,
|
||||
93.153.175.44/30,
|
||||
93.153.183.104/30,
|
||||
93.153.194.160/29,
|
||||
93.153.220.192/29,
|
||||
93.153.223.8/29,
|
||||
93.153.229.232/29,
|
||||
93.153.244.188/30,
|
||||
93.153.244.248/29,
|
||||
93.153.251.0/24,
|
||||
93.153.255.84/30,
|
||||
93.178.104.32/29,
|
||||
93.178.104.64/29,
|
||||
93.178.106.0/26,
|
||||
93.186.224.0/20,
|
||||
93.188.20.72/29,
|
||||
93.190.110.0/24,
|
||||
94.25.53.56/29,
|
||||
94.25.57.176/29,
|
||||
94.25.57.224/28,
|
||||
94.25.65.16/29,
|
||||
94.25.70.64/30,
|
||||
94.25.90.240/29,
|
||||
94.25.95.136/30,
|
||||
94.25.119.228/30,
|
||||
94.100.176.0/20,
|
||||
94.124.192.192/29,
|
||||
94.139.244.0/22,
|
||||
94.199.64.0/21,
|
||||
95.53.248.0/29,
|
||||
95.54.193.80/28,
|
||||
95.142.192.0/20,
|
||||
95.163.32.0/19,
|
||||
95.163.133.0/24,
|
||||
95.163.180.0/22,
|
||||
95.163.208.0/21,
|
||||
95.163.216.0/22,
|
||||
95.163.248.0/21,
|
||||
95.167.2.4/30,
|
||||
95.167.4.168/29,
|
||||
95.167.5.64/27,
|
||||
95.167.21.104/29,
|
||||
95.167.29.104/29,
|
||||
95.167.54.76/30,
|
||||
95.167.59.244/30,
|
||||
95.167.59.248/30,
|
||||
95.167.64.20/30,
|
||||
95.167.68.216/29,
|
||||
95.167.69.116/30,
|
||||
95.167.70.32/28,
|
||||
95.167.70.136/29,
|
||||
95.167.70.176/28,
|
||||
95.167.72.48/30,
|
||||
95.167.72.140/30,
|
||||
95.167.72.204/30,
|
||||
95.167.74.136/29,
|
||||
95.167.74.180/30,
|
||||
95.167.76.160/27,
|
||||
95.167.99.48/28,
|
||||
95.167.113.48/30,
|
||||
95.167.114.48/30,
|
||||
95.167.121.68/30,
|
||||
95.167.122.128/28,
|
||||
95.167.142.32/30,
|
||||
95.167.157.156/30,
|
||||
95.167.162.76/30,
|
||||
95.167.162.236/30,
|
||||
95.167.176.0/23,
|
||||
95.167.213.0/24,
|
||||
95.173.128.0/19,
|
||||
95.213.0.0/17,
|
||||
109.73.4.224/27,
|
||||
109.120.180.0/22,
|
||||
109.120.188.0/22,
|
||||
109.124.66.128/30,
|
||||
109.124.66.160/28,
|
||||
109.124.71.64/29,
|
||||
109.124.78.108/30,
|
||||
109.124.80.132/30,
|
||||
109.124.83.20/30,
|
||||
109.124.87.96/29,
|
||||
109.124.89.36/30,
|
||||
109.124.89.140/30,
|
||||
109.124.89.212/30,
|
||||
109.124.90.32/30,
|
||||
109.124.90.128/30,
|
||||
109.124.97.4/30,
|
||||
109.124.99.16/30,
|
||||
109.124.99.160/28,
|
||||
109.124.119.88/29,
|
||||
109.204.204.232/29,
|
||||
109.207.0.0/20,
|
||||
109.232.187.16/29,
|
||||
109.248.197.0/24,
|
||||
128.140.168.0/21,
|
||||
130.49.224.0/19,
|
||||
145.255.238.240/28,
|
||||
146.185.208.0/22,
|
||||
146.185.240.0/22,
|
||||
149.62.55.240/30,
|
||||
155.212.192.0/20,
|
||||
161.104.104.0/21,
|
||||
176.109.0.0/21,
|
||||
176.112.168.0/21,
|
||||
176.116.96.0/20,
|
||||
176.116.112.0/22,
|
||||
178.16.156.148/30,
|
||||
178.17.176.0/20,
|
||||
178.20.234.224/29,
|
||||
178.22.88.0/21,
|
||||
178.49.148.176/29,
|
||||
178.237.16.0/20,
|
||||
178.237.206.0/24,
|
||||
178.237.240.0/20,
|
||||
178.248.232.60/32,
|
||||
178.248.232.137/32,
|
||||
178.248.233.26/32,
|
||||
178.248.233.32/32,
|
||||
178.248.233.60/32,
|
||||
178.248.233.136/32,
|
||||
178.248.233.244/31,
|
||||
178.248.234.30/32,
|
||||
178.248.234.33/32,
|
||||
178.248.234.60/32,
|
||||
178.248.234.79/32,
|
||||
178.248.234.83/32,
|
||||
178.248.234.136/32,
|
||||
178.248.234.204/32,
|
||||
178.248.234.228/32,
|
||||
178.248.234.238/32,
|
||||
178.248.235.60/32,
|
||||
178.248.235.75/32,
|
||||
178.248.235.244/32,
|
||||
178.248.236.20/32,
|
||||
178.248.236.83/32,
|
||||
178.248.236.244/32,
|
||||
178.248.237.18/32,
|
||||
178.248.237.98/32,
|
||||
178.248.237.136/32,
|
||||
178.248.237.242/32,
|
||||
178.248.238.55/32,
|
||||
178.248.238.102/32,
|
||||
178.248.238.128/31,
|
||||
178.248.238.136/32,
|
||||
178.248.238.155/32,
|
||||
178.248.238.172/32,
|
||||
178.248.238.205/32,
|
||||
178.248.238.255/32,
|
||||
178.248.239.215/32,
|
||||
185.5.136.0/22,
|
||||
185.6.244.0/22,
|
||||
185.7.234.188/30,
|
||||
185.16.148.0/22,
|
||||
185.16.244.0/22,
|
||||
185.29.128.0/22,
|
||||
185.32.248.0/22,
|
||||
185.65.149.170/32,
|
||||
185.86.144.0/22,
|
||||
185.100.104.0/22,
|
||||
185.130.112.0/22,
|
||||
185.131.68.0/22,
|
||||
185.149.160.0/22,
|
||||
185.168.60.0/22,
|
||||
185.179.224.0/22,
|
||||
185.180.200.0/22,
|
||||
185.183.172.0/22,
|
||||
185.187.63.0/24,
|
||||
185.224.228.0/22,
|
||||
185.226.52.0/22,
|
||||
185.241.192.0/22,
|
||||
188.93.56.0/21,
|
||||
188.128.8.240/30,
|
||||
188.128.11.196/30,
|
||||
188.128.89.0/30,
|
||||
188.128.92.104/30,
|
||||
188.128.94.204/30,
|
||||
188.128.98.204/30,
|
||||
188.128.101.108/30,
|
||||
188.128.112.216/29,
|
||||
188.128.112.240/29,
|
||||
188.128.113.0/28,
|
||||
188.128.114.128/28,
|
||||
188.128.115.232/29,
|
||||
188.128.118.224/27,
|
||||
188.128.119.104/30,
|
||||
188.128.122.240/30,
|
||||
188.247.36.124/30,
|
||||
188.247.36.128/28,
|
||||
188.247.36.204/30,
|
||||
193.33.230.0/23,
|
||||
193.47.146.0/24,
|
||||
193.203.40.0/22,
|
||||
193.232.70.0/24,
|
||||
194.8.70.0/23,
|
||||
194.8.246.0/23,
|
||||
194.67.63.200/30,
|
||||
194.84.16.12/30,
|
||||
194.140.247.0/24,
|
||||
194.150.202.0/23,
|
||||
194.165.22.0/23,
|
||||
194.186.63.0/24,
|
||||
194.186.112.80/28,
|
||||
194.190.9.0/24,
|
||||
194.215.248.0/24,
|
||||
194.226.80.0/20,
|
||||
194.226.116.0/22,
|
||||
194.226.127.0/24,
|
||||
195.3.240.0/22,
|
||||
195.16.55.224/27,
|
||||
195.42.75.8/29,
|
||||
195.54.20.168/29,
|
||||
195.54.28.72/30,
|
||||
195.54.221.0/24,
|
||||
195.58.5.16/29,
|
||||
195.58.13.120/30,
|
||||
195.58.21.196/30,
|
||||
195.58.29.57/32,
|
||||
195.58.30.164/30,
|
||||
195.58.30.200/29,
|
||||
195.80.224.0/24,
|
||||
195.98.38.16/28,
|
||||
195.98.43.104/29,
|
||||
195.98.73.56/29,
|
||||
195.98.77.100/30,
|
||||
195.128.157.0/24,
|
||||
195.131.7.8/29,
|
||||
195.131.53.248/29,
|
||||
195.131.61.80/29,
|
||||
195.131.63.24/29,
|
||||
195.144.226.224/28,
|
||||
195.144.232.144/30,
|
||||
195.144.240.128/28,
|
||||
195.149.110.0/24,
|
||||
195.162.36.64/28,
|
||||
195.170.218.24/29,
|
||||
195.170.218.88/29,
|
||||
195.182.142.128/26,
|
||||
195.182.145.64/28,
|
||||
195.182.151.212/30,
|
||||
195.182.151.216/30,
|
||||
195.182.155.164/30,
|
||||
195.182.156.96/30,
|
||||
195.209.120.0/22,
|
||||
195.211.20.0/22,
|
||||
195.218.175.40/29,
|
||||
195.218.190.0/23,
|
||||
195.226.203.0/24,
|
||||
195.239.80.32/29,
|
||||
195.239.113.0/24,
|
||||
195.239.247.0/24,
|
||||
212.13.104.116/30,
|
||||
212.13.113.100/30,
|
||||
212.15.105.64/28,
|
||||
212.15.114.156/30,
|
||||
212.15.115.80/28,
|
||||
212.17.8.176/29,
|
||||
212.17.9.144/28,
|
||||
212.17.16.192/27,
|
||||
212.17.17.176/28,
|
||||
212.23.85.48/30,
|
||||
212.23.85.56/29,
|
||||
212.32.198.64/29,
|
||||
212.48.34.176/28,
|
||||
212.48.53.76/30,
|
||||
212.48.53.84/30,
|
||||
212.48.53.88/29,
|
||||
212.48.53.100/30,
|
||||
212.48.53.144/30,
|
||||
212.48.53.152/29,
|
||||
212.48.53.160/29,
|
||||
212.48.53.184/29,
|
||||
212.48.53.192/29,
|
||||
212.48.53.200/30,
|
||||
212.48.53.216/30,
|
||||
212.48.53.236/30,
|
||||
212.48.53.240/28,
|
||||
212.48.54.0/30,
|
||||
212.48.54.8/29,
|
||||
212.48.54.16/28,
|
||||
212.48.54.32/29,
|
||||
212.48.54.44/30,
|
||||
212.48.54.48/28,
|
||||
212.48.54.64/28,
|
||||
212.48.54.80/29,
|
||||
212.48.54.92/30,
|
||||
212.48.54.96/27,
|
||||
212.48.54.128/27,
|
||||
212.48.54.164/30,
|
||||
212.48.54.168/29,
|
||||
212.48.54.176/28,
|
||||
212.48.54.196/30,
|
||||
212.48.54.200/30,
|
||||
212.48.54.208/28,
|
||||
212.48.54.240/28,
|
||||
212.48.134.192/26,
|
||||
212.48.138.240/28,
|
||||
212.48.141.160/27,
|
||||
212.49.107.224/27,
|
||||
212.49.124.0/26,
|
||||
212.57.133.0/24,
|
||||
212.57.159.0/24,
|
||||
212.59.98.48/29,
|
||||
212.59.99.96/27,
|
||||
212.111.84.0/22,
|
||||
212.119.174.0/23,
|
||||
212.120.169.48/29,
|
||||
212.120.174.88/29,
|
||||
212.120.184.48/28,
|
||||
212.120.184.64/29,
|
||||
212.120.189.208/29,
|
||||
212.120.189.224/29,
|
||||
212.120.190.112/29,
|
||||
212.120.190.240/29,
|
||||
212.120.191.120/29,
|
||||
212.120.191.248/29,
|
||||
212.192.156.0/22,
|
||||
212.233.72.0/21,
|
||||
212.233.88.0/21,
|
||||
212.233.96.0/22,
|
||||
212.233.120.0/22,
|
||||
213.24.34.0/24,
|
||||
213.24.75.0/24,
|
||||
213.24.76.0/23,
|
||||
213.24.128.0/22,
|
||||
213.24.143.0/24,
|
||||
213.24.152.0/22,
|
||||
213.24.160.0/28,
|
||||
213.33.171.240/29,
|
||||
213.59.59.16/29,
|
||||
213.59.59.64/29,
|
||||
213.59.59.120/29,
|
||||
213.59.59.128/29,
|
||||
213.59.59.144/29,
|
||||
213.59.59.168/29,
|
||||
213.59.91.48/29,
|
||||
213.59.91.128/27,
|
||||
213.59.91.176/28,
|
||||
213.85.2.64/28,
|
||||
213.85.2.80/29,
|
||||
213.85.20.8/30,
|
||||
213.85.20.32/30,
|
||||
213.85.20.84/30,
|
||||
213.85.77.64/27,
|
||||
213.85.142.176/28,
|
||||
213.147.55.108/30,
|
||||
213.172.4.192/26,
|
||||
213.172.17.252/30,
|
||||
213.172.18.60/30,
|
||||
213.172.18.124/30,
|
||||
213.172.18.148/30,
|
||||
213.172.18.160/29,
|
||||
213.172.18.252/30,
|
||||
213.172.27.0/30,
|
||||
213.172.27.116/30,
|
||||
213.172.27.160/30,
|
||||
213.172.27.204/30,
|
||||
213.172.27.212/30,
|
||||
213.172.27.224/30,
|
||||
213.172.27.252/30,
|
||||
213.172.30.136/30,
|
||||
213.176.232.0/22,
|
||||
213.177.111.0/24,
|
||||
213.183.253.56/29,
|
||||
213.219.212.0/22,
|
||||
213.219.237.68/30,
|
||||
213.234.8.8/30,
|
||||
213.234.13.60/30,
|
||||
213.234.15.228/30,
|
||||
213.234.15.248/30,
|
||||
213.234.18.52/30,
|
||||
213.242.204.76/30,
|
||||
213.242.204.236/30,
|
||||
213.242.205.88/30,
|
||||
213.242.215.68/30,
|
||||
213.242.215.192/29,
|
||||
213.243.84.80/28,
|
||||
213.243.106.48/28,
|
||||
213.243.116.0/24,
|
||||
217.16.16.0/20,
|
||||
217.20.86.128/25,
|
||||
217.20.144.0/20,
|
||||
217.23.88.168/29,
|
||||
217.23.88.248/29,
|
||||
217.27.142.176/30,
|
||||
217.65.214.24/29,
|
||||
217.65.219.160/29,
|
||||
217.67.177.208/29,
|
||||
217.69.128.0/20,
|
||||
217.106.0.0/16,
|
||||
217.107.0.0/18,
|
||||
217.107.200.0/21,
|
||||
217.107.208.0/20,
|
||||
217.147.23.112/28,
|
||||
217.148.216.156/30,
|
||||
217.148.220.160/29,
|
||||
217.172.18.0/23,
|
||||
217.172.20.0/22,
|
||||
217.174.188.0/22,
|
||||
217.195.92.16/28,
|
||||
217.195.93.144/29,
|
||||
217.195.94.200/29
|
||||
}
|
||||
}
|
||||
|
||||
set blacklist_v6 {
|
||||
type ipv6_addr
|
||||
flags interval
|
||||
}
|
||||
|
||||
}
|
||||
44
blacklists_nftables/blacklist-v6.nft
Normal file
44
blacklists_nftables/blacklist-v6.nft
Normal file
@@ -0,0 +1,44 @@
|
||||
# Autogenerated nftables blacklist
|
||||
# Generated: 2026-03-31T07:05:56.749536Z
|
||||
# Source: /tmp/blacklist-v6.txt
|
||||
# IPv4: 0, IPv6: 17
|
||||
#
|
||||
# Usage:
|
||||
# sudo nft -f <this-file>
|
||||
# # VM protection from incoming blacklist sources
|
||||
# sudo nft add chain inet filter input '{ type filter hook input priority 0; policy accept; }'
|
||||
# sudo nft add rule inet filter input ip saddr @blacklist_v4 counter reject
|
||||
# sudo nft add rule inet filter input ip6 saddr @blacklist_v6 counter reject
|
||||
|
||||
table inet filter {
|
||||
|
||||
set blacklist_v4 {
|
||||
type ipv4_addr
|
||||
flags interval
|
||||
}
|
||||
|
||||
set blacklist_v6 {
|
||||
type ipv6_addr
|
||||
flags interval
|
||||
elements = {
|
||||
2a00:1148::/29,
|
||||
2a00:46e0::/32,
|
||||
2a00:a300::/32,
|
||||
2a00:b4c0::/32,
|
||||
2a00:bdc0::/33,
|
||||
2a00:bdc0:8000::/34,
|
||||
2a00:bdc0:c000::/35,
|
||||
2a00:bdc0:e002::/47,
|
||||
2a00:bdc0:e004::/47,
|
||||
2a00:bdc0:e007::/48,
|
||||
2a00:bdc0:f000::/36,
|
||||
2a00:bdc1::/32,
|
||||
2a00:bdc2::/31,
|
||||
2a00:bdc4::/30,
|
||||
2a14:25c0::/32,
|
||||
2a14:25c5::/32,
|
||||
2a14:25c6::/31
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
120
blacklists_nftables/blacklist-vk-v4.nft
Normal file
120
blacklists_nftables/blacklist-vk-v4.nft
Normal file
@@ -0,0 +1,120 @@
|
||||
# Autogenerated nftables blacklist
|
||||
# Generated: 2026-03-31T07:05:56.809612Z
|
||||
# Source: /home/runner/work/AS_Network_List/AS_Network_List/blacklists/blacklist-vk-v4.txt
|
||||
# IPv4: 93, IPv6: 0
|
||||
#
|
||||
# Usage:
|
||||
# sudo nft -f <this-file>
|
||||
# # VK egress blocking for VPN clients via NAT/FORWARD
|
||||
# sudo nft add chain inet filter forward '{ type filter hook forward priority 0; policy accept; }'
|
||||
# sudo nft add rule inet filter forward iifname "<VPN_IFACE>" ip daddr @blacklist_vk_v4 counter reject
|
||||
# sudo nft add rule inet filter forward iifname "<VPN_IFACE>" ip6 daddr @blacklist_vk_v6 counter reject
|
||||
|
||||
table inet filter {
|
||||
|
||||
set blacklist_vk_v4 {
|
||||
type ipv4_addr
|
||||
flags interval
|
||||
elements = {
|
||||
5.61.16.0/21,
|
||||
5.61.232.0/21,
|
||||
5.101.40.0/22,
|
||||
5.181.60.0/22,
|
||||
5.188.140.0/22,
|
||||
37.139.32.0/22,
|
||||
37.139.40.0/22,
|
||||
45.84.128.0/22,
|
||||
45.136.20.0/22,
|
||||
62.217.160.0/20,
|
||||
79.137.132.0/24,
|
||||
79.137.139.0/24,
|
||||
79.137.157.0/24,
|
||||
79.137.164.0/24,
|
||||
79.137.167.0/24,
|
||||
79.137.174.0/23,
|
||||
79.137.180.0/24,
|
||||
79.137.240.0/21,
|
||||
83.166.232.0/21,
|
||||
83.166.248.0/21,
|
||||
83.217.216.0/22,
|
||||
83.222.28.0/22,
|
||||
84.23.52.0/22,
|
||||
85.114.31.108/30,
|
||||
85.192.32.0/22,
|
||||
85.198.106.0/23,
|
||||
87.239.104.0/21,
|
||||
87.240.128.0/18,
|
||||
87.242.112.0/22,
|
||||
89.208.84.0/22,
|
||||
89.208.196.0/22,
|
||||
89.208.208.0/22,
|
||||
89.208.216.0/21,
|
||||
89.208.228.0/22,
|
||||
89.221.228.0/22,
|
||||
89.221.232.0/21,
|
||||
90.156.148.0/22,
|
||||
90.156.212.0/22,
|
||||
90.156.216.0/22,
|
||||
90.156.232.0/21,
|
||||
91.219.224.0/22,
|
||||
91.231.132.0/22,
|
||||
91.237.76.0/24,
|
||||
93.153.255.84/30,
|
||||
93.186.224.0/20,
|
||||
94.100.176.0/20,
|
||||
94.139.244.0/22,
|
||||
95.142.192.0/20,
|
||||
95.163.32.0/19,
|
||||
95.163.180.0/22,
|
||||
95.163.208.0/21,
|
||||
95.163.216.0/22,
|
||||
95.163.248.0/21,
|
||||
95.213.0.0/17,
|
||||
109.120.180.0/22,
|
||||
109.120.188.0/22,
|
||||
128.140.168.0/21,
|
||||
130.49.224.0/19,
|
||||
146.185.208.0/22,
|
||||
146.185.240.0/22,
|
||||
155.212.192.0/20,
|
||||
161.104.104.0/21,
|
||||
176.112.168.0/21,
|
||||
178.22.88.0/21,
|
||||
178.237.16.0/20,
|
||||
185.5.136.0/22,
|
||||
185.6.244.0/22,
|
||||
185.16.148.0/22,
|
||||
185.16.244.0/22,
|
||||
185.29.128.0/22,
|
||||
185.32.248.0/22,
|
||||
185.86.144.0/22,
|
||||
185.100.104.0/22,
|
||||
185.130.112.0/22,
|
||||
185.131.68.0/22,
|
||||
185.180.200.0/22,
|
||||
185.187.63.0/24,
|
||||
185.226.52.0/22,
|
||||
185.241.192.0/22,
|
||||
188.93.56.0/21,
|
||||
193.203.40.0/22,
|
||||
194.84.16.12/30,
|
||||
195.211.20.0/22,
|
||||
212.111.84.0/22,
|
||||
212.233.72.0/21,
|
||||
212.233.88.0/21,
|
||||
212.233.96.0/22,
|
||||
212.233.120.0/22,
|
||||
213.219.212.0/22,
|
||||
217.16.16.0/20,
|
||||
217.20.144.0/20,
|
||||
217.69.128.0/20,
|
||||
217.174.188.0/23
|
||||
}
|
||||
}
|
||||
|
||||
set blacklist_vk_v6 {
|
||||
type ipv6_addr
|
||||
flags interval
|
||||
}
|
||||
|
||||
}
|
||||
28
blacklists_nftables/blacklist-vk-v6.nft
Normal file
28
blacklists_nftables/blacklist-vk-v6.nft
Normal file
@@ -0,0 +1,28 @@
|
||||
# Autogenerated nftables blacklist
|
||||
# Generated: 2026-03-31T07:05:56.836524Z
|
||||
# Source: /home/runner/work/AS_Network_List/AS_Network_List/blacklists/blacklist-vk-v6.txt
|
||||
# IPv4: 0, IPv6: 1
|
||||
#
|
||||
# Usage:
|
||||
# sudo nft -f <this-file>
|
||||
# # VK egress blocking for VPN clients via NAT/FORWARD
|
||||
# sudo nft add chain inet filter forward '{ type filter hook forward priority 0; policy accept; }'
|
||||
# sudo nft add rule inet filter forward iifname "<VPN_IFACE>" ip daddr @blacklist_vk_v4 counter reject
|
||||
# sudo nft add rule inet filter forward iifname "<VPN_IFACE>" ip6 daddr @blacklist_vk_v6 counter reject
|
||||
|
||||
table inet filter {
|
||||
|
||||
set blacklist_vk_v4 {
|
||||
type ipv4_addr
|
||||
flags interval
|
||||
}
|
||||
|
||||
set blacklist_vk_v6 {
|
||||
type ipv6_addr
|
||||
flags interval
|
||||
elements = {
|
||||
2a00:bdc0::/29
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
123
blacklists_nftables/blacklist-vk.nft
Normal file
123
blacklists_nftables/blacklist-vk.nft
Normal file
@@ -0,0 +1,123 @@
|
||||
# Autogenerated nftables blacklist
|
||||
# Generated: 2026-03-31T07:05:56.779543Z
|
||||
# Source: /home/runner/work/AS_Network_List/AS_Network_List/blacklists/blacklist-vk.txt
|
||||
# IPv4: 93, IPv6: 1
|
||||
#
|
||||
# Usage:
|
||||
# sudo nft -f <this-file>
|
||||
# # VK egress blocking for VPN clients via NAT/FORWARD
|
||||
# sudo nft add chain inet filter forward '{ type filter hook forward priority 0; policy accept; }'
|
||||
# sudo nft add rule inet filter forward iifname "<VPN_IFACE>" ip daddr @blacklist_vk_v4 counter reject
|
||||
# sudo nft add rule inet filter forward iifname "<VPN_IFACE>" ip6 daddr @blacklist_vk_v6 counter reject
|
||||
|
||||
table inet filter {
|
||||
|
||||
set blacklist_vk_v4 {
|
||||
type ipv4_addr
|
||||
flags interval
|
||||
elements = {
|
||||
5.61.16.0/21,
|
||||
5.61.232.0/21,
|
||||
5.101.40.0/22,
|
||||
5.181.60.0/22,
|
||||
5.188.140.0/22,
|
||||
37.139.32.0/22,
|
||||
37.139.40.0/22,
|
||||
45.84.128.0/22,
|
||||
45.136.20.0/22,
|
||||
62.217.160.0/20,
|
||||
79.137.132.0/24,
|
||||
79.137.139.0/24,
|
||||
79.137.157.0/24,
|
||||
79.137.164.0/24,
|
||||
79.137.167.0/24,
|
||||
79.137.174.0/23,
|
||||
79.137.180.0/24,
|
||||
79.137.240.0/21,
|
||||
83.166.232.0/21,
|
||||
83.166.248.0/21,
|
||||
83.217.216.0/22,
|
||||
83.222.28.0/22,
|
||||
84.23.52.0/22,
|
||||
85.114.31.108/30,
|
||||
85.192.32.0/22,
|
||||
85.198.106.0/23,
|
||||
87.239.104.0/21,
|
||||
87.240.128.0/18,
|
||||
87.242.112.0/22,
|
||||
89.208.84.0/22,
|
||||
89.208.196.0/22,
|
||||
89.208.208.0/22,
|
||||
89.208.216.0/21,
|
||||
89.208.228.0/22,
|
||||
89.221.228.0/22,
|
||||
89.221.232.0/21,
|
||||
90.156.148.0/22,
|
||||
90.156.212.0/22,
|
||||
90.156.216.0/22,
|
||||
90.156.232.0/21,
|
||||
91.219.224.0/22,
|
||||
91.231.132.0/22,
|
||||
91.237.76.0/24,
|
||||
93.153.255.84/30,
|
||||
93.186.224.0/20,
|
||||
94.100.176.0/20,
|
||||
94.139.244.0/22,
|
||||
95.142.192.0/20,
|
||||
95.163.32.0/19,
|
||||
95.163.180.0/22,
|
||||
95.163.208.0/21,
|
||||
95.163.216.0/22,
|
||||
95.163.248.0/21,
|
||||
95.213.0.0/17,
|
||||
109.120.180.0/22,
|
||||
109.120.188.0/22,
|
||||
128.140.168.0/21,
|
||||
130.49.224.0/19,
|
||||
146.185.208.0/22,
|
||||
146.185.240.0/22,
|
||||
155.212.192.0/20,
|
||||
161.104.104.0/21,
|
||||
176.112.168.0/21,
|
||||
178.22.88.0/21,
|
||||
178.237.16.0/20,
|
||||
185.5.136.0/22,
|
||||
185.6.244.0/22,
|
||||
185.16.148.0/22,
|
||||
185.16.244.0/22,
|
||||
185.29.128.0/22,
|
||||
185.32.248.0/22,
|
||||
185.86.144.0/22,
|
||||
185.100.104.0/22,
|
||||
185.130.112.0/22,
|
||||
185.131.68.0/22,
|
||||
185.180.200.0/22,
|
||||
185.187.63.0/24,
|
||||
185.226.52.0/22,
|
||||
185.241.192.0/22,
|
||||
188.93.56.0/21,
|
||||
193.203.40.0/22,
|
||||
194.84.16.12/30,
|
||||
195.211.20.0/22,
|
||||
212.111.84.0/22,
|
||||
212.233.72.0/21,
|
||||
212.233.88.0/21,
|
||||
212.233.96.0/22,
|
||||
212.233.120.0/22,
|
||||
213.219.212.0/22,
|
||||
217.16.16.0/20,
|
||||
217.20.144.0/20,
|
||||
217.69.128.0/20,
|
||||
217.174.188.0/23
|
||||
}
|
||||
}
|
||||
|
||||
set blacklist_vk_v6 {
|
||||
type ipv6_addr
|
||||
flags interval
|
||||
elements = {
|
||||
2a00:bdc0::/29
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
848
blacklists_nftables/blacklist.nft
Normal file
848
blacklists_nftables/blacklist.nft
Normal file
@@ -0,0 +1,848 @@
|
||||
# Autogenerated nftables blacklist
|
||||
# Generated: 2026-03-31T07:05:56.670428Z
|
||||
# Source: /home/runner/work/AS_Network_List/AS_Network_List/blacklists/blacklist.txt
|
||||
# IPv4: 802, IPv6: 17
|
||||
#
|
||||
# Usage:
|
||||
# sudo nft -f <this-file>
|
||||
# # VM protection from incoming blacklist sources
|
||||
# sudo nft add chain inet filter input '{ type filter hook input priority 0; policy accept; }'
|
||||
# sudo nft add rule inet filter input ip saddr @blacklist_v4 counter reject
|
||||
# sudo nft add rule inet filter input ip6 saddr @blacklist_v6 counter reject
|
||||
|
||||
table inet filter {
|
||||
|
||||
set blacklist_v4 {
|
||||
type ipv4_addr
|
||||
flags interval
|
||||
elements = {
|
||||
5.61.16.0/21,
|
||||
5.61.232.0/21,
|
||||
5.101.40.0/22,
|
||||
5.181.60.0/22,
|
||||
5.188.140.0/22,
|
||||
31.44.63.64/29,
|
||||
31.177.95.0/24,
|
||||
31.177.104.0/22,
|
||||
37.28.161.48/30,
|
||||
37.29.53.16/30,
|
||||
37.29.57.52/30,
|
||||
37.29.57.64/30,
|
||||
37.29.59.56/30,
|
||||
37.139.32.0/22,
|
||||
37.139.40.0/22,
|
||||
45.84.128.0/22,
|
||||
45.136.20.0/22,
|
||||
46.20.70.160/28,
|
||||
46.29.152.0/22,
|
||||
46.29.156.0/23,
|
||||
46.46.142.160/28,
|
||||
46.46.148.40/29,
|
||||
46.47.197.128/30,
|
||||
46.47.199.76/30,
|
||||
46.47.203.52/30,
|
||||
46.47.207.96/30,
|
||||
46.47.208.84/30,
|
||||
46.47.210.76/30,
|
||||
46.47.211.0/24,
|
||||
46.47.212.204/30,
|
||||
46.47.213.0/24,
|
||||
46.47.214.200/30,
|
||||
46.47.219.200/30,
|
||||
46.47.223.196/30,
|
||||
46.47.229.0/28,
|
||||
46.47.238.144/30,
|
||||
46.47.249.176/29,
|
||||
46.61.208.0/24,
|
||||
46.228.0.232/29,
|
||||
62.5.130.104/29,
|
||||
62.5.132.224/29,
|
||||
62.5.189.80/29,
|
||||
62.5.202.60/30,
|
||||
62.5.218.204/30,
|
||||
62.5.224.188/30,
|
||||
62.5.242.80/28,
|
||||
62.28.169.168/30,
|
||||
62.33.34.16/28,
|
||||
62.33.87.128/28,
|
||||
62.33.199.80/29,
|
||||
62.63.96.32/28,
|
||||
62.63.98.24/29,
|
||||
62.63.100.160/30,
|
||||
62.63.101.80/29,
|
||||
62.76.98.0/24,
|
||||
62.105.158.200/29,
|
||||
62.112.110.64/28,
|
||||
62.118.101.184/29,
|
||||
62.118.113.232/29,
|
||||
62.118.125.188/30,
|
||||
62.118.127.240/28,
|
||||
62.118.193.8/29,
|
||||
62.118.205.68/30,
|
||||
62.118.208.100/30,
|
||||
62.118.209.192/30,
|
||||
62.118.216.60/30,
|
||||
62.118.219.184/30,
|
||||
62.118.230.4/30,
|
||||
62.118.233.224/29,
|
||||
62.118.234.64/29,
|
||||
62.118.239.128/29,
|
||||
62.141.125.0/25,
|
||||
62.217.160.0/20,
|
||||
77.34.209.160/28,
|
||||
77.35.76.80/28,
|
||||
77.35.98.240/28,
|
||||
77.37.128.0/17,
|
||||
77.72.139.0/28,
|
||||
77.82.124.112/29,
|
||||
77.243.9.80/28,
|
||||
78.24.159.48/29,
|
||||
78.37.67.24/29,
|
||||
78.37.69.160/27,
|
||||
78.37.84.120/29,
|
||||
78.37.97.88/29,
|
||||
78.37.104.0/29,
|
||||
78.107.3.208/28,
|
||||
78.107.13.208/28,
|
||||
78.107.16.96/28,
|
||||
78.107.18.112/28,
|
||||
78.107.40.160/28,
|
||||
78.107.42.144/28,
|
||||
78.107.51.16/28,
|
||||
78.107.61.96/28,
|
||||
78.107.86.32/28,
|
||||
78.108.192.0/21,
|
||||
78.108.200.0/24,
|
||||
78.109.140.112/29,
|
||||
79.133.74.160/30,
|
||||
79.133.75.44/30,
|
||||
79.133.75.176/30,
|
||||
79.137.132.0/24,
|
||||
79.137.139.0/24,
|
||||
79.137.140.0/24,
|
||||
79.137.142.0/24,
|
||||
79.137.157.0/24,
|
||||
79.137.164.0/24,
|
||||
79.137.167.0/24,
|
||||
79.137.174.0/23,
|
||||
79.137.180.0/24,
|
||||
79.137.183.0/24,
|
||||
79.137.240.0/21,
|
||||
79.142.88.0/28,
|
||||
79.143.229.0/24,
|
||||
79.143.230.0/24,
|
||||
79.143.232.0/24,
|
||||
80.73.16.0/20,
|
||||
80.73.168.80/28,
|
||||
80.73.169.244/30,
|
||||
80.82.43.24/29,
|
||||
80.89.152.220/30,
|
||||
80.237.11.88/29,
|
||||
80.237.39.112/29,
|
||||
80.237.98.80/28,
|
||||
80.247.32.0/20,
|
||||
80.254.100.40/29,
|
||||
80.254.119.168/29,
|
||||
81.1.195.0/28,
|
||||
81.1.205.96/27,
|
||||
81.2.1.0/28,
|
||||
81.2.10.192/27,
|
||||
81.3.168.148/30,
|
||||
81.17.2.192/28,
|
||||
81.17.3.16/29,
|
||||
81.176.70.0/26,
|
||||
81.176.235.0/27,
|
||||
81.177.12.0/24,
|
||||
81.177.31.64/26,
|
||||
81.177.156.0/24,
|
||||
81.195.36.48/28,
|
||||
81.195.44.248/30,
|
||||
81.195.45.64/30,
|
||||
81.195.50.72/29,
|
||||
81.195.90.44/30,
|
||||
81.195.92.48/30,
|
||||
81.195.93.192/27,
|
||||
81.195.94.72/29,
|
||||
81.195.105.160/28,
|
||||
81.195.108.164/30,
|
||||
81.195.112.36/30,
|
||||
81.195.118.48/30,
|
||||
81.195.118.128/30,
|
||||
81.195.120.16/29,
|
||||
81.195.124.52/30,
|
||||
81.195.125.96/30,
|
||||
81.195.148.140/30,
|
||||
81.195.150.248/30,
|
||||
81.195.151.0/24,
|
||||
81.195.155.0/30,
|
||||
81.195.161.12/30,
|
||||
81.195.164.0/24,
|
||||
81.195.165.64/28,
|
||||
81.195.168.24/30,
|
||||
81.195.177.160/30,
|
||||
81.195.178.224/27,
|
||||
81.195.182.64/28,
|
||||
81.195.192.96/30,
|
||||
81.195.231.128/26,
|
||||
81.195.244.32/29,
|
||||
81.195.245.0/28,
|
||||
81.195.247.128/28,
|
||||
81.195.250.16/29,
|
||||
81.211.32.16/28,
|
||||
81.222.194.200/29,
|
||||
81.222.209.136/29,
|
||||
81.222.210.24/29,
|
||||
82.140.65.240/29,
|
||||
82.142.162.104/29,
|
||||
82.151.107.136/29,
|
||||
82.162.72.208/28,
|
||||
82.162.76.176/28,
|
||||
82.162.80.192/28,
|
||||
82.162.87.192/28,
|
||||
82.162.90.0/28,
|
||||
82.162.103.144/28,
|
||||
82.162.126.96/28,
|
||||
82.162.149.160/28,
|
||||
82.162.157.64/28,
|
||||
82.162.158.176/28,
|
||||
82.162.172.112/28,
|
||||
82.179.86.32/27,
|
||||
82.196.69.152/30,
|
||||
82.196.130.0/27,
|
||||
82.198.176.16/29,
|
||||
82.198.176.144/29,
|
||||
82.198.176.208/29,
|
||||
82.198.189.128/26,
|
||||
82.198.190.64/26,
|
||||
82.198.191.96/27,
|
||||
82.198.191.248/29,
|
||||
82.200.13.0/27,
|
||||
82.200.22.136/29,
|
||||
82.200.22.144/28,
|
||||
82.200.64.0/24,
|
||||
82.208.68.240/28,
|
||||
82.208.77.104/29,
|
||||
82.208.81.0/24,
|
||||
82.208.93.160/27,
|
||||
83.69.207.248/29,
|
||||
83.149.42.64/29,
|
||||
83.166.232.0/21,
|
||||
83.166.248.0/21,
|
||||
83.172.36.224/29,
|
||||
83.217.216.0/22,
|
||||
83.219.5.248/29,
|
||||
83.219.6.72/29,
|
||||
83.219.13.128/29,
|
||||
83.219.13.184/29,
|
||||
83.219.23.8/29,
|
||||
83.219.23.48/29,
|
||||
83.219.25.0/29,
|
||||
83.219.25.112/29,
|
||||
83.219.138.16/28,
|
||||
83.220.53.16/28,
|
||||
83.222.28.0/22,
|
||||
83.229.181.192/26,
|
||||
83.229.232.16/29,
|
||||
84.23.52.0/22,
|
||||
84.53.210.144/28,
|
||||
84.204.7.144/29,
|
||||
84.204.93.232/30,
|
||||
84.204.143.44/30,
|
||||
84.204.154.16/30,
|
||||
84.204.170.220/30,
|
||||
84.204.217.164/30,
|
||||
84.204.245.208/29,
|
||||
85.21.99.48/28,
|
||||
85.21.99.64/28,
|
||||
85.21.102.224/28,
|
||||
85.21.103.64/28,
|
||||
85.21.104.192/27,
|
||||
85.21.148.0/26,
|
||||
85.21.149.48/28,
|
||||
85.21.155.208/28,
|
||||
85.21.157.48/28,
|
||||
85.21.204.208/28,
|
||||
85.90.98.144/30,
|
||||
85.90.99.168/29,
|
||||
85.90.100.72/29,
|
||||
85.90.101.112/28,
|
||||
85.90.101.192/29,
|
||||
85.90.102.168/29,
|
||||
85.90.120.72/29,
|
||||
85.90.121.72/29,
|
||||
85.90.125.96/29,
|
||||
85.90.127.16/29,
|
||||
85.94.52.160/27,
|
||||
85.94.53.32/28,
|
||||
85.114.30.192/30,
|
||||
85.114.30.204/30,
|
||||
85.114.31.108/30,
|
||||
85.114.93.88/29,
|
||||
85.141.17.24/30,
|
||||
85.141.17.112/30,
|
||||
85.141.18.80/30,
|
||||
85.141.19.56/30,
|
||||
85.141.21.236/30,
|
||||
85.141.28.0/30,
|
||||
85.141.31.68/30,
|
||||
85.141.32.96/28,
|
||||
85.141.33.0/28,
|
||||
85.141.33.64/28,
|
||||
85.141.60.96/28,
|
||||
85.141.61.160/28,
|
||||
85.143.125.0/24,
|
||||
85.146.204.44/30,
|
||||
85.192.32.0/22,
|
||||
85.198.106.0/23,
|
||||
85.236.29.160/27,
|
||||
86.102.72.240/28,
|
||||
86.102.74.64/28,
|
||||
86.102.100.48/28,
|
||||
86.102.108.32/28,
|
||||
86.102.109.32/27,
|
||||
86.102.115.80/28,
|
||||
86.102.126.80/28,
|
||||
86.102.126.160/28,
|
||||
87.117.18.144/29,
|
||||
87.117.20.64/26,
|
||||
87.117.20.128/28,
|
||||
87.117.21.0/26,
|
||||
87.117.21.64/28,
|
||||
87.117.21.80/29,
|
||||
87.117.23.128/28,
|
||||
87.117.31.56/29,
|
||||
87.225.56.224/28,
|
||||
87.226.156.64/26,
|
||||
87.226.191.0/24,
|
||||
87.226.213.0/24,
|
||||
87.226.239.180/30,
|
||||
87.237.47.204/30,
|
||||
87.239.104.0/21,
|
||||
87.240.128.0/18,
|
||||
87.242.112.0/22,
|
||||
87.245.133.0/24,
|
||||
87.249.3.64/28,
|
||||
87.249.5.48/30,
|
||||
87.249.7.120/29,
|
||||
87.249.16.32/28,
|
||||
87.249.18.60/30,
|
||||
87.249.22.72/29,
|
||||
87.249.28.232/29,
|
||||
87.249.30.176/30,
|
||||
88.83.195.248/30,
|
||||
88.151.200.0/24,
|
||||
88.200.208.112/29,
|
||||
89.21.129.16/28,
|
||||
89.21.140.104/29,
|
||||
89.21.152.104/29,
|
||||
89.28.253.168/29,
|
||||
89.28.255.56/29,
|
||||
89.106.172.160/29,
|
||||
89.107.123.120/29,
|
||||
89.107.123.136/29,
|
||||
89.107.127.136/29,
|
||||
89.109.7.176/29,
|
||||
89.109.250.28/30,
|
||||
89.109.250.80/30,
|
||||
89.109.250.88/29,
|
||||
89.109.250.96/30,
|
||||
89.109.250.132/30,
|
||||
89.109.250.140/30,
|
||||
89.111.176.0/22,
|
||||
89.175.6.64/27,
|
||||
89.175.8.36/30,
|
||||
89.175.8.40/29,
|
||||
89.175.8.52/30,
|
||||
89.175.8.68/30,
|
||||
89.175.8.104/30,
|
||||
89.175.8.140/30,
|
||||
89.175.8.192/30,
|
||||
89.175.9.4/30,
|
||||
89.175.10.160/30,
|
||||
89.175.165.208/28,
|
||||
89.175.170.144/28,
|
||||
89.175.174.136/29,
|
||||
89.175.176.88/30,
|
||||
89.175.176.140/30,
|
||||
89.175.176.176/30,
|
||||
89.175.188.184/29,
|
||||
89.179.155.192/28,
|
||||
89.179.179.16/28,
|
||||
89.179.181.0/24,
|
||||
89.208.84.0/22,
|
||||
89.208.196.0/22,
|
||||
89.208.208.0/22,
|
||||
89.208.216.0/21,
|
||||
89.208.228.0/22,
|
||||
89.221.228.0/22,
|
||||
89.221.232.0/21,
|
||||
90.150.176.52/30,
|
||||
90.150.189.32/29,
|
||||
90.150.189.128/26,
|
||||
90.150.189.192/27,
|
||||
90.150.189.224/28,
|
||||
90.150.189.248/29,
|
||||
90.156.148.0/22,
|
||||
90.156.212.0/22,
|
||||
90.156.216.0/22,
|
||||
90.156.232.0/21,
|
||||
91.103.194.184/29,
|
||||
91.135.212.0/22,
|
||||
91.135.216.0/21,
|
||||
91.195.136.0/23,
|
||||
91.208.20.0/24,
|
||||
91.215.168.0/22,
|
||||
91.217.34.0/23,
|
||||
91.219.192.0/22,
|
||||
91.219.224.0/22,
|
||||
91.221.140.0/23,
|
||||
91.226.250.0/24,
|
||||
91.227.32.0/24,
|
||||
91.231.132.0/22,
|
||||
91.237.76.0/24,
|
||||
92.38.217.0/24,
|
||||
92.39.106.20/30,
|
||||
92.39.106.168/30,
|
||||
92.39.111.84/30,
|
||||
92.39.128.0/21,
|
||||
92.50.198.72/30,
|
||||
92.50.198.124/30,
|
||||
92.50.219.136/29,
|
||||
92.50.238.224/29,
|
||||
92.101.253.96/29,
|
||||
92.101.253.152/29,
|
||||
93.153.134.112/29,
|
||||
93.153.135.88/30,
|
||||
93.153.136.132/30,
|
||||
93.153.142.4/30,
|
||||
93.153.144.60/30,
|
||||
93.153.171.204/30,
|
||||
93.153.172.100/30,
|
||||
93.153.175.44/30,
|
||||
93.153.183.104/30,
|
||||
93.153.194.160/29,
|
||||
93.153.220.192/29,
|
||||
93.153.223.8/29,
|
||||
93.153.229.232/29,
|
||||
93.153.244.188/30,
|
||||
93.153.244.248/29,
|
||||
93.153.251.0/24,
|
||||
93.153.255.84/30,
|
||||
93.178.104.32/29,
|
||||
93.178.104.64/29,
|
||||
93.178.106.0/26,
|
||||
93.186.224.0/20,
|
||||
93.188.20.72/29,
|
||||
93.190.110.0/24,
|
||||
94.25.53.56/29,
|
||||
94.25.57.176/29,
|
||||
94.25.57.224/28,
|
||||
94.25.65.16/29,
|
||||
94.25.70.64/30,
|
||||
94.25.90.240/29,
|
||||
94.25.95.136/30,
|
||||
94.25.119.228/30,
|
||||
94.100.176.0/20,
|
||||
94.124.192.192/29,
|
||||
94.139.244.0/22,
|
||||
94.199.64.0/21,
|
||||
95.53.248.0/29,
|
||||
95.54.193.80/28,
|
||||
95.142.192.0/20,
|
||||
95.163.32.0/19,
|
||||
95.163.133.0/24,
|
||||
95.163.180.0/22,
|
||||
95.163.208.0/21,
|
||||
95.163.216.0/22,
|
||||
95.163.248.0/21,
|
||||
95.167.2.4/30,
|
||||
95.167.4.168/29,
|
||||
95.167.5.64/27,
|
||||
95.167.21.104/29,
|
||||
95.167.29.104/29,
|
||||
95.167.54.76/30,
|
||||
95.167.59.244/30,
|
||||
95.167.59.248/30,
|
||||
95.167.64.20/30,
|
||||
95.167.68.216/29,
|
||||
95.167.69.116/30,
|
||||
95.167.70.32/28,
|
||||
95.167.70.136/29,
|
||||
95.167.70.176/28,
|
||||
95.167.72.48/30,
|
||||
95.167.72.140/30,
|
||||
95.167.72.204/30,
|
||||
95.167.74.136/29,
|
||||
95.167.74.180/30,
|
||||
95.167.76.160/27,
|
||||
95.167.99.48/28,
|
||||
95.167.113.48/30,
|
||||
95.167.114.48/30,
|
||||
95.167.121.68/30,
|
||||
95.167.122.128/28,
|
||||
95.167.142.32/30,
|
||||
95.167.157.156/30,
|
||||
95.167.162.76/30,
|
||||
95.167.162.236/30,
|
||||
95.167.176.0/23,
|
||||
95.167.213.0/24,
|
||||
95.173.128.0/19,
|
||||
95.213.0.0/17,
|
||||
109.73.4.224/27,
|
||||
109.120.180.0/22,
|
||||
109.120.188.0/22,
|
||||
109.124.66.128/30,
|
||||
109.124.66.160/28,
|
||||
109.124.71.64/29,
|
||||
109.124.78.108/30,
|
||||
109.124.80.132/30,
|
||||
109.124.83.20/30,
|
||||
109.124.87.96/29,
|
||||
109.124.89.36/30,
|
||||
109.124.89.140/30,
|
||||
109.124.89.212/30,
|
||||
109.124.90.32/30,
|
||||
109.124.90.128/30,
|
||||
109.124.97.4/30,
|
||||
109.124.99.16/30,
|
||||
109.124.99.160/28,
|
||||
109.124.119.88/29,
|
||||
109.204.204.232/29,
|
||||
109.207.0.0/20,
|
||||
109.232.187.16/29,
|
||||
109.248.197.0/24,
|
||||
128.140.168.0/21,
|
||||
130.49.224.0/19,
|
||||
145.255.238.240/28,
|
||||
146.185.208.0/22,
|
||||
146.185.240.0/22,
|
||||
149.62.55.240/30,
|
||||
155.212.192.0/20,
|
||||
161.104.104.0/21,
|
||||
176.109.0.0/21,
|
||||
176.112.168.0/21,
|
||||
176.116.96.0/20,
|
||||
176.116.112.0/22,
|
||||
178.16.156.148/30,
|
||||
178.17.176.0/20,
|
||||
178.20.234.224/29,
|
||||
178.22.88.0/21,
|
||||
178.49.148.176/29,
|
||||
178.237.16.0/20,
|
||||
178.237.206.0/24,
|
||||
178.237.240.0/20,
|
||||
178.248.232.60/32,
|
||||
178.248.232.137/32,
|
||||
178.248.233.26/32,
|
||||
178.248.233.32/32,
|
||||
178.248.233.60/32,
|
||||
178.248.233.136/32,
|
||||
178.248.233.244/31,
|
||||
178.248.234.30/32,
|
||||
178.248.234.33/32,
|
||||
178.248.234.60/32,
|
||||
178.248.234.79/32,
|
||||
178.248.234.83/32,
|
||||
178.248.234.136/32,
|
||||
178.248.234.204/32,
|
||||
178.248.234.228/32,
|
||||
178.248.234.238/32,
|
||||
178.248.235.60/32,
|
||||
178.248.235.75/32,
|
||||
178.248.235.244/32,
|
||||
178.248.236.20/32,
|
||||
178.248.236.83/32,
|
||||
178.248.236.244/32,
|
||||
178.248.237.18/32,
|
||||
178.248.237.98/32,
|
||||
178.248.237.136/32,
|
||||
178.248.237.242/32,
|
||||
178.248.238.55/32,
|
||||
178.248.238.102/32,
|
||||
178.248.238.128/31,
|
||||
178.248.238.136/32,
|
||||
178.248.238.155/32,
|
||||
178.248.238.172/32,
|
||||
178.248.238.205/32,
|
||||
178.248.238.255/32,
|
||||
178.248.239.215/32,
|
||||
185.5.136.0/22,
|
||||
185.6.244.0/22,
|
||||
185.7.234.188/30,
|
||||
185.16.148.0/22,
|
||||
185.16.244.0/22,
|
||||
185.29.128.0/22,
|
||||
185.32.248.0/22,
|
||||
185.65.149.170/32,
|
||||
185.86.144.0/22,
|
||||
185.100.104.0/22,
|
||||
185.130.112.0/22,
|
||||
185.131.68.0/22,
|
||||
185.149.160.0/22,
|
||||
185.168.60.0/22,
|
||||
185.179.224.0/22,
|
||||
185.180.200.0/22,
|
||||
185.183.172.0/22,
|
||||
185.187.63.0/24,
|
||||
185.224.228.0/22,
|
||||
185.226.52.0/22,
|
||||
185.241.192.0/22,
|
||||
188.93.56.0/21,
|
||||
188.128.8.240/30,
|
||||
188.128.11.196/30,
|
||||
188.128.89.0/30,
|
||||
188.128.92.104/30,
|
||||
188.128.94.204/30,
|
||||
188.128.98.204/30,
|
||||
188.128.101.108/30,
|
||||
188.128.112.216/29,
|
||||
188.128.112.240/29,
|
||||
188.128.113.0/28,
|
||||
188.128.114.128/28,
|
||||
188.128.115.232/29,
|
||||
188.128.118.224/27,
|
||||
188.128.119.104/30,
|
||||
188.128.122.240/30,
|
||||
188.247.36.124/30,
|
||||
188.247.36.128/28,
|
||||
188.247.36.204/30,
|
||||
193.33.230.0/23,
|
||||
193.47.146.0/24,
|
||||
193.203.40.0/22,
|
||||
193.232.70.0/24,
|
||||
194.8.70.0/23,
|
||||
194.8.246.0/23,
|
||||
194.67.63.200/30,
|
||||
194.84.16.12/30,
|
||||
194.140.247.0/24,
|
||||
194.150.202.0/23,
|
||||
194.165.22.0/23,
|
||||
194.186.63.0/24,
|
||||
194.186.112.80/28,
|
||||
194.190.9.0/24,
|
||||
194.215.248.0/24,
|
||||
194.226.80.0/20,
|
||||
194.226.116.0/22,
|
||||
194.226.127.0/24,
|
||||
195.3.240.0/22,
|
||||
195.16.55.224/27,
|
||||
195.42.75.8/29,
|
||||
195.54.20.168/29,
|
||||
195.54.28.72/30,
|
||||
195.54.221.0/24,
|
||||
195.58.5.16/29,
|
||||
195.58.13.120/30,
|
||||
195.58.21.196/30,
|
||||
195.58.29.57/32,
|
||||
195.58.30.164/30,
|
||||
195.58.30.200/29,
|
||||
195.80.224.0/24,
|
||||
195.98.38.16/28,
|
||||
195.98.43.104/29,
|
||||
195.98.73.56/29,
|
||||
195.98.77.100/30,
|
||||
195.128.157.0/24,
|
||||
195.131.7.8/29,
|
||||
195.131.53.248/29,
|
||||
195.131.61.80/29,
|
||||
195.131.63.24/29,
|
||||
195.144.226.224/28,
|
||||
195.144.232.144/30,
|
||||
195.144.240.128/28,
|
||||
195.149.110.0/24,
|
||||
195.162.36.64/28,
|
||||
195.170.218.24/29,
|
||||
195.170.218.88/29,
|
||||
195.182.142.128/26,
|
||||
195.182.145.64/28,
|
||||
195.182.151.212/30,
|
||||
195.182.151.216/30,
|
||||
195.182.155.164/30,
|
||||
195.182.156.96/30,
|
||||
195.209.120.0/22,
|
||||
195.211.20.0/22,
|
||||
195.218.175.40/29,
|
||||
195.218.190.0/23,
|
||||
195.226.203.0/24,
|
||||
195.239.80.32/29,
|
||||
195.239.113.0/24,
|
||||
195.239.247.0/24,
|
||||
212.13.104.116/30,
|
||||
212.13.113.100/30,
|
||||
212.15.105.64/28,
|
||||
212.15.114.156/30,
|
||||
212.15.115.80/28,
|
||||
212.17.8.176/29,
|
||||
212.17.9.144/28,
|
||||
212.17.16.192/27,
|
||||
212.17.17.176/28,
|
||||
212.23.85.48/30,
|
||||
212.23.85.56/29,
|
||||
212.32.198.64/29,
|
||||
212.48.34.176/28,
|
||||
212.48.53.76/30,
|
||||
212.48.53.84/30,
|
||||
212.48.53.88/29,
|
||||
212.48.53.100/30,
|
||||
212.48.53.144/30,
|
||||
212.48.53.152/29,
|
||||
212.48.53.160/29,
|
||||
212.48.53.184/29,
|
||||
212.48.53.192/29,
|
||||
212.48.53.200/30,
|
||||
212.48.53.216/30,
|
||||
212.48.53.236/30,
|
||||
212.48.53.240/28,
|
||||
212.48.54.0/30,
|
||||
212.48.54.8/29,
|
||||
212.48.54.16/28,
|
||||
212.48.54.32/29,
|
||||
212.48.54.44/30,
|
||||
212.48.54.48/28,
|
||||
212.48.54.64/28,
|
||||
212.48.54.80/29,
|
||||
212.48.54.92/30,
|
||||
212.48.54.96/27,
|
||||
212.48.54.128/27,
|
||||
212.48.54.164/30,
|
||||
212.48.54.168/29,
|
||||
212.48.54.176/28,
|
||||
212.48.54.196/30,
|
||||
212.48.54.200/30,
|
||||
212.48.54.208/28,
|
||||
212.48.54.240/28,
|
||||
212.48.134.192/26,
|
||||
212.48.138.240/28,
|
||||
212.48.141.160/27,
|
||||
212.49.107.224/27,
|
||||
212.49.124.0/26,
|
||||
212.57.133.0/24,
|
||||
212.57.159.0/24,
|
||||
212.59.98.48/29,
|
||||
212.59.99.96/27,
|
||||
212.111.84.0/22,
|
||||
212.119.174.0/23,
|
||||
212.120.169.48/29,
|
||||
212.120.174.88/29,
|
||||
212.120.184.48/28,
|
||||
212.120.184.64/29,
|
||||
212.120.189.208/29,
|
||||
212.120.189.224/29,
|
||||
212.120.190.112/29,
|
||||
212.120.190.240/29,
|
||||
212.120.191.120/29,
|
||||
212.120.191.248/29,
|
||||
212.192.156.0/22,
|
||||
212.233.72.0/21,
|
||||
212.233.88.0/21,
|
||||
212.233.96.0/22,
|
||||
212.233.120.0/22,
|
||||
213.24.34.0/24,
|
||||
213.24.75.0/24,
|
||||
213.24.76.0/23,
|
||||
213.24.128.0/22,
|
||||
213.24.143.0/24,
|
||||
213.24.152.0/22,
|
||||
213.24.160.0/28,
|
||||
213.33.171.240/29,
|
||||
213.59.59.16/29,
|
||||
213.59.59.64/29,
|
||||
213.59.59.120/29,
|
||||
213.59.59.128/29,
|
||||
213.59.59.144/29,
|
||||
213.59.59.168/29,
|
||||
213.59.91.48/29,
|
||||
213.59.91.128/27,
|
||||
213.59.91.176/28,
|
||||
213.85.2.64/28,
|
||||
213.85.2.80/29,
|
||||
213.85.20.8/30,
|
||||
213.85.20.32/30,
|
||||
213.85.20.84/30,
|
||||
213.85.77.64/27,
|
||||
213.85.142.176/28,
|
||||
213.147.55.108/30,
|
||||
213.172.4.192/26,
|
||||
213.172.17.252/30,
|
||||
213.172.18.60/30,
|
||||
213.172.18.124/30,
|
||||
213.172.18.148/30,
|
||||
213.172.18.160/29,
|
||||
213.172.18.252/30,
|
||||
213.172.27.0/30,
|
||||
213.172.27.116/30,
|
||||
213.172.27.160/30,
|
||||
213.172.27.204/30,
|
||||
213.172.27.212/30,
|
||||
213.172.27.224/30,
|
||||
213.172.27.252/30,
|
||||
213.172.30.136/30,
|
||||
213.176.232.0/22,
|
||||
213.177.111.0/24,
|
||||
213.183.253.56/29,
|
||||
213.219.212.0/22,
|
||||
213.219.237.68/30,
|
||||
213.234.8.8/30,
|
||||
213.234.13.60/30,
|
||||
213.234.15.228/30,
|
||||
213.234.15.248/30,
|
||||
213.234.18.52/30,
|
||||
213.242.204.76/30,
|
||||
213.242.204.236/30,
|
||||
213.242.205.88/30,
|
||||
213.242.215.68/30,
|
||||
213.242.215.192/29,
|
||||
213.243.84.80/28,
|
||||
213.243.106.48/28,
|
||||
213.243.116.0/24,
|
||||
217.16.16.0/20,
|
||||
217.20.86.128/25,
|
||||
217.20.144.0/20,
|
||||
217.23.88.168/29,
|
||||
217.23.88.248/29,
|
||||
217.27.142.176/30,
|
||||
217.65.214.24/29,
|
||||
217.65.219.160/29,
|
||||
217.67.177.208/29,
|
||||
217.69.128.0/20,
|
||||
217.106.0.0/16,
|
||||
217.107.0.0/18,
|
||||
217.107.200.0/21,
|
||||
217.107.208.0/20,
|
||||
217.147.23.112/28,
|
||||
217.148.216.156/30,
|
||||
217.148.220.160/29,
|
||||
217.172.18.0/23,
|
||||
217.172.20.0/22,
|
||||
217.174.188.0/22,
|
||||
217.195.92.16/28,
|
||||
217.195.93.144/29,
|
||||
217.195.94.200/29
|
||||
}
|
||||
}
|
||||
|
||||
set blacklist_v6 {
|
||||
type ipv6_addr
|
||||
flags interval
|
||||
elements = {
|
||||
2a00:1148::/29,
|
||||
2a00:46e0::/32,
|
||||
2a00:a300::/32,
|
||||
2a00:b4c0::/32,
|
||||
2a00:bdc0::/33,
|
||||
2a00:bdc0:8000::/34,
|
||||
2a00:bdc0:c000::/35,
|
||||
2a00:bdc0:e002::/47,
|
||||
2a00:bdc0:e004::/47,
|
||||
2a00:bdc0:e007::/48,
|
||||
2a00:bdc0:f000::/36,
|
||||
2a00:bdc1::/32,
|
||||
2a00:bdc2::/31,
|
||||
2a00:bdc4::/30,
|
||||
2a14:25c0::/32,
|
||||
2a14:25c5::/32,
|
||||
2a14:25c6::/31
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
24
blacklists_nginx/README.md
Normal file
24
blacklists_nginx/README.md
Normal file
@@ -0,0 +1,24 @@
|
||||
# nginx blacklists
|
||||
|
||||
Short: ready-to-use deny lists for nginx (mixed, IPv4-only, and IPv6-only).
|
||||
|
||||
## Download links
|
||||
|
||||
- https://raw.githubusercontent.com/C24Be/AS_Network_List/refs/heads/main/blacklists_nginx/blacklist.conf
|
||||
- https://raw.githubusercontent.com/C24Be/AS_Network_List/refs/heads/main/blacklists_nginx/blacklist-v4.conf
|
||||
- https://raw.githubusercontent.com/C24Be/AS_Network_List/refs/heads/main/blacklists_nginx/blacklist-v6.conf
|
||||
|
||||
## How to use
|
||||
|
||||
1. Download one file (`blacklist.conf`, `blacklist-v4.conf`, or `blacklist-v6.conf`).
|
||||
2. Include it in your `server` or `location` block:
|
||||
|
||||
```nginx
|
||||
include /etc/nginx/blacklist.conf;
|
||||
```
|
||||
|
||||
3. Test and reload nginx:
|
||||
|
||||
```bash
|
||||
sudo nginx -t && sudo systemctl reload nginx
|
||||
```
|
||||
1152
blacklists_nginx/blacklist-v4.conf
Normal file
1152
blacklists_nginx/blacklist-v4.conf
Normal file
File diff suppressed because it is too large
Load Diff
31
blacklists_nginx/blacklist-v6.conf
Normal file
31
blacklists_nginx/blacklist-v6.conf
Normal file
@@ -0,0 +1,31 @@
|
||||
# Nginx blacklist configuration (IPv6 only)
|
||||
# Auto-generated from blacklist-v6.txt
|
||||
# Last updated: 2026-03-31 07:05:55 UTC
|
||||
#
|
||||
# Usage: Include this file in your nginx server or location block:
|
||||
# include /path/to/blacklist-v6.conf;
|
||||
#
|
||||
|
||||
deny 2a00:1148::/29;
|
||||
deny 2a00:1148::/32;
|
||||
deny 2a00:46e0:2::/48;
|
||||
deny 2a00:46e0::/32;
|
||||
deny 2a00:a300::/32;
|
||||
deny 2a00:b4c0::/32;
|
||||
deny 2a00:bdc0:8000::/34;
|
||||
deny 2a00:bdc0::/33;
|
||||
deny 2a00:bdc0:c000::/35;
|
||||
deny 2a00:bdc0:e002::/48;
|
||||
deny 2a00:bdc0:e003::/48;
|
||||
deny 2a00:bdc0:e004::/48;
|
||||
deny 2a00:bdc0:e005::/48;
|
||||
deny 2a00:bdc0:e007::/48;
|
||||
deny 2a00:bdc0:f000::/36;
|
||||
deny 2a00:bdc1::/32;
|
||||
deny 2a00:bdc2::/31;
|
||||
deny 2a00:bdc4::/30;
|
||||
deny 2a14:25c0::/32;
|
||||
deny 2a14:25c5::/32;
|
||||
deny 2a14:25c6::/32;
|
||||
deny 2a14:25c7::/32;
|
||||
|
||||
1174
blacklists_nginx/blacklist.conf
Normal file
1174
blacklists_nginx/blacklist.conf
Normal file
File diff suppressed because it is too large
Load Diff
275
blacklists_route/blacklist-vk-v4.routes
Normal file
275
blacklists_route/blacklist-vk-v4.routes
Normal file
@@ -0,0 +1,275 @@
|
||||
# Linux routes for VK networks (IPv4)
|
||||
# Auto-generated by blacklists_updater_routes.sh
|
||||
# Last updated: 2026-03-31 07:05:57 UTC
|
||||
#
|
||||
# Apply:
|
||||
# sudo sh blacklist-vk-v4.routes
|
||||
#
|
||||
|
||||
ip route replace 109.120.180.0/22 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 109.120.180.0/23 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 109.120.182.0/23 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 109.120.188.0/22 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 109.120.188.0/23 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 109.120.190.0/23 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 128.140.168.0/21 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 128.140.168.0/23 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 128.140.170.0/24 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 128.140.171.0/24 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 128.140.172.0/22 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 130.49.224.0/19 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 146.185.208.0/22 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 146.185.208.0/23 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 146.185.210.0/23 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 146.185.240.0/22 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 146.185.240.0/23 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 146.185.242.0/23 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 155.212.192.0/20 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 161.104.104.0/21 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 176.112.168.0/21 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 178.22.88.0/21 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 178.22.89.64/26 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 178.22.94.0/23 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 178.237.16.0/20 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 178.237.16.0/21 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 178.237.24.0/22 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 178.237.30.0/23 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 185.100.104.0/22 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 185.100.104.0/23 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 185.100.106.0/23 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 185.130.112.0/22 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 185.130.112.0/23 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 185.130.114.0/23 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 185.131.68.0/22 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 185.16.148.0/22 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 185.16.148.0/23 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 185.16.150.0/23 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 185.16.244.0/22 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 185.16.244.0/23 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 185.16.246.0/23 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 185.180.200.0/22 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 185.187.63.0/24 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 185.187.63.0/25 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 185.187.63.128/25 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 185.226.52.0/22 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 185.226.52.0/23 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 185.226.54.0/23 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 185.241.192.0/22 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 185.241.192.0/23 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 185.241.194.0/23 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 185.29.128.0/22 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 185.29.130.0/24 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 185.32.248.0/22 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 185.32.248.0/23 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 185.32.250.0/23 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 185.5.136.0/22 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 185.5.136.0/23 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 185.5.138.0/23 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 185.6.244.0/22 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 185.6.244.0/23 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 185.6.246.0/23 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 185.86.144.0/22 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 185.86.144.0/23 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 185.86.146.0/23 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 188.93.56.0/21 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 188.93.56.0/24 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 188.93.57.0/24 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 188.93.58.0/24 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 188.93.60.0/24 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 188.93.61.0/24 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 188.93.62.0/24 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 193.203.40.0/22 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 194.84.16.12/30 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 195.211.20.0/22 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 195.211.22.0/24 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 195.211.23.0/24 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 212.111.84.0/22 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 212.233.120.0/22 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 212.233.72.0/21 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 212.233.88.0/21 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 212.233.96.0/22 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 213.219.212.0/22 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 213.219.212.0/23 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 213.219.214.0/23 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 217.16.16.0/20 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 217.16.16.0/21 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 217.16.24.0/21 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 217.174.188.0/23 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 217.20.144.0/20 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 217.20.144.0/22 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 217.20.148.0/24 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 217.20.149.0/24 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 217.20.150.0/23 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 217.20.152.0/22 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 217.20.156.0/23 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 217.20.158.0/24 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 217.20.159.0/24 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 217.69.128.0/20 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 217.69.128.0/21 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 217.69.136.0/21 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 37.139.32.0/22 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 37.139.32.0/23 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 37.139.34.0/23 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 37.139.40.0/22 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 37.139.40.0/23 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 37.139.42.0/23 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 45.136.20.0/22 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 45.136.20.0/23 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 45.136.22.0/23 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 45.84.128.0/22 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 45.84.128.0/23 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 45.84.130.0/23 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 5.101.40.0/22 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 5.101.40.0/23 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 5.101.42.0/23 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 5.181.60.0/22 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 5.181.60.0/24 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 5.181.61.0/24 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 5.181.62.0/23 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 5.188.140.0/22 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 5.188.140.0/23 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 5.188.142.0/23 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 5.61.16.0/21 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 5.61.16.0/22 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 5.61.20.0/22 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 5.61.232.0/21 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 5.61.232.0/22 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 5.61.236.0/23 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 5.61.238.0/24 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 5.61.239.0/27 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 5.61.239.128/25 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 5.61.239.40/29 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 5.61.239.48/28 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 5.61.239.64/26 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 62.217.160.0/20 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 62.217.160.0/21 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 62.217.168.0/21 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 79.137.132.0/24 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 79.137.132.0/25 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 79.137.132.128/25 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 79.137.139.0/24 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 79.137.139.0/25 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 79.137.139.128/25 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 79.137.157.0/25 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 79.137.157.128/25 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 79.137.164.0/24 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 79.137.164.0/25 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 79.137.164.128/25 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 79.137.167.0/24 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 79.137.167.0/25 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 79.137.167.128/25 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 79.137.174.0/23 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 79.137.174.0/24 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 79.137.175.0/24 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 79.137.180.0/24 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 79.137.180.0/25 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 79.137.180.128/25 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 79.137.240.0/21 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 79.137.240.0/22 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 79.137.244.0/22 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 83.166.232.0/21 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 83.166.232.0/22 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 83.166.236.0/22 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 83.166.248.0/21 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 83.166.248.0/22 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 83.166.252.0/22 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 83.217.216.0/22 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 83.217.216.0/23 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 83.217.218.0/23 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 83.222.28.0/22 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 84.23.52.0/22 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 84.23.52.0/23 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 84.23.54.0/23 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 85.114.31.108/30 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 85.192.32.0/22 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 85.192.32.0/23 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 85.192.34.0/23 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 85.198.106.0/24 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 85.198.107.0/24 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 87.239.104.0/21 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 87.239.104.0/22 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 87.239.108.0/22 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 87.240.128.0/18 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 87.240.128.0/19 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 87.240.160.0/19 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 87.242.112.0/22 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 89.208.196.0/22 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 89.208.196.0/23 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 89.208.198.0/23 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 89.208.208.0/22 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 89.208.208.0/23 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 89.208.210.0/23 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 89.208.216.0/21 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 89.208.216.0/23 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 89.208.218.0/23 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 89.208.220.0/22 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 89.208.228.0/22 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 89.208.228.0/23 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 89.208.230.0/23 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 89.208.84.0/22 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 89.208.84.0/23 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 89.208.86.0/23 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 89.221.228.0/22 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 89.221.232.0/21 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 90.156.148.0/22 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 90.156.148.0/23 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 90.156.150.0/23 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 90.156.212.0/22 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 90.156.212.0/23 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 90.156.214.0/23 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 90.156.216.0/22 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 90.156.216.0/23 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 90.156.218.0/23 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 90.156.232.0/21 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 91.219.224.0/22 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 91.231.132.0/22 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 91.237.76.0/24 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 93.153.255.84/30 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 93.186.224.0/20 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 93.186.224.0/21 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 93.186.232.0/21 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 94.100.176.0/20 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 94.100.176.0/21 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 94.100.184.0/21 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 94.139.244.0/22 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 94.139.244.0/23 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 94.139.246.0/23 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 95.142.192.0/20 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 95.142.192.0/21 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 95.142.200.0/21 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 95.163.180.0/22 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 95.163.180.0/23 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 95.163.182.0/23 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 95.163.208.0/21 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 95.163.208.0/23 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 95.163.210.0/23 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 95.163.212.0/22 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 95.163.216.0/22 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 95.163.216.0/23 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 95.163.218.0/23 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 95.163.248.0/21 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 95.163.248.0/22 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 95.163.252.0/23 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 95.163.254.0/23 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 95.163.32.0/19 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 95.163.32.0/22 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 95.163.36.0/22 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 95.163.40.0/21 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 95.163.48.0/20 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 95.213.0.0/17 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 95.213.0.0/20 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 95.213.16.0/21 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 95.213.24.0/23 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 95.213.26.0/24 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 95.213.27.0/24 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 95.213.28.0/24 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 95.213.29.0/24 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 95.213.30.0/24 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 95.213.31.0/24 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 95.213.32.0/24 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 95.213.33.0/24 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 95.213.34.0/23 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 95.213.36.0/22 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 95.213.40.0/21 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 95.213.48.0/20 via 127.0.0.1 dev lo onlink
|
||||
ip route replace 95.213.64.0/18 via 127.0.0.1 dev lo onlink
|
||||
9
blacklists_route/blacklist-vk-v6.routes
Normal file
9
blacklists_route/blacklist-vk-v6.routes
Normal file
@@ -0,0 +1,9 @@
|
||||
# Linux routes for VK networks (IPv6)
|
||||
# Auto-generated by blacklists_updater_routes.sh
|
||||
# Last updated: 2026-03-31 07:05:57 UTC
|
||||
#
|
||||
# Apply:
|
||||
# sudo sh blacklist-vk-v6.routes
|
||||
#
|
||||
|
||||
ip -6 route replace 2a00:bdc0::/29 via ::1 dev lo
|
||||
@@ -11,7 +11,7 @@ blacklist_v6_file="${SCRIPT_DIR}/blacklists/blacklist-v6.txt"
|
||||
auto_all_v4_file="${SCRIPT_DIR}/auto/all-ru-ipv4.txt"
|
||||
auto_all_v6_file="${SCRIPT_DIR}/auto/all-ru-ipv6.txt"
|
||||
auto_ripe_v4_file="${SCRIPT_DIR}/auto/ripe-ru-ipv4.txt"
|
||||
vk_name_pattern='VK[[:space:]-]*CLOUD|VKCOMPANY|VKONTAKTE'
|
||||
vk_name_pattern='vk[[:space:]-]*cloud|vkcompany|vkontakte'
|
||||
|
||||
# Additional VK-only text blacklists
|
||||
blacklist_vk_file="${SCRIPT_DIR}/blacklists/blacklist-vk.txt"
|
||||
@@ -20,21 +20,19 @@ blacklist_vk_v6_file="${SCRIPT_DIR}/blacklists/blacklist-vk-v6.txt"
|
||||
|
||||
# Output directory and files
|
||||
iptables_output_dir="${SCRIPT_DIR}/blacklists_iptables"
|
||||
iptables_output_file="${iptables_output_dir}/blacklist.ipset"
|
||||
iptables_v4_output_file="${iptables_output_dir}/blacklist-v4.ipset"
|
||||
iptables_v6_output_file="${iptables_output_dir}/blacklist-v6.ipset"
|
||||
iptables_vk_output_file="${iptables_output_dir}/blacklist-vk.ipset"
|
||||
iptables_vk_v4_output_file="${iptables_output_dir}/blacklist-vk-v4.ipset"
|
||||
iptables_vk_v6_output_file="${iptables_output_dir}/blacklist-vk-v6.ipset"
|
||||
|
||||
# Create iptables directory if it doesn't exist
|
||||
mkdir -p "${iptables_output_dir}"
|
||||
# Create required directories if they don't exist
|
||||
mkdir -p "${iptables_output_dir}" "${SCRIPT_DIR}/blacklists"
|
||||
|
||||
# Build additional VK-only blacklist from network names in auto/*.txt files
|
||||
tmp_vk_file="$(mktemp "${SCRIPT_DIR}/blacklists/.blacklist-vk.XXXXXX")"
|
||||
for source_file in "${auto_all_v4_file}" "${auto_all_v6_file}" "${auto_ripe_v4_file}"; do
|
||||
[ -f "${source_file}" ] || continue
|
||||
awk -v pattern="${vk_name_pattern}" 'BEGIN { IGNORECASE = 1 } $0 ~ pattern { print $1 }' "${source_file}" >> "${tmp_vk_file}"
|
||||
awk -v pattern="${vk_name_pattern}" 'tolower($0) ~ pattern { print $1 }' "${source_file}" >> "${tmp_vk_file}"
|
||||
done
|
||||
sort -u "${tmp_vk_file}" > "${blacklist_vk_file}"
|
||||
grep ':' "${blacklist_vk_file}" | sort -u > "${blacklist_vk_v6_file}" || true
|
||||
@@ -106,70 +104,10 @@ generate_ipset_config "${blacklist_v6_file}" "${iptables_v6_output_file}" "(IPv6
|
||||
generate_ipset_config "${blacklist_vk_v4_file}" "${iptables_vk_v4_output_file}" "(VK names, IPv4 only)" "blacklist-vk-v4" "inet"
|
||||
generate_ipset_config "${blacklist_vk_v6_file}" "${iptables_vk_v6_output_file}" "(VK names, IPv6 only)" "blacklist-vk-v6" "inet6"
|
||||
|
||||
# For mixed file, we need to create two sets (IPv4 and IPv6) as ipset doesn't support mixed families
|
||||
cat > "${iptables_output_file}" << EOF
|
||||
# IPSet blacklist configuration (mixed IPv4/IPv6)
|
||||
# Auto-generated from $(basename ${blacklist_file})
|
||||
# Last updated: $(date -u +"%Y-%m-%d %H:%M:%S UTC")
|
||||
#
|
||||
# Usage:
|
||||
# 1. Load the ipset:
|
||||
# ipset restore < $(basename ${iptables_output_file})
|
||||
#
|
||||
# 2. Use with iptables/ip6tables:
|
||||
# iptables -I INPUT -m set --match-set blacklist-v4 src -m conntrack --ctstate NEW -j DROP
|
||||
# iptables -I FORWARD -m set --match-set blacklist-v4 src -m conntrack --ctstate NEW -j DROP
|
||||
# ip6tables -I INPUT -m set --match-set blacklist-v6 src -m conntrack --ctstate NEW -j DROP
|
||||
# ip6tables -I FORWARD -m set --match-set blacklist-v6 src -m conntrack --ctstate NEW -j DROP
|
||||
#
|
||||
# 3. To flush/delete the sets:
|
||||
# ipset flush blacklist-v4 && ipset destroy blacklist-v4
|
||||
# ipset flush blacklist-v6 && ipset destroy blacklist-v6
|
||||
#
|
||||
|
||||
EOF
|
||||
|
||||
# Append both IPv4 and IPv6 sets to the mixed file
|
||||
tail -n +2 "${iptables_v4_output_file}" | grep -E "^(create|add)" >> "${iptables_output_file}"
|
||||
echo "" >> "${iptables_output_file}"
|
||||
tail -n +2 "${iptables_v6_output_file}" | grep -E "^(create|add)" >> "${iptables_output_file}"
|
||||
|
||||
echo "✓ Generated (mixed IPv4/IPv6): ${iptables_output_file}"
|
||||
echo " Total entries: $(wc -l < "${blacklist_file}" | tr -d ' ')"
|
||||
|
||||
# Generate mixed VK-only ipset file (contains both v4 and v6 sets)
|
||||
cat > "${iptables_vk_output_file}" << EOF
|
||||
# IPSet blacklist configuration (VK names: VK Cloud / VKCOMPANY / VKONTAKTE)
|
||||
# Auto-generated from name-filtered auto/*.txt sources
|
||||
# Last updated: $(date -u +"%Y-%m-%d %H:%M:%S UTC")
|
||||
#
|
||||
# Usage:
|
||||
# 1. Load the ipset:
|
||||
# ipset restore < $(basename "${iptables_vk_output_file}")
|
||||
#
|
||||
# 2. Use with iptables/ip6tables:
|
||||
# iptables -I OUTPUT -m set --match-set blacklist-vk-v4 dst -j REJECT
|
||||
# iptables -I FORWARD -m set --match-set blacklist-vk-v4 dst -j REJECT
|
||||
# ip6tables -I OUTPUT -m set --match-set blacklist-vk-v6 dst -j REJECT
|
||||
# ip6tables -I FORWARD -m set --match-set blacklist-vk-v6 dst -j REJECT
|
||||
#
|
||||
# 3. To flush/delete the sets:
|
||||
# ipset flush blacklist-vk-v4 && ipset destroy blacklist-vk-v4
|
||||
# ipset flush blacklist-vk-v6 && ipset destroy blacklist-vk-v6
|
||||
#
|
||||
|
||||
EOF
|
||||
|
||||
tail -n +2 "${iptables_vk_v4_output_file}" | grep -E "^(create|add)" >> "${iptables_vk_output_file}"
|
||||
echo "" >> "${iptables_vk_output_file}"
|
||||
tail -n +2 "${iptables_vk_v6_output_file}" | grep -E "^(create|add)" >> "${iptables_vk_output_file}"
|
||||
|
||||
echo "✓ Generated (VK names, mixed IPv4/IPv6): ${iptables_vk_output_file}"
|
||||
echo " Total entries: $(wc -l < "${blacklist_vk_file}" | tr -d ' ')"
|
||||
|
||||
echo ""
|
||||
echo "VK outgoing block examples (iptables/ipset):"
|
||||
echo " ipset restore < ${iptables_vk_output_file}"
|
||||
echo " ipset restore < ${iptables_vk_v4_output_file}"
|
||||
echo " ipset restore < ${iptables_vk_v6_output_file}"
|
||||
echo " iptables -I OUTPUT -m set --match-set blacklist-vk-v4 dst -j REJECT"
|
||||
echo " iptables -I FORWARD -m set --match-set blacklist-vk-v4 dst -j REJECT"
|
||||
echo " ip6tables -I OUTPUT -m set --match-set blacklist-vk-v6 dst -j REJECT"
|
||||
|
||||
@@ -11,15 +11,15 @@ OUTPUT_DIR="$SCRIPT_DIR/blacklists_nftables"
|
||||
AUTO_ALL_V4_FILE="$SCRIPT_DIR/auto/all-ru-ipv4.txt"
|
||||
AUTO_ALL_V6_FILE="$SCRIPT_DIR/auto/all-ru-ipv6.txt"
|
||||
AUTO_RIPE_V4_FILE="$SCRIPT_DIR/auto/ripe-ru-ipv4.txt"
|
||||
VK_NAME_PATTERN='VK[[:space:]-]*CLOUD|VKCOMPANY|VKONTAKTE'
|
||||
VK_NAME_PATTERN='vk[[:space:]-]*cloud|vkcompany|vkontakte'
|
||||
|
||||
# Additional VK-only text blacklists
|
||||
VK_INPUT_FILE="$SCRIPT_DIR/blacklists/blacklist-vk.txt"
|
||||
VK_INPUT_V4_FILE="$SCRIPT_DIR/blacklists/blacklist-vk-v4.txt"
|
||||
VK_INPUT_V6_FILE="$SCRIPT_DIR/blacklists/blacklist-vk-v6.txt"
|
||||
|
||||
# Create output directory if it doesn't exist
|
||||
mkdir -p "$OUTPUT_DIR"
|
||||
# Create required directories if they don't exist
|
||||
mkdir -p "$OUTPUT_DIR" "$SCRIPT_DIR/blacklists"
|
||||
|
||||
echo "Generating nftables blacklists..."
|
||||
|
||||
@@ -27,14 +27,14 @@ echo "Generating nftables blacklists..."
|
||||
TMP_VK_FILE="$(mktemp "$SCRIPT_DIR/blacklists/.blacklist-vk.XXXXXX")"
|
||||
for source_file in "$AUTO_ALL_V4_FILE" "$AUTO_ALL_V6_FILE" "$AUTO_RIPE_V4_FILE"; do
|
||||
[[ -f "$source_file" ]] || continue
|
||||
awk -v pattern="$VK_NAME_PATTERN" 'BEGIN { IGNORECASE = 1 } $0 ~ pattern { print $1 }' "$source_file" >> "$TMP_VK_FILE"
|
||||
awk -v pattern="$VK_NAME_PATTERN" 'tolower($0) ~ pattern { print $1 }' "$source_file" >> "$TMP_VK_FILE"
|
||||
done
|
||||
sort -u "$TMP_VK_FILE" > "$VK_INPUT_FILE"
|
||||
grep ':' "$VK_INPUT_FILE" | sort -u > "$VK_INPUT_V6_FILE" || true
|
||||
grep -v ':' "$VK_INPUT_FILE" | sort -u > "$VK_INPUT_V4_FILE" || true
|
||||
rm -f "$TMP_VK_FILE"
|
||||
|
||||
# Generate mixed IPv4/IPv6 blacklist
|
||||
# Generate mixed IPv4/IPv6 blacklist (recommended single-file load)
|
||||
python3 "$SCRIPT_DIR/generate_nft_blacklist.py" \
|
||||
"$INPUT_FILE" \
|
||||
"$OUTPUT_DIR/blacklist.nft"
|
||||
@@ -71,14 +71,18 @@ echo "nftables blacklists generated successfully!"
|
||||
echo ""
|
||||
echo "VM incoming block examples (all lists, nftables):"
|
||||
echo " sudo nft -f $OUTPUT_DIR/blacklist.nft"
|
||||
echo " sudo nft -f $OUTPUT_DIR/blacklist-v4.nft"
|
||||
echo " sudo nft -f $OUTPUT_DIR/blacklist-v6.nft"
|
||||
echo " sudo nft add chain inet filter input '{ type filter hook input priority 0; policy accept; }'"
|
||||
echo " sudo nft add rule inet filter input ip saddr @blacklist_v4 counter reject"
|
||||
echo " sudo nft add rule inet filter input ip6 saddr @blacklist_v6 counter reject"
|
||||
echo ""
|
||||
echo "VK outbound block examples for VPN clients via NAT (nftables):"
|
||||
echo " sudo nft -f $OUTPUT_DIR/blacklist-vk.nft"
|
||||
echo " sudo nft -f $OUTPUT_DIR/blacklist-vk-v4.nft"
|
||||
echo " sudo nft -f $OUTPUT_DIR/blacklist-vk-v6.nft"
|
||||
echo " sudo nft add chain inet filter forward '{ type filter hook forward priority 0; policy accept; }'"
|
||||
echo " sudo nft add rule inet filter forward iifname \"<VPN_IFACE>\" ip daddr @blacklist_v4 counter reject"
|
||||
echo " sudo nft add rule inet filter forward iifname \"<VPN_IFACE>\" ip6 daddr @blacklist_v6 counter reject"
|
||||
echo " sudo nft add rule inet filter forward iifname \"<VPN_IFACE>\" ip daddr @blacklist_vk_v4 counter reject"
|
||||
echo " sudo nft add rule inet filter forward iifname \"<VPN_IFACE>\" ip6 daddr @blacklist_vk_v6 counter reject"
|
||||
echo ""
|
||||
echo "Tip: Do not install Messenger MAX on the same phone/device that has VPN access configured."
|
||||
|
||||
@@ -11,8 +11,8 @@ nginx_output_file="${nginx_output_dir}/blacklist.conf"
|
||||
nginx_v4_output_file="${nginx_output_dir}/blacklist-v4.conf"
|
||||
nginx_v6_output_file="${nginx_output_dir}/blacklist-v6.conf"
|
||||
|
||||
# Create nginx directory if it doesn't exist
|
||||
mkdir -p "${nginx_output_dir}"
|
||||
# Create required directories if they don't exist
|
||||
mkdir -p "${nginx_output_dir}" "blacklists"
|
||||
|
||||
# Function to generate nginx config from input file
|
||||
generate_nginx_config() {
|
||||
|
||||
4
blacklists_updater_routes.sh
Normal file → Executable file
4
blacklists_updater_routes.sh
Normal file → Executable file
@@ -8,7 +8,7 @@ SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)"
|
||||
AUTO_ALL_V4_FILE="${SCRIPT_DIR}/auto/all-ru-ipv4.txt"
|
||||
AUTO_ALL_V6_FILE="${SCRIPT_DIR}/auto/all-ru-ipv6.txt"
|
||||
AUTO_RIPE_V4_FILE="${SCRIPT_DIR}/auto/ripe-ru-ipv4.txt"
|
||||
VK_NAME_PATTERN='VK[[:space:]-]*CLOUD|VKCOMPANY|VKONTAKTE'
|
||||
VK_NAME_PATTERN='vk[[:space:]-]*cloud|vkcompany|vkontakte'
|
||||
|
||||
# Additional VK-only text blacklists
|
||||
VK_INPUT_FILE="${SCRIPT_DIR}/blacklists/blacklist-vk.txt"
|
||||
@@ -28,7 +28,7 @@ echo "Generating VK route blacklists..."
|
||||
TMP_VK_FILE="$(mktemp "${SCRIPT_DIR}/blacklists/.blacklist-vk.XXXXXX")"
|
||||
for source_file in "${AUTO_ALL_V4_FILE}" "${AUTO_ALL_V6_FILE}" "${AUTO_RIPE_V4_FILE}"; do
|
||||
[ -f "${source_file}" ] || continue
|
||||
awk -v pattern="${VK_NAME_PATTERN}" 'BEGIN { IGNORECASE = 1 } $0 ~ pattern { print $1 }' "${source_file}" >> "${TMP_VK_FILE}"
|
||||
awk -v pattern="${VK_NAME_PATTERN}" 'tolower($0) ~ pattern { print $1 }' "${source_file}" >> "${TMP_VK_FILE}"
|
||||
done
|
||||
|
||||
sort -u "${TMP_VK_FILE}" > "${VK_INPUT_FILE}"
|
||||
|
||||
@@ -11,6 +11,8 @@ black_names="uvd|umvd|fgup|grchc|roskomnad|federalnaya sluzhba|ufsb|zonatelecom|
|
||||
# M100 - mail.ru
|
||||
white_names="ruvds"
|
||||
|
||||
mkdir -p blacklists auto
|
||||
|
||||
grep -iE "${black_names}" auto/all-ru-asn.txt | grep -viE "${white_names}" | awk '{ print "# AS-Name: " $0 "\n" $1}' > ${auto_black_ass}
|
||||
./network_list_from_as.py ${auto_black_ass} > ${outfile_w_comments}
|
||||
./network_list_from_netname.py lists/ru-gov-netnames.txt >> ${outfile_w_comments}
|
||||
|
||||
@@ -12,6 +12,27 @@ import re
|
||||
from ipaddress import ip_address, ip_network, AddressValueError
|
||||
from pathlib import Path
|
||||
|
||||
def iter_set_blocks(content):
|
||||
current_name = None
|
||||
current_lines = []
|
||||
brace_depth = 0
|
||||
|
||||
for line in content.splitlines():
|
||||
if current_name is None:
|
||||
match = re.match(r"\s*set\s+([A-Za-z0-9_]+)\s*\{", line)
|
||||
if match:
|
||||
current_name = match.group(1)
|
||||
current_lines = [line]
|
||||
brace_depth = line.count("{") - line.count("}")
|
||||
continue
|
||||
|
||||
current_lines.append(line)
|
||||
brace_depth += line.count("{") - line.count("}")
|
||||
if brace_depth == 0:
|
||||
yield current_name, "\n".join(current_lines)
|
||||
current_name = None
|
||||
current_lines = []
|
||||
|
||||
def parse_nft_config(config_path):
|
||||
"""Extract IPv4 and IPv6 prefixes from nftables config."""
|
||||
p = Path(config_path)
|
||||
@@ -21,37 +42,20 @@ def parse_nft_config(config_path):
|
||||
content = p.read_text(encoding="utf-8")
|
||||
v4_prefixes = []
|
||||
v6_prefixes = []
|
||||
|
||||
# Parse IPv4 set (blacklist_v4)
|
||||
v4_match = re.search(
|
||||
r'set blacklist_v4\s*\{[^}]*elements\s*=\s*\{([^}]+)\}',
|
||||
content,
|
||||
re.DOTALL
|
||||
)
|
||||
if v4_match:
|
||||
elements = v4_match.group(1)
|
||||
# Extract all CIDR notations
|
||||
for match in re.finditer(r'(\d+\.\d+\.\d+\.\d+(?:/\d+)?)', elements):
|
||||
try:
|
||||
v4_prefixes.append(ip_network(match.group(1), strict=False))
|
||||
except Exception as e:
|
||||
print(f"Warning: Could not parse IPv4 prefix '{match.group(1)}': {e}", file=sys.stderr)
|
||||
|
||||
# Parse IPv6 set (blacklist_v6)
|
||||
v6_match = re.search(
|
||||
r'set blacklist_v6\s*\{[^}]*elements\s*=\s*\{([^}]+)\}',
|
||||
content,
|
||||
re.DOTALL
|
||||
)
|
||||
if v6_match:
|
||||
elements = v6_match.group(1)
|
||||
# Extract all IPv6 CIDR notations
|
||||
for match in re.finditer(r'([0-9a-fA-F:]+(?:/\d+)?)', elements):
|
||||
try:
|
||||
v6_prefixes.append(ip_network(match.group(1), strict=False))
|
||||
except Exception as e:
|
||||
# Skip false matches from comments or other text
|
||||
pass
|
||||
|
||||
for _, block in iter_set_blocks(content):
|
||||
if "type ipv4_addr" in block:
|
||||
for match in re.finditer(r"(\d+\.\d+\.\d+\.\d+(?:/\d+)?)", block):
|
||||
try:
|
||||
v4_prefixes.append(ip_network(match.group(1), strict=False))
|
||||
except Exception as e:
|
||||
print(f"Warning: Could not parse IPv4 prefix '{match.group(1)}': {e}", file=sys.stderr)
|
||||
elif "type ipv6_addr" in block:
|
||||
for match in re.finditer(r"([0-9a-fA-F:]+(?:/\d+)?)", block):
|
||||
try:
|
||||
v6_prefixes.append(ip_network(match.group(1), strict=False))
|
||||
except Exception:
|
||||
pass
|
||||
|
||||
return v4_prefixes, v6_prefixes
|
||||
|
||||
|
||||
@@ -13,7 +13,7 @@ Usage:
|
||||
import sys
|
||||
from ipaddress import ip_network, collapse_addresses
|
||||
from pathlib import Path
|
||||
from datetime import datetime
|
||||
from datetime import datetime, UTC
|
||||
|
||||
def read_lines(path_or_dash):
|
||||
if path_or_dash == "-":
|
||||
@@ -43,55 +43,69 @@ def aggregate_prefixes(lines):
|
||||
agg_v6 = list(collapse_addresses(sorted(v6, key=lambda x: (int(x.network_address), x.prefixlen))))
|
||||
return agg_v4, agg_v6, invalid
|
||||
|
||||
def make_nft_config(agg_v4, agg_v6, comment=None):
|
||||
def make_nft_config(agg_v4, agg_v6, comment=None, usage_profile="vm_input"):
|
||||
if usage_profile == "vk_forward":
|
||||
set_v4_name = "blacklist_vk_v4"
|
||||
set_v6_name = "blacklist_vk_v6"
|
||||
rule_v4 = f'sudo nft add rule inet filter forward iifname "<VPN_IFACE>" ip daddr @{set_v4_name} counter reject'
|
||||
rule_v6 = f'sudo nft add rule inet filter forward iifname "<VPN_IFACE>" ip6 daddr @{set_v6_name} counter reject'
|
||||
else:
|
||||
set_v4_name = "blacklist_v4"
|
||||
set_v6_name = "blacklist_v6"
|
||||
rule_v4 = f"sudo nft add rule inet filter input ip saddr @{set_v4_name} counter reject"
|
||||
rule_v6 = f"sudo nft add rule inet filter input ip6 saddr @{set_v6_name} counter reject"
|
||||
|
||||
lines = []
|
||||
lines.append("# Autogenerated nftables blacklist")
|
||||
lines.append(f"# Generated: {datetime.utcnow().isoformat()}Z")
|
||||
lines.append(f"# Generated: {datetime.now(UTC).isoformat().replace('+00:00', 'Z')}")
|
||||
if comment:
|
||||
lines.append(f"# {comment}")
|
||||
lines.append(f"# IPv4: {len(agg_v4)}, IPv6: {len(agg_v6)}")
|
||||
lines.append("#")
|
||||
lines.append("# Usage:")
|
||||
lines.append("# sudo nft -f <this-file>")
|
||||
if usage_profile == "vk_forward":
|
||||
lines.append("# # VK egress blocking for VPN clients via NAT/FORWARD")
|
||||
lines.append("# sudo nft add chain inet filter forward '{ type filter hook forward priority 0; policy accept; }'")
|
||||
lines.append(f"# {rule_v4}")
|
||||
lines.append(f"# {rule_v6}")
|
||||
else:
|
||||
lines.append("# # VM protection from incoming blacklist sources")
|
||||
lines.append("# sudo nft add chain inet filter input '{ type filter hook input priority 0; policy accept; }'")
|
||||
lines.append(f"# {rule_v4}")
|
||||
lines.append(f"# {rule_v6}")
|
||||
lines.append("")
|
||||
lines.append("table inet filter {")
|
||||
lines.append("")
|
||||
|
||||
|
||||
# Define IPv4 blacklist set
|
||||
lines.append(" set blacklist_v4 {")
|
||||
lines.append(f" set {set_v4_name} {{")
|
||||
lines.append(" type ipv4_addr")
|
||||
lines.append(" flags interval")
|
||||
if agg_v4:
|
||||
lines.append(" elements = {")
|
||||
for i, net in enumerate(agg_v4):
|
||||
comma = "," if i < len(agg_v4) - 1 else ""
|
||||
lines.append(f" {net.with_prefixlen}{comma}")
|
||||
rendered_net = net.with_prefixlen if hasattr(net, "with_prefixlen") else str(net)
|
||||
lines.append(f" {rendered_net}{comma}")
|
||||
lines.append(" }")
|
||||
lines.append(" }")
|
||||
lines.append("")
|
||||
|
||||
|
||||
# Define IPv6 blacklist set
|
||||
lines.append(" set blacklist_v6 {")
|
||||
lines.append(f" set {set_v6_name} {{")
|
||||
lines.append(" type ipv6_addr")
|
||||
lines.append(" flags interval")
|
||||
if agg_v6:
|
||||
lines.append(" elements = {")
|
||||
for i, net in enumerate(agg_v6):
|
||||
comma = "," if i < len(agg_v6) - 1 else ""
|
||||
lines.append(f" {net.with_prefixlen}{comma}")
|
||||
rendered_net = net.with_prefixlen if hasattr(net, "with_prefixlen") else str(net)
|
||||
lines.append(f" {rendered_net}{comma}")
|
||||
lines.append(" }")
|
||||
lines.append(" }")
|
||||
lines.append("")
|
||||
|
||||
# Define input chain with set lookups
|
||||
lines.append(" chain input {")
|
||||
lines.append(" type filter hook input priority 0;")
|
||||
lines.append(" policy accept;")
|
||||
lines.append("")
|
||||
lines.append(" ct state { established, related } accept")
|
||||
lines.append("")
|
||||
if agg_v4:
|
||||
lines.append(" ip saddr @blacklist_v4 counter drop")
|
||||
if agg_v6:
|
||||
lines.append(" ip6 saddr @blacklist_v6 counter drop")
|
||||
lines.append(" }")
|
||||
|
||||
lines.append("}")
|
||||
return "\n".join(lines)
|
||||
|
||||
@@ -119,7 +133,8 @@ def main(argv):
|
||||
|
||||
if not any(line.strip() and not line.strip().startswith("#") for line in lines):
|
||||
print("WARNING: input contains no prefixes (empty or only comments). Nothing to aggregate.")
|
||||
nft_conf = make_nft_config([], [], comment="Empty input produced no prefixes")
|
||||
profile = "vk_forward" if "vk" in Path(infile).name.lower() else "vm_input"
|
||||
nft_conf = make_nft_config([], [], comment="Empty input produced no prefixes", usage_profile=profile)
|
||||
write_output(outfile, nft_conf)
|
||||
return 0
|
||||
|
||||
@@ -137,7 +152,8 @@ def main(argv):
|
||||
for n in agg_v6:
|
||||
print(" v6:", n)
|
||||
|
||||
nft_conf = make_nft_config(agg_v4, agg_v6, comment=f"Source: {infile}")
|
||||
profile = "vk_forward" if "vk" in Path(infile).name.lower() else "vm_input"
|
||||
nft_conf = make_nft_config(agg_v4, agg_v6, comment=f"Source: {infile}", usage_profile=profile)
|
||||
try:
|
||||
write_output(outfile, nft_conf)
|
||||
except Exception as e:
|
||||
@@ -146,9 +162,12 @@ def main(argv):
|
||||
|
||||
print("Done.")
|
||||
print("Load with: sudo nft -f <output.conf>")
|
||||
print("View counters: sudo nft list chain inet filter input -a")
|
||||
print("View sets: sudo nft list set inet filter blacklist_v4")
|
||||
print(" sudo nft list set inet filter blacklist_v6")
|
||||
if profile == "vk_forward":
|
||||
print("View sets: sudo nft list set inet filter blacklist_vk_v4")
|
||||
print(" sudo nft list set inet filter blacklist_vk_v6")
|
||||
else:
|
||||
print("View sets: sudo nft list set inet filter blacklist_v4")
|
||||
print(" sudo nft list set inet filter blacklist_v6")
|
||||
return 0
|
||||
|
||||
if __name__ == "__main__":
|
||||
|
||||
@@ -1,60 +1,94 @@
|
||||
#!/usr/bin/env python3
|
||||
|
||||
import requests
|
||||
import argparse
|
||||
import re
|
||||
from cymruwhois import Client
|
||||
import sys
|
||||
|
||||
import requests
|
||||
|
||||
from pylib.whois import whois_query
|
||||
|
||||
ASN_RE = re.compile(r"\bAS\d+\b", re.IGNORECASE)
|
||||
|
||||
def get_as_prefixes(asn):
|
||||
url = f"https://stat.ripe.net/data/announced-prefixes/data.json?resource={asn}"
|
||||
response = requests.get(url)
|
||||
if response.status_code == 200:
|
||||
data = response.json()
|
||||
prefixes = data['data']['prefixes']
|
||||
return [prefix['prefix'] for prefix in prefixes]
|
||||
else:
|
||||
return []
|
||||
response = requests.get(url, timeout=30)
|
||||
response.raise_for_status()
|
||||
data = response.json()
|
||||
prefixes = data["data"]["prefixes"]
|
||||
return [prefix["prefix"] for prefix in prefixes]
|
||||
|
||||
def convert_to_raw_github_url(url):
|
||||
return url.replace("https://github.com/", "https://raw.githubusercontent.com/").replace("/blob", "")
|
||||
|
||||
def print_prefixes(asn):
|
||||
line = re.sub(r'[^AS0-9]', '', asn)
|
||||
if not args.quiet:
|
||||
print(f"# Networks announced by {line}")
|
||||
response = whois_query(line, "as-name", True)
|
||||
|
||||
def normalize_asn(value):
|
||||
match = ASN_RE.search(value)
|
||||
if match:
|
||||
return match.group(0).upper()
|
||||
return None
|
||||
|
||||
|
||||
def print_prefixes(asn, quiet=False):
|
||||
normalized_asn = normalize_asn(asn)
|
||||
if normalized_asn is None:
|
||||
return
|
||||
|
||||
if not quiet:
|
||||
print(f"# Networks announced by {normalized_asn}")
|
||||
response = whois_query(normalized_asn, "as-name", True)
|
||||
if response is not None:
|
||||
info = response.strip()
|
||||
print(f"# AS-Name (ORG): {info}")
|
||||
prefixes = get_as_prefixes(line)
|
||||
prefixes = get_as_prefixes(normalized_asn)
|
||||
for prefix in prefixes:
|
||||
print(prefix)
|
||||
|
||||
def extract_asses(asn_filename_or_url):
|
||||
if asn_filename_or_url.startswith('AS'):
|
||||
print_prefixes(asn_filename_or_url)
|
||||
|
||||
def extract_asses(asn_filename_or_url, quiet=False):
|
||||
if normalize_asn(asn_filename_or_url) and not asn_filename_or_url.startswith(("http://", "https://")):
|
||||
print_prefixes(asn_filename_or_url, quiet=quiet)
|
||||
|
||||
return None
|
||||
|
||||
if asn_filename_or_url.startswith('http://') or asn_filename_or_url.startswith('https://'):
|
||||
if 'github.com' in asn_filename_or_url:
|
||||
if asn_filename_or_url.startswith("http://") or asn_filename_or_url.startswith("https://"):
|
||||
if "github.com" in asn_filename_or_url:
|
||||
asn_filename_or_url = convert_to_raw_github_url(asn_filename_or_url)
|
||||
response = requests.get(asn_filename_or_url)
|
||||
lines = response.text.split('\n')
|
||||
response = requests.get(asn_filename_or_url, timeout=30)
|
||||
response.raise_for_status()
|
||||
lines = response.text.splitlines()
|
||||
else:
|
||||
with open(asn_filename_or_url, 'r') as file:
|
||||
with open(asn_filename_or_url, "r", encoding="utf-8") as file:
|
||||
lines = file.readlines()
|
||||
|
||||
for line in lines:
|
||||
if re.match(r'^AS.*', line):
|
||||
print_prefixes(line)
|
||||
normalized_asn = normalize_asn(line)
|
||||
if normalized_asn:
|
||||
print_prefixes(normalized_asn, quiet=quiet)
|
||||
|
||||
return None
|
||||
|
||||
parser = argparse.ArgumentParser(description='./as_network_list.py -q AS61280')
|
||||
parser.add_argument('asn_filename_or_url', help='The AS number to get networks / The file or URL to extract AS numbers from.')
|
||||
parser.add_argument('-q', '--quiet', action='store_true', help='Disable all output except prefixes.')
|
||||
args = parser.parse_args()
|
||||
|
||||
extract_asses(args.asn_filename_or_url)
|
||||
def build_parser():
|
||||
parser = argparse.ArgumentParser(description="./network_list_from_as.py -q AS61280")
|
||||
parser.add_argument("asn_filename_or_url", help="The AS number to get networks / The file or URL to extract AS numbers from.")
|
||||
parser.add_argument("-q", "--quiet", action="store_true", help="Disable all output except prefixes.")
|
||||
return parser
|
||||
|
||||
|
||||
def main(argv=None):
|
||||
parser = build_parser()
|
||||
args = parser.parse_args(argv)
|
||||
try:
|
||||
extract_asses(args.asn_filename_or_url, quiet=args.quiet)
|
||||
except requests.RequestException as exc:
|
||||
print(f"ERROR: failed to fetch ASN data: {exc}", file=sys.stderr)
|
||||
return 1
|
||||
except OSError as exc:
|
||||
print(f"ERROR: failed to read input: {exc}", file=sys.stderr)
|
||||
return 1
|
||||
return 0
|
||||
|
||||
|
||||
if __name__ == "__main__":
|
||||
sys.exit(main())
|
||||
|
||||
@@ -1,41 +1,72 @@
|
||||
#!/usr/bin/env python3
|
||||
|
||||
import argparse
|
||||
import requests
|
||||
import re
|
||||
from pylib.whois import whois_query
|
||||
from pylib.ip import convert_to_cidr
|
||||
import sys
|
||||
|
||||
import requests
|
||||
|
||||
from pylib.ip import convert_to_cidr
|
||||
from pylib.whois import whois_query
|
||||
|
||||
def convert_to_raw_github_url(url):
|
||||
return url.replace("https://github.com/", "https://raw.githubusercontent.com/").replace("/blob", "")
|
||||
|
||||
def extract_netname(filename_or_url):
|
||||
if filename_or_url.startswith('http://') or filename_or_url.startswith('https://'):
|
||||
if 'github.com' in filename_or_url:
|
||||
|
||||
def iter_netnames(lines):
|
||||
for line in lines:
|
||||
stripped = line.strip()
|
||||
if not stripped or stripped.startswith("#"):
|
||||
continue
|
||||
if re.match(r"^netname:", stripped, re.IGNORECASE):
|
||||
yield stripped.split(":", 1)[1].strip()
|
||||
else:
|
||||
yield stripped
|
||||
|
||||
|
||||
def extract_netname(filename_or_url, quiet=False):
|
||||
if filename_or_url.startswith("http://") or filename_or_url.startswith("https://"):
|
||||
if "github.com" in filename_or_url:
|
||||
filename_or_url = convert_to_raw_github_url(filename_or_url)
|
||||
response = requests.get(filename_or_url)
|
||||
lines = response.text.split('\n')
|
||||
response = requests.get(filename_or_url, timeout=30)
|
||||
response.raise_for_status()
|
||||
lines = response.text.splitlines()
|
||||
else:
|
||||
with open(filename_or_url, 'r') as file:
|
||||
with open(filename_or_url, "r", encoding="utf-8") as file:
|
||||
lines = file.readlines()
|
||||
|
||||
for line in lines:
|
||||
if re.match(r'^netname:', line):
|
||||
netname = line.split(':')[1].strip()
|
||||
response = whois_query(netname, "inetnum")
|
||||
if response is not None and len(response) > 0:
|
||||
if not args.quiet:
|
||||
print(f"# Network name: {netname}")
|
||||
for cidr in response:
|
||||
net = convert_to_cidr(cidr)
|
||||
net = net[0]
|
||||
print(net)
|
||||
for netname in iter_netnames(lines):
|
||||
response = whois_query(netname, "inetnum")
|
||||
if response is not None and len(response) > 0:
|
||||
if not quiet:
|
||||
print(f"# Network name: {netname}")
|
||||
for cidr in response:
|
||||
for network in convert_to_cidr(cidr):
|
||||
print(network)
|
||||
|
||||
return None
|
||||
|
||||
parser = argparse.ArgumentParser(description='Extract netname from file.')
|
||||
parser.add_argument('filename_or_url', help='The file or URL to extract netnames from.')
|
||||
parser.add_argument('-q', '--quiet', action='store_true', help='Disable all output except prefixes.')
|
||||
args = parser.parse_args()
|
||||
|
||||
extract_netname(args.filename_or_url)
|
||||
def build_parser():
|
||||
parser = argparse.ArgumentParser(description="Extract netname from file.")
|
||||
parser.add_argument("filename_or_url", help="The file or URL to extract netnames from.")
|
||||
parser.add_argument("-q", "--quiet", action="store_true", help="Disable all output except prefixes.")
|
||||
return parser
|
||||
|
||||
|
||||
def main(argv=None):
|
||||
parser = build_parser()
|
||||
args = parser.parse_args(argv)
|
||||
try:
|
||||
extract_netname(args.filename_or_url, quiet=args.quiet)
|
||||
except requests.RequestException as exc:
|
||||
print(f"ERROR: failed to fetch netname data: {exc}", file=sys.stderr)
|
||||
return 1
|
||||
except OSError as exc:
|
||||
print(f"ERROR: failed to read input: {exc}", file=sys.stderr)
|
||||
return 1
|
||||
return 0
|
||||
|
||||
|
||||
if __name__ == "__main__":
|
||||
sys.exit(main())
|
||||
|
||||
112
parse_ripe_db.py
112
parse_ripe_db.py
@@ -1,62 +1,84 @@
|
||||
#!/usr/bin/env python3
|
||||
|
||||
import argparse
|
||||
import re
|
||||
import json
|
||||
from pylib.ip import convert_to_cidr
|
||||
import sys
|
||||
|
||||
from pylib.ip import convert_to_cidr
|
||||
|
||||
country = "RU"
|
||||
|
||||
|
||||
def normalize_record(record):
|
||||
if not record:
|
||||
return None
|
||||
if record.get("country") != country:
|
||||
return None
|
||||
|
||||
normalized = dict(record)
|
||||
normalized["inetnum"] = convert_to_cidr(record["inetnum"])
|
||||
return normalized
|
||||
|
||||
|
||||
def parse(filename, output_text, output_json):
|
||||
cList = []
|
||||
c_list = []
|
||||
record = {}
|
||||
with open(filename, 'r', encoding='latin-1') as f:
|
||||
with open(filename, "r", encoding="latin-1") as f:
|
||||
lines = f.readlines()
|
||||
f.close()
|
||||
|
||||
for line in lines:
|
||||
if re.match(r'^inetnum:', line):
|
||||
if record:
|
||||
record['inetnum'] = convert_to_cidr(record['inetnum'])
|
||||
if record['country'] == country:
|
||||
# print(record)
|
||||
cList.append(record)
|
||||
if line.startswith("inetnum:"):
|
||||
normalized = normalize_record(record)
|
||||
if normalized is not None:
|
||||
c_list.append(normalized)
|
||||
record = {}
|
||||
record['inetnum'] = line.split('inetnum:', 1)[1].strip()
|
||||
record['descr'] = ''
|
||||
record['netname'] = ''
|
||||
record['country'] = ''
|
||||
record['org'] = ''
|
||||
if re.match(r'^netname:', line):
|
||||
record['netname'] = line.split('netname:', 1)[1].strip()
|
||||
if re.match(r'^descr:', line):
|
||||
record['descr'] = str(record['descr'].strip() + ' ' + line.split('descr:', 1)[1].strip()).strip()
|
||||
if re.match(r'^mnt-by:', line):
|
||||
record['netname'] = str(record['netname'].strip() + ' ' + line.split('mnt-by:', 1)[1].strip()).strip()
|
||||
if re.match(r'^country:', line):
|
||||
record['country'] = line.split('country:', 1)[1].strip()
|
||||
if re.match(r'^org:', line):
|
||||
record['org'] = line.split('org:', 1)[1].strip()
|
||||
if record:
|
||||
cList.append(record)
|
||||
record["inetnum"] = line.split("inetnum:", 1)[1].strip()
|
||||
record["descr"] = ""
|
||||
record["netname"] = ""
|
||||
record["country"] = ""
|
||||
record["org"] = ""
|
||||
if line.startswith("netname:"):
|
||||
record["netname"] = line.split("netname:", 1)[1].strip()
|
||||
if line.startswith("descr:"):
|
||||
record["descr"] = str(record["descr"].strip() + " " + line.split("descr:", 1)[1].strip()).strip()
|
||||
if line.startswith("mnt-by:"):
|
||||
record["netname"] = str(record["netname"].strip() + " " + line.split("mnt-by:", 1)[1].strip()).strip()
|
||||
if line.startswith("country:"):
|
||||
record["country"] = line.split("country:", 1)[1].strip()
|
||||
if line.startswith("org:"):
|
||||
record["org"] = line.split("org:", 1)[1].strip()
|
||||
|
||||
with open(output_json, 'w') as f:
|
||||
json.dump(cList, f, indent=4)
|
||||
f.close()
|
||||
normalized = normalize_record(record)
|
||||
if normalized is not None:
|
||||
c_list.append(normalized)
|
||||
|
||||
with open(output_text, 'w') as f:
|
||||
for record in cList:
|
||||
for net in record['inetnum']:
|
||||
f.write(net + ' ' + record['netname'] + ' (' + record['org'] + ') [' + record['descr'] + ']\n')
|
||||
f.close()
|
||||
with open(output_json, "w", encoding="utf-8") as f:
|
||||
json.dump(c_list, f, indent=4)
|
||||
|
||||
parser = argparse.ArgumentParser(description='Parse RIPE DB for getting a list of RU networks.')
|
||||
parser.add_argument('filename', help='ripe.db.inetnum file to parse.')
|
||||
parser.add_argument('output_text', help='write text db to...')
|
||||
parser.add_argument('output_json', help='write json do to...')
|
||||
args = parser.parse_args()
|
||||
with open(output_text, "w", encoding="utf-8") as f:
|
||||
for item in c_list:
|
||||
for net in item["inetnum"]:
|
||||
f.write(net + " " + item["netname"] + " (" + item["org"] + ") [" + item["descr"] + "]\n")
|
||||
|
||||
if not (args.filename):
|
||||
parser.print_help()
|
||||
exit()
|
||||
|
||||
parse(args.filename, args.output_text, args.output_json)
|
||||
def build_parser():
|
||||
parser = argparse.ArgumentParser(description="Parse RIPE DB for getting a list of RU networks.")
|
||||
parser.add_argument("filename", help="ripe.db.inetnum file to parse.")
|
||||
parser.add_argument("output_text", help="write text db to...")
|
||||
parser.add_argument("output_json", help="write json db to...")
|
||||
return parser
|
||||
|
||||
|
||||
def main(argv=None):
|
||||
parser = build_parser()
|
||||
args = parser.parse_args(argv)
|
||||
try:
|
||||
parse(args.filename, args.output_text, args.output_json)
|
||||
except OSError as exc:
|
||||
print(f"ERROR: {exc}", file=sys.stderr)
|
||||
return 1
|
||||
return 0
|
||||
|
||||
|
||||
if __name__ == "__main__":
|
||||
sys.exit(main())
|
||||
|
||||
26
tests/test_check_nft_blacklist.py
Normal file
26
tests/test_check_nft_blacklist.py
Normal file
@@ -0,0 +1,26 @@
|
||||
import tempfile
|
||||
import unittest
|
||||
from pathlib import Path
|
||||
|
||||
from check_nft_blacklist import check_ip_in_blacklist, parse_nft_config
|
||||
from generate_nft_blacklist import make_nft_config
|
||||
|
||||
|
||||
class CheckNftBlacklistTests(unittest.TestCase):
|
||||
def test_vk_sets_are_parsed(self):
|
||||
config = make_nft_config(["87.240.128.0/18"], [], usage_profile="vk_forward")
|
||||
|
||||
with tempfile.TemporaryDirectory() as tmpdir:
|
||||
config_path = Path(tmpdir) / "blacklist-vk-v4.nft"
|
||||
config_path.write_text(config, encoding="utf-8")
|
||||
|
||||
v4_prefixes, v6_prefixes = parse_nft_config(config_path)
|
||||
blocked, prefix = check_ip_in_blacklist("87.240.128.1", v4_prefixes, v6_prefixes)
|
||||
|
||||
self.assertEqual(len(v4_prefixes), 1)
|
||||
self.assertTrue(blocked)
|
||||
self.assertEqual(str(prefix), "87.240.128.0/18")
|
||||
|
||||
|
||||
if __name__ == "__main__":
|
||||
unittest.main()
|
||||
25
tests/test_generate_nft_blacklist.py
Normal file
25
tests/test_generate_nft_blacklist.py
Normal file
@@ -0,0 +1,25 @@
|
||||
import unittest
|
||||
|
||||
from generate_nft_blacklist import make_nft_config
|
||||
|
||||
|
||||
class GenerateNftBlacklistTests(unittest.TestCase):
|
||||
def test_general_profile_generates_plain_sets_only(self):
|
||||
config = make_nft_config(["10.0.0.0/24"], [], usage_profile="vm_input")
|
||||
|
||||
self.assertIn("set blacklist_v4", config)
|
||||
self.assertNotIn("chain input", config)
|
||||
self.assertIn("ip saddr @blacklist_v4", config)
|
||||
|
||||
def test_vk_profile_uses_vk_set_names_and_forward_example(self):
|
||||
config = make_nft_config(["10.0.0.0/24"], ["2001:db8::/32"], usage_profile="vk_forward")
|
||||
|
||||
self.assertIn("set blacklist_vk_v4", config)
|
||||
self.assertIn("set blacklist_vk_v6", config)
|
||||
self.assertNotIn("chain forward", config)
|
||||
self.assertIn("ip daddr @blacklist_vk_v4", config)
|
||||
self.assertIn("ip6 daddr @blacklist_vk_v6", config)
|
||||
|
||||
|
||||
if __name__ == "__main__":
|
||||
unittest.main()
|
||||
41
tests/test_parse_ripe_db.py
Normal file
41
tests/test_parse_ripe_db.py
Normal file
@@ -0,0 +1,41 @@
|
||||
import json
|
||||
import tempfile
|
||||
import unittest
|
||||
from pathlib import Path
|
||||
|
||||
from parse_ripe_db import parse
|
||||
|
||||
|
||||
class ParseRipeDbTests(unittest.TestCase):
|
||||
def test_skips_non_ru_last_record_and_normalizes_last_ru_record(self):
|
||||
sample = """\
|
||||
inetnum: 10.0.0.0 - 10.0.0.255
|
||||
netname: TEST1
|
||||
country: RU
|
||||
org: ORG-1
|
||||
descr: desc1
|
||||
inetnum: 20.0.0.0 - 20.0.0.255
|
||||
netname: TEST2
|
||||
country: US
|
||||
org: ORG-2
|
||||
"""
|
||||
|
||||
with tempfile.TemporaryDirectory() as tmpdir:
|
||||
source = Path(tmpdir) / "ripe.db.inetnum"
|
||||
output_text = Path(tmpdir) / "out.txt"
|
||||
output_json = Path(tmpdir) / "out.json"
|
||||
source.write_text(sample, encoding="latin-1")
|
||||
|
||||
parse(str(source), str(output_text), str(output_json))
|
||||
|
||||
payload = json.loads(output_json.read_text(encoding="utf-8"))
|
||||
self.assertEqual(len(payload), 1)
|
||||
self.assertEqual(payload[0]["inetnum"], ["10.0.0.0/24"])
|
||||
self.assertEqual(payload[0]["country"], "RU")
|
||||
|
||||
text_lines = output_text.read_text(encoding="utf-8").splitlines()
|
||||
self.assertEqual(text_lines, ["10.0.0.0/24 TEST1 (ORG-1) [desc1]"])
|
||||
|
||||
|
||||
if __name__ == "__main__":
|
||||
unittest.main()
|
||||
Reference in New Issue
Block a user