yanistyle/AS_Network_List
1
0
Fork 0
mirror of https://github.com/C24Be/AS_Network_List.git synced 2026-03-30 22:28:50 +03:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: yanistyle:849e96a16d4cdbfd71a6186e3fd7e581985e73d4
Branches Tags
yanistyle:main
..
compare: yanistyle:main
Branches Tags
yanistyle:main

28 Commits
849e96a16d ... main

Author SHA1 Message Date
C24Be
dea6a75d67 Update 2026.03.30 07:19:44 2026-03-30 07:19:44 +00:00
C24Be
7690d60023 Update 2026.03.29 13:11:56 2026-03-29 13:11:57 +00:00
C24Be
1ef2a3a21e Update 2026.03.29 06:56:52 2026-03-29 06:56:52 +00:00
C24Be
128d6c3d19 Merge branch 'main' of https://github.com/C24Be/AS_Network_List 2026-03-28 12:15:26 +01:00
C24Be
4502515ab1 Readme 2026-03-28 12:15:23 +01:00
C24Be
740834b112 Update 2026.03.28 06:52:03 2026-03-28 06:52:03 +00:00
C24Be
c79108d476 Readme 2026-03-27 19:16:50 +01:00
C24Be
754f545764 Update 2026.03.27 18:14:06 2026-03-27 18:14:07 +00:00
C24Be
048810e560 big update 2026-03-27 19:12:07 +01:00
C24Be
cfed9adddf big update 2026-03-27 19:11:52 +01:00
C24Be
0107142b90 Update 2026.03.27 06:59:36 2026-03-27 06:59:36 +00:00
C24Be
5d9070946d readme 2026-03-26 11:20:52 +01:00
C24Be
4126557898 Merge branch 'main' of https://github.com/C24Be/AS_Network_List 2026-03-26 11:20:00 +01:00
C24Be
cd643625f1 readme 2026-03-26 11:19:56 +01:00
C24Be
23ca832e7d Update 2026.03.26 09:38:27 2026-03-26 09:38:27 +00:00
C24Be
760bc7409d readme files 2026-03-26 10:37:06 +01:00
C24Be
3922acb075 readme files 2026-03-26 10:34:02 +01:00
C24Be
17d64070c6 mini readmes 2026-03-26 10:17:04 +01:00
C24Be
c34ebee88f Update 2026.03.26 08:47:07 2026-03-26 08:47:07 +00:00
C24Be
96f5442eea + routes folder to commit 2026-03-26 09:45:53 +01:00
C24Be
22bbb3dd20 some fixes 2026-03-26 09:42:48 +01:00
C24Be
943e7f2498 Merge branch 'main' of https://github.com/C24Be/AS_Network_List 2026-03-26 09:41:31 +01:00
C24Be
ecc4b2e387 some fixes 2026-03-26 09:41:27 +01:00
C24Be
72d57938c0 Update 2026.03.26 08:35:16 2026-03-26 08:35:17 +00:00
C24Be
1d0162e69f some fixes 2026-03-26 09:33:42 +01:00
C24Be
75e044c01d Update 2026.03.26 08:29:31 2026-03-26 08:29:31 +00:00
C24Be
3cb9156d28 some fixes 2026-03-26 09:28:25 +01:00
C24Be
011efe4bcb some fixes 2026-03-26 09:26:41 +01:00
49 changed files with 13637 additions and 1652 deletions
Expand all files Collapse all files

2
.github/actions/gitPush/action.yaml vendored
View File

@@ -10,7 +10,7 @@ runs:
git config --global user.email "${{ env.REPO_OWNER }}@github.com" git config --global user.email "${{ env.REPO_OWNER }}@github.com"
if [ -n "${{ env.CUSTOM_BRANCH }}" ]; then if [ -n "${{ env.CUSTOM_BRANCH }}" ]; then
git checkout "${daily_branch}" 2>/dev/null || git checkout -b "${daily_branch}" git checkout "${daily_branch}" 2>/dev/null || git checkout -b "${daily_branch}"
git push --set origin "${daily_branch}" git push --set-upstream origin "${daily_branch}"
fi fi
git add ${{ env.PUSH_FILES }} git add ${{ env.PUSH_FILES }}
git diff --staged --quiet || CHANGED=true git diff --staged --quiet || CHANGED=true

6
.github/actions/gitReset/action.yaml vendored
View File

@@ -8,9 +8,9 @@ runs:
if [ -n "${{ env.CUSTOM_BRANCH }}" ]; then if [ -n "${{ env.CUSTOM_BRANCH }}" ]; then
git reset --hard git reset --hard
git clean -fdx git clean -fdx
git checkout "${daily_branch}" git checkout "${daily_branch}" 2>/dev/null || git checkout -b "${daily_branch}"
git pull origin "${daily_branch}" git pull origin "${daily_branch}" || true
git push --set origin "${daily_branch}" git push --set-upstream origin "${daily_branch}"
fi fi
git reset --hard git reset --hard
git clean -fdx git clean -fdx

6
.github/workflows/resolve_networks.yml vendored
View File

@@ -26,7 +26,7 @@ jobs:
with: with:
fetch-depth: 0 # this is required to fetch all history for all branches and tags fetch-depth: 0 # this is required to fetch all history for all branches and tags
token: ${{ env.GH_PAT }} token: ${{ env.GH_PAT }}
ref: ${{ github.branch }} ref: ${{ github.ref_name }}
- uses: ./.github/actions/gitReset - uses: ./.github/actions/gitReset
env: env:
CUSTOM_BRANCH: true CUSTOM_BRANCH: true
@@ -53,7 +53,7 @@ jobs:
with: with:
fetch-depth: 0 # this is required to fetch all history for all branches and tags fetch-depth: 0 # this is required to fetch all history for all branches and tags
token: ${{ env.GH_PAT }} token: ${{ env.GH_PAT }}
ref: ${{ github.branch }} ref: ${{ github.ref_name }}
- uses: ./.github/actions/gitReset - uses: ./.github/actions/gitReset
env: env:
CUSTOM_BRANCH: true CUSTOM_BRANCH: true
@@ -80,7 +80,7 @@ jobs:
with: with:
fetch-depth: 0 # this is required to fetch all history for all branches and tags fetch-depth: 0 # this is required to fetch all history for all branches and tags
token: ${{ env.GH_PAT }} token: ${{ env.GH_PAT }}
ref: ${{ github.branch }} ref: ${{ github.ref_name }}
- uses: ./.github/actions/gitReset - uses: ./.github/actions/gitReset
env: env:
CUSTOM_BRANCH: true CUSTOM_BRANCH: true

2
.github/workflows/update_blacklists.yml vendored
View File

@@ -36,4 +36,4 @@ jobs:
- run: ./blacklists_updater_routes.sh - run: ./blacklists_updater_routes.sh
- uses: ./.github/actions/gitPush - uses: ./.github/actions/gitPush
env: env:
PUSH_FILES: blacklists/ blacklists_nginx/ blacklists_iptables/ blacklists_nftables/ PUSH_FILES: blacklists/ blacklists_nginx/ blacklists_iptables/ blacklists_nftables/ blacklists_route/

54
README.md
View File

@@ -9,6 +9,8 @@
This repository contains Python scripts that allow you to retrieve network lists based on either an Autonomous System (AS) name or a Network name. Also you can download and parse the whole RIPE database to get information about Networks for the further analysis. This repository contains Python scripts that allow you to retrieve network lists based on either an Autonomous System (AS) name or a Network name. Also you can download and parse the whole RIPE database to get information about Networks for the further analysis.
## Important Links
**Ready-to-use blacklists in multiple formats:** **Ready-to-use blacklists in multiple formats:**
- [Text blacklists in `blacklists/`](https://github.com/C24Be/AS_Network_List/tree/main/blacklists) - Plain text format with IPv4/IPv6 separation - [Text blacklists in `blacklists/`](https://github.com/C24Be/AS_Network_List/tree/main/blacklists) - Plain text format with IPv4/IPv6 separation
@@ -16,7 +18,6 @@ This repository contains Python scripts that allow you to retrieve network lists
- [IPTables/IPSet files in `blacklists_iptables/`](https://github.com/C24Be/AS_Network_List/tree/main/blacklists_iptables) - Optimized for iptables with ipset - [IPTables/IPSet files in `blacklists_iptables/`](https://github.com/C24Be/AS_Network_List/tree/main/blacklists_iptables) - Optimized for iptables with ipset
- [nftables files in `blacklists_nftables/`](https://github.com/C24Be/AS_Network_List/tree/main/blacklists_nftables) - Ready-to-load sets and rules for nftables - [nftables files in `blacklists_nftables/`](https://github.com/C24Be/AS_Network_List/tree/main/blacklists_nftables) - Ready-to-load sets and rules for nftables
- [Linux route files in `blacklists_route/`](https://github.com/C24Be/AS_Network_List/tree/main/blacklists_route) - VK route blackholes to loopback (IPv4/IPv6) - [Linux route files in `blacklists_route/`](https://github.com/C24Be/AS_Network_List/tree/main/blacklists_route) - VK route blackholes to loopback (IPv4/IPv6)
- [Other network and ASN lists in `auto/`](https://github.com/C24Be/AS_Network_List/tree/main/auto) - Comprehensive Russian network data
## Files and features ## Files and features
@@ -56,17 +57,18 @@ This repository contains Python scripts that allow you to retrieve network lists
**IPTables/IPSet Format** (`blacklists_iptables/` folder): **IPTables/IPSet Format** (`blacklists_iptables/` folder):
- `blacklist.ipset`: IPSet configuration for mixed IPv4/IPv6 (**daily generated**)
- `blacklist-v4.ipset`: IPSet configuration for IPv4 only (**daily generated**) - `blacklist-v4.ipset`: IPSet configuration for IPv4 only (**daily generated**)
- `blacklist-v6.ipset`: IPSet configuration for IPv6 only (**daily generated**) - `blacklist-v6.ipset`: IPSet configuration for IPv6 only (**daily generated**)
- `blacklist-vk-v4.ipset`: IPSet configuration for VK-only IPv4 networks (**daily generated**)
- `blacklist-vk-v6.ipset`: IPSet configuration for VK-only IPv6 networks (**daily generated**)
- `README.md`: Complete usage documentation for iptables integration - `README.md`: Complete usage documentation for iptables integration
**nftables Format** (`blacklists_nftables/` folder): **nftables Format** (`blacklists_nftables/` folder):
* `blacklist.nft`: nftables configuration for mixed IPv4/IPv6 (**daily generated**) * `blacklist.nft`: nftables set definitions for mixed IPv4/IPv6 (**daily generated**)
* `blacklist-v4.nft`: nftables configuration for IPv4 only (**daily generated**) * `blacklist-v4.nft`: nftables configuration for IPv4 only (**daily generated**)
* `blacklist-v6.nft`: nftables configuration for IPv6 only (**daily generated**) * `blacklist-v6.nft`: nftables configuration for IPv6 only (**daily generated**)
* `blacklist-vk.nft`: nftables configuration for VK-only networks (**daily generated**) * `blacklist-vk.nft`: nftables set definitions for VK-only mixed IPv4/IPv6 (**daily generated**)
* `blacklist-vk-v4.nft`: nftables configuration for VK-only IPv4 networks (**daily generated**) * `blacklist-vk-v4.nft`: nftables configuration for VK-only IPv4 networks (**daily generated**)
* `blacklist-vk-v6.nft`: nftables configuration for VK-only IPv6 networks (**daily generated**) * `blacklist-vk-v6.nft`: nftables configuration for VK-only IPv6 networks (**daily generated**)
* `README.md`: Complete usage documentation for nftables integration * `README.md`: Complete usage documentation for nftables integration
@@ -82,7 +84,7 @@ This repository contains Python scripts that allow you to retrieve network lists
**Contributors are welcome!** **Contributors are welcome!**
- `lists/ru-gov-netnames.txt`: A list of network names associated with the Russian government. - `lists/ru-gov-netnames.txt`: A list of network names associated with the Russian government.
- `lists/ru-gov-asns.txt`: A list of AS numbers associated with the Russian government. - ASN candidates used for blacklists are derived automatically from `auto/all-ru-asn.txt`.
### Auto-Generated Data ### Auto-Generated Data
@@ -110,18 +112,24 @@ wget https://raw.githubusercontent.com/C24Be/AS_Network_List/main/blacklists_ngi
**For IPTables/IPSet:** **For IPTables/IPSet:**
```bash ```bash
# Download and load into ipset # Download and load IPv4/IPv6 sets into ipset
wget https://raw.githubusercontent.com/C24Be/AS_Network_List/main/blacklists_iptables/blacklist.ipset wget https://raw.githubusercontent.com/C24Be/AS_Network_List/main/blacklists_iptables/blacklist-v4.ipset
ipset restore < blacklist.ipset wget https://raw.githubusercontent.com/C24Be/AS_Network_List/main/blacklists_iptables/blacklist-v6.ipset
iptables -I INPUT -m set --match-set blacklist-v4 src -j DROP ipset restore < blacklist-v4.ipset
ip6tables -I INPUT -m set --match-set blacklist-v6 src -j DROP ipset restore < blacklist-v6.ipset
iptables -I INPUT -m set --match-set blacklist-v4 src -m conntrack --ctstate NEW -j DROP
ip6tables -I INPUT -m set --match-set blacklist-v6 src -m conntrack --ctstate NEW -j DROP
``` ```
**For nftables:** **For nftables:**
````bash ````bash
# Download and load into nftables # Download and load nftables sets
wget https://raw.githubusercontent.com/C24Be/AS_Network_List/main/blacklists_nftables/blacklist.nft wget https://raw.githubusercontent.com/C24Be/AS_Network_List/main/blacklists_nftables/blacklist.nft
wget https://raw.githubusercontent.com/C24Be/AS_Network_List/main/blacklists_nftables/blacklist-v4.nft
wget https://raw.githubusercontent.com/C24Be/AS_Network_List/main/blacklists_nftables/blacklist-v6.nft
sudo nft -f blacklist.nft sudo nft -f blacklist.nft
sudo nft -f blacklist-v4.nft
sudo nft -f blacklist-v6.nft
# Protect VM from incoming blacklist sources # Protect VM from incoming blacklist sources
sudo nft add chain inet filter input '{ type filter hook input priority 0; policy accept; }' sudo nft add chain inet filter input '{ type filter hook input priority 0; policy accept; }'
@@ -130,10 +138,14 @@ sudo nft add rule inet filter input ip6 saddr @blacklist_v6 counter reject
# VK-only outbound blocking for VPN clients via NAT/FORWARD # VK-only outbound blocking for VPN clients via NAT/FORWARD
wget https://raw.githubusercontent.com/C24Be/AS_Network_List/main/blacklists_nftables/blacklist-vk.nft wget https://raw.githubusercontent.com/C24Be/AS_Network_List/main/blacklists_nftables/blacklist-vk.nft
wget https://raw.githubusercontent.com/C24Be/AS_Network_List/main/blacklists_nftables/blacklist-vk-v4.nft
wget https://raw.githubusercontent.com/C24Be/AS_Network_List/main/blacklists_nftables/blacklist-vk-v6.nft
sudo nft -f blacklist-vk.nft sudo nft -f blacklist-vk.nft
sudo nft -f blacklist-vk-v4.nft
sudo nft -f blacklist-vk-v6.nft
sudo nft add chain inet filter forward '{ type filter hook forward priority 0; policy accept; }' sudo nft add chain inet filter forward '{ type filter hook forward priority 0; policy accept; }'
sudo nft add rule inet filter forward iifname "<VPN_IFACE>" ip daddr @blacklist_v4 counter reject sudo nft add rule inet filter forward iifname "<VPN_IFACE>" ip daddr @blacklist_vk_v4 counter reject
sudo nft add rule inet filter forward iifname "<VPN_IFACE>" ip6 daddr @blacklist_v6 counter reject sudo nft add rule inet filter forward iifname "<VPN_IFACE>" ip6 daddr @blacklist_vk_v6 counter reject
# View the loaded rules # View the loaded rules
sudo nft list ruleset sudo nft list ruleset
@@ -198,16 +210,16 @@ See the README files in each folder for detailed usage instructions.
./network_list_from_as.py AS61280 ./network_list_from_as.py AS61280
``` ```
2. Run the script with a URL to a file in a GitHub repository as an argument: 2. Run the script with a URL to a file with one ASN per line:
```bash ```bash
./network_list_from_as.py https://github.com/C24Be/AS_Network_List/blob/main/lists/ru-gov-asns.txt ./network_list_from_as.py https://example.com/asns.txt
``` ```
Or better use the raw file link: Or better use the raw file link:
```bash ```bash
./network_list_from_as.py https://raw.githubusercontent.com/C24Be/AS_Network_List/main/lists/ru-gov-asns.txt ./network_list_from_as.py https://example.com/asns-raw.txt
``` ```
3. To display a help message, use the `-h` or `--help` switch: 3. To display a help message, use the `-h` or `--help` switch:
@@ -272,16 +284,6 @@ This repository uses GitHub Actions to automatically update blacklists:
All blacklists are automatically regenerated and committed to ensure you always have the latest data. All blacklists are automatically regenerated and committed to ensure you always have the latest data.
## Blacklist Format Comparison
| Format | Best For | Performance | Ease of Use | File Size |
|--------|----------|-------------|-------------|-----------|
| **Text** | Custom scripts, analysis | N/A | ⭐⭐⭐⭐⭐ | Small |
| **Nginx** | Web servers, reverse proxies | Good | ⭐⭐⭐⭐ | Medium |
| **IPSet** | Firewalls, large-scale blocking | Excellent | ⭐⭐⭐ | Medium |
**Recommendation**: Use IPSet for firewall-level blocking (best performance), Nginx for web application layer, and text format for custom integrations.
## Additional information ## Additional information
- [RIPE DB Inetnum](https://ftp.ripe.net/ripe/dbase/split/ripe.db.inetnum.gz) - [RIPE DB Inetnum](https://ftp.ripe.net/ripe/dbase/split/ripe.db.inetnum.gz)

2531
auto/ripe-ru-ipv4.json
View File

File diff suppressed because it is too large Load Diff

463
auto/ripe-ru-ipv4.txt
View File

File diff suppressed because it is too large Load Diff

0
blacklists/.keep_folder
View File

1143
blacklists/blacklist-v4.txt Normal file
View File

File diff suppressed because it is too large Load Diff

22
blacklists/blacklist-v6.txt Normal file
View File

@@ -0,0 +1,22 @@
2a00:1148::/29
2a00:1148::/32
2a00:46e0:2::/48
2a00:46e0::/32
2a00:a300::/32
2a00:b4c0::/32
2a00:bdc0:8000::/34
2a00:bdc0::/33
2a00:bdc0:c000::/35
2a00:bdc0:e002::/48
2a00:bdc0:e003::/48
2a00:bdc0:e004::/48
2a00:bdc0:e005::/48
2a00:bdc0:e007::/48
2a00:bdc0:f000::/36
2a00:bdc1::/32
2a00:bdc2::/31
2a00:bdc4::/30
2a14:25c0::/32
2a14:25c5::/32
2a14:25c6::/32
2a14:25c7::/32

267
blacklists/blacklist-vk-v4.txt Normal file
View File

@@ -0,0 +1,267 @@
109.120.180.0/22
109.120.180.0/23
109.120.182.0/23
109.120.188.0/22
109.120.188.0/23
109.120.190.0/23
128.140.168.0/21
128.140.168.0/23
128.140.170.0/24
128.140.171.0/24
128.140.172.0/22
130.49.224.0/19
146.185.208.0/22
146.185.208.0/23
146.185.210.0/23
146.185.240.0/22
146.185.240.0/23
146.185.242.0/23
155.212.192.0/20
161.104.104.0/21
176.112.168.0/21
178.22.88.0/21
178.22.89.64/26
178.22.94.0/23
178.237.16.0/20
178.237.16.0/21
178.237.24.0/22
178.237.30.0/23
185.100.104.0/22
185.100.104.0/23
185.100.106.0/23
185.130.112.0/22
185.130.112.0/23
185.130.114.0/23
185.131.68.0/22
185.16.148.0/22
185.16.148.0/23
185.16.150.0/23
185.16.244.0/22
185.16.244.0/23
185.16.246.0/23
185.180.200.0/22
185.187.63.0/24
185.187.63.0/25
185.187.63.128/25
185.226.52.0/22
185.226.52.0/23
185.226.54.0/23
185.241.192.0/22
185.241.192.0/23
185.241.194.0/23
185.29.128.0/22
185.29.130.0/24
185.32.248.0/22
185.32.248.0/23
185.32.250.0/23
185.5.136.0/22
185.5.136.0/23
185.5.138.0/23
185.6.244.0/22
185.6.244.0/23
185.6.246.0/23
185.86.144.0/22
185.86.144.0/23
185.86.146.0/23
188.93.56.0/21
188.93.56.0/24
188.93.57.0/24
188.93.58.0/24
188.93.60.0/24
188.93.61.0/24
188.93.62.0/24
193.203.40.0/22
194.84.16.12/30
195.211.20.0/22
195.211.22.0/24
195.211.23.0/24
212.111.84.0/22
212.233.120.0/22
212.233.72.0/21
212.233.88.0/21
212.233.96.0/22
213.219.212.0/22
213.219.212.0/23
213.219.214.0/23
217.16.16.0/20
217.16.16.0/21
217.16.24.0/21
217.174.188.0/23
217.20.144.0/20
217.20.144.0/22
217.20.148.0/24
217.20.149.0/24
217.20.150.0/23
217.20.152.0/22
217.20.156.0/23
217.20.158.0/24
217.20.159.0/24
217.69.128.0/20
217.69.128.0/21
217.69.136.0/21
37.139.32.0/22
37.139.32.0/23
37.139.34.0/23
37.139.40.0/22
37.139.40.0/23
37.139.42.0/23
45.136.20.0/22
45.136.20.0/23
45.136.22.0/23
45.84.128.0/22
45.84.128.0/23
45.84.130.0/23
5.101.40.0/22
5.101.40.0/23
5.101.42.0/23
5.181.60.0/22
5.181.60.0/24
5.181.61.0/24
5.181.62.0/23
5.188.140.0/22
5.188.140.0/23
5.188.142.0/23
5.61.16.0/21
5.61.16.0/22
5.61.20.0/22
5.61.232.0/21
5.61.232.0/22
5.61.236.0/23
5.61.238.0/24
5.61.239.0/27
5.61.239.128/25
5.61.239.40/29
5.61.239.48/28
5.61.239.64/26
62.217.160.0/20
62.217.160.0/21
62.217.168.0/21
79.137.132.0/24
79.137.132.0/25
79.137.132.128/25
79.137.139.0/24
79.137.139.0/25
79.137.139.128/25
79.137.157.0/25
79.137.157.128/25
79.137.164.0/24
79.137.164.0/25
79.137.164.128/25
79.137.167.0/24
79.137.167.0/25
79.137.167.128/25
79.137.174.0/23
79.137.174.0/24
79.137.175.0/24
79.137.180.0/24
79.137.180.0/25
79.137.180.128/25
79.137.240.0/21
79.137.240.0/22
79.137.244.0/22
83.166.232.0/21
83.166.232.0/22
83.166.236.0/22
83.166.248.0/21
83.166.248.0/22
83.166.252.0/22
83.217.216.0/22
83.217.216.0/23
83.217.218.0/23
83.222.28.0/22
84.23.52.0/22
84.23.52.0/23
84.23.54.0/23
85.114.31.108/30
85.192.32.0/22
85.192.32.0/23
85.192.34.0/23
85.198.106.0/24
85.198.107.0/24
87.239.104.0/21
87.239.104.0/22
87.239.108.0/22
87.240.128.0/18
87.240.128.0/19
87.240.160.0/19
87.242.112.0/22
89.208.196.0/22
89.208.196.0/23
89.208.198.0/23
89.208.208.0/22
89.208.208.0/23
89.208.210.0/23
89.208.216.0/21
89.208.216.0/23
89.208.218.0/23
89.208.220.0/22
89.208.228.0/22
89.208.228.0/23
89.208.230.0/23
89.208.84.0/22
89.208.84.0/23
89.208.86.0/23
89.221.228.0/22
89.221.232.0/21
90.156.148.0/22
90.156.148.0/23
90.156.150.0/23
90.156.212.0/22
90.156.212.0/23
90.156.214.0/23
90.156.216.0/22
90.156.216.0/23
90.156.218.0/23
90.156.232.0/21
91.219.224.0/22
91.231.132.0/22
91.237.76.0/24
93.153.255.84/30
93.186.224.0/20
93.186.224.0/21
93.186.232.0/21
94.100.176.0/20
94.100.176.0/21
94.100.184.0/21
94.139.244.0/22
94.139.244.0/23
94.139.246.0/23
95.142.192.0/20
95.142.192.0/21
95.142.200.0/21
95.163.180.0/22
95.163.180.0/23
95.163.182.0/23
95.163.208.0/21
95.163.208.0/23
95.163.210.0/23
95.163.212.0/22
95.163.216.0/22
95.163.216.0/23
95.163.218.0/23
95.163.248.0/21
95.163.248.0/22
95.163.252.0/23
95.163.254.0/23
95.163.32.0/19
95.163.32.0/22
95.163.36.0/22
95.163.40.0/21
95.163.48.0/20
95.213.0.0/17
95.213.0.0/20
95.213.16.0/21
95.213.24.0/23
95.213.26.0/24
95.213.27.0/24
95.213.28.0/24
95.213.29.0/24
95.213.30.0/24
95.213.31.0/24
95.213.32.0/24
95.213.33.0/24
95.213.34.0/23
95.213.36.0/22
95.213.40.0/21
95.213.48.0/20
95.213.64.0/18

1
blacklists/blacklist-vk-v6.txt Normal file
View File

@@ -0,0 +1 @@
2a00:bdc0::/29

268
blacklists/blacklist-vk.txt Normal file
View File

@@ -0,0 +1,268 @@
109.120.180.0/22
109.120.180.0/23
109.120.182.0/23
109.120.188.0/22
109.120.188.0/23
109.120.190.0/23
128.140.168.0/21
128.140.168.0/23
128.140.170.0/24
128.140.171.0/24
128.140.172.0/22
130.49.224.0/19
146.185.208.0/22
146.185.208.0/23
146.185.210.0/23
146.185.240.0/22
146.185.240.0/23
146.185.242.0/23
155.212.192.0/20
161.104.104.0/21
176.112.168.0/21
178.22.88.0/21
178.22.89.64/26
178.22.94.0/23
178.237.16.0/20
178.237.16.0/21
178.237.24.0/22
178.237.30.0/23
185.100.104.0/22
185.100.104.0/23
185.100.106.0/23
185.130.112.0/22
185.130.112.0/23
185.130.114.0/23
185.131.68.0/22
185.16.148.0/22
185.16.148.0/23
185.16.150.0/23
185.16.244.0/22
185.16.244.0/23
185.16.246.0/23
185.180.200.0/22
185.187.63.0/24
185.187.63.0/25
185.187.63.128/25
185.226.52.0/22
185.226.52.0/23
185.226.54.0/23
185.241.192.0/22
185.241.192.0/23
185.241.194.0/23
185.29.128.0/22
185.29.130.0/24
185.32.248.0/22
185.32.248.0/23
185.32.250.0/23
185.5.136.0/22
185.5.136.0/23
185.5.138.0/23
185.6.244.0/22
185.6.244.0/23
185.6.246.0/23
185.86.144.0/22
185.86.144.0/23
185.86.146.0/23
188.93.56.0/21
188.93.56.0/24
188.93.57.0/24
188.93.58.0/24
188.93.60.0/24
188.93.61.0/24
188.93.62.0/24
193.203.40.0/22
194.84.16.12/30
195.211.20.0/22
195.211.22.0/24
195.211.23.0/24
212.111.84.0/22
212.233.120.0/22
212.233.72.0/21
212.233.88.0/21
212.233.96.0/22
213.219.212.0/22
213.219.212.0/23
213.219.214.0/23
217.16.16.0/20
217.16.16.0/21
217.16.24.0/21
217.174.188.0/23
217.20.144.0/20
217.20.144.0/22
217.20.148.0/24
217.20.149.0/24
217.20.150.0/23
217.20.152.0/22
217.20.156.0/23
217.20.158.0/24
217.20.159.0/24
217.69.128.0/20
217.69.128.0/21
217.69.136.0/21
2a00:bdc0::/29
37.139.32.0/22
37.139.32.0/23
37.139.34.0/23
37.139.40.0/22
37.139.40.0/23
37.139.42.0/23
45.136.20.0/22
45.136.20.0/23
45.136.22.0/23
45.84.128.0/22
45.84.128.0/23
45.84.130.0/23
5.101.40.0/22
5.101.40.0/23
5.101.42.0/23
5.181.60.0/22
5.181.60.0/24
5.181.61.0/24
5.181.62.0/23
5.188.140.0/22
5.188.140.0/23
5.188.142.0/23
5.61.16.0/21
5.61.16.0/22
5.61.20.0/22
5.61.232.0/21
5.61.232.0/22
5.61.236.0/23
5.61.238.0/24
5.61.239.0/27
5.61.239.128/25
5.61.239.40/29
5.61.239.48/28
5.61.239.64/26
62.217.160.0/20
62.217.160.0/21
62.217.168.0/21
79.137.132.0/24
79.137.132.0/25
79.137.132.128/25
79.137.139.0/24
79.137.139.0/25
79.137.139.128/25
79.137.157.0/25
79.137.157.128/25
79.137.164.0/24
79.137.164.0/25
79.137.164.128/25
79.137.167.0/24
79.137.167.0/25
79.137.167.128/25
79.137.174.0/23
79.137.174.0/24
79.137.175.0/24
79.137.180.0/24
79.137.180.0/25
79.137.180.128/25
79.137.240.0/21
79.137.240.0/22
79.137.244.0/22
83.166.232.0/21
83.166.232.0/22
83.166.236.0/22
83.166.248.0/21
83.166.248.0/22
83.166.252.0/22
83.217.216.0/22
83.217.216.0/23
83.217.218.0/23
83.222.28.0/22
84.23.52.0/22
84.23.52.0/23
84.23.54.0/23
85.114.31.108/30
85.192.32.0/22
85.192.32.0/23
85.192.34.0/23
85.198.106.0/24
85.198.107.0/24
87.239.104.0/21
87.239.104.0/22
87.239.108.0/22
87.240.128.0/18
87.240.128.0/19
87.240.160.0/19
87.242.112.0/22
89.208.196.0/22
89.208.196.0/23
89.208.198.0/23
89.208.208.0/22
89.208.208.0/23
89.208.210.0/23
89.208.216.0/21
89.208.216.0/23
89.208.218.0/23
89.208.220.0/22
89.208.228.0/22
89.208.228.0/23
89.208.230.0/23
89.208.84.0/22
89.208.84.0/23
89.208.86.0/23
89.221.228.0/22
89.221.232.0/21
90.156.148.0/22
90.156.148.0/23
90.156.150.0/23
90.156.212.0/22
90.156.212.0/23
90.156.214.0/23
90.156.216.0/22
90.156.216.0/23
90.156.218.0/23
90.156.232.0/21
91.219.224.0/22
91.231.132.0/22
91.237.76.0/24
93.153.255.84/30
93.186.224.0/20
93.186.224.0/21
93.186.232.0/21
94.100.176.0/20
94.100.176.0/21
94.100.184.0/21
94.139.244.0/22
94.139.244.0/23
94.139.246.0/23
95.142.192.0/20
95.142.192.0/21
95.142.200.0/21
95.163.180.0/22
95.163.180.0/23
95.163.182.0/23
95.163.208.0/21
95.163.208.0/23
95.163.210.0/23
95.163.212.0/22
95.163.216.0/22
95.163.216.0/23
95.163.218.0/23
95.163.248.0/21
95.163.248.0/22
95.163.252.0/23
95.163.254.0/23
95.163.32.0/19
95.163.32.0/22
95.163.36.0/22
95.163.40.0/21
95.163.48.0/20
95.213.0.0/17
95.213.0.0/20
95.213.16.0/21
95.213.24.0/23
95.213.26.0/24
95.213.27.0/24
95.213.28.0/24
95.213.29.0/24
95.213.30.0/24
95.213.31.0/24
95.213.32.0/24
95.213.33.0/24
95.213.34.0/23
95.213.36.0/22
95.213.40.0/21
95.213.48.0/20
95.213.64.0/18

1165
blacklists/blacklist.txt Normal file
View File

File diff suppressed because it is too large Load Diff

2525
blacklists/blacklist_with_comments.txt Normal file
View File

File diff suppressed because it is too large Load Diff

0
blacklists_iptables/.keep_folder
View File

1161
blacklists_iptables/blacklist-v4.ipset Normal file
View File

File diff suppressed because it is too large Load Diff

40
blacklists_iptables/blacklist-v6.ipset Normal file
View File

@@ -0,0 +1,40 @@
# IPSet blacklist configuration (IPv6 only)
# Auto-generated from blacklist-v6.txt
# Last updated: 2026-03-30 07:19:42 UTC
#
# Usage:
# 1. Load the ipset:
# ipset restore < blacklist-v6.ipset
#
# 2. Use with iptables/ip6tables:
# ip6tables -I INPUT -m set --match-set blacklist-v6 src -m conntrack --ctstate NEW -j DROP
# ip6tables -I FORWARD -m set --match-set blacklist-v6 src -m conntrack --ctstate NEW -j DROP
#
# 3. To flush/delete the set:
# ipset flush blacklist-v6
# ipset destroy blacklist-v6
#
create blacklist-v6 hash:net family inet6 hashsize 1024 maxelem 44
add blacklist-v6 2a00:1148::/29
add blacklist-v6 2a00:1148::/32
add blacklist-v6 2a00:46e0:2::/48
add blacklist-v6 2a00:46e0::/32
add blacklist-v6 2a00:a300::/32
add blacklist-v6 2a00:b4c0::/32
add blacklist-v6 2a00:bdc0:8000::/34
add blacklist-v6 2a00:bdc0::/33
add blacklist-v6 2a00:bdc0:c000::/35
add blacklist-v6 2a00:bdc0:e002::/48
add blacklist-v6 2a00:bdc0:e003::/48
add blacklist-v6 2a00:bdc0:e004::/48
add blacklist-v6 2a00:bdc0:e005::/48
add blacklist-v6 2a00:bdc0:e007::/48
add blacklist-v6 2a00:bdc0:f000::/36
add blacklist-v6 2a00:bdc1::/32
add blacklist-v6 2a00:bdc2::/31
add blacklist-v6 2a00:bdc4::/30
add blacklist-v6 2a14:25c0::/32
add blacklist-v6 2a14:25c5::/32
add blacklist-v6 2a14:25c6::/32
add blacklist-v6 2a14:25c7::/32

285
blacklists_iptables/blacklist-vk-v4.ipset Normal file
View File

@@ -0,0 +1,285 @@
# IPSet blacklist configuration (VK names, IPv4 only)
# Auto-generated from blacklist-vk-v4.txt
# Last updated: 2026-03-30 07:19:42 UTC
#
# Usage:
# 1. Load the ipset:
# ipset restore < blacklist-vk-v4.ipset
#
# 2. Use with iptables/ip6tables:
# iptables -I OUTPUT -m set --match-set blacklist-vk-v4 dst -j REJECT
# iptables -I FORWARD -m set --match-set blacklist-vk-v4 dst -j REJECT
#
# 3. To flush/delete the set:
# ipset flush blacklist-vk-v4
# ipset destroy blacklist-vk-v4
#
create blacklist-vk-v4 hash:net family inet hashsize 1024 maxelem 534
add blacklist-vk-v4 109.120.180.0/22
add blacklist-vk-v4 109.120.180.0/23
add blacklist-vk-v4 109.120.182.0/23
add blacklist-vk-v4 109.120.188.0/22
add blacklist-vk-v4 109.120.188.0/23
add blacklist-vk-v4 109.120.190.0/23
add blacklist-vk-v4 128.140.168.0/21
add blacklist-vk-v4 128.140.168.0/23
add blacklist-vk-v4 128.140.170.0/24
add blacklist-vk-v4 128.140.171.0/24
add blacklist-vk-v4 128.140.172.0/22
add blacklist-vk-v4 130.49.224.0/19
add blacklist-vk-v4 146.185.208.0/22
add blacklist-vk-v4 146.185.208.0/23
add blacklist-vk-v4 146.185.210.0/23
add blacklist-vk-v4 146.185.240.0/22
add blacklist-vk-v4 146.185.240.0/23
add blacklist-vk-v4 146.185.242.0/23
add blacklist-vk-v4 155.212.192.0/20
add blacklist-vk-v4 161.104.104.0/21
add blacklist-vk-v4 176.112.168.0/21
add blacklist-vk-v4 178.22.88.0/21
add blacklist-vk-v4 178.22.89.64/26
add blacklist-vk-v4 178.22.94.0/23
add blacklist-vk-v4 178.237.16.0/20
add blacklist-vk-v4 178.237.16.0/21
add blacklist-vk-v4 178.237.24.0/22
add blacklist-vk-v4 178.237.30.0/23
add blacklist-vk-v4 185.100.104.0/22
add blacklist-vk-v4 185.100.104.0/23
add blacklist-vk-v4 185.100.106.0/23
add blacklist-vk-v4 185.130.112.0/22
add blacklist-vk-v4 185.130.112.0/23
add blacklist-vk-v4 185.130.114.0/23
add blacklist-vk-v4 185.131.68.0/22
add blacklist-vk-v4 185.16.148.0/22
add blacklist-vk-v4 185.16.148.0/23
add blacklist-vk-v4 185.16.150.0/23
add blacklist-vk-v4 185.16.244.0/22
add blacklist-vk-v4 185.16.244.0/23
add blacklist-vk-v4 185.16.246.0/23
add blacklist-vk-v4 185.180.200.0/22
add blacklist-vk-v4 185.187.63.0/24
add blacklist-vk-v4 185.187.63.0/25
add blacklist-vk-v4 185.187.63.128/25
add blacklist-vk-v4 185.226.52.0/22
add blacklist-vk-v4 185.226.52.0/23
add blacklist-vk-v4 185.226.54.0/23
add blacklist-vk-v4 185.241.192.0/22
add blacklist-vk-v4 185.241.192.0/23
add blacklist-vk-v4 185.241.194.0/23
add blacklist-vk-v4 185.29.128.0/22
add blacklist-vk-v4 185.29.130.0/24
add blacklist-vk-v4 185.32.248.0/22
add blacklist-vk-v4 185.32.248.0/23
add blacklist-vk-v4 185.32.250.0/23
add blacklist-vk-v4 185.5.136.0/22
add blacklist-vk-v4 185.5.136.0/23
add blacklist-vk-v4 185.5.138.0/23
add blacklist-vk-v4 185.6.244.0/22
add blacklist-vk-v4 185.6.244.0/23
add blacklist-vk-v4 185.6.246.0/23
add blacklist-vk-v4 185.86.144.0/22
add blacklist-vk-v4 185.86.144.0/23
add blacklist-vk-v4 185.86.146.0/23
add blacklist-vk-v4 188.93.56.0/21
add blacklist-vk-v4 188.93.56.0/24
add blacklist-vk-v4 188.93.57.0/24
add blacklist-vk-v4 188.93.58.0/24
add blacklist-vk-v4 188.93.60.0/24
add blacklist-vk-v4 188.93.61.0/24
add blacklist-vk-v4 188.93.62.0/24
add blacklist-vk-v4 193.203.40.0/22
add blacklist-vk-v4 194.84.16.12/30
add blacklist-vk-v4 195.211.20.0/22
add blacklist-vk-v4 195.211.22.0/24
add blacklist-vk-v4 195.211.23.0/24
add blacklist-vk-v4 212.111.84.0/22
add blacklist-vk-v4 212.233.120.0/22
add blacklist-vk-v4 212.233.72.0/21
add blacklist-vk-v4 212.233.88.0/21
add blacklist-vk-v4 212.233.96.0/22
add blacklist-vk-v4 213.219.212.0/22
add blacklist-vk-v4 213.219.212.0/23
add blacklist-vk-v4 213.219.214.0/23
add blacklist-vk-v4 217.16.16.0/20
add blacklist-vk-v4 217.16.16.0/21
add blacklist-vk-v4 217.16.24.0/21
add blacklist-vk-v4 217.174.188.0/23
add blacklist-vk-v4 217.20.144.0/20
add blacklist-vk-v4 217.20.144.0/22
add blacklist-vk-v4 217.20.148.0/24
add blacklist-vk-v4 217.20.149.0/24
add blacklist-vk-v4 217.20.150.0/23
add blacklist-vk-v4 217.20.152.0/22
add blacklist-vk-v4 217.20.156.0/23
add blacklist-vk-v4 217.20.158.0/24
add blacklist-vk-v4 217.20.159.0/24
add blacklist-vk-v4 217.69.128.0/20
add blacklist-vk-v4 217.69.128.0/21
add blacklist-vk-v4 217.69.136.0/21
add blacklist-vk-v4 37.139.32.0/22
add blacklist-vk-v4 37.139.32.0/23
add blacklist-vk-v4 37.139.34.0/23
add blacklist-vk-v4 37.139.40.0/22
add blacklist-vk-v4 37.139.40.0/23
add blacklist-vk-v4 37.139.42.0/23
add blacklist-vk-v4 45.136.20.0/22
add blacklist-vk-v4 45.136.20.0/23
add blacklist-vk-v4 45.136.22.0/23
add blacklist-vk-v4 45.84.128.0/22
add blacklist-vk-v4 45.84.128.0/23
add blacklist-vk-v4 45.84.130.0/23
add blacklist-vk-v4 5.101.40.0/22
add blacklist-vk-v4 5.101.40.0/23
add blacklist-vk-v4 5.101.42.0/23
add blacklist-vk-v4 5.181.60.0/22
add blacklist-vk-v4 5.181.60.0/24
add blacklist-vk-v4 5.181.61.0/24
add blacklist-vk-v4 5.181.62.0/23
add blacklist-vk-v4 5.188.140.0/22
add blacklist-vk-v4 5.188.140.0/23
add blacklist-vk-v4 5.188.142.0/23
add blacklist-vk-v4 5.61.16.0/21
add blacklist-vk-v4 5.61.16.0/22
add blacklist-vk-v4 5.61.20.0/22
add blacklist-vk-v4 5.61.232.0/21
add blacklist-vk-v4 5.61.232.0/22
add blacklist-vk-v4 5.61.236.0/23
add blacklist-vk-v4 5.61.238.0/24
add blacklist-vk-v4 5.61.239.0/27
add blacklist-vk-v4 5.61.239.128/25
add blacklist-vk-v4 5.61.239.40/29
add blacklist-vk-v4 5.61.239.48/28
add blacklist-vk-v4 5.61.239.64/26
add blacklist-vk-v4 62.217.160.0/20
add blacklist-vk-v4 62.217.160.0/21
add blacklist-vk-v4 62.217.168.0/21
add blacklist-vk-v4 79.137.132.0/24
add blacklist-vk-v4 79.137.132.0/25
add blacklist-vk-v4 79.137.132.128/25
add blacklist-vk-v4 79.137.139.0/24
add blacklist-vk-v4 79.137.139.0/25
add blacklist-vk-v4 79.137.139.128/25
add blacklist-vk-v4 79.137.157.0/25
add blacklist-vk-v4 79.137.157.128/25
add blacklist-vk-v4 79.137.164.0/24
add blacklist-vk-v4 79.137.164.0/25
add blacklist-vk-v4 79.137.164.128/25
add blacklist-vk-v4 79.137.167.0/24
add blacklist-vk-v4 79.137.167.0/25
add blacklist-vk-v4 79.137.167.128/25
add blacklist-vk-v4 79.137.174.0/23
add blacklist-vk-v4 79.137.174.0/24
add blacklist-vk-v4 79.137.175.0/24
add blacklist-vk-v4 79.137.180.0/24
add blacklist-vk-v4 79.137.180.0/25
add blacklist-vk-v4 79.137.180.128/25
add blacklist-vk-v4 79.137.240.0/21
add blacklist-vk-v4 79.137.240.0/22
add blacklist-vk-v4 79.137.244.0/22
add blacklist-vk-v4 83.166.232.0/21
add blacklist-vk-v4 83.166.232.0/22
add blacklist-vk-v4 83.166.236.0/22
add blacklist-vk-v4 83.166.248.0/21
add blacklist-vk-v4 83.166.248.0/22
add blacklist-vk-v4 83.166.252.0/22
add blacklist-vk-v4 83.217.216.0/22
add blacklist-vk-v4 83.217.216.0/23
add blacklist-vk-v4 83.217.218.0/23
add blacklist-vk-v4 83.222.28.0/22
add blacklist-vk-v4 84.23.52.0/22
add blacklist-vk-v4 84.23.52.0/23
add blacklist-vk-v4 84.23.54.0/23
add blacklist-vk-v4 85.114.31.108/30
add blacklist-vk-v4 85.192.32.0/22
add blacklist-vk-v4 85.192.32.0/23
add blacklist-vk-v4 85.192.34.0/23
add blacklist-vk-v4 85.198.106.0/24
add blacklist-vk-v4 85.198.107.0/24
add blacklist-vk-v4 87.239.104.0/21
add blacklist-vk-v4 87.239.104.0/22
add blacklist-vk-v4 87.239.108.0/22
add blacklist-vk-v4 87.240.128.0/18
add blacklist-vk-v4 87.240.128.0/19
add blacklist-vk-v4 87.240.160.0/19
add blacklist-vk-v4 87.242.112.0/22
add blacklist-vk-v4 89.208.196.0/22
add blacklist-vk-v4 89.208.196.0/23
add blacklist-vk-v4 89.208.198.0/23
add blacklist-vk-v4 89.208.208.0/22
add blacklist-vk-v4 89.208.208.0/23
add blacklist-vk-v4 89.208.210.0/23
add blacklist-vk-v4 89.208.216.0/21
add blacklist-vk-v4 89.208.216.0/23
add blacklist-vk-v4 89.208.218.0/23
add blacklist-vk-v4 89.208.220.0/22
add blacklist-vk-v4 89.208.228.0/22
add blacklist-vk-v4 89.208.228.0/23
add blacklist-vk-v4 89.208.230.0/23
add blacklist-vk-v4 89.208.84.0/22
add blacklist-vk-v4 89.208.84.0/23
add blacklist-vk-v4 89.208.86.0/23
add blacklist-vk-v4 89.221.228.0/22
add blacklist-vk-v4 89.221.232.0/21
add blacklist-vk-v4 90.156.148.0/22
add blacklist-vk-v4 90.156.148.0/23
add blacklist-vk-v4 90.156.150.0/23
add blacklist-vk-v4 90.156.212.0/22
add blacklist-vk-v4 90.156.212.0/23
add blacklist-vk-v4 90.156.214.0/23
add blacklist-vk-v4 90.156.216.0/22
add blacklist-vk-v4 90.156.216.0/23
add blacklist-vk-v4 90.156.218.0/23
add blacklist-vk-v4 90.156.232.0/21
add blacklist-vk-v4 91.219.224.0/22
add blacklist-vk-v4 91.231.132.0/22
add blacklist-vk-v4 91.237.76.0/24
add blacklist-vk-v4 93.153.255.84/30
add blacklist-vk-v4 93.186.224.0/20
add blacklist-vk-v4 93.186.224.0/21
add blacklist-vk-v4 93.186.232.0/21
add blacklist-vk-v4 94.100.176.0/20
add blacklist-vk-v4 94.100.176.0/21
add blacklist-vk-v4 94.100.184.0/21
add blacklist-vk-v4 94.139.244.0/22
add blacklist-vk-v4 94.139.244.0/23
add blacklist-vk-v4 94.139.246.0/23
add blacklist-vk-v4 95.142.192.0/20
add blacklist-vk-v4 95.142.192.0/21
add blacklist-vk-v4 95.142.200.0/21
add blacklist-vk-v4 95.163.180.0/22
add blacklist-vk-v4 95.163.180.0/23
add blacklist-vk-v4 95.163.182.0/23
add blacklist-vk-v4 95.163.208.0/21
add blacklist-vk-v4 95.163.208.0/23
add blacklist-vk-v4 95.163.210.0/23
add blacklist-vk-v4 95.163.212.0/22
add blacklist-vk-v4 95.163.216.0/22
add blacklist-vk-v4 95.163.216.0/23
add blacklist-vk-v4 95.163.218.0/23
add blacklist-vk-v4 95.163.248.0/21
add blacklist-vk-v4 95.163.248.0/22
add blacklist-vk-v4 95.163.252.0/23
add blacklist-vk-v4 95.163.254.0/23
add blacklist-vk-v4 95.163.32.0/19
add blacklist-vk-v4 95.163.32.0/22
add blacklist-vk-v4 95.163.36.0/22
add blacklist-vk-v4 95.163.40.0/21
add blacklist-vk-v4 95.163.48.0/20
add blacklist-vk-v4 95.213.0.0/17
add blacklist-vk-v4 95.213.0.0/20
add blacklist-vk-v4 95.213.16.0/21
add blacklist-vk-v4 95.213.24.0/23
add blacklist-vk-v4 95.213.26.0/24
add blacklist-vk-v4 95.213.27.0/24
add blacklist-vk-v4 95.213.28.0/24
add blacklist-vk-v4 95.213.29.0/24
add blacklist-vk-v4 95.213.30.0/24
add blacklist-vk-v4 95.213.31.0/24
add blacklist-vk-v4 95.213.32.0/24
add blacklist-vk-v4 95.213.33.0/24
add blacklist-vk-v4 95.213.34.0/23
add blacklist-vk-v4 95.213.36.0/22
add blacklist-vk-v4 95.213.40.0/21
add blacklist-vk-v4 95.213.48.0/20
add blacklist-vk-v4 95.213.64.0/18

19
blacklists_iptables/blacklist-vk-v6.ipset Normal file
View File

@@ -0,0 +1,19 @@
# IPSet blacklist configuration (VK names, IPv6 only)
# Auto-generated from blacklist-vk-v6.txt
# Last updated: 2026-03-30 07:19:42 UTC
#
# Usage:
# 1. Load the ipset:
# ipset restore < blacklist-vk-v6.ipset
#
# 2. Use with iptables/ip6tables:
# ip6tables -I OUTPUT -m set --match-set blacklist-vk-v6 dst -j REJECT
# ip6tables -I FORWARD -m set --match-set blacklist-vk-v6 dst -j REJECT
#
# 3. To flush/delete the set:
# ipset flush blacklist-vk-v6
# ipset destroy blacklist-vk-v6
#
create blacklist-vk-v6 hash:net family inet6 hashsize 1024 maxelem 2
add blacklist-vk-v6 2a00:bdc0::/29

0
blacklists_nftables/.keep_folder
View File

52
blacklists_nftables/README.md Normal file
View File

@@ -0,0 +1,52 @@
# nftables blacklists
Short: ready-to-use nftables set files (general and VK-only, separated by IPv4/IPv6).
## Download links
- https://raw.githubusercontent.com/C24Be/AS_Network_List/refs/heads/main/blacklists_nftables/blacklist.nft
- https://raw.githubusercontent.com/C24Be/AS_Network_List/refs/heads/main/blacklists_nftables/blacklist-v4.nft
- https://raw.githubusercontent.com/C24Be/AS_Network_List/refs/heads/main/blacklists_nftables/blacklist-v6.nft
- https://raw.githubusercontent.com/C24Be/AS_Network_List/refs/heads/main/blacklists_nftables/blacklist-vk.nft
- https://raw.githubusercontent.com/C24Be/AS_Network_List/refs/heads/main/blacklists_nftables/blacklist-vk-v4.nft
- https://raw.githubusercontent.com/C24Be/AS_Network_List/refs/heads/main/blacklists_nftables/blacklist-vk-v6.nft
## How to use
### 1) Protect VM from incoming connections (general blacklists)
Load either mixed or split general set files:
```bash
sudo nft -f blacklist.nft
# or:
sudo nft -f blacklist-v4.nft
sudo nft -f blacklist-v6.nft
```
Apply rules for inbound traffic to the VM:
```bash
sudo nft add chain inet filter input '{ type filter hook input priority 0; policy accept; }'
sudo nft add rule inet filter input ip saddr @blacklist_v4 counter reject
sudo nft add rule inet filter input ip6 saddr @blacklist_v6 counter reject
```
### 2) Block VK outbound traffic for VPN clients via NAT/FORWARD
Load either mixed or split VK set files:
```bash
sudo nft -f blacklist-vk.nft
# or:
sudo nft -f blacklist-vk-v4.nft
sudo nft -f blacklist-vk-v6.nft
```
Apply rules for forwarded client traffic (replace `<VPN_IFACE>`):
```bash
sudo nft add chain inet filter forward '{ type filter hook forward priority 0; policy accept; }'
sudo nft add rule inet filter forward iifname "<VPN_IFACE>" ip daddr @blacklist_vk_v4 counter reject
sudo nft add rule inet filter forward iifname "<VPN_IFACE>" ip6 daddr @blacklist_vk_v6 counter reject
```

829
blacklists_nftables/blacklist-v4.nft Normal file
View File

@@ -0,0 +1,829 @@
# Autogenerated nftables blacklist
# Generated: 2026-03-30T07:19:43.484396Z
# Source: /tmp/blacklist-v4.txt
# IPv4: 802, IPv6: 0
#
# Usage:
# sudo nft -f <this-file>
# # VM protection from incoming blacklist sources
# sudo nft add chain inet filter input '{ type filter hook input priority 0; policy accept; }'
# sudo nft add rule inet filter input ip saddr @blacklist_v4 counter reject
# sudo nft add rule inet filter input ip6 saddr @blacklist_v6 counter reject
table inet filter {
set blacklist_v4 {
type ipv4_addr
flags interval
elements = {
5.61.16.0/21,
5.61.232.0/21,
5.101.40.0/22,
5.181.60.0/22,
5.188.140.0/22,
31.44.63.64/29,
31.177.95.0/24,
31.177.104.0/22,
37.28.161.48/30,
37.29.53.16/30,
37.29.57.52/30,
37.29.57.64/30,
37.29.59.56/30,
37.139.32.0/22,
37.139.40.0/22,
45.84.128.0/22,
45.136.20.0/22,
46.20.70.160/28,
46.29.152.0/22,
46.29.156.0/23,
46.46.142.160/28,
46.46.148.40/29,
46.47.197.128/30,
46.47.199.76/30,
46.47.203.52/30,
46.47.207.96/30,
46.47.208.84/30,
46.47.210.76/30,
46.47.211.0/24,
46.47.212.204/30,
46.47.213.0/24,
46.47.214.200/30,
46.47.219.200/30,
46.47.223.196/30,
46.47.229.0/28,
46.47.238.144/30,
46.47.249.176/29,
46.61.208.0/24,
46.228.0.232/29,
62.5.130.104/29,
62.5.132.224/29,
62.5.189.80/29,
62.5.202.60/30,
62.5.218.204/30,
62.5.224.188/30,
62.5.242.80/28,
62.28.169.168/30,
62.33.34.16/28,
62.33.87.128/28,
62.33.199.80/29,
62.63.96.32/28,
62.63.98.24/29,
62.63.100.160/30,
62.63.101.80/29,
62.76.98.0/24,
62.105.158.200/29,
62.112.110.64/28,
62.118.101.184/29,
62.118.113.232/29,
62.118.125.188/30,
62.118.127.240/28,
62.118.193.8/29,
62.118.205.68/30,
62.118.208.100/30,
62.118.209.192/30,
62.118.216.60/30,
62.118.219.184/30,
62.118.230.4/30,
62.118.233.224/29,
62.118.234.64/29,
62.118.239.128/29,
62.141.125.0/25,
62.217.160.0/20,
77.34.209.160/28,
77.35.76.80/28,
77.35.98.240/28,
77.37.128.0/17,
77.72.139.0/28,
77.82.124.112/29,
77.243.9.80/28,
78.24.159.48/29,
78.37.67.24/29,
78.37.69.160/27,
78.37.84.120/29,
78.37.97.88/29,
78.37.104.0/29,
78.107.3.208/28,
78.107.13.208/28,
78.107.16.96/28,
78.107.18.112/28,
78.107.40.160/28,
78.107.42.144/28,
78.107.51.16/28,
78.107.61.96/28,
78.107.86.32/28,
78.108.192.0/21,
78.108.200.0/24,
78.109.140.112/29,
79.133.74.160/30,
79.133.75.44/30,
79.133.75.176/30,
79.137.132.0/24,
79.137.139.0/24,
79.137.140.0/24,
79.137.142.0/24,
79.137.157.0/24,
79.137.164.0/24,
79.137.167.0/24,
79.137.174.0/23,
79.137.180.0/24,
79.137.183.0/24,
79.137.240.0/21,
79.142.88.0/28,
79.143.229.0/24,
79.143.230.0/24,
79.143.232.0/24,
80.73.16.0/20,
80.73.168.80/28,
80.73.169.244/30,
80.82.43.24/29,
80.89.152.220/30,
80.237.11.88/29,
80.237.39.112/29,
80.237.98.80/28,
80.247.32.0/20,
80.254.100.40/29,
80.254.119.168/29,
81.1.195.0/28,
81.1.205.96/27,
81.2.1.0/28,
81.2.10.192/27,
81.3.168.148/30,
81.17.2.192/28,
81.17.3.16/29,
81.176.70.0/26,
81.176.235.0/27,
81.177.12.0/24,
81.177.31.64/26,
81.177.156.0/24,
81.195.36.48/28,
81.195.44.248/30,
81.195.45.64/30,
81.195.50.72/29,
81.195.90.44/30,
81.195.92.48/30,
81.195.93.192/27,
81.195.94.72/29,
81.195.105.160/28,
81.195.108.164/30,
81.195.112.36/30,
81.195.118.48/30,
81.195.118.128/30,
81.195.120.16/29,
81.195.124.52/30,
81.195.125.96/30,
81.195.148.140/30,
81.195.150.248/30,
81.195.151.0/24,
81.195.155.0/30,
81.195.161.12/30,
81.195.164.0/24,
81.195.165.64/28,
81.195.168.24/30,
81.195.177.160/30,
81.195.178.224/27,
81.195.182.64/28,
81.195.192.96/30,
81.195.231.128/26,
81.195.244.32/29,
81.195.245.0/28,
81.195.247.128/28,
81.195.250.16/29,
81.211.32.16/28,
81.222.194.200/29,
81.222.209.136/29,
81.222.210.24/29,
82.140.65.240/29,
82.142.162.104/29,
82.151.107.136/29,
82.162.72.208/28,
82.162.76.176/28,
82.162.80.192/28,
82.162.87.192/28,
82.162.90.0/28,
82.162.103.144/28,
82.162.126.96/28,
82.162.149.160/28,
82.162.157.64/28,
82.162.158.176/28,
82.162.172.112/28,
82.179.86.32/27,
82.196.69.152/30,
82.196.130.0/27,
82.198.176.16/29,
82.198.176.144/29,
82.198.176.208/29,
82.198.189.128/26,
82.198.190.64/26,
82.198.191.96/27,
82.198.191.248/29,
82.200.13.0/27,
82.200.22.136/29,
82.200.22.144/28,
82.200.64.0/24,
82.208.68.240/28,
82.208.77.104/29,
82.208.81.0/24,
82.208.93.160/27,
83.69.207.248/29,
83.149.42.64/29,
83.166.232.0/21,
83.166.248.0/21,
83.172.36.224/29,
83.217.216.0/22,
83.219.5.248/29,
83.219.6.72/29,
83.219.13.128/29,
83.219.13.184/29,
83.219.23.8/29,
83.219.23.48/29,
83.219.25.0/29,
83.219.25.112/29,
83.219.138.16/28,
83.220.53.16/28,
83.222.28.0/22,
83.229.181.192/26,
83.229.232.16/29,
84.23.52.0/22,
84.53.210.144/28,
84.204.7.144/29,
84.204.93.232/30,
84.204.143.44/30,
84.204.154.16/30,
84.204.170.220/30,
84.204.217.164/30,
84.204.245.208/29,
85.21.99.48/28,
85.21.99.64/28,
85.21.102.224/28,
85.21.103.64/28,
85.21.104.192/27,
85.21.148.0/26,
85.21.149.48/28,
85.21.155.208/28,
85.21.157.48/28,
85.21.204.208/28,
85.90.98.144/30,
85.90.99.168/29,
85.90.100.72/29,
85.90.101.112/28,
85.90.101.192/29,
85.90.102.168/29,
85.90.120.72/29,
85.90.121.72/29,
85.90.125.96/29,
85.90.127.16/29,
85.94.52.160/27,
85.94.53.32/28,
85.114.30.192/30,
85.114.30.204/30,
85.114.31.108/30,
85.114.93.88/29,
85.141.17.24/30,
85.141.17.112/30,
85.141.18.80/30,
85.141.19.56/30,
85.141.21.236/30,
85.141.28.0/30,
85.141.31.68/30,
85.141.32.96/28,
85.141.33.0/28,
85.141.33.64/28,
85.141.60.96/28,
85.141.61.160/28,
85.143.125.0/24,
85.146.204.44/30,
85.192.32.0/22,
85.198.106.0/23,
85.236.29.160/27,
86.102.72.240/28,
86.102.74.64/28,
86.102.100.48/28,
86.102.108.32/28,
86.102.109.32/27,
86.102.115.80/28,
86.102.126.80/28,
86.102.126.160/28,
87.117.18.144/29,
87.117.20.64/26,
87.117.20.128/28,
87.117.21.0/26,
87.117.21.64/28,
87.117.21.80/29,
87.117.23.128/28,
87.117.31.56/29,
87.225.56.224/28,
87.226.156.64/26,
87.226.191.0/24,
87.226.213.0/24,
87.226.239.180/30,
87.237.47.204/30,
87.239.104.0/21,
87.240.128.0/18,
87.242.112.0/22,
87.245.133.0/24,
87.249.3.64/28,
87.249.5.48/30,
87.249.7.120/29,
87.249.16.32/28,
87.249.18.60/30,
87.249.22.72/29,
87.249.28.232/29,
87.249.30.176/30,
88.83.195.248/30,
88.151.200.0/24,
88.200.208.112/29,
89.21.129.16/28,
89.21.140.104/29,
89.21.152.104/29,
89.28.253.168/29,
89.28.255.56/29,
89.106.172.160/29,
89.107.123.120/29,
89.107.123.136/29,
89.107.127.136/29,
89.109.7.176/29,
89.109.250.28/30,
89.109.250.80/30,
89.109.250.88/29,
89.109.250.96/30,
89.109.250.132/30,
89.109.250.140/30,
89.111.176.0/22,
89.175.6.64/27,
89.175.8.36/30,
89.175.8.40/29,
89.175.8.52/30,
89.175.8.68/30,
89.175.8.104/30,
89.175.8.140/30,
89.175.8.192/30,
89.175.9.4/30,
89.175.10.160/30,
89.175.165.208/28,
89.175.170.144/28,
89.175.174.136/29,
89.175.176.88/30,
89.175.176.140/30,
89.175.176.176/30,
89.175.188.184/29,
89.179.155.192/28,
89.179.179.16/28,
89.179.181.0/24,
89.208.84.0/22,
89.208.196.0/22,
89.208.208.0/22,
89.208.216.0/21,
89.208.228.0/22,
89.221.228.0/22,
89.221.232.0/21,
90.150.176.52/30,
90.150.189.32/29,
90.150.189.128/26,
90.150.189.192/27,
90.150.189.224/28,
90.150.189.248/29,
90.156.148.0/22,
90.156.212.0/22,
90.156.216.0/22,
90.156.232.0/21,
91.103.194.184/29,
91.135.212.0/22,
91.135.216.0/21,
91.195.136.0/23,
91.208.20.0/24,
91.215.168.0/22,
91.217.34.0/23,
91.219.192.0/22,
91.219.224.0/22,
91.221.140.0/23,
91.226.250.0/24,
91.227.32.0/24,
91.231.132.0/22,
91.237.76.0/24,
92.38.217.0/24,
92.39.106.20/30,
92.39.106.168/30,
92.39.111.84/30,
92.39.128.0/21,
92.50.198.72/30,
92.50.198.124/30,
92.50.219.136/29,
92.50.238.224/29,
92.101.253.96/29,
92.101.253.152/29,
93.153.134.112/29,
93.153.135.88/30,
93.153.136.132/30,
93.153.142.4/30,
93.153.144.60/30,
93.153.171.204/30,
93.153.172.100/30,
93.153.175.44/30,
93.153.183.104/30,
93.153.194.160/29,
93.153.220.192/29,
93.153.223.8/29,
93.153.229.232/29,
93.153.244.188/30,
93.153.244.248/29,
93.153.251.0/24,
93.153.255.84/30,
93.178.104.32/29,
93.178.104.64/29,
93.178.106.0/26,
93.186.224.0/20,
93.188.20.72/29,
93.190.110.0/24,
94.25.53.56/29,
94.25.57.176/29,
94.25.57.224/28,
94.25.65.16/29,
94.25.70.64/30,
94.25.90.240/29,
94.25.95.136/30,
94.25.119.228/30,
94.100.176.0/20,
94.124.192.192/29,
94.139.244.0/22,
94.199.64.0/21,
95.53.248.0/29,
95.54.193.80/28,
95.142.192.0/20,
95.163.32.0/19,
95.163.133.0/24,
95.163.180.0/22,
95.163.208.0/21,
95.163.216.0/22,
95.163.248.0/21,
95.167.2.4/30,
95.167.4.168/29,
95.167.5.64/27,
95.167.21.104/29,
95.167.29.104/29,
95.167.54.76/30,
95.167.59.244/30,
95.167.59.248/30,
95.167.64.20/30,
95.167.68.216/29,
95.167.69.116/30,
95.167.70.32/28,
95.167.70.136/29,
95.167.70.176/28,
95.167.72.48/30,
95.167.72.140/30,
95.167.72.204/30,
95.167.74.136/29,
95.167.74.180/30,
95.167.76.160/27,
95.167.99.48/28,
95.167.113.48/30,
95.167.114.48/30,
95.167.121.68/30,
95.167.122.128/28,
95.167.142.32/30,
95.167.157.156/30,
95.167.162.76/30,
95.167.162.236/30,
95.167.176.0/23,
95.167.213.0/24,
95.173.128.0/19,
95.213.0.0/17,
109.73.4.224/27,
109.120.180.0/22,
109.120.188.0/22,
109.124.66.128/30,
109.124.66.160/28,
109.124.71.64/29,
109.124.78.108/30,
109.124.80.132/30,
109.124.83.20/30,
109.124.87.96/29,
109.124.89.36/30,
109.124.89.140/30,
109.124.89.212/30,
109.124.90.32/30,
109.124.90.128/30,
109.124.97.4/30,
109.124.99.16/30,
109.124.99.160/28,
109.124.119.88/29,
109.204.204.232/29,
109.207.0.0/20,
109.232.187.16/29,
109.248.197.0/24,
128.140.168.0/21,
130.49.224.0/19,
145.255.238.240/28,
146.185.208.0/22,
146.185.240.0/22,
149.62.55.240/30,
155.212.192.0/20,
161.104.104.0/21,
176.109.0.0/21,
176.112.168.0/21,
176.116.96.0/20,
176.116.112.0/22,
178.16.156.148/30,
178.17.176.0/20,
178.20.234.224/29,
178.22.88.0/21,
178.49.148.176/29,
178.237.16.0/20,
178.237.206.0/24,
178.237.240.0/20,
178.248.232.60/32,
178.248.232.137/32,
178.248.233.26/32,
178.248.233.32/32,
178.248.233.60/32,
178.248.233.136/32,
178.248.233.244/31,
178.248.234.30/32,
178.248.234.33/32,
178.248.234.60/32,
178.248.234.79/32,
178.248.234.83/32,
178.248.234.136/32,
178.248.234.204/32,
178.248.234.228/32,
178.248.234.238/32,
178.248.235.60/32,
178.248.235.75/32,
178.248.235.244/32,
178.248.236.20/32,
178.248.236.83/32,
178.248.236.244/32,
178.248.237.18/32,
178.248.237.98/32,
178.248.237.136/32,
178.248.237.242/32,
178.248.238.55/32,
178.248.238.102/32,
178.248.238.128/31,
178.248.238.136/32,
178.248.238.155/32,
178.248.238.172/32,
178.248.238.205/32,
178.248.238.255/32,
178.248.239.215/32,
185.5.136.0/22,
185.6.244.0/22,
185.7.234.188/30,
185.16.148.0/22,
185.16.244.0/22,
185.29.128.0/22,
185.32.248.0/22,
185.65.149.170/32,
185.86.144.0/22,
185.100.104.0/22,
185.130.112.0/22,
185.131.68.0/22,
185.149.160.0/22,
185.168.60.0/22,
185.179.224.0/22,
185.180.200.0/22,
185.183.172.0/22,
185.187.63.0/24,
185.224.228.0/22,
185.226.52.0/22,
185.241.192.0/22,
188.93.56.0/21,
188.128.8.240/30,
188.128.11.196/30,
188.128.89.0/30,
188.128.92.104/30,
188.128.94.204/30,
188.128.98.204/30,
188.128.101.108/30,
188.128.112.216/29,
188.128.112.240/29,
188.128.113.0/28,
188.128.114.128/28,
188.128.115.232/29,
188.128.118.224/27,
188.128.119.104/30,
188.128.122.240/30,
188.247.36.124/30,
188.247.36.128/28,
188.247.36.204/30,
193.33.230.0/23,
193.47.146.0/24,
193.203.40.0/22,
193.232.70.0/24,
194.8.70.0/23,
194.8.246.0/23,
194.67.63.200/30,
194.84.16.12/30,
194.140.247.0/24,
194.150.202.0/23,
194.165.22.0/23,
194.186.63.0/24,
194.186.112.80/28,
194.190.9.0/24,
194.215.248.0/24,
194.226.80.0/20,
194.226.116.0/22,
194.226.127.0/24,
195.3.240.0/22,
195.16.55.224/27,
195.42.75.8/29,
195.54.20.168/29,
195.54.28.72/30,
195.54.221.0/24,
195.58.5.16/29,
195.58.13.120/30,
195.58.21.196/30,
195.58.29.57/32,
195.58.30.164/30,
195.58.30.200/29,
195.80.224.0/24,
195.98.38.16/28,
195.98.43.104/29,
195.98.73.56/29,
195.98.77.100/30,
195.128.157.0/24,
195.131.7.8/29,
195.131.53.248/29,
195.131.61.80/29,
195.131.63.24/29,
195.144.226.224/28,
195.144.232.144/30,
195.144.240.128/28,
195.149.110.0/24,
195.162.36.64/28,
195.170.218.24/29,
195.170.218.88/29,
195.182.142.128/26,
195.182.145.64/28,
195.182.151.212/30,
195.182.151.216/30,
195.182.155.164/30,
195.182.156.96/30,
195.209.120.0/22,
195.211.20.0/22,
195.218.175.40/29,
195.218.190.0/23,
195.226.203.0/24,
195.239.80.32/29,
195.239.113.0/24,
195.239.247.0/24,
212.13.104.116/30,
212.13.113.100/30,
212.15.105.64/28,
212.15.114.156/30,
212.15.115.80/28,
212.17.8.176/29,
212.17.9.144/28,
212.17.16.192/27,
212.17.17.176/28,
212.23.85.48/30,
212.23.85.56/29,
212.32.198.64/29,
212.48.34.176/28,
212.48.53.76/30,
212.48.53.84/30,
212.48.53.88/29,
212.48.53.100/30,
212.48.53.144/30,
212.48.53.152/29,
212.48.53.160/29,
212.48.53.184/29,
212.48.53.192/29,
212.48.53.200/30,
212.48.53.216/30,
212.48.53.236/30,
212.48.53.240/28,
212.48.54.0/30,
212.48.54.8/29,
212.48.54.16/28,
212.48.54.32/29,
212.48.54.44/30,
212.48.54.48/28,
212.48.54.64/28,
212.48.54.80/29,
212.48.54.92/30,
212.48.54.96/27,
212.48.54.128/27,
212.48.54.164/30,
212.48.54.168/29,
212.48.54.176/28,
212.48.54.196/30,
212.48.54.200/30,
212.48.54.208/28,
212.48.54.240/28,
212.48.134.192/26,
212.48.138.240/28,
212.48.141.160/27,
212.49.107.224/27,
212.49.124.0/26,
212.57.133.0/24,
212.57.159.0/24,
212.59.98.48/29,
212.59.99.96/27,
212.111.84.0/22,
212.119.174.0/23,
212.120.169.48/29,
212.120.174.88/29,
212.120.184.48/28,
212.120.184.64/29,
212.120.189.208/29,
212.120.189.224/29,
212.120.190.112/29,
212.120.190.240/29,
212.120.191.120/29,
212.120.191.248/29,
212.192.156.0/22,
212.233.72.0/21,
212.233.88.0/21,
212.233.96.0/22,
212.233.120.0/22,
213.24.34.0/24,
213.24.75.0/24,
213.24.76.0/23,
213.24.128.0/22,
213.24.143.0/24,
213.24.152.0/22,
213.24.160.0/28,
213.33.171.240/29,
213.59.59.16/29,
213.59.59.64/29,
213.59.59.120/29,
213.59.59.128/29,
213.59.59.144/29,
213.59.59.168/29,
213.59.91.48/29,
213.59.91.128/27,
213.59.91.176/28,
213.85.2.64/28,
213.85.2.80/29,
213.85.20.8/30,
213.85.20.32/30,
213.85.20.84/30,
213.85.77.64/27,
213.85.142.176/28,
213.147.55.108/30,
213.172.4.192/26,
213.172.17.252/30,
213.172.18.60/30,
213.172.18.124/30,
213.172.18.148/30,
213.172.18.160/29,
213.172.18.252/30,
213.172.27.0/30,
213.172.27.116/30,
213.172.27.160/30,
213.172.27.204/30,
213.172.27.212/30,
213.172.27.224/30,
213.172.27.252/30,
213.172.30.136/30,
213.176.232.0/22,
213.177.111.0/24,
213.183.253.56/29,
213.219.212.0/22,
213.219.237.68/30,
213.234.8.8/30,
213.234.13.60/30,
213.234.15.228/30,
213.234.15.248/30,
213.234.18.52/30,
213.242.204.76/30,
213.242.204.236/30,
213.242.205.88/30,
213.242.215.68/30,
213.242.215.192/29,
213.243.84.80/28,
213.243.106.48/28,
213.243.116.0/24,
217.16.16.0/20,
217.20.86.128/25,
217.20.144.0/20,
217.23.88.168/29,
217.23.88.248/29,
217.27.142.176/30,
217.65.214.24/29,
217.65.219.160/29,
217.67.177.208/29,
217.69.128.0/20,
217.106.0.0/16,
217.107.0.0/18,
217.107.200.0/21,
217.107.208.0/20,
217.147.23.112/28,
217.148.216.156/30,
217.148.220.160/29,
217.172.18.0/23,
217.172.20.0/22,
217.174.188.0/22,
217.195.92.16/28,
217.195.93.144/29,
217.195.94.200/29
}
}
set blacklist_v6 {
type ipv6_addr
flags interval
}
}

44
blacklists_nftables/blacklist-v6.nft Normal file
View File

@@ -0,0 +1,44 @@
# Autogenerated nftables blacklist
# Generated: 2026-03-30T07:19:43.518722Z
# Source: /tmp/blacklist-v6.txt
# IPv4: 0, IPv6: 17
#
# Usage:
# sudo nft -f <this-file>
# # VM protection from incoming blacklist sources
# sudo nft add chain inet filter input '{ type filter hook input priority 0; policy accept; }'
# sudo nft add rule inet filter input ip saddr @blacklist_v4 counter reject
# sudo nft add rule inet filter input ip6 saddr @blacklist_v6 counter reject
table inet filter {
set blacklist_v4 {
type ipv4_addr
flags interval
}
set blacklist_v6 {
type ipv6_addr
flags interval
elements = {
2a00:1148::/29,
2a00:46e0::/32,
2a00:a300::/32,
2a00:b4c0::/32,
2a00:bdc0::/33,
2a00:bdc0:8000::/34,
2a00:bdc0:c000::/35,
2a00:bdc0:e002::/47,
2a00:bdc0:e004::/47,
2a00:bdc0:e007::/48,
2a00:bdc0:f000::/36,
2a00:bdc1::/32,
2a00:bdc2::/31,
2a00:bdc4::/30,
2a14:25c0::/32,
2a14:25c5::/32,
2a14:25c6::/31
}
}
}

120
blacklists_nftables/blacklist-vk-v4.nft Normal file
View File

@@ -0,0 +1,120 @@
# Autogenerated nftables blacklist
# Generated: 2026-03-30T07:19:43.583781Z
# Source: /home/runner/work/AS_Network_List/AS_Network_List/blacklists/blacklist-vk-v4.txt
# IPv4: 93, IPv6: 0
#
# Usage:
# sudo nft -f <this-file>
# # VK egress blocking for VPN clients via NAT/FORWARD
# sudo nft add chain inet filter forward '{ type filter hook forward priority 0; policy accept; }'
# sudo nft add rule inet filter forward iifname "<VPN_IFACE>" ip daddr @blacklist_vk_v4 counter reject
# sudo nft add rule inet filter forward iifname "<VPN_IFACE>" ip6 daddr @blacklist_vk_v6 counter reject
table inet filter {
set blacklist_vk_v4 {
type ipv4_addr
flags interval
elements = {
5.61.16.0/21,
5.61.232.0/21,
5.101.40.0/22,
5.181.60.0/22,
5.188.140.0/22,
37.139.32.0/22,
37.139.40.0/22,
45.84.128.0/22,
45.136.20.0/22,
62.217.160.0/20,
79.137.132.0/24,
79.137.139.0/24,
79.137.157.0/24,
79.137.164.0/24,
79.137.167.0/24,
79.137.174.0/23,
79.137.180.0/24,
79.137.240.0/21,
83.166.232.0/21,
83.166.248.0/21,
83.217.216.0/22,
83.222.28.0/22,
84.23.52.0/22,
85.114.31.108/30,
85.192.32.0/22,
85.198.106.0/23,
87.239.104.0/21,
87.240.128.0/18,
87.242.112.0/22,
89.208.84.0/22,
89.208.196.0/22,
89.208.208.0/22,
89.208.216.0/21,
89.208.228.0/22,
89.221.228.0/22,
89.221.232.0/21,
90.156.148.0/22,
90.156.212.0/22,
90.156.216.0/22,
90.156.232.0/21,
91.219.224.0/22,
91.231.132.0/22,
91.237.76.0/24,
93.153.255.84/30,
93.186.224.0/20,
94.100.176.0/20,
94.139.244.0/22,
95.142.192.0/20,
95.163.32.0/19,
95.163.180.0/22,
95.163.208.0/21,
95.163.216.0/22,
95.163.248.0/21,
95.213.0.0/17,
109.120.180.0/22,
109.120.188.0/22,
128.140.168.0/21,
130.49.224.0/19,
146.185.208.0/22,
146.185.240.0/22,
155.212.192.0/20,
161.104.104.0/21,
176.112.168.0/21,
178.22.88.0/21,
178.237.16.0/20,
185.5.136.0/22,
185.6.244.0/22,
185.16.148.0/22,
185.16.244.0/22,
185.29.128.0/22,
185.32.248.0/22,
185.86.144.0/22,
185.100.104.0/22,
185.130.112.0/22,
185.131.68.0/22,
185.180.200.0/22,
185.187.63.0/24,
185.226.52.0/22,
185.241.192.0/22,
188.93.56.0/21,
193.203.40.0/22,
194.84.16.12/30,
195.211.20.0/22,
212.111.84.0/22,
212.233.72.0/21,
212.233.88.0/21,
212.233.96.0/22,
212.233.120.0/22,
213.219.212.0/22,
217.16.16.0/20,
217.20.144.0/20,
217.69.128.0/20,
217.174.188.0/23
}
}
set blacklist_vk_v6 {
type ipv6_addr
flags interval
}
}

28
blacklists_nftables/blacklist-vk-v6.nft Normal file
View File

@@ -0,0 +1,28 @@
# Autogenerated nftables blacklist
# Generated: 2026-03-30T07:19:43.613011Z
# Source: /home/runner/work/AS_Network_List/AS_Network_List/blacklists/blacklist-vk-v6.txt
# IPv4: 0, IPv6: 1
#
# Usage:
# sudo nft -f <this-file>
# # VK egress blocking for VPN clients via NAT/FORWARD
# sudo nft add chain inet filter forward '{ type filter hook forward priority 0; policy accept; }'
# sudo nft add rule inet filter forward iifname "<VPN_IFACE>" ip daddr @blacklist_vk_v4 counter reject
# sudo nft add rule inet filter forward iifname "<VPN_IFACE>" ip6 daddr @blacklist_vk_v6 counter reject
table inet filter {
set blacklist_vk_v4 {
type ipv4_addr
flags interval
}
set blacklist_vk_v6 {
type ipv6_addr
flags interval
elements = {
2a00:bdc0::/29
}
}
}

123
blacklists_nftables/blacklist-vk.nft Normal file
View File

@@ -0,0 +1,123 @@
# Autogenerated nftables blacklist
# Generated: 2026-03-30T07:19:43.551076Z
# Source: /home/runner/work/AS_Network_List/AS_Network_List/blacklists/blacklist-vk.txt
# IPv4: 93, IPv6: 1
#
# Usage:
# sudo nft -f <this-file>
# # VK egress blocking for VPN clients via NAT/FORWARD
# sudo nft add chain inet filter forward '{ type filter hook forward priority 0; policy accept; }'
# sudo nft add rule inet filter forward iifname "<VPN_IFACE>" ip daddr @blacklist_vk_v4 counter reject
# sudo nft add rule inet filter forward iifname "<VPN_IFACE>" ip6 daddr @blacklist_vk_v6 counter reject
table inet filter {
set blacklist_vk_v4 {
type ipv4_addr
flags interval
elements = {
5.61.16.0/21,
5.61.232.0/21,
5.101.40.0/22,
5.181.60.0/22,
5.188.140.0/22,
37.139.32.0/22,
37.139.40.0/22,
45.84.128.0/22,
45.136.20.0/22,
62.217.160.0/20,
79.137.132.0/24,
79.137.139.0/24,
79.137.157.0/24,
79.137.164.0/24,
79.137.167.0/24,
79.137.174.0/23,
79.137.180.0/24,
79.137.240.0/21,
83.166.232.0/21,
83.166.248.0/21,
83.217.216.0/22,
83.222.28.0/22,
84.23.52.0/22,
85.114.31.108/30,
85.192.32.0/22,
85.198.106.0/23,
87.239.104.0/21,
87.240.128.0/18,
87.242.112.0/22,
89.208.84.0/22,
89.208.196.0/22,
89.208.208.0/22,
89.208.216.0/21,
89.208.228.0/22,
89.221.228.0/22,
89.221.232.0/21,
90.156.148.0/22,
90.156.212.0/22,
90.156.216.0/22,
90.156.232.0/21,
91.219.224.0/22,
91.231.132.0/22,
91.237.76.0/24,
93.153.255.84/30,
93.186.224.0/20,
94.100.176.0/20,
94.139.244.0/22,
95.142.192.0/20,
95.163.32.0/19,
95.163.180.0/22,
95.163.208.0/21,
95.163.216.0/22,
95.163.248.0/21,
95.213.0.0/17,
109.120.180.0/22,
109.120.188.0/22,
128.140.168.0/21,
130.49.224.0/19,
146.185.208.0/22,
146.185.240.0/22,
155.212.192.0/20,
161.104.104.0/21,
176.112.168.0/21,
178.22.88.0/21,
178.237.16.0/20,
185.5.136.0/22,
185.6.244.0/22,
185.16.148.0/22,
185.16.244.0/22,
185.29.128.0/22,
185.32.248.0/22,
185.86.144.0/22,
185.100.104.0/22,
185.130.112.0/22,
185.131.68.0/22,
185.180.200.0/22,
185.187.63.0/24,
185.226.52.0/22,
185.241.192.0/22,
188.93.56.0/21,
193.203.40.0/22,
194.84.16.12/30,
195.211.20.0/22,
212.111.84.0/22,
212.233.72.0/21,
212.233.88.0/21,
212.233.96.0/22,
212.233.120.0/22,
213.219.212.0/22,
217.16.16.0/20,
217.20.144.0/20,
217.69.128.0/20,
217.174.188.0/23
}
}
set blacklist_vk_v6 {
type ipv6_addr
flags interval
elements = {
2a00:bdc0::/29
}
}
}

848
blacklists_nftables/blacklist.nft Normal file
View File

@@ -0,0 +1,848 @@
# Autogenerated nftables blacklist
# Generated: 2026-03-30T07:19:43.433897Z
# Source: /home/runner/work/AS_Network_List/AS_Network_List/blacklists/blacklist.txt
# IPv4: 802, IPv6: 17
#
# Usage:
# sudo nft -f <this-file>
# # VM protection from incoming blacklist sources
# sudo nft add chain inet filter input '{ type filter hook input priority 0; policy accept; }'
# sudo nft add rule inet filter input ip saddr @blacklist_v4 counter reject
# sudo nft add rule inet filter input ip6 saddr @blacklist_v6 counter reject
table inet filter {
set blacklist_v4 {
type ipv4_addr
flags interval
elements = {
5.61.16.0/21,
5.61.232.0/21,
5.101.40.0/22,
5.181.60.0/22,
5.188.140.0/22,
31.44.63.64/29,
31.177.95.0/24,
31.177.104.0/22,
37.28.161.48/30,
37.29.53.16/30,
37.29.57.52/30,
37.29.57.64/30,
37.29.59.56/30,
37.139.32.0/22,
37.139.40.0/22,
45.84.128.0/22,
45.136.20.0/22,
46.20.70.160/28,
46.29.152.0/22,
46.29.156.0/23,
46.46.142.160/28,
46.46.148.40/29,
46.47.197.128/30,
46.47.199.76/30,
46.47.203.52/30,
46.47.207.96/30,
46.47.208.84/30,
46.47.210.76/30,
46.47.211.0/24,
46.47.212.204/30,
46.47.213.0/24,
46.47.214.200/30,
46.47.219.200/30,
46.47.223.196/30,
46.47.229.0/28,
46.47.238.144/30,
46.47.249.176/29,
46.61.208.0/24,
46.228.0.232/29,
62.5.130.104/29,
62.5.132.224/29,
62.5.189.80/29,
62.5.202.60/30,
62.5.218.204/30,
62.5.224.188/30,
62.5.242.80/28,
62.28.169.168/30,
62.33.34.16/28,
62.33.87.128/28,
62.33.199.80/29,
62.63.96.32/28,
62.63.98.24/29,
62.63.100.160/30,
62.63.101.80/29,
62.76.98.0/24,
62.105.158.200/29,
62.112.110.64/28,
62.118.101.184/29,
62.118.113.232/29,
62.118.125.188/30,
62.118.127.240/28,
62.118.193.8/29,
62.118.205.68/30,
62.118.208.100/30,
62.118.209.192/30,
62.118.216.60/30,
62.118.219.184/30,
62.118.230.4/30,
62.118.233.224/29,
62.118.234.64/29,
62.118.239.128/29,
62.141.125.0/25,
62.217.160.0/20,
77.34.209.160/28,
77.35.76.80/28,
77.35.98.240/28,
77.37.128.0/17,
77.72.139.0/28,
77.82.124.112/29,
77.243.9.80/28,
78.24.159.48/29,
78.37.67.24/29,
78.37.69.160/27,
78.37.84.120/29,
78.37.97.88/29,
78.37.104.0/29,
78.107.3.208/28,
78.107.13.208/28,
78.107.16.96/28,
78.107.18.112/28,
78.107.40.160/28,
78.107.42.144/28,
78.107.51.16/28,
78.107.61.96/28,
78.107.86.32/28,
78.108.192.0/21,
78.108.200.0/24,
78.109.140.112/29,
79.133.74.160/30,
79.133.75.44/30,
79.133.75.176/30,
79.137.132.0/24,
79.137.139.0/24,
79.137.140.0/24,
79.137.142.0/24,
79.137.157.0/24,
79.137.164.0/24,
79.137.167.0/24,
79.137.174.0/23,
79.137.180.0/24,
79.137.183.0/24,
79.137.240.0/21,
79.142.88.0/28,
79.143.229.0/24,
79.143.230.0/24,
79.143.232.0/24,
80.73.16.0/20,
80.73.168.80/28,
80.73.169.244/30,
80.82.43.24/29,
80.89.152.220/30,
80.237.11.88/29,
80.237.39.112/29,
80.237.98.80/28,
80.247.32.0/20,
80.254.100.40/29,
80.254.119.168/29,
81.1.195.0/28,
81.1.205.96/27,
81.2.1.0/28,
81.2.10.192/27,
81.3.168.148/30,
81.17.2.192/28,
81.17.3.16/29,
81.176.70.0/26,
81.176.235.0/27,
81.177.12.0/24,
81.177.31.64/26,
81.177.156.0/24,
81.195.36.48/28,
81.195.44.248/30,
81.195.45.64/30,
81.195.50.72/29,
81.195.90.44/30,
81.195.92.48/30,
81.195.93.192/27,
81.195.94.72/29,
81.195.105.160/28,
81.195.108.164/30,
81.195.112.36/30,
81.195.118.48/30,
81.195.118.128/30,
81.195.120.16/29,
81.195.124.52/30,
81.195.125.96/30,
81.195.148.140/30,
81.195.150.248/30,
81.195.151.0/24,
81.195.155.0/30,
81.195.161.12/30,
81.195.164.0/24,
81.195.165.64/28,
81.195.168.24/30,
81.195.177.160/30,
81.195.178.224/27,
81.195.182.64/28,
81.195.192.96/30,
81.195.231.128/26,
81.195.244.32/29,
81.195.245.0/28,
81.195.247.128/28,
81.195.250.16/29,
81.211.32.16/28,
81.222.194.200/29,
81.222.209.136/29,
81.222.210.24/29,
82.140.65.240/29,
82.142.162.104/29,
82.151.107.136/29,
82.162.72.208/28,
82.162.76.176/28,
82.162.80.192/28,
82.162.87.192/28,
82.162.90.0/28,
82.162.103.144/28,
82.162.126.96/28,
82.162.149.160/28,
82.162.157.64/28,
82.162.158.176/28,
82.162.172.112/28,
82.179.86.32/27,
82.196.69.152/30,
82.196.130.0/27,
82.198.176.16/29,
82.198.176.144/29,
82.198.176.208/29,
82.198.189.128/26,
82.198.190.64/26,
82.198.191.96/27,
82.198.191.248/29,
82.200.13.0/27,
82.200.22.136/29,
82.200.22.144/28,
82.200.64.0/24,
82.208.68.240/28,
82.208.77.104/29,
82.208.81.0/24,
82.208.93.160/27,
83.69.207.248/29,
83.149.42.64/29,
83.166.232.0/21,
83.166.248.0/21,
83.172.36.224/29,
83.217.216.0/22,
83.219.5.248/29,
83.219.6.72/29,
83.219.13.128/29,
83.219.13.184/29,
83.219.23.8/29,
83.219.23.48/29,
83.219.25.0/29,
83.219.25.112/29,
83.219.138.16/28,
83.220.53.16/28,
83.222.28.0/22,
83.229.181.192/26,
83.229.232.16/29,
84.23.52.0/22,
84.53.210.144/28,
84.204.7.144/29,
84.204.93.232/30,
84.204.143.44/30,
84.204.154.16/30,
84.204.170.220/30,
84.204.217.164/30,
84.204.245.208/29,
85.21.99.48/28,
85.21.99.64/28,
85.21.102.224/28,
85.21.103.64/28,
85.21.104.192/27,
85.21.148.0/26,
85.21.149.48/28,
85.21.155.208/28,
85.21.157.48/28,
85.21.204.208/28,
85.90.98.144/30,
85.90.99.168/29,
85.90.100.72/29,
85.90.101.112/28,
85.90.101.192/29,
85.90.102.168/29,
85.90.120.72/29,
85.90.121.72/29,
85.90.125.96/29,
85.90.127.16/29,
85.94.52.160/27,
85.94.53.32/28,
85.114.30.192/30,
85.114.30.204/30,
85.114.31.108/30,
85.114.93.88/29,
85.141.17.24/30,
85.141.17.112/30,
85.141.18.80/30,
85.141.19.56/30,
85.141.21.236/30,
85.141.28.0/30,
85.141.31.68/30,
85.141.32.96/28,
85.141.33.0/28,
85.141.33.64/28,
85.141.60.96/28,
85.141.61.160/28,
85.143.125.0/24,
85.146.204.44/30,
85.192.32.0/22,
85.198.106.0/23,
85.236.29.160/27,
86.102.72.240/28,
86.102.74.64/28,
86.102.100.48/28,
86.102.108.32/28,
86.102.109.32/27,
86.102.115.80/28,
86.102.126.80/28,
86.102.126.160/28,
87.117.18.144/29,
87.117.20.64/26,
87.117.20.128/28,
87.117.21.0/26,
87.117.21.64/28,
87.117.21.80/29,
87.117.23.128/28,
87.117.31.56/29,
87.225.56.224/28,
87.226.156.64/26,
87.226.191.0/24,
87.226.213.0/24,
87.226.239.180/30,
87.237.47.204/30,
87.239.104.0/21,
87.240.128.0/18,
87.242.112.0/22,
87.245.133.0/24,
87.249.3.64/28,
87.249.5.48/30,
87.249.7.120/29,
87.249.16.32/28,
87.249.18.60/30,
87.249.22.72/29,
87.249.28.232/29,
87.249.30.176/30,
88.83.195.248/30,
88.151.200.0/24,
88.200.208.112/29,
89.21.129.16/28,
89.21.140.104/29,
89.21.152.104/29,
89.28.253.168/29,
89.28.255.56/29,
89.106.172.160/29,
89.107.123.120/29,
89.107.123.136/29,
89.107.127.136/29,
89.109.7.176/29,
89.109.250.28/30,
89.109.250.80/30,
89.109.250.88/29,
89.109.250.96/30,
89.109.250.132/30,
89.109.250.140/30,
89.111.176.0/22,
89.175.6.64/27,
89.175.8.36/30,
89.175.8.40/29,
89.175.8.52/30,
89.175.8.68/30,
89.175.8.104/30,
89.175.8.140/30,
89.175.8.192/30,
89.175.9.4/30,
89.175.10.160/30,
89.175.165.208/28,
89.175.170.144/28,
89.175.174.136/29,
89.175.176.88/30,
89.175.176.140/30,
89.175.176.176/30,
89.175.188.184/29,
89.179.155.192/28,
89.179.179.16/28,
89.179.181.0/24,
89.208.84.0/22,
89.208.196.0/22,
89.208.208.0/22,
89.208.216.0/21,
89.208.228.0/22,
89.221.228.0/22,
89.221.232.0/21,
90.150.176.52/30,
90.150.189.32/29,
90.150.189.128/26,
90.150.189.192/27,
90.150.189.224/28,
90.150.189.248/29,
90.156.148.0/22,
90.156.212.0/22,
90.156.216.0/22,
90.156.232.0/21,
91.103.194.184/29,
91.135.212.0/22,
91.135.216.0/21,
91.195.136.0/23,
91.208.20.0/24,
91.215.168.0/22,
91.217.34.0/23,
91.219.192.0/22,
91.219.224.0/22,
91.221.140.0/23,
91.226.250.0/24,
91.227.32.0/24,
91.231.132.0/22,
91.237.76.0/24,
92.38.217.0/24,
92.39.106.20/30,
92.39.106.168/30,
92.39.111.84/30,
92.39.128.0/21,
92.50.198.72/30,
92.50.198.124/30,
92.50.219.136/29,
92.50.238.224/29,
92.101.253.96/29,
92.101.253.152/29,
93.153.134.112/29,
93.153.135.88/30,
93.153.136.132/30,
93.153.142.4/30,
93.153.144.60/30,
93.153.171.204/30,
93.153.172.100/30,
93.153.175.44/30,
93.153.183.104/30,
93.153.194.160/29,
93.153.220.192/29,
93.153.223.8/29,
93.153.229.232/29,
93.153.244.188/30,
93.153.244.248/29,
93.153.251.0/24,
93.153.255.84/30,
93.178.104.32/29,
93.178.104.64/29,
93.178.106.0/26,
93.186.224.0/20,
93.188.20.72/29,
93.190.110.0/24,
94.25.53.56/29,
94.25.57.176/29,
94.25.57.224/28,
94.25.65.16/29,
94.25.70.64/30,
94.25.90.240/29,
94.25.95.136/30,
94.25.119.228/30,
94.100.176.0/20,
94.124.192.192/29,
94.139.244.0/22,
94.199.64.0/21,
95.53.248.0/29,
95.54.193.80/28,
95.142.192.0/20,
95.163.32.0/19,
95.163.133.0/24,
95.163.180.0/22,
95.163.208.0/21,
95.163.216.0/22,
95.163.248.0/21,
95.167.2.4/30,
95.167.4.168/29,
95.167.5.64/27,
95.167.21.104/29,
95.167.29.104/29,
95.167.54.76/30,
95.167.59.244/30,
95.167.59.248/30,
95.167.64.20/30,
95.167.68.216/29,
95.167.69.116/30,
95.167.70.32/28,
95.167.70.136/29,
95.167.70.176/28,
95.167.72.48/30,
95.167.72.140/30,
95.167.72.204/30,
95.167.74.136/29,
95.167.74.180/30,
95.167.76.160/27,
95.167.99.48/28,
95.167.113.48/30,
95.167.114.48/30,
95.167.121.68/30,
95.167.122.128/28,
95.167.142.32/30,
95.167.157.156/30,
95.167.162.76/30,
95.167.162.236/30,
95.167.176.0/23,
95.167.213.0/24,
95.173.128.0/19,
95.213.0.0/17,
109.73.4.224/27,
109.120.180.0/22,
109.120.188.0/22,
109.124.66.128/30,
109.124.66.160/28,
109.124.71.64/29,
109.124.78.108/30,
109.124.80.132/30,
109.124.83.20/30,
109.124.87.96/29,
109.124.89.36/30,
109.124.89.140/30,
109.124.89.212/30,
109.124.90.32/30,
109.124.90.128/30,
109.124.97.4/30,
109.124.99.16/30,
109.124.99.160/28,
109.124.119.88/29,
109.204.204.232/29,
109.207.0.0/20,
109.232.187.16/29,
109.248.197.0/24,
128.140.168.0/21,
130.49.224.0/19,
145.255.238.240/28,
146.185.208.0/22,
146.185.240.0/22,
149.62.55.240/30,
155.212.192.0/20,
161.104.104.0/21,
176.109.0.0/21,
176.112.168.0/21,
176.116.96.0/20,
176.116.112.0/22,
178.16.156.148/30,
178.17.176.0/20,
178.20.234.224/29,
178.22.88.0/21,
178.49.148.176/29,
178.237.16.0/20,
178.237.206.0/24,
178.237.240.0/20,
178.248.232.60/32,
178.248.232.137/32,
178.248.233.26/32,
178.248.233.32/32,
178.248.233.60/32,
178.248.233.136/32,
178.248.233.244/31,
178.248.234.30/32,
178.248.234.33/32,
178.248.234.60/32,
178.248.234.79/32,
178.248.234.83/32,
178.248.234.136/32,
178.248.234.204/32,
178.248.234.228/32,
178.248.234.238/32,
178.248.235.60/32,
178.248.235.75/32,
178.248.235.244/32,
178.248.236.20/32,
178.248.236.83/32,
178.248.236.244/32,
178.248.237.18/32,
178.248.237.98/32,
178.248.237.136/32,
178.248.237.242/32,
178.248.238.55/32,
178.248.238.102/32,
178.248.238.128/31,
178.248.238.136/32,
178.248.238.155/32,
178.248.238.172/32,
178.248.238.205/32,
178.248.238.255/32,
178.248.239.215/32,
185.5.136.0/22,
185.6.244.0/22,
185.7.234.188/30,
185.16.148.0/22,
185.16.244.0/22,
185.29.128.0/22,
185.32.248.0/22,
185.65.149.170/32,
185.86.144.0/22,
185.100.104.0/22,
185.130.112.0/22,
185.131.68.0/22,
185.149.160.0/22,
185.168.60.0/22,
185.179.224.0/22,
185.180.200.0/22,
185.183.172.0/22,
185.187.63.0/24,
185.224.228.0/22,
185.226.52.0/22,
185.241.192.0/22,
188.93.56.0/21,
188.128.8.240/30,
188.128.11.196/30,
188.128.89.0/30,
188.128.92.104/30,
188.128.94.204/30,
188.128.98.204/30,
188.128.101.108/30,
188.128.112.216/29,
188.128.112.240/29,
188.128.113.0/28,
188.128.114.128/28,
188.128.115.232/29,
188.128.118.224/27,
188.128.119.104/30,
188.128.122.240/30,
188.247.36.124/30,
188.247.36.128/28,
188.247.36.204/30,
193.33.230.0/23,
193.47.146.0/24,
193.203.40.0/22,
193.232.70.0/24,
194.8.70.0/23,
194.8.246.0/23,
194.67.63.200/30,
194.84.16.12/30,
194.140.247.0/24,
194.150.202.0/23,
194.165.22.0/23,
194.186.63.0/24,
194.186.112.80/28,
194.190.9.0/24,
194.215.248.0/24,
194.226.80.0/20,
194.226.116.0/22,
194.226.127.0/24,
195.3.240.0/22,
195.16.55.224/27,
195.42.75.8/29,
195.54.20.168/29,
195.54.28.72/30,
195.54.221.0/24,
195.58.5.16/29,
195.58.13.120/30,
195.58.21.196/30,
195.58.29.57/32,
195.58.30.164/30,
195.58.30.200/29,
195.80.224.0/24,
195.98.38.16/28,
195.98.43.104/29,
195.98.73.56/29,
195.98.77.100/30,
195.128.157.0/24,
195.131.7.8/29,
195.131.53.248/29,
195.131.61.80/29,
195.131.63.24/29,
195.144.226.224/28,
195.144.232.144/30,
195.144.240.128/28,
195.149.110.0/24,
195.162.36.64/28,
195.170.218.24/29,
195.170.218.88/29,
195.182.142.128/26,
195.182.145.64/28,
195.182.151.212/30,
195.182.151.216/30,
195.182.155.164/30,
195.182.156.96/30,
195.209.120.0/22,
195.211.20.0/22,
195.218.175.40/29,
195.218.190.0/23,
195.226.203.0/24,
195.239.80.32/29,
195.239.113.0/24,
195.239.247.0/24,
212.13.104.116/30,
212.13.113.100/30,
212.15.105.64/28,
212.15.114.156/30,
212.15.115.80/28,
212.17.8.176/29,
212.17.9.144/28,
212.17.16.192/27,
212.17.17.176/28,
212.23.85.48/30,
212.23.85.56/29,
212.32.198.64/29,
212.48.34.176/28,
212.48.53.76/30,
212.48.53.84/30,
212.48.53.88/29,
212.48.53.100/30,
212.48.53.144/30,
212.48.53.152/29,
212.48.53.160/29,
212.48.53.184/29,
212.48.53.192/29,
212.48.53.200/30,
212.48.53.216/30,
212.48.53.236/30,
212.48.53.240/28,
212.48.54.0/30,
212.48.54.8/29,
212.48.54.16/28,
212.48.54.32/29,
212.48.54.44/30,
212.48.54.48/28,
212.48.54.64/28,
212.48.54.80/29,
212.48.54.92/30,
212.48.54.96/27,
212.48.54.128/27,
212.48.54.164/30,
212.48.54.168/29,
212.48.54.176/28,
212.48.54.196/30,
212.48.54.200/30,
212.48.54.208/28,
212.48.54.240/28,
212.48.134.192/26,
212.48.138.240/28,
212.48.141.160/27,
212.49.107.224/27,
212.49.124.0/26,
212.57.133.0/24,
212.57.159.0/24,
212.59.98.48/29,
212.59.99.96/27,
212.111.84.0/22,
212.119.174.0/23,
212.120.169.48/29,
212.120.174.88/29,
212.120.184.48/28,
212.120.184.64/29,
212.120.189.208/29,
212.120.189.224/29,
212.120.190.112/29,
212.120.190.240/29,
212.120.191.120/29,
212.120.191.248/29,
212.192.156.0/22,
212.233.72.0/21,
212.233.88.0/21,
212.233.96.0/22,
212.233.120.0/22,
213.24.34.0/24,
213.24.75.0/24,
213.24.76.0/23,
213.24.128.0/22,
213.24.143.0/24,
213.24.152.0/22,
213.24.160.0/28,
213.33.171.240/29,
213.59.59.16/29,
213.59.59.64/29,
213.59.59.120/29,
213.59.59.128/29,
213.59.59.144/29,
213.59.59.168/29,
213.59.91.48/29,
213.59.91.128/27,
213.59.91.176/28,
213.85.2.64/28,
213.85.2.80/29,
213.85.20.8/30,
213.85.20.32/30,
213.85.20.84/30,
213.85.77.64/27,
213.85.142.176/28,
213.147.55.108/30,
213.172.4.192/26,
213.172.17.252/30,
213.172.18.60/30,
213.172.18.124/30,
213.172.18.148/30,
213.172.18.160/29,
213.172.18.252/30,
213.172.27.0/30,
213.172.27.116/30,
213.172.27.160/30,
213.172.27.204/30,
213.172.27.212/30,
213.172.27.224/30,
213.172.27.252/30,
213.172.30.136/30,
213.176.232.0/22,
213.177.111.0/24,
213.183.253.56/29,
213.219.212.0/22,
213.219.237.68/30,
213.234.8.8/30,
213.234.13.60/30,
213.234.15.228/30,
213.234.15.248/30,
213.234.18.52/30,
213.242.204.76/30,
213.242.204.236/30,
213.242.205.88/30,
213.242.215.68/30,
213.242.215.192/29,
213.243.84.80/28,
213.243.106.48/28,
213.243.116.0/24,
217.16.16.0/20,
217.20.86.128/25,
217.20.144.0/20,
217.23.88.168/29,
217.23.88.248/29,
217.27.142.176/30,
217.65.214.24/29,
217.65.219.160/29,
217.67.177.208/29,
217.69.128.0/20,
217.106.0.0/16,
217.107.0.0/18,
217.107.200.0/21,
217.107.208.0/20,
217.147.23.112/28,
217.148.216.156/30,
217.148.220.160/29,
217.172.18.0/23,
217.172.20.0/22,
217.174.188.0/22,
217.195.92.16/28,
217.195.93.144/29,
217.195.94.200/29
}
}
set blacklist_v6 {
type ipv6_addr
flags interval
elements = {
2a00:1148::/29,
2a00:46e0::/32,
2a00:a300::/32,
2a00:b4c0::/32,
2a00:bdc0::/33,
2a00:bdc0:8000::/34,
2a00:bdc0:c000::/35,
2a00:bdc0:e002::/47,
2a00:bdc0:e004::/47,
2a00:bdc0:e007::/48,
2a00:bdc0:f000::/36,
2a00:bdc1::/32,
2a00:bdc2::/31,
2a00:bdc4::/30,
2a14:25c0::/32,
2a14:25c5::/32,
2a14:25c6::/31
}
}
}

0
blacklists_nginx/.keep_folder
View File

24
blacklists_nginx/README.md Normal file
View File

@@ -0,0 +1,24 @@
# nginx blacklists
Short: ready-to-use deny lists for nginx (mixed, IPv4-only, and IPv6-only).
## Download links
- https://raw.githubusercontent.com/C24Be/AS_Network_List/refs/heads/main/blacklists_nginx/blacklist.conf
- https://raw.githubusercontent.com/C24Be/AS_Network_List/refs/heads/main/blacklists_nginx/blacklist-v4.conf
- https://raw.githubusercontent.com/C24Be/AS_Network_List/refs/heads/main/blacklists_nginx/blacklist-v6.conf
## How to use
1. Download one file (`blacklist.conf`, `blacklist-v4.conf`, or `blacklist-v6.conf`).
2. Include it in your `server` or `location` block:
```nginx
include /etc/nginx/blacklist.conf;
```
3. Test and reload nginx:
```bash
sudo nginx -t && sudo systemctl reload nginx
```

1152
blacklists_nginx/blacklist-v4.conf Normal file
View File

File diff suppressed because it is too large Load Diff

31
blacklists_nginx/blacklist-v6.conf Normal file
View File

@@ -0,0 +1,31 @@
# Nginx blacklist configuration (IPv6 only)
# Auto-generated from blacklist-v6.txt
# Last updated: 2026-03-30 07:19:42 UTC
#
# Usage: Include this file in your nginx server or location block:
# include /path/to/blacklist-v6.conf;
#
deny 2a00:1148::/29;
deny 2a00:1148::/32;
deny 2a00:46e0:2::/48;
deny 2a00:46e0::/32;
deny 2a00:a300::/32;
deny 2a00:b4c0::/32;
deny 2a00:bdc0:8000::/34;
deny 2a00:bdc0::/33;
deny 2a00:bdc0:c000::/35;
deny 2a00:bdc0:e002::/48;
deny 2a00:bdc0:e003::/48;
deny 2a00:bdc0:e004::/48;
deny 2a00:bdc0:e005::/48;
deny 2a00:bdc0:e007::/48;
deny 2a00:bdc0:f000::/36;
deny 2a00:bdc1::/32;
deny 2a00:bdc2::/31;
deny 2a00:bdc4::/30;
deny 2a14:25c0::/32;
deny 2a14:25c5::/32;
deny 2a14:25c6::/32;
deny 2a14:25c7::/32;

1174
blacklists_nginx/blacklist.conf Normal file
View File

File diff suppressed because it is too large Load Diff

275
blacklists_route/blacklist-vk-v4.routes Normal file
View File

@@ -0,0 +1,275 @@
# Linux routes for VK networks (IPv4)
# Auto-generated by blacklists_updater_routes.sh
# Last updated: 2026-03-30 07:19:44 UTC
#
# Apply:
# sudo sh blacklist-vk-v4.routes
#
ip route replace 109.120.180.0/22 via 127.0.0.1 dev lo onlink
ip route replace 109.120.180.0/23 via 127.0.0.1 dev lo onlink
ip route replace 109.120.182.0/23 via 127.0.0.1 dev lo onlink
ip route replace 109.120.188.0/22 via 127.0.0.1 dev lo onlink
ip route replace 109.120.188.0/23 via 127.0.0.1 dev lo onlink
ip route replace 109.120.190.0/23 via 127.0.0.1 dev lo onlink
ip route replace 128.140.168.0/21 via 127.0.0.1 dev lo onlink
ip route replace 128.140.168.0/23 via 127.0.0.1 dev lo onlink
ip route replace 128.140.170.0/24 via 127.0.0.1 dev lo onlink
ip route replace 128.140.171.0/24 via 127.0.0.1 dev lo onlink
ip route replace 128.140.172.0/22 via 127.0.0.1 dev lo onlink
ip route replace 130.49.224.0/19 via 127.0.0.1 dev lo onlink
ip route replace 146.185.208.0/22 via 127.0.0.1 dev lo onlink
ip route replace 146.185.208.0/23 via 127.0.0.1 dev lo onlink
ip route replace 146.185.210.0/23 via 127.0.0.1 dev lo onlink
ip route replace 146.185.240.0/22 via 127.0.0.1 dev lo onlink
ip route replace 146.185.240.0/23 via 127.0.0.1 dev lo onlink
ip route replace 146.185.242.0/23 via 127.0.0.1 dev lo onlink
ip route replace 155.212.192.0/20 via 127.0.0.1 dev lo onlink
ip route replace 161.104.104.0/21 via 127.0.0.1 dev lo onlink
ip route replace 176.112.168.0/21 via 127.0.0.1 dev lo onlink
ip route replace 178.22.88.0/21 via 127.0.0.1 dev lo onlink
ip route replace 178.22.89.64/26 via 127.0.0.1 dev lo onlink
ip route replace 178.22.94.0/23 via 127.0.0.1 dev lo onlink
ip route replace 178.237.16.0/20 via 127.0.0.1 dev lo onlink
ip route replace 178.237.16.0/21 via 127.0.0.1 dev lo onlink
ip route replace 178.237.24.0/22 via 127.0.0.1 dev lo onlink
ip route replace 178.237.30.0/23 via 127.0.0.1 dev lo onlink
ip route replace 185.100.104.0/22 via 127.0.0.1 dev lo onlink
ip route replace 185.100.104.0/23 via 127.0.0.1 dev lo onlink
ip route replace 185.100.106.0/23 via 127.0.0.1 dev lo onlink
ip route replace 185.130.112.0/22 via 127.0.0.1 dev lo onlink
ip route replace 185.130.112.0/23 via 127.0.0.1 dev lo onlink
ip route replace 185.130.114.0/23 via 127.0.0.1 dev lo onlink
ip route replace 185.131.68.0/22 via 127.0.0.1 dev lo onlink
ip route replace 185.16.148.0/22 via 127.0.0.1 dev lo onlink
ip route replace 185.16.148.0/23 via 127.0.0.1 dev lo onlink
ip route replace 185.16.150.0/23 via 127.0.0.1 dev lo onlink
ip route replace 185.16.244.0/22 via 127.0.0.1 dev lo onlink
ip route replace 185.16.244.0/23 via 127.0.0.1 dev lo onlink
ip route replace 185.16.246.0/23 via 127.0.0.1 dev lo onlink
ip route replace 185.180.200.0/22 via 127.0.0.1 dev lo onlink
ip route replace 185.187.63.0/24 via 127.0.0.1 dev lo onlink
ip route replace 185.187.63.0/25 via 127.0.0.1 dev lo onlink
ip route replace 185.187.63.128/25 via 127.0.0.1 dev lo onlink
ip route replace 185.226.52.0/22 via 127.0.0.1 dev lo onlink
ip route replace 185.226.52.0/23 via 127.0.0.1 dev lo onlink
ip route replace 185.226.54.0/23 via 127.0.0.1 dev lo onlink
ip route replace 185.241.192.0/22 via 127.0.0.1 dev lo onlink
ip route replace 185.241.192.0/23 via 127.0.0.1 dev lo onlink
ip route replace 185.241.194.0/23 via 127.0.0.1 dev lo onlink
ip route replace 185.29.128.0/22 via 127.0.0.1 dev lo onlink
ip route replace 185.29.130.0/24 via 127.0.0.1 dev lo onlink
ip route replace 185.32.248.0/22 via 127.0.0.1 dev lo onlink
ip route replace 185.32.248.0/23 via 127.0.0.1 dev lo onlink
ip route replace 185.32.250.0/23 via 127.0.0.1 dev lo onlink
ip route replace 185.5.136.0/22 via 127.0.0.1 dev lo onlink
ip route replace 185.5.136.0/23 via 127.0.0.1 dev lo onlink
ip route replace 185.5.138.0/23 via 127.0.0.1 dev lo onlink
ip route replace 185.6.244.0/22 via 127.0.0.1 dev lo onlink
ip route replace 185.6.244.0/23 via 127.0.0.1 dev lo onlink
ip route replace 185.6.246.0/23 via 127.0.0.1 dev lo onlink
ip route replace 185.86.144.0/22 via 127.0.0.1 dev lo onlink
ip route replace 185.86.144.0/23 via 127.0.0.1 dev lo onlink
ip route replace 185.86.146.0/23 via 127.0.0.1 dev lo onlink
ip route replace 188.93.56.0/21 via 127.0.0.1 dev lo onlink
ip route replace 188.93.56.0/24 via 127.0.0.1 dev lo onlink
ip route replace 188.93.57.0/24 via 127.0.0.1 dev lo onlink
ip route replace 188.93.58.0/24 via 127.0.0.1 dev lo onlink
ip route replace 188.93.60.0/24 via 127.0.0.1 dev lo onlink
ip route replace 188.93.61.0/24 via 127.0.0.1 dev lo onlink
ip route replace 188.93.62.0/24 via 127.0.0.1 dev lo onlink
ip route replace 193.203.40.0/22 via 127.0.0.1 dev lo onlink
ip route replace 194.84.16.12/30 via 127.0.0.1 dev lo onlink
ip route replace 195.211.20.0/22 via 127.0.0.1 dev lo onlink
ip route replace 195.211.22.0/24 via 127.0.0.1 dev lo onlink
ip route replace 195.211.23.0/24 via 127.0.0.1 dev lo onlink
ip route replace 212.111.84.0/22 via 127.0.0.1 dev lo onlink
ip route replace 212.233.120.0/22 via 127.0.0.1 dev lo onlink
ip route replace 212.233.72.0/21 via 127.0.0.1 dev lo onlink
ip route replace 212.233.88.0/21 via 127.0.0.1 dev lo onlink
ip route replace 212.233.96.0/22 via 127.0.0.1 dev lo onlink
ip route replace 213.219.212.0/22 via 127.0.0.1 dev lo onlink
ip route replace 213.219.212.0/23 via 127.0.0.1 dev lo onlink
ip route replace 213.219.214.0/23 via 127.0.0.1 dev lo onlink
ip route replace 217.16.16.0/20 via 127.0.0.1 dev lo onlink
ip route replace 217.16.16.0/21 via 127.0.0.1 dev lo onlink
ip route replace 217.16.24.0/21 via 127.0.0.1 dev lo onlink
ip route replace 217.174.188.0/23 via 127.0.0.1 dev lo onlink
ip route replace 217.20.144.0/20 via 127.0.0.1 dev lo onlink
ip route replace 217.20.144.0/22 via 127.0.0.1 dev lo onlink
ip route replace 217.20.148.0/24 via 127.0.0.1 dev lo onlink
ip route replace 217.20.149.0/24 via 127.0.0.1 dev lo onlink
ip route replace 217.20.150.0/23 via 127.0.0.1 dev lo onlink
ip route replace 217.20.152.0/22 via 127.0.0.1 dev lo onlink
ip route replace 217.20.156.0/23 via 127.0.0.1 dev lo onlink
ip route replace 217.20.158.0/24 via 127.0.0.1 dev lo onlink
ip route replace 217.20.159.0/24 via 127.0.0.1 dev lo onlink
ip route replace 217.69.128.0/20 via 127.0.0.1 dev lo onlink
ip route replace 217.69.128.0/21 via 127.0.0.1 dev lo onlink
ip route replace 217.69.136.0/21 via 127.0.0.1 dev lo onlink
ip route replace 37.139.32.0/22 via 127.0.0.1 dev lo onlink
ip route replace 37.139.32.0/23 via 127.0.0.1 dev lo onlink
ip route replace 37.139.34.0/23 via 127.0.0.1 dev lo onlink
ip route replace 37.139.40.0/22 via 127.0.0.1 dev lo onlink
ip route replace 37.139.40.0/23 via 127.0.0.1 dev lo onlink
ip route replace 37.139.42.0/23 via 127.0.0.1 dev lo onlink
ip route replace 45.136.20.0/22 via 127.0.0.1 dev lo onlink
ip route replace 45.136.20.0/23 via 127.0.0.1 dev lo onlink
ip route replace 45.136.22.0/23 via 127.0.0.1 dev lo onlink
ip route replace 45.84.128.0/22 via 127.0.0.1 dev lo onlink
ip route replace 45.84.128.0/23 via 127.0.0.1 dev lo onlink
ip route replace 45.84.130.0/23 via 127.0.0.1 dev lo onlink
ip route replace 5.101.40.0/22 via 127.0.0.1 dev lo onlink
ip route replace 5.101.40.0/23 via 127.0.0.1 dev lo onlink
ip route replace 5.101.42.0/23 via 127.0.0.1 dev lo onlink
ip route replace 5.181.60.0/22 via 127.0.0.1 dev lo onlink
ip route replace 5.181.60.0/24 via 127.0.0.1 dev lo onlink
ip route replace 5.181.61.0/24 via 127.0.0.1 dev lo onlink
ip route replace 5.181.62.0/23 via 127.0.0.1 dev lo onlink
ip route replace 5.188.140.0/22 via 127.0.0.1 dev lo onlink
ip route replace 5.188.140.0/23 via 127.0.0.1 dev lo onlink
ip route replace 5.188.142.0/23 via 127.0.0.1 dev lo onlink
ip route replace 5.61.16.0/21 via 127.0.0.1 dev lo onlink
ip route replace 5.61.16.0/22 via 127.0.0.1 dev lo onlink
ip route replace 5.61.20.0/22 via 127.0.0.1 dev lo onlink
ip route replace 5.61.232.0/21 via 127.0.0.1 dev lo onlink
ip route replace 5.61.232.0/22 via 127.0.0.1 dev lo onlink
ip route replace 5.61.236.0/23 via 127.0.0.1 dev lo onlink
ip route replace 5.61.238.0/24 via 127.0.0.1 dev lo onlink
ip route replace 5.61.239.0/27 via 127.0.0.1 dev lo onlink
ip route replace 5.61.239.128/25 via 127.0.0.1 dev lo onlink
ip route replace 5.61.239.40/29 via 127.0.0.1 dev lo onlink
ip route replace 5.61.239.48/28 via 127.0.0.1 dev lo onlink
ip route replace 5.61.239.64/26 via 127.0.0.1 dev lo onlink
ip route replace 62.217.160.0/20 via 127.0.0.1 dev lo onlink
ip route replace 62.217.160.0/21 via 127.0.0.1 dev lo onlink
ip route replace 62.217.168.0/21 via 127.0.0.1 dev lo onlink
ip route replace 79.137.132.0/24 via 127.0.0.1 dev lo onlink
ip route replace 79.137.132.0/25 via 127.0.0.1 dev lo onlink
ip route replace 79.137.132.128/25 via 127.0.0.1 dev lo onlink
ip route replace 79.137.139.0/24 via 127.0.0.1 dev lo onlink
ip route replace 79.137.139.0/25 via 127.0.0.1 dev lo onlink
ip route replace 79.137.139.128/25 via 127.0.0.1 dev lo onlink
ip route replace 79.137.157.0/25 via 127.0.0.1 dev lo onlink
ip route replace 79.137.157.128/25 via 127.0.0.1 dev lo onlink
ip route replace 79.137.164.0/24 via 127.0.0.1 dev lo onlink
ip route replace 79.137.164.0/25 via 127.0.0.1 dev lo onlink
ip route replace 79.137.164.128/25 via 127.0.0.1 dev lo onlink
ip route replace 79.137.167.0/24 via 127.0.0.1 dev lo onlink
ip route replace 79.137.167.0/25 via 127.0.0.1 dev lo onlink
ip route replace 79.137.167.128/25 via 127.0.0.1 dev lo onlink
ip route replace 79.137.174.0/23 via 127.0.0.1 dev lo onlink
ip route replace 79.137.174.0/24 via 127.0.0.1 dev lo onlink
ip route replace 79.137.175.0/24 via 127.0.0.1 dev lo onlink
ip route replace 79.137.180.0/24 via 127.0.0.1 dev lo onlink
ip route replace 79.137.180.0/25 via 127.0.0.1 dev lo onlink
ip route replace 79.137.180.128/25 via 127.0.0.1 dev lo onlink
ip route replace 79.137.240.0/21 via 127.0.0.1 dev lo onlink
ip route replace 79.137.240.0/22 via 127.0.0.1 dev lo onlink
ip route replace 79.137.244.0/22 via 127.0.0.1 dev lo onlink
ip route replace 83.166.232.0/21 via 127.0.0.1 dev lo onlink
ip route replace 83.166.232.0/22 via 127.0.0.1 dev lo onlink
ip route replace 83.166.236.0/22 via 127.0.0.1 dev lo onlink
ip route replace 83.166.248.0/21 via 127.0.0.1 dev lo onlink
ip route replace 83.166.248.0/22 via 127.0.0.1 dev lo onlink
ip route replace 83.166.252.0/22 via 127.0.0.1 dev lo onlink
ip route replace 83.217.216.0/22 via 127.0.0.1 dev lo onlink
ip route replace 83.217.216.0/23 via 127.0.0.1 dev lo onlink
ip route replace 83.217.218.0/23 via 127.0.0.1 dev lo onlink
ip route replace 83.222.28.0/22 via 127.0.0.1 dev lo onlink
ip route replace 84.23.52.0/22 via 127.0.0.1 dev lo onlink
ip route replace 84.23.52.0/23 via 127.0.0.1 dev lo onlink
ip route replace 84.23.54.0/23 via 127.0.0.1 dev lo onlink
ip route replace 85.114.31.108/30 via 127.0.0.1 dev lo onlink
ip route replace 85.192.32.0/22 via 127.0.0.1 dev lo onlink
ip route replace 85.192.32.0/23 via 127.0.0.1 dev lo onlink
ip route replace 85.192.34.0/23 via 127.0.0.1 dev lo onlink
ip route replace 85.198.106.0/24 via 127.0.0.1 dev lo onlink
ip route replace 85.198.107.0/24 via 127.0.0.1 dev lo onlink
ip route replace 87.239.104.0/21 via 127.0.0.1 dev lo onlink
ip route replace 87.239.104.0/22 via 127.0.0.1 dev lo onlink
ip route replace 87.239.108.0/22 via 127.0.0.1 dev lo onlink
ip route replace 87.240.128.0/18 via 127.0.0.1 dev lo onlink
ip route replace 87.240.128.0/19 via 127.0.0.1 dev lo onlink
ip route replace 87.240.160.0/19 via 127.0.0.1 dev lo onlink
ip route replace 87.242.112.0/22 via 127.0.0.1 dev lo onlink
ip route replace 89.208.196.0/22 via 127.0.0.1 dev lo onlink
ip route replace 89.208.196.0/23 via 127.0.0.1 dev lo onlink
ip route replace 89.208.198.0/23 via 127.0.0.1 dev lo onlink
ip route replace 89.208.208.0/22 via 127.0.0.1 dev lo onlink
ip route replace 89.208.208.0/23 via 127.0.0.1 dev lo onlink
ip route replace 89.208.210.0/23 via 127.0.0.1 dev lo onlink
ip route replace 89.208.216.0/21 via 127.0.0.1 dev lo onlink
ip route replace 89.208.216.0/23 via 127.0.0.1 dev lo onlink
ip route replace 89.208.218.0/23 via 127.0.0.1 dev lo onlink
ip route replace 89.208.220.0/22 via 127.0.0.1 dev lo onlink
ip route replace 89.208.228.0/22 via 127.0.0.1 dev lo onlink
ip route replace 89.208.228.0/23 via 127.0.0.1 dev lo onlink
ip route replace 89.208.230.0/23 via 127.0.0.1 dev lo onlink
ip route replace 89.208.84.0/22 via 127.0.0.1 dev lo onlink
ip route replace 89.208.84.0/23 via 127.0.0.1 dev lo onlink
ip route replace 89.208.86.0/23 via 127.0.0.1 dev lo onlink
ip route replace 89.221.228.0/22 via 127.0.0.1 dev lo onlink
ip route replace 89.221.232.0/21 via 127.0.0.1 dev lo onlink
ip route replace 90.156.148.0/22 via 127.0.0.1 dev lo onlink
ip route replace 90.156.148.0/23 via 127.0.0.1 dev lo onlink
ip route replace 90.156.150.0/23 via 127.0.0.1 dev lo onlink
ip route replace 90.156.212.0/22 via 127.0.0.1 dev lo onlink
ip route replace 90.156.212.0/23 via 127.0.0.1 dev lo onlink
ip route replace 90.156.214.0/23 via 127.0.0.1 dev lo onlink
ip route replace 90.156.216.0/22 via 127.0.0.1 dev lo onlink
ip route replace 90.156.216.0/23 via 127.0.0.1 dev lo onlink
ip route replace 90.156.218.0/23 via 127.0.0.1 dev lo onlink
ip route replace 90.156.232.0/21 via 127.0.0.1 dev lo onlink
ip route replace 91.219.224.0/22 via 127.0.0.1 dev lo onlink
ip route replace 91.231.132.0/22 via 127.0.0.1 dev lo onlink
ip route replace 91.237.76.0/24 via 127.0.0.1 dev lo onlink
ip route replace 93.153.255.84/30 via 127.0.0.1 dev lo onlink
ip route replace 93.186.224.0/20 via 127.0.0.1 dev lo onlink
ip route replace 93.186.224.0/21 via 127.0.0.1 dev lo onlink
ip route replace 93.186.232.0/21 via 127.0.0.1 dev lo onlink
ip route replace 94.100.176.0/20 via 127.0.0.1 dev lo onlink
ip route replace 94.100.176.0/21 via 127.0.0.1 dev lo onlink
ip route replace 94.100.184.0/21 via 127.0.0.1 dev lo onlink
ip route replace 94.139.244.0/22 via 127.0.0.1 dev lo onlink
ip route replace 94.139.244.0/23 via 127.0.0.1 dev lo onlink
ip route replace 94.139.246.0/23 via 127.0.0.1 dev lo onlink
ip route replace 95.142.192.0/20 via 127.0.0.1 dev lo onlink
ip route replace 95.142.192.0/21 via 127.0.0.1 dev lo onlink
ip route replace 95.142.200.0/21 via 127.0.0.1 dev lo onlink
ip route replace 95.163.180.0/22 via 127.0.0.1 dev lo onlink
ip route replace 95.163.180.0/23 via 127.0.0.1 dev lo onlink
ip route replace 95.163.182.0/23 via 127.0.0.1 dev lo onlink
ip route replace 95.163.208.0/21 via 127.0.0.1 dev lo onlink
ip route replace 95.163.208.0/23 via 127.0.0.1 dev lo onlink
ip route replace 95.163.210.0/23 via 127.0.0.1 dev lo onlink
ip route replace 95.163.212.0/22 via 127.0.0.1 dev lo onlink
ip route replace 95.163.216.0/22 via 127.0.0.1 dev lo onlink
ip route replace 95.163.216.0/23 via 127.0.0.1 dev lo onlink
ip route replace 95.163.218.0/23 via 127.0.0.1 dev lo onlink
ip route replace 95.163.248.0/21 via 127.0.0.1 dev lo onlink
ip route replace 95.163.248.0/22 via 127.0.0.1 dev lo onlink
ip route replace 95.163.252.0/23 via 127.0.0.1 dev lo onlink
ip route replace 95.163.254.0/23 via 127.0.0.1 dev lo onlink
ip route replace 95.163.32.0/19 via 127.0.0.1 dev lo onlink
ip route replace 95.163.32.0/22 via 127.0.0.1 dev lo onlink
ip route replace 95.163.36.0/22 via 127.0.0.1 dev lo onlink
ip route replace 95.163.40.0/21 via 127.0.0.1 dev lo onlink
ip route replace 95.163.48.0/20 via 127.0.0.1 dev lo onlink
ip route replace 95.213.0.0/17 via 127.0.0.1 dev lo onlink
ip route replace 95.213.0.0/20 via 127.0.0.1 dev lo onlink
ip route replace 95.213.16.0/21 via 127.0.0.1 dev lo onlink
ip route replace 95.213.24.0/23 via 127.0.0.1 dev lo onlink
ip route replace 95.213.26.0/24 via 127.0.0.1 dev lo onlink
ip route replace 95.213.27.0/24 via 127.0.0.1 dev lo onlink
ip route replace 95.213.28.0/24 via 127.0.0.1 dev lo onlink
ip route replace 95.213.29.0/24 via 127.0.0.1 dev lo onlink
ip route replace 95.213.30.0/24 via 127.0.0.1 dev lo onlink
ip route replace 95.213.31.0/24 via 127.0.0.1 dev lo onlink
ip route replace 95.213.32.0/24 via 127.0.0.1 dev lo onlink
ip route replace 95.213.33.0/24 via 127.0.0.1 dev lo onlink
ip route replace 95.213.34.0/23 via 127.0.0.1 dev lo onlink
ip route replace 95.213.36.0/22 via 127.0.0.1 dev lo onlink
ip route replace 95.213.40.0/21 via 127.0.0.1 dev lo onlink
ip route replace 95.213.48.0/20 via 127.0.0.1 dev lo onlink
ip route replace 95.213.64.0/18 via 127.0.0.1 dev lo onlink

9
blacklists_route/blacklist-vk-v6.routes Normal file
View File

@@ -0,0 +1,9 @@
# Linux routes for VK networks (IPv6)
# Auto-generated by blacklists_updater_routes.sh
# Last updated: 2026-03-30 07:19:44 UTC
#
# Apply:
# sudo sh blacklist-vk-v6.routes
#
ip -6 route replace 2a00:bdc0::/29 via ::1 dev lo

0
blacklists_routes/.keep_folder
View File

74
blacklists_updater_iptables.sh
View File

@@ -11,7 +11,7 @@ blacklist_v6_file="${SCRIPT_DIR}/blacklists/blacklist-v6.txt"
auto_all_v4_file="${SCRIPT_DIR}/auto/all-ru-ipv4.txt" auto_all_v4_file="${SCRIPT_DIR}/auto/all-ru-ipv4.txt"
auto_all_v6_file="${SCRIPT_DIR}/auto/all-ru-ipv6.txt" auto_all_v6_file="${SCRIPT_DIR}/auto/all-ru-ipv6.txt"
auto_ripe_v4_file="${SCRIPT_DIR}/auto/ripe-ru-ipv4.txt" auto_ripe_v4_file="${SCRIPT_DIR}/auto/ripe-ru-ipv4.txt"
vk_name_pattern='VK[[:space:]-]*CLOUD|VKCOMPANY|VKONTAKTE' vk_name_pattern='vk[[:space:]-]*cloud|vkcompany|vkontakte'
# Additional VK-only text blacklists # Additional VK-only text blacklists
blacklist_vk_file="${SCRIPT_DIR}/blacklists/blacklist-vk.txt" blacklist_vk_file="${SCRIPT_DIR}/blacklists/blacklist-vk.txt"
@@ -20,21 +20,19 @@ blacklist_vk_v6_file="${SCRIPT_DIR}/blacklists/blacklist-vk-v6.txt"
# Output directory and files # Output directory and files
iptables_output_dir="${SCRIPT_DIR}/blacklists_iptables" iptables_output_dir="${SCRIPT_DIR}/blacklists_iptables"
iptables_output_file="${iptables_output_dir}/blacklist.ipset"
iptables_v4_output_file="${iptables_output_dir}/blacklist-v4.ipset" iptables_v4_output_file="${iptables_output_dir}/blacklist-v4.ipset"
iptables_v6_output_file="${iptables_output_dir}/blacklist-v6.ipset" iptables_v6_output_file="${iptables_output_dir}/blacklist-v6.ipset"
iptables_vk_output_file="${iptables_output_dir}/blacklist-vk.ipset"
iptables_vk_v4_output_file="${iptables_output_dir}/blacklist-vk-v4.ipset" iptables_vk_v4_output_file="${iptables_output_dir}/blacklist-vk-v4.ipset"
iptables_vk_v6_output_file="${iptables_output_dir}/blacklist-vk-v6.ipset" iptables_vk_v6_output_file="${iptables_output_dir}/blacklist-vk-v6.ipset"
# Create iptables directory if it doesn't exist # Create required directories if they don't exist
mkdir -p "${iptables_output_dir}" mkdir -p "${iptables_output_dir}" "${SCRIPT_DIR}/blacklists"
# Build additional VK-only blacklist from network names in auto/*.txt files # Build additional VK-only blacklist from network names in auto/*.txt files
tmp_vk_file="$(mktemp "${SCRIPT_DIR}/blacklists/.blacklist-vk.XXXXXX")" tmp_vk_file="$(mktemp "${SCRIPT_DIR}/blacklists/.blacklist-vk.XXXXXX")"
for source_file in "${auto_all_v4_file}" "${auto_all_v6_file}" "${auto_ripe_v4_file}"; do for source_file in "${auto_all_v4_file}" "${auto_all_v6_file}" "${auto_ripe_v4_file}"; do
[ -f "${source_file}" ] || continue [ -f "${source_file}" ] || continue
awk -v pattern="${vk_name_pattern}" 'BEGIN { IGNORECASE = 1 } $0 ~ pattern { print $1 }' "${source_file}" >> "${tmp_vk_file}" awk -v pattern="${vk_name_pattern}" 'tolower($0) ~ pattern { print $1 }' "${source_file}" >> "${tmp_vk_file}"
done done
sort -u "${tmp_vk_file}" > "${blacklist_vk_file}" sort -u "${tmp_vk_file}" > "${blacklist_vk_file}"
grep ':' "${blacklist_vk_file}" | sort -u > "${blacklist_vk_v6_file}" || true grep ':' "${blacklist_vk_file}" | sort -u > "${blacklist_vk_v6_file}" || true
@@ -106,70 +104,10 @@ generate_ipset_config "${blacklist_v6_file}" "${iptables_v6_output_file}" "(IPv6
generate_ipset_config "${blacklist_vk_v4_file}" "${iptables_vk_v4_output_file}" "(VK names, IPv4 only)" "blacklist-vk-v4" "inet" generate_ipset_config "${blacklist_vk_v4_file}" "${iptables_vk_v4_output_file}" "(VK names, IPv4 only)" "blacklist-vk-v4" "inet"
generate_ipset_config "${blacklist_vk_v6_file}" "${iptables_vk_v6_output_file}" "(VK names, IPv6 only)" "blacklist-vk-v6" "inet6" generate_ipset_config "${blacklist_vk_v6_file}" "${iptables_vk_v6_output_file}" "(VK names, IPv6 only)" "blacklist-vk-v6" "inet6"
# For mixed file, we need to create two sets (IPv4 and IPv6) as ipset doesn't support mixed families
cat > "${iptables_output_file}" << EOF
# IPSet blacklist configuration (mixed IPv4/IPv6)
# Auto-generated from $(basename ${blacklist_file})
# Last updated: $(date -u +"%Y-%m-%d %H:%M:%S UTC")
#
# Usage:
# 1. Load the ipset:
# ipset restore < $(basename ${iptables_output_file})
#
# 2. Use with iptables/ip6tables:
# iptables -I INPUT -m set --match-set blacklist-v4 src -m conntrack --ctstate NEW -j DROP
# iptables -I FORWARD -m set --match-set blacklist-v4 src -m conntrack --ctstate NEW -j DROP
# ip6tables -I INPUT -m set --match-set blacklist-v6 src -m conntrack --ctstate NEW -j DROP
# ip6tables -I FORWARD -m set --match-set blacklist-v6 src -m conntrack --ctstate NEW -j DROP
#
# 3. To flush/delete the sets:
# ipset flush blacklist-v4 && ipset destroy blacklist-v4
# ipset flush blacklist-v6 && ipset destroy blacklist-v6
#
EOF
# Append both IPv4 and IPv6 sets to the mixed file
tail -n +2 "${iptables_v4_output_file}" | grep -E "^(create|add)" >> "${iptables_output_file}"
echo "" >> "${iptables_output_file}"
tail -n +2 "${iptables_v6_output_file}" | grep -E "^(create|add)" >> "${iptables_output_file}"
echo "✓ Generated (mixed IPv4/IPv6): ${iptables_output_file}"
echo " Total entries: $(wc -l < "${blacklist_file}" | tr -d ' ')"
# Generate mixed VK-only ipset file (contains both v4 and v6 sets)
cat > "${iptables_vk_output_file}" << EOF
# IPSet blacklist configuration (VK names: VK Cloud / VKCOMPANY / VKONTAKTE)
# Auto-generated from name-filtered auto/*.txt sources
# Last updated: $(date -u +"%Y-%m-%d %H:%M:%S UTC")
#
# Usage:
# 1. Load the ipset:
# ipset restore < $(basename "${iptables_vk_output_file}")
#
# 2. Use with iptables/ip6tables:
# iptables -I OUTPUT -m set --match-set blacklist-vk-v4 dst -j REJECT
# iptables -I FORWARD -m set --match-set blacklist-vk-v4 dst -j REJECT
# ip6tables -I OUTPUT -m set --match-set blacklist-vk-v6 dst -j REJECT
# ip6tables -I FORWARD -m set --match-set blacklist-vk-v6 dst -j REJECT
#
# 3. To flush/delete the sets:
# ipset flush blacklist-vk-v4 && ipset destroy blacklist-vk-v4
# ipset flush blacklist-vk-v6 && ipset destroy blacklist-vk-v6
#
EOF
tail -n +2 "${iptables_vk_v4_output_file}" | grep -E "^(create|add)" >> "${iptables_vk_output_file}"
echo "" >> "${iptables_vk_output_file}"
tail -n +2 "${iptables_vk_v6_output_file}" | grep -E "^(create|add)" >> "${iptables_vk_output_file}"
echo "✓ Generated (VK names, mixed IPv4/IPv6): ${iptables_vk_output_file}"
echo " Total entries: $(wc -l < "${blacklist_vk_file}" | tr -d ' ')"
echo "" echo ""
echo "VK outgoing block examples (iptables/ipset):" echo "VK outgoing block examples (iptables/ipset):"
echo " ipset restore < ${iptables_vk_output_file}" echo " ipset restore < ${iptables_vk_v4_output_file}"
echo " ipset restore < ${iptables_vk_v6_output_file}"
echo " iptables -I OUTPUT -m set --match-set blacklist-vk-v4 dst -j REJECT" echo " iptables -I OUTPUT -m set --match-set blacklist-vk-v4 dst -j REJECT"
echo " iptables -I FORWARD -m set --match-set blacklist-vk-v4 dst -j REJECT" echo " iptables -I FORWARD -m set --match-set blacklist-vk-v4 dst -j REJECT"
echo " ip6tables -I OUTPUT -m set --match-set blacklist-vk-v6 dst -j REJECT" echo " ip6tables -I OUTPUT -m set --match-set blacklist-vk-v6 dst -j REJECT"

18
blacklists_updater_nftables.sh
View File

@@ -11,15 +11,15 @@ OUTPUT_DIR="$SCRIPT_DIR/blacklists_nftables"
AUTO_ALL_V4_FILE="$SCRIPT_DIR/auto/all-ru-ipv4.txt" AUTO_ALL_V4_FILE="$SCRIPT_DIR/auto/all-ru-ipv4.txt"
AUTO_ALL_V6_FILE="$SCRIPT_DIR/auto/all-ru-ipv6.txt" AUTO_ALL_V6_FILE="$SCRIPT_DIR/auto/all-ru-ipv6.txt"
AUTO_RIPE_V4_FILE="$SCRIPT_DIR/auto/ripe-ru-ipv4.txt" AUTO_RIPE_V4_FILE="$SCRIPT_DIR/auto/ripe-ru-ipv4.txt"
VK_NAME_PATTERN='VK[[:space:]-]*CLOUD|VKCOMPANY|VKONTAKTE' VK_NAME_PATTERN='vk[[:space:]-]*cloud|vkcompany|vkontakte'
# Additional VK-only text blacklists # Additional VK-only text blacklists
VK_INPUT_FILE="$SCRIPT_DIR/blacklists/blacklist-vk.txt" VK_INPUT_FILE="$SCRIPT_DIR/blacklists/blacklist-vk.txt"
VK_INPUT_V4_FILE="$SCRIPT_DIR/blacklists/blacklist-vk-v4.txt" VK_INPUT_V4_FILE="$SCRIPT_DIR/blacklists/blacklist-vk-v4.txt"
VK_INPUT_V6_FILE="$SCRIPT_DIR/blacklists/blacklist-vk-v6.txt" VK_INPUT_V6_FILE="$SCRIPT_DIR/blacklists/blacklist-vk-v6.txt"
# Create output directory if it doesn't exist # Create required directories if they don't exist
mkdir -p "$OUTPUT_DIR" mkdir -p "$OUTPUT_DIR" "$SCRIPT_DIR/blacklists"
echo "Generating nftables blacklists..." echo "Generating nftables blacklists..."
@@ -27,14 +27,14 @@ echo "Generating nftables blacklists..."
TMP_VK_FILE="$(mktemp "$SCRIPT_DIR/blacklists/.blacklist-vk.XXXXXX")" TMP_VK_FILE="$(mktemp "$SCRIPT_DIR/blacklists/.blacklist-vk.XXXXXX")"
for source_file in "$AUTO_ALL_V4_FILE" "$AUTO_ALL_V6_FILE" "$AUTO_RIPE_V4_FILE"; do for source_file in "$AUTO_ALL_V4_FILE" "$AUTO_ALL_V6_FILE" "$AUTO_RIPE_V4_FILE"; do
[[ -f "$source_file" ]] || continue [[ -f "$source_file" ]] || continue
awk -v pattern="$VK_NAME_PATTERN" 'BEGIN { IGNORECASE = 1 } $0 ~ pattern { print $1 }' "$source_file" >> "$TMP_VK_FILE" awk -v pattern="$VK_NAME_PATTERN" 'tolower($0) ~ pattern { print $1 }' "$source_file" >> "$TMP_VK_FILE"
done done
sort -u "$TMP_VK_FILE" > "$VK_INPUT_FILE" sort -u "$TMP_VK_FILE" > "$VK_INPUT_FILE"
grep ':' "$VK_INPUT_FILE" | sort -u > "$VK_INPUT_V6_FILE" || true grep ':' "$VK_INPUT_FILE" | sort -u > "$VK_INPUT_V6_FILE" || true
grep -v ':' "$VK_INPUT_FILE" | sort -u > "$VK_INPUT_V4_FILE" || true grep -v ':' "$VK_INPUT_FILE" | sort -u > "$VK_INPUT_V4_FILE" || true
rm -f "$TMP_VK_FILE" rm -f "$TMP_VK_FILE"
# Generate mixed IPv4/IPv6 blacklist # Generate mixed IPv4/IPv6 blacklist (recommended single-file load)
python3 "$SCRIPT_DIR/generate_nft_blacklist.py" \ python3 "$SCRIPT_DIR/generate_nft_blacklist.py" \
"$INPUT_FILE" \ "$INPUT_FILE" \
"$OUTPUT_DIR/blacklist.nft" "$OUTPUT_DIR/blacklist.nft"
@@ -71,14 +71,18 @@ echo "nftables blacklists generated successfully!"
echo "" echo ""
echo "VM incoming block examples (all lists, nftables):" echo "VM incoming block examples (all lists, nftables):"
echo " sudo nft -f $OUTPUT_DIR/blacklist.nft" echo " sudo nft -f $OUTPUT_DIR/blacklist.nft"
echo " sudo nft -f $OUTPUT_DIR/blacklist-v4.nft"
echo " sudo nft -f $OUTPUT_DIR/blacklist-v6.nft"
echo " sudo nft add chain inet filter input '{ type filter hook input priority 0; policy accept; }'" echo " sudo nft add chain inet filter input '{ type filter hook input priority 0; policy accept; }'"
echo " sudo nft add rule inet filter input ip saddr @blacklist_v4 counter reject" echo " sudo nft add rule inet filter input ip saddr @blacklist_v4 counter reject"
echo " sudo nft add rule inet filter input ip6 saddr @blacklist_v6 counter reject" echo " sudo nft add rule inet filter input ip6 saddr @blacklist_v6 counter reject"
echo "" echo ""
echo "VK outbound block examples for VPN clients via NAT (nftables):" echo "VK outbound block examples for VPN clients via NAT (nftables):"
echo " sudo nft -f $OUTPUT_DIR/blacklist-vk.nft" echo " sudo nft -f $OUTPUT_DIR/blacklist-vk.nft"
echo " sudo nft -f $OUTPUT_DIR/blacklist-vk-v4.nft"
echo " sudo nft -f $OUTPUT_DIR/blacklist-vk-v6.nft"
echo " sudo nft add chain inet filter forward '{ type filter hook forward priority 0; policy accept; }'" echo " sudo nft add chain inet filter forward '{ type filter hook forward priority 0; policy accept; }'"
echo " sudo nft add rule inet filter forward iifname \"<VPN_IFACE>\" ip daddr @blacklist_v4 counter reject" echo " sudo nft add rule inet filter forward iifname \"<VPN_IFACE>\" ip daddr @blacklist_vk_v4 counter reject"
echo " sudo nft add rule inet filter forward iifname \"<VPN_IFACE>\" ip6 daddr @blacklist_v6 counter reject" echo " sudo nft add rule inet filter forward iifname \"<VPN_IFACE>\" ip6 daddr @blacklist_vk_v6 counter reject"
echo "" echo ""
echo "Tip: Do not install Messenger MAX on the same phone/device that has VPN access configured." echo "Tip: Do not install Messenger MAX on the same phone/device that has VPN access configured."

4
blacklists_updater_nginx.sh
View File

@@ -11,8 +11,8 @@ nginx_output_file="${nginx_output_dir}/blacklist.conf"
nginx_v4_output_file="${nginx_output_dir}/blacklist-v4.conf" nginx_v4_output_file="${nginx_output_dir}/blacklist-v4.conf"
nginx_v6_output_file="${nginx_output_dir}/blacklist-v6.conf" nginx_v6_output_file="${nginx_output_dir}/blacklist-v6.conf"
# Create nginx directory if it doesn't exist # Create required directories if they don't exist
mkdir -p "${nginx_output_dir}" mkdir -p "${nginx_output_dir}" "blacklists"
# Function to generate nginx config from input file # Function to generate nginx config from input file
generate_nginx_config() { generate_nginx_config() {

4
blacklists_updater_routes.sh Normal file → Executable file
View File

@@ -8,7 +8,7 @@ SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)"
AUTO_ALL_V4_FILE="${SCRIPT_DIR}/auto/all-ru-ipv4.txt" AUTO_ALL_V4_FILE="${SCRIPT_DIR}/auto/all-ru-ipv4.txt"
AUTO_ALL_V6_FILE="${SCRIPT_DIR}/auto/all-ru-ipv6.txt" AUTO_ALL_V6_FILE="${SCRIPT_DIR}/auto/all-ru-ipv6.txt"
AUTO_RIPE_V4_FILE="${SCRIPT_DIR}/auto/ripe-ru-ipv4.txt" AUTO_RIPE_V4_FILE="${SCRIPT_DIR}/auto/ripe-ru-ipv4.txt"
VK_NAME_PATTERN='VK[[:space:]-]*CLOUD|VKCOMPANY|VKONTAKTE' VK_NAME_PATTERN='vk[[:space:]-]*cloud|vkcompany|vkontakte'
# Additional VK-only text blacklists # Additional VK-only text blacklists
VK_INPUT_FILE="${SCRIPT_DIR}/blacklists/blacklist-vk.txt" VK_INPUT_FILE="${SCRIPT_DIR}/blacklists/blacklist-vk.txt"
@@ -28,7 +28,7 @@ echo "Generating VK route blacklists..."
TMP_VK_FILE="$(mktemp "${SCRIPT_DIR}/blacklists/.blacklist-vk.XXXXXX")" TMP_VK_FILE="$(mktemp "${SCRIPT_DIR}/blacklists/.blacklist-vk.XXXXXX")"
for source_file in "${AUTO_ALL_V4_FILE}" "${AUTO_ALL_V6_FILE}" "${AUTO_RIPE_V4_FILE}"; do for source_file in "${AUTO_ALL_V4_FILE}" "${AUTO_ALL_V6_FILE}" "${AUTO_RIPE_V4_FILE}"; do
[ -f "${source_file}" ] || continue [ -f "${source_file}" ] || continue
awk -v pattern="${VK_NAME_PATTERN}" 'BEGIN { IGNORECASE = 1 } $0 ~ pattern { print $1 }' "${source_file}" >> "${TMP_VK_FILE}" awk -v pattern="${VK_NAME_PATTERN}" 'tolower($0) ~ pattern { print $1 }' "${source_file}" >> "${TMP_VK_FILE}"
done done
sort -u "${TMP_VK_FILE}" > "${VK_INPUT_FILE}" sort -u "${TMP_VK_FILE}" > "${VK_INPUT_FILE}"

2
blacklists_updater_txt.sh
View File

@@ -11,6 +11,8 @@ black_names="uvd|umvd|fgup|grchc|roskomnad|federalnaya sluzhba|ufsb|zonatelecom|
# M100 - mail.ru # M100 - mail.ru
white_names="ruvds" white_names="ruvds"
mkdir -p blacklists auto
grep -iE "${black_names}" auto/all-ru-asn.txt | grep -viE "${white_names}" | awk '{ print "# AS-Name: " $0 "\n" $1}' > ${auto_black_ass} grep -iE "${black_names}" auto/all-ru-asn.txt | grep -viE "${white_names}" | awk '{ print "# AS-Name: " $0 "\n" $1}' > ${auto_black_ass}
./network_list_from_as.py ${auto_black_ass} > ${outfile_w_comments} ./network_list_from_as.py ${auto_black_ass} > ${outfile_w_comments}
./network_list_from_netname.py lists/ru-gov-netnames.txt >> ${outfile_w_comments} ./network_list_from_netname.py lists/ru-gov-netnames.txt >> ${outfile_w_comments}

50
check_nft_blacklist.py
View File

@@ -12,6 +12,27 @@ import re
from ipaddress import ip_address, ip_network, AddressValueError from ipaddress import ip_address, ip_network, AddressValueError
from pathlib import Path from pathlib import Path
def iter_set_blocks(content):
current_name = None
current_lines = []
brace_depth = 0
for line in content.splitlines():
if current_name is None:
match = re.match(r"\s*set\s+([A-Za-z0-9_]+)\s*\{", line)
if match:
current_name = match.group(1)
current_lines = [line]
brace_depth = line.count("{") - line.count("}")
continue
current_lines.append(line)
brace_depth += line.count("{") - line.count("}")
if brace_depth == 0:
yield current_name, "\n".join(current_lines)
current_name = None
current_lines = []
def parse_nft_config(config_path): def parse_nft_config(config_path):
"""Extract IPv4 and IPv6 prefixes from nftables config.""" """Extract IPv4 and IPv6 prefixes from nftables config."""
p = Path(config_path) p = Path(config_path)
@@ -22,35 +43,18 @@ def parse_nft_config(config_path):
v4_prefixes = [] v4_prefixes = []
v6_prefixes = [] v6_prefixes = []
# Parse IPv4 set (blacklist_v4) for _, block in iter_set_blocks(content):
v4_match = re.search( if "type ipv4_addr" in block:
r'set blacklist_v4\s*\{[^}]*elements\s*=\s*\{([^}]+)\}', for match in re.finditer(r"(\d+\.\d+\.\d+\.\d+(?:/\d+)?)", block):
content,
re.DOTALL
)
if v4_match:
elements = v4_match.group(1)
# Extract all CIDR notations
for match in re.finditer(r'(\d+\.\d+\.\d+\.\d+(?:/\d+)?)', elements):
try: try:
v4_prefixes.append(ip_network(match.group(1), strict=False)) v4_prefixes.append(ip_network(match.group(1), strict=False))
except Exception as e: except Exception as e:
print(f"Warning: Could not parse IPv4 prefix '{match.group(1)}': {e}", file=sys.stderr) print(f"Warning: Could not parse IPv4 prefix '{match.group(1)}': {e}", file=sys.stderr)
elif "type ipv6_addr" in block:
# Parse IPv6 set (blacklist_v6) for match in re.finditer(r"([0-9a-fA-F:]+(?:/\d+)?)", block):
v6_match = re.search(
r'set blacklist_v6\s*\{[^}]*elements\s*=\s*\{([^}]+)\}',
content,
re.DOTALL
)
if v6_match:
elements = v6_match.group(1)
# Extract all IPv6 CIDR notations
for match in re.finditer(r'([0-9a-fA-F:]+(?:/\d+)?)', elements):
try: try:
v6_prefixes.append(ip_network(match.group(1), strict=False)) v6_prefixes.append(ip_network(match.group(1), strict=False))
except Exception as e: except Exception:
# Skip false matches from comments or other text
pass pass
return v4_prefixes, v6_prefixes return v4_prefixes, v6_prefixes

63
generate_nft_blacklist.py
View File

@@ -13,7 +13,7 @@ Usage:
import sys import sys
from ipaddress import ip_network, collapse_addresses from ipaddress import ip_network, collapse_addresses
from pathlib import Path from pathlib import Path
from datetime import datetime from datetime import datetime, UTC
def read_lines(path_or_dash): def read_lines(path_or_dash):
if path_or_dash == "-": if path_or_dash == "-":
@@ -43,55 +43,69 @@ def aggregate_prefixes(lines):
agg_v6 = list(collapse_addresses(sorted(v6, key=lambda x: (int(x.network_address), x.prefixlen)))) agg_v6 = list(collapse_addresses(sorted(v6, key=lambda x: (int(x.network_address), x.prefixlen))))
return agg_v4, agg_v6, invalid return agg_v4, agg_v6, invalid
def make_nft_config(agg_v4, agg_v6, comment=None): def make_nft_config(agg_v4, agg_v6, comment=None, usage_profile="vm_input"):
if usage_profile == "vk_forward":
set_v4_name = "blacklist_vk_v4"
set_v6_name = "blacklist_vk_v6"
rule_v4 = f'sudo nft add rule inet filter forward iifname "<VPN_IFACE>" ip daddr @{set_v4_name} counter reject'
rule_v6 = f'sudo nft add rule inet filter forward iifname "<VPN_IFACE>" ip6 daddr @{set_v6_name} counter reject'
else:
set_v4_name = "blacklist_v4"
set_v6_name = "blacklist_v6"
rule_v4 = f"sudo nft add rule inet filter input ip saddr @{set_v4_name} counter reject"
rule_v6 = f"sudo nft add rule inet filter input ip6 saddr @{set_v6_name} counter reject"
lines = [] lines = []
lines.append("# Autogenerated nftables blacklist") lines.append("# Autogenerated nftables blacklist")
lines.append(f"# Generated: {datetime.utcnow().isoformat()}Z") lines.append(f"# Generated: {datetime.now(UTC).isoformat().replace('+00:00', 'Z')}")
if comment: if comment:
lines.append(f"# {comment}") lines.append(f"# {comment}")
lines.append(f"# IPv4: {len(agg_v4)}, IPv6: {len(agg_v6)}") lines.append(f"# IPv4: {len(agg_v4)}, IPv6: {len(agg_v6)}")
lines.append("#")
lines.append("# Usage:")
lines.append("# sudo nft -f <this-file>")
if usage_profile == "vk_forward":
lines.append("# # VK egress blocking for VPN clients via NAT/FORWARD")
lines.append("# sudo nft add chain inet filter forward '{ type filter hook forward priority 0; policy accept; }'")
lines.append(f"# {rule_v4}")
lines.append(f"# {rule_v6}")
else:
lines.append("# # VM protection from incoming blacklist sources")
lines.append("# sudo nft add chain inet filter input '{ type filter hook input priority 0; policy accept; }'")
lines.append(f"# {rule_v4}")
lines.append(f"# {rule_v6}")
lines.append("") lines.append("")
lines.append("table inet filter {") lines.append("table inet filter {")
lines.append("") lines.append("")
# Define IPv4 blacklist set # Define IPv4 blacklist set
lines.append(" set blacklist_v4 {") lines.append(f" set {set_v4_name} {{")
lines.append(" type ipv4_addr") lines.append(" type ipv4_addr")
lines.append(" flags interval") lines.append(" flags interval")
if agg_v4: if agg_v4:
lines.append(" elements = {") lines.append(" elements = {")
for i, net in enumerate(agg_v4): for i, net in enumerate(agg_v4):
comma = "," if i < len(agg_v4) - 1 else "" comma = "," if i < len(agg_v4) - 1 else ""
lines.append(f" {net.with_prefixlen}{comma}") rendered_net = net.with_prefixlen if hasattr(net, "with_prefixlen") else str(net)
lines.append(f" {rendered_net}{comma}")
lines.append(" }") lines.append(" }")
lines.append(" }") lines.append(" }")
lines.append("") lines.append("")
# Define IPv6 blacklist set # Define IPv6 blacklist set
lines.append(" set blacklist_v6 {") lines.append(f" set {set_v6_name} {{")
lines.append(" type ipv6_addr") lines.append(" type ipv6_addr")
lines.append(" flags interval") lines.append(" flags interval")
if agg_v6: if agg_v6:
lines.append(" elements = {") lines.append(" elements = {")
for i, net in enumerate(agg_v6): for i, net in enumerate(agg_v6):
comma = "," if i < len(agg_v6) - 1 else "" comma = "," if i < len(agg_v6) - 1 else ""
lines.append(f" {net.with_prefixlen}{comma}") rendered_net = net.with_prefixlen if hasattr(net, "with_prefixlen") else str(net)
lines.append(f" {rendered_net}{comma}")
lines.append(" }") lines.append(" }")
lines.append(" }") lines.append(" }")
lines.append("") lines.append("")
# Define input chain with set lookups
lines.append(" chain input {")
lines.append(" type filter hook input priority 0;")
lines.append(" policy accept;")
lines.append("")
lines.append(" ct state { established, related } accept")
lines.append("")
if agg_v4:
lines.append(" ip saddr @blacklist_v4 counter drop")
if agg_v6:
lines.append(" ip6 saddr @blacklist_v6 counter drop")
lines.append(" }")
lines.append("}") lines.append("}")
return "\n".join(lines) return "\n".join(lines)
@@ -119,7 +133,8 @@ def main(argv):
if not any(line.strip() and not line.strip().startswith("#") for line in lines): if not any(line.strip() and not line.strip().startswith("#") for line in lines):
print("WARNING: input contains no prefixes (empty or only comments). Nothing to aggregate.") print("WARNING: input contains no prefixes (empty or only comments). Nothing to aggregate.")
nft_conf = make_nft_config([], [], comment="Empty input produced no prefixes") profile = "vk_forward" if "vk" in Path(infile).name.lower() else "vm_input"
nft_conf = make_nft_config([], [], comment="Empty input produced no prefixes", usage_profile=profile)
write_output(outfile, nft_conf) write_output(outfile, nft_conf)
return 0 return 0
@@ -137,7 +152,8 @@ def main(argv):
for n in agg_v6: for n in agg_v6:
print(" v6:", n) print(" v6:", n)
nft_conf = make_nft_config(agg_v4, agg_v6, comment=f"Source: {infile}") profile = "vk_forward" if "vk" in Path(infile).name.lower() else "vm_input"
nft_conf = make_nft_config(agg_v4, agg_v6, comment=f"Source: {infile}", usage_profile=profile)
try: try:
write_output(outfile, nft_conf) write_output(outfile, nft_conf)
except Exception as e: except Exception as e:
@@ -146,7 +162,10 @@ def main(argv):
print("Done.") print("Done.")
print("Load with: sudo nft -f <output.conf>") print("Load with: sudo nft -f <output.conf>")
print("View counters: sudo nft list chain inet filter input -a") if profile == "vk_forward":
print("View sets: sudo nft list set inet filter blacklist_vk_v4")
print(" sudo nft list set inet filter blacklist_vk_v6")
else:
print("View sets: sudo nft list set inet filter blacklist_v4") print("View sets: sudo nft list set inet filter blacklist_v4")
print(" sudo nft list set inet filter blacklist_v6") print(" sudo nft list set inet filter blacklist_v6")
return 0 return 0

92
network_list_from_as.py
View File

@@ -1,60 +1,94 @@
#!/usr/bin/env python3 #!/usr/bin/env python3
import requests
import argparse import argparse
import re import re
from cymruwhois import Client import sys
import requests
from pylib.whois import whois_query from pylib.whois import whois_query
ASN_RE = re.compile(r"\bAS\d+\b", re.IGNORECASE)
def get_as_prefixes(asn): def get_as_prefixes(asn):
url = f"https://stat.ripe.net/data/announced-prefixes/data.json?resource={asn}" url = f"https://stat.ripe.net/data/announced-prefixes/data.json?resource={asn}"
response = requests.get(url) response = requests.get(url, timeout=30)
if response.status_code == 200: response.raise_for_status()
data = response.json() data = response.json()
prefixes = data['data']['prefixes'] prefixes = data["data"]["prefixes"]
return [prefix['prefix'] for prefix in prefixes] return [prefix["prefix"] for prefix in prefixes]
else:
return []
def convert_to_raw_github_url(url): def convert_to_raw_github_url(url):
return url.replace("https://github.com/", "https://raw.githubusercontent.com/").replace("/blob", "") return url.replace("https://github.com/", "https://raw.githubusercontent.com/").replace("/blob", "")
def print_prefixes(asn):
line = re.sub(r'[^AS0-9]', '', asn) def normalize_asn(value):
if not args.quiet: match = ASN_RE.search(value)
print(f"# Networks announced by {line}") if match:
response = whois_query(line, "as-name", True) return match.group(0).upper()
return None
def print_prefixes(asn, quiet=False):
normalized_asn = normalize_asn(asn)
if normalized_asn is None:
return
if not quiet:
print(f"# Networks announced by {normalized_asn}")
response = whois_query(normalized_asn, "as-name", True)
if response is not None: if response is not None:
info = response.strip() info = response.strip()
print(f"# AS-Name (ORG): {info}") print(f"# AS-Name (ORG): {info}")
prefixes = get_as_prefixes(line) prefixes = get_as_prefixes(normalized_asn)
for prefix in prefixes: for prefix in prefixes:
print(prefix) print(prefix)
def extract_asses(asn_filename_or_url):
if asn_filename_or_url.startswith('AS'): def extract_asses(asn_filename_or_url, quiet=False):
print_prefixes(asn_filename_or_url) if normalize_asn(asn_filename_or_url) and not asn_filename_or_url.startswith(("http://", "https://")):
print_prefixes(asn_filename_or_url, quiet=quiet)
return None return None
if asn_filename_or_url.startswith('http://') or asn_filename_or_url.startswith('https://'): if asn_filename_or_url.startswith("http://") or asn_filename_or_url.startswith("https://"):
if 'github.com' in asn_filename_or_url: if "github.com" in asn_filename_or_url:
asn_filename_or_url = convert_to_raw_github_url(asn_filename_or_url) asn_filename_or_url = convert_to_raw_github_url(asn_filename_or_url)
response = requests.get(asn_filename_or_url) response = requests.get(asn_filename_or_url, timeout=30)
lines = response.text.split('\n') response.raise_for_status()
lines = response.text.splitlines()
else: else:
with open(asn_filename_or_url, 'r') as file: with open(asn_filename_or_url, "r", encoding="utf-8") as file:
lines = file.readlines() lines = file.readlines()
for line in lines: for line in lines:
if re.match(r'^AS.*', line): normalized_asn = normalize_asn(line)
print_prefixes(line) if normalized_asn:
print_prefixes(normalized_asn, quiet=quiet)
return None return None
parser = argparse.ArgumentParser(description='./as_network_list.py -q AS61280')
parser.add_argument('asn_filename_or_url', help='The AS number to get networks / The file or URL to extract AS numbers from.')
parser.add_argument('-q', '--quiet', action='store_true', help='Disable all output except prefixes.')
args = parser.parse_args()
extract_asses(args.asn_filename_or_url) def build_parser():
parser = argparse.ArgumentParser(description="./network_list_from_as.py -q AS61280")
parser.add_argument("asn_filename_or_url", help="The AS number to get networks / The file or URL to extract AS numbers from.")
parser.add_argument("-q", "--quiet", action="store_true", help="Disable all output except prefixes.")
return parser
def main(argv=None):
parser = build_parser()
args = parser.parse_args(argv)
try:
extract_asses(args.asn_filename_or_url, quiet=args.quiet)
except requests.RequestException as exc:
print(f"ERROR: failed to fetch ASN data: {exc}", file=sys.stderr)
return 1
except OSError as exc:
print(f"ERROR: failed to read input: {exc}", file=sys.stderr)
return 1
return 0
if __name__ == "__main__":
sys.exit(main())

73
network_list_from_netname.py
View File

@@ -1,41 +1,72 @@
#!/usr/bin/env python3 #!/usr/bin/env python3
import argparse import argparse
import requests
import re import re
from pylib.whois import whois_query import sys
import requests
from pylib.ip import convert_to_cidr from pylib.ip import convert_to_cidr
from pylib.whois import whois_query
def convert_to_raw_github_url(url): def convert_to_raw_github_url(url):
return url.replace("https://github.com/", "https://raw.githubusercontent.com/").replace("/blob", "") return url.replace("https://github.com/", "https://raw.githubusercontent.com/").replace("/blob", "")
def extract_netname(filename_or_url):
if filename_or_url.startswith('http://') or filename_or_url.startswith('https://'): def iter_netnames(lines):
if 'github.com' in filename_or_url: for line in lines:
filename_or_url = convert_to_raw_github_url(filename_or_url) stripped = line.strip()
response = requests.get(filename_or_url) if not stripped or stripped.startswith("#"):
lines = response.text.split('\n') continue
if re.match(r"^netname:", stripped, re.IGNORECASE):
yield stripped.split(":", 1)[1].strip()
else: else:
with open(filename_or_url, 'r') as file: yield stripped
def extract_netname(filename_or_url, quiet=False):
if filename_or_url.startswith("http://") or filename_or_url.startswith("https://"):
if "github.com" in filename_or_url:
filename_or_url = convert_to_raw_github_url(filename_or_url)
response = requests.get(filename_or_url, timeout=30)
response.raise_for_status()
lines = response.text.splitlines()
else:
with open(filename_or_url, "r", encoding="utf-8") as file:
lines = file.readlines() lines = file.readlines()
for line in lines: for netname in iter_netnames(lines):
if re.match(r'^netname:', line):
netname = line.split(':')[1].strip()
response = whois_query(netname, "inetnum") response = whois_query(netname, "inetnum")
if response is not None and len(response) > 0: if response is not None and len(response) > 0:
if not args.quiet: if not quiet:
print(f"# Network name: {netname}") print(f"# Network name: {netname}")
for cidr in response: for cidr in response:
net = convert_to_cidr(cidr) for network in convert_to_cidr(cidr):
net = net[0] print(network)
print(net)
return None return None
parser = argparse.ArgumentParser(description='Extract netname from file.')
parser.add_argument('filename_or_url', help='The file or URL to extract netnames from.')
parser.add_argument('-q', '--quiet', action='store_true', help='Disable all output except prefixes.')
args = parser.parse_args()
extract_netname(args.filename_or_url) def build_parser():
parser = argparse.ArgumentParser(description="Extract netname from file.")
parser.add_argument("filename_or_url", help="The file or URL to extract netnames from.")
parser.add_argument("-q", "--quiet", action="store_true", help="Disable all output except prefixes.")
return parser
def main(argv=None):
parser = build_parser()
args = parser.parse_args(argv)
try:
extract_netname(args.filename_or_url, quiet=args.quiet)
except requests.RequestException as exc:
print(f"ERROR: failed to fetch netname data: {exc}", file=sys.stderr)
return 1
except OSError as exc:
print(f"ERROR: failed to read input: {exc}", file=sys.stderr)
return 1
return 0
if __name__ == "__main__":
sys.exit(main())

108
parse_ripe_db.py
View File

@@ -1,62 +1,84 @@
#!/usr/bin/env python3 #!/usr/bin/env python3
import argparse import argparse
import re
import json import json
import sys
from pylib.ip import convert_to_cidr from pylib.ip import convert_to_cidr
country = "RU" country = "RU"
def normalize_record(record):
if not record:
return None
if record.get("country") != country:
return None
normalized = dict(record)
normalized["inetnum"] = convert_to_cidr(record["inetnum"])
return normalized
def parse(filename, output_text, output_json): def parse(filename, output_text, output_json):
cList = [] c_list = []
record = {} record = {}
with open(filename, 'r', encoding='latin-1') as f: with open(filename, "r", encoding="latin-1") as f:
lines = f.readlines() lines = f.readlines()
f.close()
for line in lines: for line in lines:
if re.match(r'^inetnum:', line): if line.startswith("inetnum:"):
if record: normalized = normalize_record(record)
record['inetnum'] = convert_to_cidr(record['inetnum']) if normalized is not None:
if record['country'] == country: c_list.append(normalized)
# print(record)
cList.append(record)
record = {} record = {}
record['inetnum'] = line.split('inetnum:', 1)[1].strip() record["inetnum"] = line.split("inetnum:", 1)[1].strip()
record['descr'] = '' record["descr"] = ""
record['netname'] = '' record["netname"] = ""
record['country'] = '' record["country"] = ""
record['org'] = '' record["org"] = ""
if re.match(r'^netname:', line): if line.startswith("netname:"):
record['netname'] = line.split('netname:', 1)[1].strip() record["netname"] = line.split("netname:", 1)[1].strip()
if re.match(r'^descr:', line): if line.startswith("descr:"):
record['descr'] = str(record['descr'].strip() + ' ' + line.split('descr:', 1)[1].strip()).strip() record["descr"] = str(record["descr"].strip() + " " + line.split("descr:", 1)[1].strip()).strip()
if re.match(r'^mnt-by:', line): if line.startswith("mnt-by:"):
record['netname'] = str(record['netname'].strip() + ' ' + line.split('mnt-by:', 1)[1].strip()).strip() record["netname"] = str(record["netname"].strip() + " " + line.split("mnt-by:", 1)[1].strip()).strip()
if re.match(r'^country:', line): if line.startswith("country:"):
record['country'] = line.split('country:', 1)[1].strip() record["country"] = line.split("country:", 1)[1].strip()
if re.match(r'^org:', line): if line.startswith("org:"):
record['org'] = line.split('org:', 1)[1].strip() record["org"] = line.split("org:", 1)[1].strip()
if record:
cList.append(record)
with open(output_json, 'w') as f: normalized = normalize_record(record)
json.dump(cList, f, indent=4) if normalized is not None:
f.close() c_list.append(normalized)
with open(output_text, 'w') as f: with open(output_json, "w", encoding="utf-8") as f:
for record in cList: json.dump(c_list, f, indent=4)
for net in record['inetnum']:
f.write(net + ' ' + record['netname'] + ' (' + record['org'] + ') [' + record['descr'] + ']\n')
f.close()
parser = argparse.ArgumentParser(description='Parse RIPE DB for getting a list of RU networks.') with open(output_text, "w", encoding="utf-8") as f:
parser.add_argument('filename', help='ripe.db.inetnum file to parse.') for item in c_list:
parser.add_argument('output_text', help='write text db to...') for net in item["inetnum"]:
parser.add_argument('output_json', help='write json do to...') f.write(net + " " + item["netname"] + " (" + item["org"] + ") [" + item["descr"] + "]\n")
args = parser.parse_args()
if not (args.filename):
parser.print_help()
exit()
def build_parser():
parser = argparse.ArgumentParser(description="Parse RIPE DB for getting a list of RU networks.")
parser.add_argument("filename", help="ripe.db.inetnum file to parse.")
parser.add_argument("output_text", help="write text db to...")
parser.add_argument("output_json", help="write json db to...")
return parser
def main(argv=None):
parser = build_parser()
args = parser.parse_args(argv)
try:
parse(args.filename, args.output_text, args.output_json) parse(args.filename, args.output_text, args.output_json)
except OSError as exc:
print(f"ERROR: {exc}", file=sys.stderr)
return 1
return 0
if __name__ == "__main__":
sys.exit(main())

26
tests/test_check_nft_blacklist.py Normal file
View File

@@ -0,0 +1,26 @@
import tempfile
import unittest
from pathlib import Path
from check_nft_blacklist import check_ip_in_blacklist, parse_nft_config
from generate_nft_blacklist import make_nft_config
class CheckNftBlacklistTests(unittest.TestCase):
def test_vk_sets_are_parsed(self):
config = make_nft_config(["87.240.128.0/18"], [], usage_profile="vk_forward")
with tempfile.TemporaryDirectory() as tmpdir:
config_path = Path(tmpdir) / "blacklist-vk-v4.nft"
config_path.write_text(config, encoding="utf-8")
v4_prefixes, v6_prefixes = parse_nft_config(config_path)
blocked, prefix = check_ip_in_blacklist("87.240.128.1", v4_prefixes, v6_prefixes)
self.assertEqual(len(v4_prefixes), 1)
self.assertTrue(blocked)
self.assertEqual(str(prefix), "87.240.128.0/18")
if __name__ == "__main__":
unittest.main()

25
tests/test_generate_nft_blacklist.py Normal file
View File

@@ -0,0 +1,25 @@
import unittest
from generate_nft_blacklist import make_nft_config
class GenerateNftBlacklistTests(unittest.TestCase):
def test_general_profile_generates_plain_sets_only(self):
config = make_nft_config(["10.0.0.0/24"], [], usage_profile="vm_input")
self.assertIn("set blacklist_v4", config)
self.assertNotIn("chain input", config)
self.assertIn("ip saddr @blacklist_v4", config)
def test_vk_profile_uses_vk_set_names_and_forward_example(self):
config = make_nft_config(["10.0.0.0/24"], ["2001:db8::/32"], usage_profile="vk_forward")
self.assertIn("set blacklist_vk_v4", config)
self.assertIn("set blacklist_vk_v6", config)
self.assertNotIn("chain forward", config)
self.assertIn("ip daddr @blacklist_vk_v4", config)
self.assertIn("ip6 daddr @blacklist_vk_v6", config)
if __name__ == "__main__":
unittest.main()

41
tests/test_parse_ripe_db.py Normal file
View File

@@ -0,0 +1,41 @@
import json
import tempfile
import unittest
from pathlib import Path
from parse_ripe_db import parse
class ParseRipeDbTests(unittest.TestCase):
def test_skips_non_ru_last_record_and_normalizes_last_ru_record(self):
sample = """\
inetnum: 10.0.0.0 - 10.0.0.255
netname: TEST1
country: RU
org: ORG-1
descr: desc1
inetnum: 20.0.0.0 - 20.0.0.255
netname: TEST2
country: US
org: ORG-2
"""
with tempfile.TemporaryDirectory() as tmpdir:
source = Path(tmpdir) / "ripe.db.inetnum"
output_text = Path(tmpdir) / "out.txt"
output_json = Path(tmpdir) / "out.json"
source.write_text(sample, encoding="latin-1")
parse(str(source), str(output_text), str(output_json))
payload = json.loads(output_json.read_text(encoding="utf-8"))
self.assertEqual(len(payload), 1)
self.assertEqual(payload[0]["inetnum"], ["10.0.0.0/24"])
self.assertEqual(payload[0]["country"], "RU")
text_lines = output_text.read_text(encoding="utf-8").splitlines()
self.assertEqual(text_lines, ["10.0.0.0/24 TEST1 (ORG-1) [desc1]"])
if __name__ == "__main__":
unittest.main()