yanistyle/AS_Network_List
1
0
Fork 0
mirror of https://github.com/C24Be/AS_Network_List.git synced 2026-03-29 21:58:59 +03:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: yanistyle:main
Branches Tags
yanistyle:main
..
compare: yanistyle:10775b1493c41a55e99ff7da30f402dbcc4b9288
Branches Tags
yanistyle:main

1 Commits
main ... 10775b1493

Author SHA1 Message Date
C24Be
10775b1493 Update 2025.12.01 00:56:28 2025-12-01 00:56:29 +00:00
54 changed files with 52817 additions and 227493 deletions
Expand all files Collapse all files

2
.github/actions/gitPush/action.yaml vendored
View File

@@ -10,7 +10,7 @@ runs:
git config --global user.email "${{ env.REPO_OWNER }}@github.com"
if [ -n "${{ env.CUSTOM_BRANCH }}" ]; then
git checkout "${daily_branch}" 2>/dev/null || git checkout -b "${daily_branch}"
git push --set-upstream origin "${daily_branch}"
git push --set origin "${daily_branch}"
fi
git add ${{ env.PUSH_FILES }}
git diff --staged --quiet || CHANGED=true

6
.github/actions/gitReset/action.yaml vendored
View File

@@ -8,9 +8,9 @@ runs:
if [ -n "${{ env.CUSTOM_BRANCH }}" ]; then
git reset --hard
git clean -fdx
git checkout "${daily_branch}" 2>/dev/null || git checkout -b "${daily_branch}"
git pull origin "${daily_branch}" || true
git push --set-upstream origin "${daily_branch}"
git checkout "${daily_branch}"
git pull origin "${daily_branch}"
git push --set origin "${daily_branch}"
fi
git reset --hard
git clean -fdx

6
.github/workflows/resolve_networks.yml vendored
View File

@@ -26,7 +26,7 @@ jobs:
with:
fetch-depth: 0 # this is required to fetch all history for all branches and tags
token: ${{ env.GH_PAT }}
ref: ${{ github.ref_name }}
ref: ${{ github.branch }}
- uses: ./.github/actions/gitReset
env:
CUSTOM_BRANCH: true
@@ -53,7 +53,7 @@ jobs:
with:
fetch-depth: 0 # this is required to fetch all history for all branches and tags
token: ${{ env.GH_PAT }}
ref: ${{ github.ref_name }}
ref: ${{ github.branch }}
- uses: ./.github/actions/gitReset
env:
CUSTOM_BRANCH: true
@@ -80,7 +80,7 @@ jobs:
with:
fetch-depth: 0 # this is required to fetch all history for all branches and tags
token: ${{ env.GH_PAT }}
ref: ${{ github.ref_name }}
ref: ${{ github.branch }}
- uses: ./.github/actions/gitReset
env:
CUSTOM_BRANCH: true

4
.github/workflows/update_blacklists.yml vendored
View File

@@ -32,8 +32,6 @@ jobs:
- run: ./blacklists_updater_txt.sh
- run: ./blacklists_updater_nginx.sh
- run: ./blacklists_updater_iptables.sh
- run: ./blacklists_updater_nftables.sh
- run: ./blacklists_updater_routes.sh
- uses: ./.github/actions/gitPush
env:
PUSH_FILES: blacklists/ blacklists_nginx/ blacklists_iptables/ blacklists_nftables/ blacklists_route/
PUSH_FILES: blacklists/ blacklists_nginx/ blacklists_iptables/

33
.github/workflows/update_nftables.yml vendored
View File

@@ -1,33 +0,0 @@
name: Update nftables Blacklists
on:
schedule:
- cron: '30 2 * * *' # Daily at 02:30 UTC
workflow_dispatch:
jobs:
update-nftables:
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: '3.x'
- name: Generate nftables blacklists
run: |
chmod +x blacklists_updater_nftables.sh
./blacklists_updater_nftables.sh
- name: Commit and push if changed
run: |
git config --local user.email "github-actions[bot]@users.noreply.github.com"
git config --local user.name "github-actions[bot]"
git add blacklists_nftables/
git diff --quiet && git diff --staged --quiet || \
(git commit -m "Auto-update nftables blacklists [skip ci]" && git push)

117
README.md
View File

@@ -2,22 +2,14 @@
### Blacklists are updated daily!
> [!IMPORTANT]
> A very important feature has been added: dedicated lists of VK Cloud / VK networks that can be used to block **OUTGOING** traffic from your server (iptables/ipset and nftables formats are available).
> This can help reduce the risk of Messenger MAX being used to compromise your VPN server.
> The best security option is to avoid installing Messenger MAX at all on a phone where VPN access is configured.
This repository contains Python scripts that allow you to retrieve network lists based on either an Autonomous System (AS) name or a Network name. Also you can download and parse the whole RIPE database to get information about Networks for the further analysis.
## Important Links
**Ready-to-use blacklists in multiple formats:**
- [Text blacklists in `blacklists/`](https://github.com/C24Be/AS_Network_List/tree/main/blacklists) - Plain text format with IPv4/IPv6 separation
- [Nginx configurations in `blacklists_nginx/`](https://github.com/C24Be/AS_Network_List/tree/main/blacklists_nginx) - Ready to include in your nginx config
- [IPTables/IPSet files in `blacklists_iptables/`](https://github.com/C24Be/AS_Network_List/tree/main/blacklists_iptables) - Optimized for iptables with ipset
- [nftables files in `blacklists_nftables/`](https://github.com/C24Be/AS_Network_List/tree/main/blacklists_nftables) - Ready-to-load sets and rules for nftables
- [Linux route files in `blacklists_route/`](https://github.com/C24Be/AS_Network_List/tree/main/blacklists_route) - VK route blackholes to loopback (IPv4/IPv6)
- [Other network and ASN lists in `auto/`](https://github.com/C24Be/AS_Network_List/tree/main/auto) - Comprehensive Russian network data
## Files and features
@@ -28,16 +20,12 @@ This repository contains Python scripts that allow you to retrieve network lists
- `get_info_from_ripe.py`: Retrieves information about Russian AS numbers and Networks from RIPE database for the further analysis.
- `get_description.py`: Retrieves network names, AS names and organisation names from RIPE. Updates the lists in the folder `auto/`.
- `parse_ripe_db.py`: Parses the whole RIPE database to get information about Networks for the further analysis.
- `generate_nft_blacklist.py`: Takes text blacklist on the input and generates nftables config with sets.
- `check_nft_blacklist.py`: Checks IPv4/IPv6 address against generated nftables config.
### Blacklist Generators
- `blacklists_updater_txt.sh`: Generates text-based blacklists with IPv4/IPv6 separation
- `blacklists_updater_nginx.sh`: Generates nginx configuration files with deny directives
- `blacklists_updater_iptables.sh`: Generates ipset configuration files for iptables/ip6tables
- `blacklists_updater_nftables.sh`: Generates nftables blacklist files (mixed/v4/v6 and VK-specific)
- `blacklists_updater_routes.sh`: Generates Linux route files to send VK networks to loopback (`127.0.0.1` / `::1`)
### Generated Blacklists
@@ -57,34 +45,17 @@ This repository contains Python scripts that allow you to retrieve network lists
**IPTables/IPSet Format** (`blacklists_iptables/` folder):
- `blacklist.ipset`: IPSet configuration for mixed IPv4/IPv6 (**daily generated**)
- `blacklist-v4.ipset`: IPSet configuration for IPv4 only (**daily generated**)
- `blacklist-v6.ipset`: IPSet configuration for IPv6 only (**daily generated**)
- `blacklist-vk-v4.ipset`: IPSet configuration for VK-only IPv4 networks (**daily generated**)
- `blacklist-vk-v6.ipset`: IPSet configuration for VK-only IPv6 networks (**daily generated**)
- `README.md`: Complete usage documentation for iptables integration
**nftables Format** (`blacklists_nftables/` folder):
* `blacklist.nft`: nftables set definitions for mixed IPv4/IPv6 (**daily generated**)
* `blacklist-v4.nft`: nftables configuration for IPv4 only (**daily generated**)
* `blacklist-v6.nft`: nftables configuration for IPv6 only (**daily generated**)
* `blacklist-vk.nft`: nftables set definitions for VK-only mixed IPv4/IPv6 (**daily generated**)
* `blacklist-vk-v4.nft`: nftables configuration for VK-only IPv4 networks (**daily generated**)
* `blacklist-vk-v6.nft`: nftables configuration for VK-only IPv6 networks (**daily generated**)
* `README.md`: Complete usage documentation for nftables integration
**Linux Routes Format** (`blacklists_route/` folder):
* `blacklist-vk-v4.routes`: IPv4 routes for VK-only networks to `127.0.0.1` via `lo` (**daily generated**)
* `blacklist-vk-v6.routes`: IPv6 routes for VK-only networks to `::1` via `lo` (**daily generated**)
### Reference Lists
**Contributors are welcome!**
- `lists/ru-gov-netnames.txt`: A list of network names associated with the Russian government.
- ASN candidates used for blacklists are derived automatically from `auto/all-ru-asn.txt`.
- `lists/ru-gov-asns.txt`: A list of AS numbers associated with the Russian government.
### Auto-Generated Data
@@ -112,53 +83,11 @@ wget https://raw.githubusercontent.com/C24Be/AS_Network_List/main/blacklists_ngi
**For IPTables/IPSet:**
```bash
# Download and load IPv4/IPv6 sets into ipset
wget https://raw.githubusercontent.com/C24Be/AS_Network_List/main/blacklists_iptables/blacklist-v4.ipset
wget https://raw.githubusercontent.com/C24Be/AS_Network_List/main/blacklists_iptables/blacklist-v6.ipset
ipset restore < blacklist-v4.ipset
ipset restore < blacklist-v6.ipset
iptables -I INPUT -m set --match-set blacklist-v4 src -m conntrack --ctstate NEW -j DROP
ip6tables -I INPUT -m set --match-set blacklist-v6 src -m conntrack --ctstate NEW -j DROP
```
**For nftables:**
````bash
# Download and load nftables sets
wget https://raw.githubusercontent.com/C24Be/AS_Network_List/main/blacklists_nftables/blacklist.nft
wget https://raw.githubusercontent.com/C24Be/AS_Network_List/main/blacklists_nftables/blacklist-v4.nft
wget https://raw.githubusercontent.com/C24Be/AS_Network_List/main/blacklists_nftables/blacklist-v6.nft
sudo nft -f blacklist.nft
sudo nft -f blacklist-v4.nft
sudo nft -f blacklist-v6.nft
# Protect VM from incoming blacklist sources
sudo nft add chain inet filter input '{ type filter hook input priority 0; policy accept; }'
sudo nft add rule inet filter input ip saddr @blacklist_v4 counter reject
sudo nft add rule inet filter input ip6 saddr @blacklist_v6 counter reject
# VK-only outbound blocking for VPN clients via NAT/FORWARD
wget https://raw.githubusercontent.com/C24Be/AS_Network_List/main/blacklists_nftables/blacklist-vk.nft
wget https://raw.githubusercontent.com/C24Be/AS_Network_List/main/blacklists_nftables/blacklist-vk-v4.nft
wget https://raw.githubusercontent.com/C24Be/AS_Network_List/main/blacklists_nftables/blacklist-vk-v6.nft
sudo nft -f blacklist-vk.nft
sudo nft -f blacklist-vk-v4.nft
sudo nft -f blacklist-vk-v6.nft
sudo nft add chain inet filter forward '{ type filter hook forward priority 0; policy accept; }'
sudo nft add rule inet filter forward iifname "<VPN_IFACE>" ip daddr @blacklist_vk_v4 counter reject
sudo nft add rule inet filter forward iifname "<VPN_IFACE>" ip6 daddr @blacklist_vk_v6 counter reject
# View the loaded rules
sudo nft list ruleset
````
**For Linux Routes (VK loopback blackhole):**
```bash
# Download and apply VK route files
wget https://raw.githubusercontent.com/C24Be/AS_Network_List/main/blacklists_route/blacklist-vk-v4.routes
wget https://raw.githubusercontent.com/C24Be/AS_Network_List/main/blacklists_route/blacklist-vk-v6.routes
sudo sh blacklist-vk-v4.routes
sudo sh blacklist-vk-v6.routes
# Download and load into ipset
wget https://raw.githubusercontent.com/C24Be/AS_Network_List/main/blacklists_iptables/blacklist.ipset
ipset restore < blacklist.ipset
iptables -I INPUT -m set --match-set blacklist-v4 src -j DROP
ip6tables -I INPUT -m set --match-set blacklist-v6 src -j DROP
```
**For Custom Applications:**
@@ -210,16 +139,16 @@ See the README files in each folder for detailed usage instructions.
./network_list_from_as.py AS61280
```
2. Run the script with a URL to a file with one ASN per line:
2. Run the script with a URL to a file in a GitHub repository as an argument:
```bash
./network_list_from_as.py https://example.com/asns.txt
./network_list_from_as.py https://github.com/C24Be/AS_Network_List/blob/main/lists/ru-gov-asns.txt
```
Or better use the raw file link:
```bash
./network_list_from_as.py https://example.com/asns-raw.txt
./network_list_from_as.py https://raw.githubusercontent.com/C24Be/AS_Network_List/main/lists/ru-gov-asns.txt
```
3. To display a help message, use the `-h` or `--help` switch:
@@ -254,20 +183,6 @@ See the README files in each folder for detailed usage instructions.
./network_list_from_netname.py --help
```
### `generate_nft_blacklist.py`
1. Generate nftables config from blacklist:
```bash
./generate_nft_blacklist.py blacklists/blacklist.txt blacklist.nft
```
### `check_nft_blacklist.py`
1. Check IP address against generated config:
```bash
./check_nft_blacklist.py blacklist.nft 77.37.166.239
```
## Screenshots
<img width="320" alt="image" src="https://github.com/C24Be/AS_Network_List/assets/153936414/71bd0ed4-0e9b-42f0-8e91-01964ea9b8e1">
@@ -284,6 +199,16 @@ This repository uses GitHub Actions to automatically update blacklists:
All blacklists are automatically regenerated and committed to ensure you always have the latest data.
## Blacklist Format Comparison
| Format | Best For | Performance | Ease of Use | File Size |
|--------|----------|-------------|-------------|-----------|
| **Text** | Custom scripts, analysis | N/A | ⭐⭐⭐⭐⭐ | Small |
| **Nginx** | Web servers, reverse proxies | Good | ⭐⭐⭐⭐ | Medium |
| **IPSet** | Firewalls, large-scale blocking | Excellent | ⭐⭐⭐ | Medium |
**Recommendation**: Use IPSet for firewall-level blocking (best performance), Nginx for web application layer, and text format for custom integrations.
## Additional information
- [RIPE DB Inetnum](https://ftp.ripe.net/ripe/dbase/split/ripe.db.inetnum.gz)

10920
auto/all-ru-asn.txt
View File

File diff suppressed because it is too large Load Diff

9343
auto/all-ru-ipv4.txt
View File

File diff suppressed because it is too large Load Diff

4390
auto/all-ru-ipv6.txt
View File

File diff suppressed because it is too large Load Diff

185847
auto/all-ru.txt
View File

File diff suppressed because it is too large Load Diff

51428
auto/ripe-ru-ipv4.json
View File

File diff suppressed because it is too large Load Diff

11484
auto/ripe-ru-ipv4.txt
View File

File diff suppressed because it is too large Load Diff

0
blacklists/.keep Normal file
View File

110
blacklists/blacklist-v4.txt
View File

@@ -30,6 +30,7 @@
128.140.170.0/24
128.140.171.0/24
128.140.172.0/22
128.140.173.0/24
130.49.224.0/19
145.255.238.240/28
146.185.208.0/22
@@ -41,13 +42,28 @@
149.62.55.240/30
155.212.192.0/20
176.109.0.0/21
176.109.0.0/24
176.109.1.0/24
176.109.2.0/24
176.109.3.0/24
176.109.5.0/24
176.109.6.0/24
176.112.168.0/21
176.116.112.0/22
176.116.96.0/20
178.16.156.148/30
178.17.176.0/23
178.17.178.0/23
178.17.180.0/23
178.17.182.0/23
178.20.234.224/29
178.22.88.0/21
178.22.88.0/24
178.22.89.0/26
178.22.89.128/25
178.22.89.64/26
178.22.90.0/24
178.22.91.0/24
178.22.92.0/23
178.22.94.0/23
178.237.16.0/20
178.237.16.0/21
@@ -59,6 +75,7 @@
178.237.240.0/20
178.237.248.0/21
178.237.28.0/24
178.237.29.0/24
178.237.30.0/23
178.248.232.137/32
178.248.232.60/32
@@ -105,16 +122,21 @@
185.130.112.0/23
185.130.114.0/23
185.131.68.0/22
185.131.68.0/23
185.149.160.0/24
185.149.161.0/24
185.149.162.0/24
185.149.163.0/24
185.16.10.0/23
185.16.148.0/22
185.16.148.0/23
185.16.150.0/23
185.16.244.0/22
185.16.244.0/23
185.16.246.0/23
185.16.246.0/24
185.16.247.0/24
185.16.8.0/23
185.168.60.0/24
185.168.61.0/24
185.168.62.0/24
@@ -182,17 +204,21 @@
188.93.56.0/24
188.93.57.0/24
188.93.58.0/24
188.93.59.0/24
188.93.60.0/24
188.93.61.0/24
188.93.62.0/24
188.93.63.0/24
193.203.40.0/22
193.232.70.0/24
193.33.230.0/23
193.47.146.0/24
194.140.247.0/25
194.140.247.128/25
194.150.202.0/23
194.165.22.0/23
194.186.112.80/28
194.186.63.0/24
194.190.9.0/24
194.215.248.0/24
194.226.116.0/22
@@ -224,11 +250,15 @@
195.182.155.164/30
195.182.156.96/30
195.209.120.0/22
195.209.122.0/24
195.209.123.0/24
195.211.20.0/22
195.211.20.0/23
195.211.22.0/24
195.211.23.0/24
195.218.175.40/29
195.218.190.0/23
195.226.203.0/24
195.239.113.0/24
195.239.247.0/24
195.239.80.32/29
@@ -249,6 +279,7 @@
195.98.43.104/29
195.98.73.56/29
195.98.77.100/30
212.111.84.0/22
212.119.174.0/24
212.119.175.0/24
212.120.169.48/29
@@ -272,8 +303,15 @@
212.17.8.176/29
212.17.9.144/28
212.192.156.0/22
212.192.156.0/24
212.192.157.0/24
212.192.158.0/24
212.23.85.48/30
212.23.85.56/29
212.233.120.0/22
212.233.72.0/21
212.233.88.0/21
212.233.96.0/22
212.32.198.64/29
212.48.134.192/26
212.48.138.240/28
@@ -378,6 +416,8 @@
213.172.27.252/30
213.172.30.136/30
213.172.4.192/26
213.176.232.0/23
213.176.234.0/23
213.177.111.0/24
213.183.253.56/29
213.219.212.0/22
@@ -433,9 +473,7 @@
217.106.203.88/29
217.106.93.192/26
217.106.95.112/28
217.107.0.0/18
217.107.200.0/21
217.107.208.0/20
217.107.5.112/29
217.107.5.16/29
217.107.5.24/29
@@ -451,7 +489,7 @@
217.16.16.0/21
217.16.24.0/21
217.172.18.0/23
217.172.20.0/22
217.174.188.0/22
217.174.188.0/23
217.195.92.16/28
217.195.93.144/29
@@ -466,10 +504,7 @@
217.20.158.0/24
217.20.159.0/24
217.20.86.128/26
217.20.86.192/27
217.20.86.224/29
217.20.86.232/29
217.20.86.240/28
217.23.88.168/29
217.23.88.248/29
217.27.142.176/30
@@ -478,7 +513,10 @@
217.67.177.208/29
217.69.128.0/20
217.69.128.0/21
217.69.132.0/24
217.69.136.0/21
31.148.205.0/24
31.177.104.0/22
31.177.95.0/24
31.44.63.64/29
37.139.32.0/22
@@ -500,8 +538,8 @@
45.84.130.0/23
46.20.70.160/28
46.228.0.232/29
46.245.234.0/24
46.29.152.0/22
46.29.156.0/23
46.46.142.160/28
46.46.148.40/29
46.47.197.128/30
@@ -544,20 +582,31 @@
5.61.239.64/26
62.105.158.200/29
62.112.110.64/28
62.118.0.208/28
62.118.101.184/29
62.118.113.232/29
62.118.125.188/30
62.118.127.240/28
62.118.15.16/28
62.118.17.152/29
62.118.19.112/30
62.118.19.40/30
62.118.193.8/29
62.118.205.68/30
62.118.208.100/30
62.118.209.192/30
62.118.21.160/29
62.118.216.60/30
62.118.219.184/30
62.118.230.4/30
62.118.233.224/29
62.118.234.64/29
62.118.239.128/29
62.118.25.112/28
62.118.37.168/30
62.118.37.180/30
62.118.37.4/30
62.118.38.212/30
62.141.125.0/25
62.217.160.0/20
62.217.160.0/21
@@ -566,6 +615,7 @@
62.33.199.80/29
62.33.34.16/28
62.33.87.128/28
62.33.87.152/29
62.5.130.104/29
62.5.132.224/29
62.5.189.80/29
@@ -613,6 +663,9 @@
79.137.139.0/24
79.137.139.0/25
79.137.139.128/25
79.137.140.0/24
79.137.142.0/24
79.137.157.0/24
79.137.157.0/25
79.137.157.128/25
79.137.164.0/24
@@ -632,6 +685,9 @@
79.137.240.0/22
79.137.244.0/22
79.142.88.0/28
79.143.229.0/24
79.143.230.0/24
79.143.232.0/24
80.237.11.88/29
80.237.39.112/29
80.237.98.80/28
@@ -641,6 +697,8 @@
80.254.100.40/29
80.254.119.168/29
80.73.16.0/20
80.73.16.0/21
80.73.16.0/24
80.73.168.80/28
80.73.169.244/30
80.82.43.24/29
@@ -693,6 +751,7 @@
81.222.209.136/29
81.222.210.24/29
81.3.168.148/30
82.110.69.200/29
82.140.65.240/29
82.142.162.104/29
82.151.107.136/29
@@ -778,7 +837,6 @@
85.141.60.96/28
85.141.61.160/28
85.143.125.0/24
85.146.204.44/30
85.192.32.0/22
85.192.32.0/23
85.192.34.0/23
@@ -845,6 +903,8 @@
87.240.128.0/18
87.240.128.0/19
87.240.160.0/19
87.240.166.0/24
87.240.167.0/24
87.242.112.0/22
87.245.133.0/24
87.249.16.32/28
@@ -912,6 +972,11 @@
89.21.152.104/29
89.221.228.0/22
89.221.232.0/21
89.221.232.0/22
89.221.233.0/24
89.221.234.0/24
89.221.235.0/24
89.221.236.0/22
89.28.253.168/29
89.28.255.56/29
90.150.176.52/30
@@ -934,6 +999,7 @@
90.156.148.0/22
90.156.148.0/23
90.156.150.0/23
90.156.151.0/24
90.156.212.0/22
90.156.212.0/23
90.156.214.0/23
@@ -941,13 +1007,27 @@
90.156.216.0/23
90.156.218.0/23
90.156.232.0/21
90.156.248.0/22
91.103.194.184/29
91.135.212.0/22
91.135.216.0/21
91.135.220.0/24
91.135.221.0/24
91.195.136.0/23
91.208.20.0/24
91.215.168.0/22
91.217.34.0/23
91.219.192.0/22
91.219.224.0/22
91.221.140.0/23
91.221.140.0/24
91.221.141.0/24
91.226.250.0/24
91.227.32.0/24
91.231.132.0/22
91.231.132.0/24
91.231.133.0/24
91.231.134.0/24
91.237.76.0/24
92.101.253.152/29
92.101.253.96/29
@@ -959,6 +1039,7 @@
92.50.198.72/30
92.50.219.136/29
92.50.238.224/29
92.60.186.0/28
93.153.134.112/29
93.153.135.88/30
93.153.136.132/30
@@ -992,6 +1073,7 @@
94.124.192.192/29
94.139.244.0/22
94.139.244.0/23
94.139.244.0/24
94.139.246.0/23
94.199.64.0/21
94.25.119.228/30
@@ -1008,6 +1090,9 @@
95.142.201.0/24
95.142.202.0/24
95.142.203.0/24
95.142.204.0/23
95.142.207.0/24
95.163.133.0/24
95.163.180.0/22
95.163.180.0/23
95.163.182.0/23
@@ -1045,7 +1130,6 @@
95.167.5.80/28
95.167.54.76/30
95.167.59.244/30
95.167.59.248/30
95.167.64.20/30
95.167.68.216/29
95.167.69.116/30
@@ -1063,6 +1147,7 @@
95.173.128.0/20
95.173.144.0/20
95.213.0.0/17
95.213.0.0/18
95.213.0.0/20
95.213.16.0/21
95.213.24.0/23
@@ -1077,7 +1162,12 @@
95.213.34.0/23
95.213.36.0/22
95.213.40.0/21
95.213.44.0/24
95.213.45.0/24
95.213.48.0/20
95.213.64.0/18
95.47.189.0/24
95.47.191.0/24
95.47.244.0/24
95.53.248.0/29
95.54.193.80/28

18
blacklists/blacklist-v6.txt
View File

@@ -1,5 +1,23 @@
2a00:1148::/29
2a00:1148::/32
2a00:a300::/32
2a00:b4c0::/32
2a00:bdc0:8000::/34
2a00:bdc0::/33
2a00:bdc0:c000::/35
2a00:bdc0:e002::/48
2a00:bdc0:e003::/48
2a00:bdc0:e004::/48
2a00:bdc0:e005::/48
2a00:bdc0:e007::/48
2a00:bdc0:f000::/36
2a00:bdc1::/32
2a00:bdc2::/31
2a00:bdc4::/30
2a0c:a9c7:156::/48
2a0c:a9c7:157::/48
2a0c:a9c7:158::/48
2a14:25c0::/32
2a14:25c5::/32
2a14:25c6::/32
2a14:25c7::/32

266
blacklists/blacklist-vk-v4.txt
View File

@@ -1,266 +0,0 @@
109.120.180.0/22
109.120.180.0/23
109.120.182.0/23
109.120.188.0/22
109.120.188.0/23
109.120.190.0/23
128.140.168.0/21
128.140.168.0/23
128.140.170.0/24
128.140.171.0/24
128.140.172.0/22
130.49.224.0/19
146.185.208.0/22
146.185.208.0/23
146.185.210.0/23
146.185.240.0/22
146.185.240.0/23
146.185.242.0/23
155.212.192.0/20
176.112.168.0/21
178.22.88.0/21
178.22.89.64/26
178.22.94.0/23
178.237.16.0/20
178.237.16.0/21
178.237.24.0/22
178.237.30.0/23
185.100.104.0/22
185.100.104.0/23
185.100.106.0/23
185.130.112.0/22
185.130.112.0/23
185.130.114.0/23
185.131.68.0/22
185.16.148.0/22
185.16.148.0/23
185.16.150.0/23
185.16.244.0/22
185.16.244.0/23
185.16.246.0/23
185.180.200.0/22
185.187.63.0/24
185.187.63.0/25
185.187.63.128/25
185.226.52.0/22
185.226.52.0/23
185.226.54.0/23
185.241.192.0/22
185.241.192.0/23
185.241.194.0/23
185.29.128.0/22
185.29.130.0/24
185.32.248.0/22
185.32.248.0/23
185.32.250.0/23
185.5.136.0/22
185.5.136.0/23
185.5.138.0/23
185.6.244.0/22
185.6.244.0/23
185.6.246.0/23
185.86.144.0/22
185.86.144.0/23
185.86.146.0/23
188.93.56.0/21
188.93.56.0/24
188.93.57.0/24
188.93.58.0/24
188.93.60.0/24
188.93.61.0/24
188.93.62.0/24
193.203.40.0/22
194.84.16.12/30
195.211.20.0/22
195.211.22.0/24
195.211.23.0/24
212.111.84.0/22
212.233.120.0/22
212.233.72.0/21
212.233.88.0/21
212.233.96.0/22
213.219.212.0/22
213.219.212.0/23
213.219.214.0/23
217.16.16.0/20
217.16.16.0/21
217.16.24.0/21
217.174.188.0/23
217.20.144.0/20
217.20.144.0/22
217.20.148.0/24
217.20.149.0/24
217.20.150.0/23
217.20.152.0/22
217.20.156.0/23
217.20.158.0/24
217.20.159.0/24
217.69.128.0/20
217.69.128.0/21
217.69.136.0/21
37.139.32.0/22
37.139.32.0/23
37.139.34.0/23
37.139.40.0/22
37.139.40.0/23
37.139.42.0/23
45.136.20.0/22
45.136.20.0/23
45.136.22.0/23
45.84.128.0/22
45.84.128.0/23
45.84.130.0/23
5.101.40.0/22
5.101.40.0/23
5.101.42.0/23
5.181.60.0/22
5.181.60.0/24
5.181.61.0/24
5.181.62.0/23
5.188.140.0/22
5.188.140.0/23
5.188.142.0/23
5.61.16.0/21
5.61.16.0/22
5.61.20.0/22
5.61.232.0/21
5.61.232.0/22
5.61.236.0/23
5.61.238.0/24
5.61.239.0/27
5.61.239.128/25
5.61.239.40/29
5.61.239.48/28
5.61.239.64/26
62.217.160.0/20
62.217.160.0/21
62.217.168.0/21
79.137.132.0/24
79.137.132.0/25
79.137.132.128/25
79.137.139.0/24
79.137.139.0/25
79.137.139.128/25
79.137.157.0/25
79.137.157.128/25
79.137.164.0/24
79.137.164.0/25
79.137.164.128/25
79.137.167.0/24
79.137.167.0/25
79.137.167.128/25
79.137.174.0/23
79.137.174.0/24
79.137.175.0/24
79.137.180.0/24
79.137.180.0/25
79.137.180.128/25
79.137.240.0/21
79.137.240.0/22
79.137.244.0/22
83.166.232.0/21
83.166.232.0/22
83.166.236.0/22
83.166.248.0/21
83.166.248.0/22
83.166.252.0/22
83.217.216.0/22
83.217.216.0/23
83.217.218.0/23
83.222.28.0/22
84.23.52.0/22
84.23.52.0/23
84.23.54.0/23
85.114.31.108/30
85.192.32.0/22
85.192.32.0/23
85.192.34.0/23
85.198.106.0/24
85.198.107.0/24
87.239.104.0/21
87.239.104.0/22
87.239.108.0/22
87.240.128.0/18
87.240.128.0/19
87.240.160.0/19
87.242.112.0/22
89.208.196.0/22
89.208.196.0/23
89.208.198.0/23
89.208.208.0/22
89.208.208.0/23
89.208.210.0/23
89.208.216.0/21
89.208.216.0/23
89.208.218.0/23
89.208.220.0/22
89.208.228.0/22
89.208.228.0/23
89.208.230.0/23
89.208.84.0/22
89.208.84.0/23
89.208.86.0/23
89.221.228.0/22
89.221.232.0/21
90.156.148.0/22
90.156.148.0/23
90.156.150.0/23
90.156.212.0/22
90.156.212.0/23
90.156.214.0/23
90.156.216.0/22
90.156.216.0/23
90.156.218.0/23
90.156.232.0/21
91.219.224.0/22
91.231.132.0/22
91.237.76.0/24
93.153.255.84/30
93.186.224.0/20
93.186.224.0/21
93.186.232.0/21
94.100.176.0/20
94.100.176.0/21
94.100.184.0/21
94.139.244.0/22
94.139.244.0/23
94.139.246.0/23
95.142.192.0/20
95.142.192.0/21
95.142.200.0/21
95.163.180.0/22
95.163.180.0/23
95.163.182.0/23
95.163.208.0/21
95.163.208.0/23
95.163.210.0/23
95.163.212.0/22
95.163.216.0/22
95.163.216.0/23
95.163.218.0/23
95.163.248.0/21
95.163.248.0/22
95.163.252.0/23
95.163.254.0/23
95.163.32.0/19
95.163.32.0/22
95.163.36.0/22
95.163.40.0/21
95.163.48.0/20
95.213.0.0/17
95.213.0.0/20
95.213.16.0/21
95.213.24.0/23
95.213.26.0/24
95.213.27.0/24
95.213.28.0/24
95.213.29.0/24
95.213.30.0/24
95.213.31.0/24
95.213.32.0/24
95.213.33.0/24
95.213.34.0/23
95.213.36.0/22
95.213.40.0/21
95.213.48.0/20
95.213.64.0/18

1
blacklists/blacklist-vk-v6.txt
View File

@@ -1 +0,0 @@
2a00:bdc0::/29

267
blacklists/blacklist-vk.txt
View File

@@ -1,267 +0,0 @@
109.120.180.0/22
109.120.180.0/23
109.120.182.0/23
109.120.188.0/22
109.120.188.0/23
109.120.190.0/23
128.140.168.0/21
128.140.168.0/23
128.140.170.0/24
128.140.171.0/24
128.140.172.0/22
130.49.224.0/19
146.185.208.0/22
146.185.208.0/23
146.185.210.0/23
146.185.240.0/22
146.185.240.0/23
146.185.242.0/23
155.212.192.0/20
176.112.168.0/21
178.22.88.0/21
178.22.89.64/26
178.22.94.0/23
178.237.16.0/20
178.237.16.0/21
178.237.24.0/22
178.237.30.0/23
185.100.104.0/22
185.100.104.0/23
185.100.106.0/23
185.130.112.0/22
185.130.112.0/23
185.130.114.0/23
185.131.68.0/22
185.16.148.0/22
185.16.148.0/23
185.16.150.0/23
185.16.244.0/22
185.16.244.0/23
185.16.246.0/23
185.180.200.0/22
185.187.63.0/24
185.187.63.0/25
185.187.63.128/25
185.226.52.0/22
185.226.52.0/23
185.226.54.0/23
185.241.192.0/22
185.241.192.0/23
185.241.194.0/23
185.29.128.0/22
185.29.130.0/24
185.32.248.0/22
185.32.248.0/23
185.32.250.0/23
185.5.136.0/22
185.5.136.0/23
185.5.138.0/23
185.6.244.0/22
185.6.244.0/23
185.6.246.0/23
185.86.144.0/22
185.86.144.0/23
185.86.146.0/23
188.93.56.0/21
188.93.56.0/24
188.93.57.0/24
188.93.58.0/24
188.93.60.0/24
188.93.61.0/24
188.93.62.0/24
193.203.40.0/22
194.84.16.12/30
195.211.20.0/22
195.211.22.0/24
195.211.23.0/24
212.111.84.0/22
212.233.120.0/22
212.233.72.0/21
212.233.88.0/21
212.233.96.0/22
213.219.212.0/22
213.219.212.0/23
213.219.214.0/23
217.16.16.0/20
217.16.16.0/21
217.16.24.0/21
217.174.188.0/23
217.20.144.0/20
217.20.144.0/22
217.20.148.0/24
217.20.149.0/24
217.20.150.0/23
217.20.152.0/22
217.20.156.0/23
217.20.158.0/24
217.20.159.0/24
217.69.128.0/20
217.69.128.0/21
217.69.136.0/21
2a00:bdc0::/29
37.139.32.0/22
37.139.32.0/23
37.139.34.0/23
37.139.40.0/22
37.139.40.0/23
37.139.42.0/23
45.136.20.0/22
45.136.20.0/23
45.136.22.0/23
45.84.128.0/22
45.84.128.0/23
45.84.130.0/23
5.101.40.0/22
5.101.40.0/23
5.101.42.0/23
5.181.60.0/22
5.181.60.0/24
5.181.61.0/24
5.181.62.0/23
5.188.140.0/22
5.188.140.0/23
5.188.142.0/23
5.61.16.0/21
5.61.16.0/22
5.61.20.0/22
5.61.232.0/21
5.61.232.0/22
5.61.236.0/23
5.61.238.0/24
5.61.239.0/27
5.61.239.128/25
5.61.239.40/29
5.61.239.48/28
5.61.239.64/26
62.217.160.0/20
62.217.160.0/21
62.217.168.0/21
79.137.132.0/24
79.137.132.0/25
79.137.132.128/25
79.137.139.0/24
79.137.139.0/25
79.137.139.128/25
79.137.157.0/25
79.137.157.128/25
79.137.164.0/24
79.137.164.0/25
79.137.164.128/25
79.137.167.0/24
79.137.167.0/25
79.137.167.128/25
79.137.174.0/23
79.137.174.0/24
79.137.175.0/24
79.137.180.0/24
79.137.180.0/25
79.137.180.128/25
79.137.240.0/21
79.137.240.0/22
79.137.244.0/22
83.166.232.0/21
83.166.232.0/22
83.166.236.0/22
83.166.248.0/21
83.166.248.0/22
83.166.252.0/22
83.217.216.0/22
83.217.216.0/23
83.217.218.0/23
83.222.28.0/22
84.23.52.0/22
84.23.52.0/23
84.23.54.0/23
85.114.31.108/30
85.192.32.0/22
85.192.32.0/23
85.192.34.0/23
85.198.106.0/24
85.198.107.0/24
87.239.104.0/21
87.239.104.0/22
87.239.108.0/22
87.240.128.0/18
87.240.128.0/19
87.240.160.0/19
87.242.112.0/22
89.208.196.0/22
89.208.196.0/23
89.208.198.0/23
89.208.208.0/22
89.208.208.0/23
89.208.210.0/23
89.208.216.0/21
89.208.216.0/23
89.208.218.0/23
89.208.220.0/22
89.208.228.0/22
89.208.228.0/23
89.208.230.0/23
89.208.84.0/22
89.208.84.0/23
89.208.86.0/23
89.221.228.0/22
89.221.232.0/21
90.156.148.0/22
90.156.148.0/23
90.156.150.0/23
90.156.212.0/22
90.156.212.0/23
90.156.214.0/23
90.156.216.0/22
90.156.216.0/23
90.156.218.0/23
90.156.232.0/21
91.219.224.0/22
91.231.132.0/22
91.237.76.0/24
93.153.255.84/30
93.186.224.0/20
93.186.224.0/21
93.186.232.0/21
94.100.176.0/20
94.100.176.0/21
94.100.184.0/21
94.139.244.0/22
94.139.244.0/23
94.139.246.0/23
95.142.192.0/20
95.142.192.0/21
95.142.200.0/21
95.163.180.0/22
95.163.180.0/23
95.163.182.0/23
95.163.208.0/21
95.163.208.0/23
95.163.210.0/23
95.163.212.0/22
95.163.216.0/22
95.163.216.0/23
95.163.218.0/23
95.163.248.0/21
95.163.248.0/22
95.163.252.0/23
95.163.254.0/23
95.163.32.0/19
95.163.32.0/22
95.163.36.0/22
95.163.40.0/21
95.163.48.0/20
95.213.0.0/17
95.213.0.0/20
95.213.16.0/21
95.213.24.0/23
95.213.26.0/24
95.213.27.0/24
95.213.28.0/24
95.213.29.0/24
95.213.30.0/24
95.213.31.0/24
95.213.32.0/24
95.213.33.0/24
95.213.34.0/23
95.213.36.0/22
95.213.40.0/21
95.213.48.0/20
95.213.64.0/18

128
blacklists/blacklist.txt
View File

@@ -30,6 +30,7 @@
128.140.170.0/24
128.140.171.0/24
128.140.172.0/22
128.140.173.0/24
130.49.224.0/19
145.255.238.240/28
146.185.208.0/22
@@ -41,13 +42,28 @@
149.62.55.240/30
155.212.192.0/20
176.109.0.0/21
176.109.0.0/24
176.109.1.0/24
176.109.2.0/24
176.109.3.0/24
176.109.5.0/24
176.109.6.0/24
176.112.168.0/21
176.116.112.0/22
176.116.96.0/20
178.16.156.148/30
178.17.176.0/23
178.17.178.0/23
178.17.180.0/23
178.17.182.0/23
178.20.234.224/29
178.22.88.0/21
178.22.88.0/24
178.22.89.0/26
178.22.89.128/25
178.22.89.64/26
178.22.90.0/24
178.22.91.0/24
178.22.92.0/23
178.22.94.0/23
178.237.16.0/20
178.237.16.0/21
@@ -59,6 +75,7 @@
178.237.240.0/20
178.237.248.0/21
178.237.28.0/24
178.237.29.0/24
178.237.30.0/23
178.248.232.137/32
178.248.232.60/32
@@ -105,16 +122,21 @@
185.130.112.0/23
185.130.114.0/23
185.131.68.0/22
185.131.68.0/23
185.149.160.0/24
185.149.161.0/24
185.149.162.0/24
185.149.163.0/24
185.16.10.0/23
185.16.148.0/22
185.16.148.0/23
185.16.150.0/23
185.16.244.0/22
185.16.244.0/23
185.16.246.0/23
185.16.246.0/24
185.16.247.0/24
185.16.8.0/23
185.168.60.0/24
185.168.61.0/24
185.168.62.0/24
@@ -182,17 +204,21 @@
188.93.56.0/24
188.93.57.0/24
188.93.58.0/24
188.93.59.0/24
188.93.60.0/24
188.93.61.0/24
188.93.62.0/24
188.93.63.0/24
193.203.40.0/22
193.232.70.0/24
193.33.230.0/23
193.47.146.0/24
194.140.247.0/25
194.140.247.128/25
194.150.202.0/23
194.165.22.0/23
194.186.112.80/28
194.186.63.0/24
194.190.9.0/24
194.215.248.0/24
194.226.116.0/22
@@ -224,11 +250,15 @@
195.182.155.164/30
195.182.156.96/30
195.209.120.0/22
195.209.122.0/24
195.209.123.0/24
195.211.20.0/22
195.211.20.0/23
195.211.22.0/24
195.211.23.0/24
195.218.175.40/29
195.218.190.0/23
195.226.203.0/24
195.239.113.0/24
195.239.247.0/24
195.239.80.32/29
@@ -249,6 +279,7 @@
195.98.43.104/29
195.98.73.56/29
195.98.77.100/30
212.111.84.0/22
212.119.174.0/24
212.119.175.0/24
212.120.169.48/29
@@ -272,8 +303,15 @@
212.17.8.176/29
212.17.9.144/28
212.192.156.0/22
212.192.156.0/24
212.192.157.0/24
212.192.158.0/24
212.23.85.48/30
212.23.85.56/29
212.233.120.0/22
212.233.72.0/21
212.233.88.0/21
212.233.96.0/22
212.32.198.64/29
212.48.134.192/26
212.48.138.240/28
@@ -378,6 +416,8 @@
213.172.27.252/30
213.172.30.136/30
213.172.4.192/26
213.176.232.0/23
213.176.234.0/23
213.177.111.0/24
213.183.253.56/29
213.219.212.0/22
@@ -433,9 +473,7 @@
217.106.203.88/29
217.106.93.192/26
217.106.95.112/28
217.107.0.0/18
217.107.200.0/21
217.107.208.0/20
217.107.5.112/29
217.107.5.16/29
217.107.5.24/29
@@ -451,7 +489,7 @@
217.16.16.0/21
217.16.24.0/21
217.172.18.0/23
217.172.20.0/22
217.174.188.0/22
217.174.188.0/23
217.195.92.16/28
217.195.93.144/29
@@ -466,10 +504,7 @@
217.20.158.0/24
217.20.159.0/24
217.20.86.128/26
217.20.86.192/27
217.20.86.224/29
217.20.86.232/29
217.20.86.240/28
217.23.88.168/29
217.23.88.248/29
217.27.142.176/30
@@ -478,12 +513,33 @@
217.67.177.208/29
217.69.128.0/20
217.69.128.0/21
217.69.132.0/24
217.69.136.0/21
2a00:1148::/29
2a00:1148::/32
2a00:a300::/32
2a00:b4c0::/32
2a00:bdc0:8000::/34
2a00:bdc0::/33
2a00:bdc0:c000::/35
2a00:bdc0:e002::/48
2a00:bdc0:e003::/48
2a00:bdc0:e004::/48
2a00:bdc0:e005::/48
2a00:bdc0:e007::/48
2a00:bdc0:f000::/36
2a00:bdc1::/32
2a00:bdc2::/31
2a00:bdc4::/30
2a0c:a9c7:156::/48
2a0c:a9c7:157::/48
2a0c:a9c7:158::/48
2a14:25c0::/32
2a14:25c5::/32
2a14:25c6::/32
2a14:25c7::/32
31.148.205.0/24
31.177.104.0/22
31.177.95.0/24
31.44.63.64/29
37.139.32.0/22
@@ -505,8 +561,8 @@
45.84.130.0/23
46.20.70.160/28
46.228.0.232/29
46.245.234.0/24
46.29.152.0/22
46.29.156.0/23
46.46.142.160/28
46.46.148.40/29
46.47.197.128/30
@@ -549,20 +605,31 @@
5.61.239.64/26
62.105.158.200/29
62.112.110.64/28
62.118.0.208/28
62.118.101.184/29
62.118.113.232/29
62.118.125.188/30
62.118.127.240/28
62.118.15.16/28
62.118.17.152/29
62.118.19.112/30
62.118.19.40/30
62.118.193.8/29
62.118.205.68/30
62.118.208.100/30
62.118.209.192/30
62.118.21.160/29
62.118.216.60/30
62.118.219.184/30
62.118.230.4/30
62.118.233.224/29
62.118.234.64/29
62.118.239.128/29
62.118.25.112/28
62.118.37.168/30
62.118.37.180/30
62.118.37.4/30
62.118.38.212/30
62.141.125.0/25
62.217.160.0/20
62.217.160.0/21
@@ -571,6 +638,7 @@
62.33.199.80/29
62.33.34.16/28
62.33.87.128/28
62.33.87.152/29
62.5.130.104/29
62.5.132.224/29
62.5.189.80/29
@@ -618,6 +686,9 @@
79.137.139.0/24
79.137.139.0/25
79.137.139.128/25
79.137.140.0/24
79.137.142.0/24
79.137.157.0/24
79.137.157.0/25
79.137.157.128/25
79.137.164.0/24
@@ -637,6 +708,9 @@
79.137.240.0/22
79.137.244.0/22
79.142.88.0/28
79.143.229.0/24
79.143.230.0/24
79.143.232.0/24
80.237.11.88/29
80.237.39.112/29
80.237.98.80/28
@@ -646,6 +720,8 @@
80.254.100.40/29
80.254.119.168/29
80.73.16.0/20
80.73.16.0/21
80.73.16.0/24
80.73.168.80/28
80.73.169.244/30
80.82.43.24/29
@@ -698,6 +774,7 @@
81.222.209.136/29
81.222.210.24/29
81.3.168.148/30
82.110.69.200/29
82.140.65.240/29
82.142.162.104/29
82.151.107.136/29
@@ -783,7 +860,6 @@
85.141.60.96/28
85.141.61.160/28
85.143.125.0/24
85.146.204.44/30
85.192.32.0/22
85.192.32.0/23
85.192.34.0/23
@@ -850,6 +926,8 @@
87.240.128.0/18
87.240.128.0/19
87.240.160.0/19
87.240.166.0/24
87.240.167.0/24
87.242.112.0/22
87.245.133.0/24
87.249.16.32/28
@@ -917,6 +995,11 @@
89.21.152.104/29
89.221.228.0/22
89.221.232.0/21
89.221.232.0/22
89.221.233.0/24
89.221.234.0/24
89.221.235.0/24
89.221.236.0/22
89.28.253.168/29
89.28.255.56/29
90.150.176.52/30
@@ -939,6 +1022,7 @@
90.156.148.0/22
90.156.148.0/23
90.156.150.0/23
90.156.151.0/24
90.156.212.0/22
90.156.212.0/23
90.156.214.0/23
@@ -946,13 +1030,27 @@
90.156.216.0/23
90.156.218.0/23
90.156.232.0/21
90.156.248.0/22
91.103.194.184/29
91.135.212.0/22
91.135.216.0/21
91.135.220.0/24
91.135.221.0/24
91.195.136.0/23
91.208.20.0/24
91.215.168.0/22
91.217.34.0/23
91.219.192.0/22
91.219.224.0/22
91.221.140.0/23
91.221.140.0/24
91.221.141.0/24
91.226.250.0/24
91.227.32.0/24
91.231.132.0/22
91.231.132.0/24
91.231.133.0/24
91.231.134.0/24
91.237.76.0/24
92.101.253.152/29
92.101.253.96/29
@@ -964,6 +1062,7 @@
92.50.198.72/30
92.50.219.136/29
92.50.238.224/29
92.60.186.0/28
93.153.134.112/29
93.153.135.88/30
93.153.136.132/30
@@ -997,6 +1096,7 @@
94.124.192.192/29
94.139.244.0/22
94.139.244.0/23
94.139.244.0/24
94.139.246.0/23
94.199.64.0/21
94.25.119.228/30
@@ -1013,6 +1113,9 @@
95.142.201.0/24
95.142.202.0/24
95.142.203.0/24
95.142.204.0/23
95.142.207.0/24
95.163.133.0/24
95.163.180.0/22
95.163.180.0/23
95.163.182.0/23
@@ -1050,7 +1153,6 @@
95.167.5.80/28
95.167.54.76/30
95.167.59.244/30
95.167.59.248/30
95.167.64.20/30
95.167.68.216/29
95.167.69.116/30
@@ -1068,6 +1170,7 @@
95.173.128.0/20
95.173.144.0/20
95.213.0.0/17
95.213.0.0/18
95.213.0.0/20
95.213.16.0/21
95.213.24.0/23
@@ -1082,7 +1185,12 @@
95.213.34.0/23
95.213.36.0/22
95.213.40.0/21
95.213.44.0/24
95.213.45.0/24
95.213.48.0/20
95.213.64.0/18
95.47.189.0/24
95.47.191.0/24
95.47.244.0/24
95.53.248.0/29
95.54.193.80/28

407
blacklists/blacklist_with_comments.txt
View File

@@ -1,39 +1,245 @@
# Networks announced by AS28709
# AS-Name (ORG): VKONTAKTE-REGIONAL-CDN (LLC VK)
95.142.203.0/24
185.32.249.0/24
# AS-Name (ORG): VKONTAKTE-REGIONAL-CDN (VKontakte Ltd)
2a00:bdc0:e005::/48
178.237.21.0/24
128.140.170.0/24
2a00:bdc0:e007::/48
178.237.22.0/24
185.32.251.0/24
95.142.202.0/24
2a00:bdc0:e004::/48
2a00:bdc0:e003::/48
2a00:bdc0:e002::/48
95.142.201.0/24
178.237.24.0/24
178.237.28.0/24
# Networks announced by AS28709
# AS-Name (ORG): VKONTAKTE-REGIONAL-CDN (LLC VK)
95.142.203.0/24
185.32.249.0/24
2a00:bdc0:e005::/48
178.237.21.0/24
128.140.170.0/24
2a00:bdc0:e007::/48
178.237.22.0/24
185.32.251.0/24
95.142.202.0/24
2a00:bdc0:e004::/48
2a00:bdc0:e003::/48
2a00:bdc0:e002::/48
185.32.251.0/24
95.142.201.0/24
178.237.21.0/24
185.32.249.0/24
178.237.22.0/24
2a00:bdc0:e003::/48
178.237.24.0/24
178.237.28.0/24
128.140.170.0/24
95.142.202.0/24
2a00:bdc0:e002::/48
# Networks announced by AS34500
# AS-Name (ORG): CTSPI (FGUP CTSPI MGA Russia)
80.73.16.0/21
80.73.16.0/20
80.73.16.0/24
# Networks announced by AS43038
# AS-Name (ORG): TVK-AS (MTS PJSC)
79.143.229.0/24
213.176.232.0/23
195.226.203.0/24
178.17.182.0/23
213.176.234.0/23
178.17.178.0/23
178.17.180.0/23
178.17.176.0/23
91.208.20.0/24
79.143.232.0/24
193.33.230.0/23
79.143.230.0/24
# Networks announced by AS43720
# AS-Name (ORG): TVK-AS (MTS OJSC)
91.195.136.0/23
91.135.212.0/22
91.135.221.0/24
91.135.216.0/21
91.135.220.0/24
# Networks announced by AS47541
# AS-Name (ORG): VKONTAKTE-SPB-AS (VKontakte Ltd)
79.137.183.0/24
95.213.0.0/17
79.137.139.0/24
91.231.132.0/24
95.142.192.0/20
93.186.232.0/21
2a14:25c7::/32
95.213.45.0/24
95.213.0.0/18
2a00:bdc2::/31
91.231.134.0/24
185.32.248.0/22
2a00:bdc4::/30
87.240.167.0/24
87.240.128.0/18
95.213.44.0/24
91.231.133.0/24
2a00:bdc0::/33
2a00:bdc0:8000::/34
87.240.166.0/24
185.131.68.0/23
79.137.164.0/24
2a00:bdc1::/32
95.142.192.0/21
79.137.180.0/24
217.69.132.0/24
2a00:bdc0:c000::/35
93.186.224.0/21
2a14:25c5::/32
# Networks announced by AS47542
# AS-Name (ORG): VKONTAKTE-MSK-CDN-AS (VKontakte Ltd)
87.240.167.0/24
95.213.45.0/24
87.240.166.0/24
95.142.207.0/24
95.213.44.0/24
95.142.204.0/23
128.140.173.0/24
2a00:bdc0:f000::/36
# Networks announced by AS47764
# AS-Name (ORG): VK-AS (LLC VK)
45.136.20.0/22
217.16.16.0/20
5.61.232.0/21
90.156.151.0/24
83.217.216.0/22
90.156.148.0/22
2a00:1148::/29
2a14:25c0::/32
195.218.190.0/23
89.221.228.0/22
90.156.232.0/21
178.22.88.0/21
146.185.240.0/22
195.211.20.0/22
146.185.208.0/22
217.174.188.0/22
95.163.208.0/21
185.226.52.0/22
178.237.29.0/24
79.137.174.0/23
91.219.224.0/22
45.84.128.0/22
128.140.168.0/21
185.16.247.0/24
89.208.220.0/22
178.237.16.0/20
89.221.235.0/24
185.131.68.0/22
188.93.56.0/21
91.231.133.0/24
185.16.244.0/22
89.221.236.0/22
5.61.16.0/21
212.233.120.0/22
109.120.188.0/22
185.16.148.0/22
79.137.157.0/24
87.239.104.0/21
130.49.224.0/19
89.208.196.0/22
89.208.208.0/22
185.5.136.0/22
155.212.192.0/20
185.86.144.0/22
212.233.96.0/22
185.187.63.0/24
194.186.63.0/24
87.242.112.0/22
90.156.216.0/22
2a14:25c6::/32
94.100.176.0/20
89.208.218.0/23
185.16.246.0/24
213.219.212.0/22
91.231.134.0/24
185.241.192.0/22
212.111.84.0/22
62.217.160.0/20
89.208.228.0/22
2a00:b4c0::/32
212.233.88.0/21
2a00:1148::/32
176.112.168.0/21
185.180.200.0/22
31.177.104.0/22
91.231.132.0/22
94.139.244.0/22
5.181.60.0/22
83.166.248.0/21
84.23.52.0/22
90.156.212.0/22
95.163.133.0/24
217.20.144.0/20
94.139.244.0/24
5.181.61.0/24
217.69.128.0/20
95.163.248.0/21
212.233.72.0/21
89.208.84.0/22
83.222.28.0/22
5.101.40.0/22
185.100.104.0/22
193.203.40.0/22
83.166.232.0/21
95.163.180.0/22
89.221.232.0/22
5.188.140.0/22
89.208.216.0/23
95.163.32.0/19
79.137.240.0/21
185.16.244.0/23
109.120.180.0/22
37.139.40.0/22
85.192.32.0/22
185.130.112.0/22
37.139.32.0/22
95.163.216.0/22
# Networks announced by AS49281
# AS-Name (ORG): M100 (M100 LLC)
2a00:a300::/32
85.198.106.0/24
# Networks announced by AS49797
# AS-Name (ORG): NESSLY (LLC VK)
79.137.142.0/24
# Networks announced by AS49988
# AS-Name (ORG): odkl-as (LLC VK)
79.137.140.0/24
85.198.107.0/24
# Networks announced by AS51932
# AS-Name (ORG): ORVD-AS (FGUP Goskorporatsiya po OrVD)
91.221.140.0/23
91.221.140.0/24
91.221.141.0/24
# Networks announced by AS57835
# AS-Name (ORG): FGUP-ELEKTROSVYAZ-AS (JSC ELEKTROSVYAZ)
176.109.3.0/24
176.109.0.0/24
176.109.2.0/24
176.109.6.0/24
176.109.5.0/24
176.109.1.0/24
# Networks announced by AS57973
# AS-Name (ORG): CLOUDGAMING-REGION-AS (LLC VK)
195.211.22.0/24
89.221.233.0/24
46.245.234.0/24
89.221.234.0/24
# Networks announced by AS60863
# AS-Name (ORG): VK-AS (LLC VK)
185.6.244.0/22
# Networks announced by AS61280
# AS-Name (ORG): CMU_GRCHC (FGUP "GRCHC")
2a0c:a9c7:157::/48
2a0c:a9c7:156::/48
212.192.158.0/24
185.224.231.0/24
195.209.122.0/24
185.224.230.0/24
2a0c:a9c7:158::/48
185.224.228.0/24
212.192.156.0/24
195.209.123.0/24
212.192.157.0/24
185.224.229.0/24
# Networks announced by AS62243
# AS-Name (ORG): VKONTAKTE-SPBZN-AS (VKontakte Ltd)
185.29.130.0/24
# Networks announced by AS62331
# AS-Name (ORG): TVK-AS (Media Holding TVK Ltd.)
95.47.189.0/24
95.47.191.0/24
95.47.244.0/24
31.148.205.0/24
# Networks announced by AS197153
# AS-Name (ORG): guvd (Glavnoe Upravlenie Vnutrennih Del po Sverdlovskoi Oblasti)
91.217.34.0/23
# Network name: Roskomnadzor-net
46.228.0.232/29
87.226.213.0/24
@@ -42,11 +248,10 @@
78.108.200.0/24
# Network name: RU-RTCOMM-20001220
217.106.0.0/16
217.107.0.0/18
217.107.200.0/21
217.107.208.0/20
# Network name: MMT
46.61.208.0/24
82.110.69.200/29
# Network name: RTCOMM-GNIVC
81.176.70.0/26
81.176.235.0/27
@@ -58,7 +263,6 @@
95.173.128.0/20
95.173.144.0/20
176.116.96.0/20
176.116.112.0/22
185.183.172.0/23
185.183.174.0/23
194.226.80.0/21
@@ -79,7 +283,6 @@
95.173.128.0/20
95.173.144.0/20
176.116.96.0/20
176.116.112.0/22
185.183.172.0/23
185.183.174.0/23
194.226.80.0/21
@@ -92,6 +295,7 @@
62.28.169.168/30
77.72.139.0/28
87.226.191.0/24
92.60.186.0/28
109.204.204.232/29
194.215.248.0/24
# Network name: ATLASNSK
@@ -103,8 +307,6 @@
# Network name: NCPLG-NET
85.90.98.144/30
194.150.202.0/23
# Network name: vei
85.146.204.44/30
# Network name: FSKN-Vologda
95.167.76.160/27
# Network name: RU-CHUVASHIA-NALOG
@@ -166,7 +368,6 @@
95.173.128.0/20
95.173.144.0/20
176.116.96.0/20
176.116.112.0/22
185.183.172.0/23
185.183.174.0/23
194.226.80.0/21
@@ -176,7 +377,6 @@
# Network name: RU_FSKN
92.50.198.72/30
95.167.59.244/30
95.167.59.248/30
# Network name: UMNS-NOVGOROD
213.59.91.48/29
# Network name: FOMS
@@ -198,7 +398,6 @@
217.106.147.8/29
# Network name: GLAVNIVZ
46.29.152.0/22
46.29.156.0/23
185.168.60.0/24
185.168.61.0/24
185.168.62.0/24
@@ -236,10 +435,7 @@
94.25.70.64/30
# Network name: MNSHMAO
217.20.86.128/26
217.20.86.192/27
217.20.86.224/29
217.20.86.232/29
217.20.86.240/28
# Network name: UMNS-TUMEN
213.59.59.120/29
213.59.59.144/29
@@ -378,7 +574,6 @@
77.37.128.0/17
# Network name: STARNET-VPN
217.172.18.0/23
217.172.20.0/22
# Network name: CCC-HC
89.111.176.0/22
# Network name: RU-NIC-HOSTING
@@ -403,22 +598,70 @@
45.136.20.0/22
# NET-Name: 62.217.160.0/20 RU-NETBRIDGE-20020410 (LLC VK)
62.217.160.0/20
# NET-Name: 79.137.132.0/24 RU-VKONTAKTE-20071018 (LLC VK)
# NET-Name: 79.137.132.0/24 RU-VKONTAKTE-20071018 (VKontakte Ltd)
79.137.132.0/24
# NET-Name: 79.137.139.0/24 RU-VKONTAKTE-20071018 (LLC VK)
# NET-Name: 79.137.139.0/24 RU-VKONTAKTE-20071018 (VKontakte Ltd)
79.137.139.0/24
# NET-Name: 79.137.164.0/24 RU-VKONTAKTE-20071018 (LLC VK)
# NET-Name: 79.137.164.0/24 RU-VKONTAKTE-20071018 (VKontakte Ltd)
79.137.164.0/24
# NET-Name: 79.137.167.0/24 RU-VKONTAKTE-20071018 (LLC VK)
# NET-Name: 79.137.167.0/24 RU-VKONTAKTE-20071018 (VKontakte Ltd)
79.137.167.0/24
# NET-Name: 79.137.174.0/23 RU-NETBRIDGE-20071018 (LLC VK)
79.137.174.0/23
# NET-Name: 79.137.180.0/24 RU-VKONTAKTE-20071018 (LLC VK)
# NET-Name: 79.137.180.0/24 RU-VKONTAKTE-20071018 (VKontakte Ltd)
79.137.180.0/24
# NET-Name: 79.137.240.0/21 RU-NETBRIDGE-20071018 (LLC VK)
79.137.240.0/21
# NET-Name: 80.73.16.0/20 RU-CTSPI-20050201 (FGUP CTSPI MGA Russia)
80.73.16.0/20
# NET-Name: 83.166.232.0/21 RU-NETBRIDGE-20040611 (LLC VK)
83.166.232.0/21
# NET-Name: 83.166.248.0/21 RU-NETBRIDGE-20040611 (LLC VK)
83.166.248.0/21
# NET-Name: 83.217.216.0/22 RU-NETBRIDGE-20040310 (LLC VK)
83.217.216.0/22
# NET-Name: 83.222.28.0/22 RU-ODNOKLASSNIKI-20040421 (LLC VK)
83.222.28.0/22
# NET-Name: 84.23.52.0/22 RU-NETBRIDGE-20041012 (LLC VK)
84.23.52.0/22
# NET-Name: 85.192.32.0/22 RU-NETBRIDGE-20041206 (LLC VK)
85.192.32.0/22
# NET-Name: 87.239.104.0/21 RU-NETBRIDGE-20060104 (LLC VK)
87.239.104.0/21
# NET-Name: 87.240.128.0/18 RU-VKONTAKTE-20091223 (VKontakte Ltd)
87.240.128.0/18
# NET-Name: 87.242.112.0/22 RU-ODNOKLASSNIKI-20050722 (LLC VK)
87.242.112.0/22
# NET-Name: 89.208.84.0/22 RU-NETBRIDGE-20060418 (LLC VK)
89.208.84.0/22
# NET-Name: 89.208.196.0/22 RU-NETBRIDGE-20060418 (LLC VK)
89.208.196.0/22
# NET-Name: 89.208.208.0/22 RU-NETBRIDGE-20060418 (LLC VK)
89.208.208.0/22
# NET-Name: 89.208.216.0/21 RU-NETBRIDGE-20060418 (LLC VK)
89.208.216.0/21
# NET-Name: 89.208.228.0/22 RU-NETBRIDGE-20060418 (LLC VK)
89.208.228.0/22
# NET-Name: 89.221.228.0/22 RU-NETBRIDGE-20061011 (LLC VK)
89.221.228.0/22
# NET-Name: 89.221.232.0/21 RU-NETBRIDGE-20061011 (LLC VK)
89.221.232.0/21
# NET-Name: 90.156.148.0/22 RU-NETBRIDGE-20061117 (LLC VK)
90.156.148.0/22
# NET-Name: 90.156.212.0/22 RU-NETBRIDGE-20061117 (LLC VK)
90.156.212.0/22
# NET-Name: 90.156.216.0/22 RU-NETBRIDGE-20061117 (LLC VK)
90.156.216.0/22
# NET-Name: 90.156.232.0/21 RU-NETBRIDGE-20061117 (LLC VK)
90.156.232.0/21
# NET-Name: 90.156.248.0/22 RU-NETBRIDGE-20061117 (LLC VK)
90.156.248.0/22
# NET-Name: 91.217.34.0/23 GUVD (Glavnoe Upravlenie Vnutrennih Del po Sverdlovskoi Oblasti)
91.217.34.0/23
# NET-Name: 91.221.140.0/23 ORVD-NET (FGUP Goskorporatsiya po OrVD)
91.221.140.0/23
# NET-Name: 91.231.132.0/22 RU-NETBRIDGE (LLC VK)
91.231.132.0/22
# NET-Name: 212.57.133.0/24 CHUVD ROSTELECOM-MNT () [Computing Center of Regional Police Department of Chelyabinsk region]
212.57.133.0/24
# NET-Name: 213.147.55.108/30 CONNECTORS MTU-NOC () [Subnetwork for TM10068-RIPE]
@@ -467,15 +710,21 @@
195.54.20.168/29
# NET-Name: 195.98.77.100/30 VRNFGUPIPF-NET IC-VORONEZH-MNT () [IPF Voronezh Voronezh]
195.98.77.100/30
# NET-Name: 62.118.25.112/28 FGUP-NII-truda-i-social-nogo-strahovaniya MTU-NOC () [FGUP "NII truda i social'nogo strahovaniya" Moscow, Russia]
62.118.25.112/28
# NET-Name: 62.118.15.16/28 FGUP-Rosstrojizyskaniya MTU-NOC () [FGUP "Rosstrojizyskaniya" Moscow, Russia]
62.118.15.16/28
# NET-Name: 62.118.0.208/28 FGUP-MEZ-MPS-Rossii MTU-NOC () [FGUP MEZ MPS Rossii Moscow, Russia]
62.118.0.208/28
# NET-Name: 81.17.2.192/28 NEXCOM-NET TRON-MNT () [Ekaterinburg, Company Tron Clients Ethernet, GUVD]
81.17.2.192/28
# NET-Name: 81.17.3.16/29 NEXCOM-GUVD TRON-MNT () [Ekaterinburg, Company Tron Clients Ethernet, GUVD]
81.17.3.16/29
# NET-Name: 212.120.184.48/29 GIBDD-GUVD-PERM ROSTELECOM-MNT () [Traffic police regiment of the Municipal Department of Internal Affairs on the Perm edge Perm region, Russia 38, Sovetskaya str., Chaikovskiy,]
# NET-Name: 212.120.184.48/29 GIBDD-GUVD-PERM MFIST-MNT () [Traffic police regiment of the Municipal Department of Internal Affairs on the Perm edge Perm region, Russia 38, Sovetskaya str., Chaikovskiy,]
212.120.184.48/29
# NET-Name: 212.120.184.64/29 GIBDD-GUVD-PERM ROSTELECOM-MNT () [Traffic police regiment of the Municipal Department of Internal Affairs on the Perm edge Perm, Russia]
# NET-Name: 212.120.184.64/29 GIBDD-GUVD-PERM MFIST-MNT () [Traffic police regiment of the Municipal Department of Internal Affairs on the Perm edge Perm, Russia]
212.120.184.64/29
# NET-Name: 212.120.190.112/29 GIBDD-GUVD-PERM ROSTELECOM-MNT () [Traffic police regiment of the Municipal Department of Internal Affairs on the Perm edge Perm region, Russia 27, Karla Marksa str., Kungur,]
# NET-Name: 212.120.190.112/29 GIBDD-GUVD-PERM MFIST-MNT () [Traffic police regiment of the Municipal Department of Internal Affairs on the Perm edge Perm region, Russia 27, Karla Marksa str., Kungur,]
212.120.190.112/29
# NET-Name: 82.200.22.144/28 fgup_omo_network ZSTTK-MNT () [FGUP OMO im.Baranova West Siberia, Russia]
82.200.22.144/28
@@ -555,7 +804,7 @@
213.242.215.68/30
# NET-Name: 85.90.120.72/29 Rostehinventarizaciya-NET MNT-TELECOM-TZ () [FGUP "Rostehinventarizaciya"]
85.90.120.72/29
# NET-Name: 212.120.174.88/29 GIBDD-GUVD-PERM ROSTELECOM-MNT () [Traffic police regiment of the Municipal Department of Internal Affairs on the Perm edge Perm region, Russia 67, Lunacharskogo str., Nytva,]
# NET-Name: 212.120.174.88/29 GIBDD-GUVD-PERM MFIST-MNT () [Traffic police regiment of the Municipal Department of Internal Affairs on the Perm edge Perm region, Russia 67, Lunacharskogo str., Nytva,]
212.120.174.88/29
# NET-Name: 85.90.102.168/29 ZARUBEZhUGOL-NET MNT-TELECOM-TZ () [FGUP Vneshneekonomicheskoe Ob'edinenie "ZARUBEZhUGOL'"]
85.90.102.168/29
@@ -573,7 +822,7 @@
212.48.138.240/28
# NET-Name: 62.63.98.24/29 Moselectrotyagstroy-Net ARTX-RIPE-MNT () [SMP 643 Filial FGUP "Trest Moselectrotyagstroy" Moscow]
62.63.98.24/29
# NET-Name: 212.120.169.48/29 GIBDD-GUVD-PERM ROSTELECOM-MNT () [Traffic police regiment of the Municipal Department of Internal Affairs on the Perm edge Perm, Russia 80, Gagarina park., Perm,]
# NET-Name: 212.120.169.48/29 GIBDD-GUVD-PERM MFIST-MNT () [Traffic police regiment of the Municipal Department of Internal Affairs on the Perm edge Perm, Russia 80, Gagarina park., Perm,]
212.120.169.48/29
# NET-Name: 85.90.127.16/29 Zarubezhatomenergostroy-NET MNT-TELECOM-TZ () [FGUP "VPO "Zarubezhatomenergostroy"]
85.90.127.16/29
@@ -583,10 +832,16 @@
89.109.250.28/30
# NET-Name: 85.90.125.96/29 NICITEP-NET MNT-TELECOM-TZ () [FGUP NIC ITEP]
85.90.125.96/29
# NET-Name: 62.118.37.180/30 FGUP-CNIIGAIK MTU-NOC () [FGUP CNIIGAiK Moscow, Russia]
62.118.37.180/30
# NET-Name: 81.195.177.160/30 MTU-CUST-392C6D30 MTU-NOC () [FGUP "Giprozheldorstroj"]
81.195.177.160/30
# NET-Name: 62.118.38.212/30 MTU-CUST-1A3A43A6 MTU-NOC () [FGUP "Centr komplektacii uchebnih zavedenij"]
62.118.38.212/30
# NET-Name: 62.5.218.204/30 MTU-CUST-ECCC30E8 MTU-NOC () [FGUP "GOSGISCENTR"]
62.5.218.204/30
# NET-Name: 62.118.37.168/30 MTU-CUST-ECCC30E8 MTU-NOC () [FGUP "GOSGISCENTR"]
62.118.37.168/30
# NET-Name: 62.118.234.64/29 MTU-CUST-22A9114E MTU-NOC () [FGUP Eksperimentalnij optiko-mehanicheskij zavod]
62.118.234.64/29
# NET-Name: 62.118.219.184/30 MTU-CUST-111E7A6D MTU-NOC () [FGUP "Mos.zavod po obrabotke spec. splavov"]
@@ -603,6 +858,8 @@
81.195.45.64/30
# NET-Name: 62.5.189.80/29 MTU-CUST-896A2DE8 MTU-NOC () [FGUP "Filmofond kinostudii "Sojuzmultfilm"]
62.5.189.80/29
# NET-Name: 62.118.19.112/30 MTU-CUST-1A5806FD MTU-NOC () [FGUP "Zdraveksport"]
62.118.19.112/30
# NET-Name: 81.195.244.32/29 MTU-CUST-DFD35E9A MTU-NOC () [FGUP "Rusekotrans"]
81.195.244.32/29
# NET-Name: 62.118.209.192/30 MTU-CUST-0034780C MTU-NOC () [FGUP "Zavod "TOPAZ"]
@@ -615,12 +872,16 @@
195.42.75.8/29
# NET-Name: 81.195.124.52/30 MTU-CUST-F551ECEE MTU-NOC () [SU-334 FGUP "Tresta Moselektrotjagstroj"]
81.195.124.52/30
# NET-Name: 62.118.17.152/29 MTU-CUST-1EC64BF9 MTU-NOC () [FGUP GosNII OS]
62.118.17.152/29
# NET-Name: 62.118.193.8/29 MTU-CUST-40ACE85E MTU-NOC () [FGUP Izdatelstvo "Izvestija" UD P RF]
62.118.193.8/29
# NET-Name: 81.195.36.48/28 MTU-CUST-33EB33B2 MTU-NOC () [FGUP KBTM]
81.195.36.48/28
# NET-Name: 81.195.155.0/30 MTU-CUST-3C2C586F MTU-NOC () [FGUP Moskovskoe mashinostroitelnoe proizvodstvennoe predprijatie "Saljut"]
81.195.155.0/30
# NET-Name: 62.118.21.160/29 MTU-CUST-F43B8CF7 MTU-NOC () [FGUP "NPP VNIIEM"]
62.118.21.160/29
# NET-Name: 62.5.242.80/28 MTU-CUST-5250F868 MTU-NOC () [FGUP CNIIAG]
62.5.242.80/28
# NET-Name: 81.195.150.248/30 MTU-CUST-E232EA85 MTU-NOC () [427 UNR - filial FGUP "SU MVO MO RF"]
@@ -639,15 +900,19 @@
81.195.125.96/30
# NET-Name: 62.118.230.4/30 MTU-CUST-5F25932F MTU-NOC () [FGUP "NIIIT"]
62.118.230.4/30
# NET-Name: 62.118.37.4/30 MTU-CUST-AC3DCE8D MTU-NOC () [FGUP "Centrorgtrudavtotrans"]
62.118.37.4/30
# NET-Name: 81.195.182.64/28 MTU-CUST-B40F23BD MTU-NOC () [FGUP NIC ITEP]
81.195.182.64/28
# NET-Name: 62.118.19.40/30 MTU-CUST-42DE527C MTU-NOC () [FGUP "GosNII BP"]
62.118.19.40/30
# NET-Name: 81.195.50.72/29 MTU-CUST-A89FBE5D MTU-NOC () [FGUP ATEKS]
81.195.50.72/29
# NET-Name: 81.195.118.128/30 MTU-CUST-73D8C4FE MTU-NOC () [Stroitelno-montazhnij poezd N 250 filial FGUP "Trest Moselektrotjagstroj"]
81.195.118.128/30
# NET-Name: 195.170.218.24/29 INF-CLNT-TITAN INFOTEL-MNT () [CLIENT FGUP SKB Titan]
195.170.218.24/29
# NET-Name: 212.120.189.208/29 GIBDD-GUVD-PERM ROSTELECOM-MNT () [Traffic police regiment of the Municipal Department of Internal Affairs on the Perm edge Perm region, Russia 5, Entuziastov str., Krasnokamsk,]
# NET-Name: 212.120.189.208/29 GIBDD-GUVD-PERM MFIST-MNT () [Traffic police regiment of the Municipal Department of Internal Affairs on the Perm edge Perm region, Russia 5, Entuziastov str., Krasnokamsk,]
212.120.189.208/29
# NET-Name: 80.254.119.168/29 GUOVOUVD-SHAKHT-NET ROSTOV-TELEGRAF-MNT () [GU OVO UVD Shakhtu Shaxtu, Pariskoi Kommunu str., 85 Shaxtu, Rostovskaia oblast, 346500]
80.254.119.168/29
@@ -767,7 +1032,7 @@
195.54.221.0/24
# NET-Name: 195.131.7.8/29 UVDT-NET TI-MNT () [IP-Network for office]
195.131.7.8/29
# NET-Name: 80.82.43.24/29 FGUP-OHRANA-VO ROSTELECOM-MNT () [Filial FGUP "Ohrana" MVD Russia from Voronezh region]
# NET-Name: 80.82.43.24/29 FGUP-OHRANA-VO VSI-MNT () [Filial FGUP "Ohrana" MVD Russia from Voronezh region]
80.82.43.24/29
# NET-Name: 213.85.2.64/28 UTC-Novogorsk cnt-mnt () [FGUP UTC "Novogorsk"]
213.85.2.64/28
@@ -799,13 +1064,13 @@
78.37.69.160/27
# NET-Name: 93.153.194.160/29 FGUP-GOSZEMKADASTRSEMKA-LAN PSTAR-MNT () [FGUP Goszemkadastrsemka St.Petersburg JSC PeterStar]
93.153.194.160/29
# NET-Name: 195.54.28.72/30 OHRANA-MVD ROSTELECOM-MNT () [FGUP Ohrana 18, Severokrimskaya str., Chelyabinsk, Russia,]
# NET-Name: 195.54.28.72/30 OHRANA-MVD MFIST-MNT () [FGUP Ohrana 18, Severokrimskaya str., Chelyabinsk, Russia,]
195.54.28.72/30
# NET-Name: 62.63.100.160/30 ROSOBORONSTANDART-Net ARTX-RIPE-MNT () [FGUP "ROSOBORONSTANDART" Moscow, Russia]
62.63.100.160/30
# NET-Name: 92.39.106.20/30 VLG-UVD_Irk20 UNICO-MNT () [Volgograd Police Department]
92.39.106.20/30
# NET-Name: 212.57.159.0/24 UFPS ROSTELECOM-MNT () [FGUP "Pochta Rossii" Chelyabinsk, Russia]
# NET-Name: 212.57.159.0/24 UFPS MFIST-MNT () [FGUP "Pochta Rossii" Chelyabinsk, Russia]
212.57.159.0/24
# NET-Name: 94.25.57.224/28 UFSB ROSTELECOM-MNT () [JSC Rostelecom Client (city Rostov-na-Donu)]
94.25.57.224/28
@@ -905,6 +1170,8 @@
95.167.2.4/30
# NET-Name: 188.128.92.104/30 ANO_MBL_UVD_Tulskoy_oblasti ROSTELECOM-MNT () [Ticket 09-25058-1]
188.128.92.104/30
# NET-Name: 188.93.63.0/24 MY-GAMES VKCOMPANY-MNT () [my.games services ITT]
188.93.63.0/24
# NET-Name: 83.229.232.16/29 UVDTOMSK-SYNTERRA-NET TCNET-NOC () [Main Department of Internal Affairs of the Tomsk region]
83.229.232.16/29
# NET-Name: 89.175.8.192/30 FGUPOhrana COMSTAR-MNT () ["FGUP Ohrana" LLC]
@@ -971,6 +1238,8 @@
213.85.142.176/28
# NET-Name: 188.247.36.124/30 uvd UNICO-MNT () [krasnoarmeyskiy]
188.247.36.124/30
# NET-Name: 188.93.59.0/24 MY-GAMES VKCOMPANY-MNT () [my.games services NIVAL]
188.93.59.0/24
# NET-Name: 188.247.36.128/30 uvd UNICO-MNT () [arakskaya33]
188.247.36.128/30
# NET-Name: 188.247.36.132/30 uvd_volgorad_rokossovskogo8 UNICO-MNT () [police]
@@ -1035,6 +1304,8 @@
82.198.189.128/26
# NET-Name: 89.175.9.4/30 FGUPOhrana COMSTAR-MNT () [LLC "FGUP Ohrana"]
89.175.9.4/30
# NET-Name: 178.22.88.0/24 MY-GAMES VKCOMPANY-MNT () [my.games services ITT]
178.22.88.0/24
# NET-Name: 91.217.34.0/23 GUVD RIPE-NCC-END-MNT MNT-GUVD (ORG-GA230-RIPE) []
91.217.34.0/23
# NET-Name: 217.20.144.0/20 RU-ODNOKLASSNIKI-20100830 RIPE-NCC-HM-MNT VKCOMPANY-MNT (ORG-OL67-RIPE) []
@@ -1081,13 +1352,15 @@
93.153.183.104/30
# NET-Name: 188.128.89.0/30 FGUP_NIIR ROSTELECOM-MNT () [Ticket 09-10814-1]
188.128.89.0/30
# NET-Name: 88.83.195.248/30 FGUP-NET ROSTELECOM-MNT () [FGUP Ohrana Voronezh, Russia]
# NET-Name: 88.83.195.248/30 FGUP-NET VSI-MNT () [FGUP Ohrana Voronezh, Russia]
88.83.195.248/30
# NET-Name: 90.150.189.32/29 GIBDD-GUVD-PERM ROSTELECOM-MNT () [Traffic police regiment of the Municipal Department of Internal Affairs on the Perm edge Perm region, Russia 11, Kommunarov str., Lysva,]
# NET-Name: 178.22.92.0/23 MY-GAMES VKCOMPANY-MNT () [my.games services NIVAL]
178.22.92.0/23
# NET-Name: 90.150.189.32/29 GIBDD-GUVD-PERM MFIST-MNT () [Traffic police regiment of the Municipal Department of Internal Affairs on the Perm edge Perm region, Russia 11, Kommunarov str., Lysva,]
90.150.189.32/29
# NET-Name: 83.219.13.128/29 GIBDD-GUVD-PERM ROSTELECOM-MNT () [Traffic police regiment of the Municipal Department of Internal Affairs on the Perm edge Perm region, Russia 24, Karla Marksa str., Karagay,]
# NET-Name: 83.219.13.128/29 GIBDD-GUVD-PERM MFIST-MNT () [Traffic police regiment of the Municipal Department of Internal Affairs on the Perm edge Perm region, Russia 24, Karla Marksa str., Karagay,]
83.219.13.128/29
# NET-Name: 83.219.13.184/29 GIBDD-GUVD-PERM ROSTELECOM-MNT () [Traffic police regiment of the Municipal Department of Internal Affairs on the Perm edge Perm region, Russia 227, 20 let pobedy str., Solikamsk,]
# NET-Name: 83.219.13.184/29 GIBDD-GUVD-PERM MFIST-MNT () [Traffic police regiment of the Municipal Department of Internal Affairs on the Perm edge Perm region, Russia 227, 20 let pobedy str., Solikamsk,]
83.219.13.184/29
# NET-Name: 95.167.176.0/23 Pochta-Russia_Volgograd ROSTELECOM-MNT () [UFPS Sviazi Volgogradskoy Oblasti - Filial FGUP Pochta Rossii]
95.167.176.0/23
@@ -1195,6 +1468,12 @@
217.195.94.200/29
# NET-Name: 178.22.94.0/23 VK-FRONT VKCOMPANY-MNT () [VK Services]
178.22.94.0/23
# NET-Name: 178.22.89.0/26 MY-GAMES VKCOMPANY-MNT () [my.games services ITT]
178.22.89.0/26
# NET-Name: 178.22.90.0/24 MY-GAMES VKCOMPANY-MNT () [my.games services NIVAL]
178.22.90.0/24
# NET-Name: 178.22.91.0/24 MY-GAMES VKCOMPANY-MNT () [my.games services NIVAL]
178.22.91.0/24
# NET-Name: 188.93.61.0/24 VK-FRONT VKCOMPANY-MNT () [VK Services]
188.93.61.0/24
# NET-Name: 188.93.62.0/24 VK-FRONT VKCOMPANY-MNT () [VK Services]
@@ -1583,6 +1862,8 @@
95.163.212.0/22
# NET-Name: 178.22.89.64/26 VK-FRONT VKCOMPANY-MNT () [VK Services]
178.22.89.64/26
# NET-Name: 178.22.89.128/25 MY-GAMES VKCOMPANY-MNT () [my.games services ITT]
178.22.89.128/25
# NET-Name: 128.140.168.0/23 VK-FRONT VKCOMPANY-MNT () [VK Services]
128.140.168.0/23
# NET-Name: 128.140.171.0/24 VK-FRONT VKCOMPANY-MNT () [VK Services]
@@ -1591,7 +1872,9 @@
5.61.236.0/23
# NET-Name: 5.61.238.0/24 VK-FRONT VKCOMPANY-MNT () [VK Services]
5.61.238.0/24
# NET-Name: 95.163.32.0/22 VK-FRONT VKCOMPANY-MNT () [VK Services]
# NET-Name: 178.237.29.0/24 VK-FRONT VKCOMPANY-MNT () [VK Services]
178.237.29.0/24
# NET-Name: 95.163.32.0/22 MY-GAMES VKCOMPANY-MNT () [my.games services NIVAL]
95.163.32.0/22
# NET-Name: 95.163.36.0/22 VK-FRONT VKCOMPANY-MNT () [VK Services]
95.163.36.0/22
@@ -1665,6 +1948,8 @@
213.219.212.0/23
# NET-Name: 213.219.214.0/23 VKCS VKCOMPANY-MNT () [VK Cloud Solutions VK Hosting]
213.219.214.0/23
# NET-Name: 62.33.87.152/29 STAVROPOL2-NET TRANSTELECOM-MNT () [(RS000504) UFSB, Stavropol, Russia]
62.33.87.152/29
# NET-Name: 89.208.196.0/23 VKCS VKCOMPANY-MNT () [VK Cloud Solutions VK Hosting]
89.208.196.0/23
# NET-Name: 89.208.198.0/23 VKCS VKCOMPANY-MNT () [VK Cloud Solutions VK Hosting]
@@ -1817,6 +2102,10 @@
185.100.106.0/23
# NET-Name: 217.174.188.0/23 ODNOKLASSNIKI-FRONT VKCOMPANY-MNT () [Odnoklassniki Services]
217.174.188.0/23
# NET-Name: 185.16.8.0/23 MY-GAMES VKCOMPANY-MNT () [my.games services NIVAL]
185.16.8.0/23
# NET-Name: 185.16.10.0/23 MY-GAMES VKCOMPANY-MNT () [my.games services NIVAL]
185.16.10.0/23
# NET-Name: 84.23.52.0/23 VKCS VKCOMPANY-MNT () [VK Cloud Solutions VK Hosting]
84.23.52.0/23
# NET-Name: 84.23.54.0/23 VKCS VKCOMPANY-MNT () [VK Cloud Solutions VK Hosting]
@@ -1837,6 +2126,8 @@
95.163.218.0/23
# NET-Name: 195.211.20.0/22 RU-NETBRIDGE-20090909 RIPE-NCC-HM-MNT VKCOMPANY-MNT (ORG-LLCn4-RIPE) []
195.211.20.0/22
# NET-Name: 195.211.20.0/23 MY-GAMES VKCOMPANY-MNT () [my.games services NIVAL]
195.211.20.0/23
# NET-Name: 195.211.22.0/24 ODNOKLASSNIKI-FRONT VKCOMPANY-MNT () [Odnoklassniki Services]
195.211.22.0/24
# NET-Name: 195.211.23.0/24 M100-COLO VKCOMPANY-MNT () [M100 Colocation]

0
blacklists_iptables/.keep Normal file
View File

109
blacklists_iptables/README.md Normal file
View File

@@ -0,0 +1,109 @@
# IPTables/IPSet Blacklist Configurations
Auto-generated ipset configuration files for blocking networks and IP addresses with iptables/ip6tables.
## Available Files
### IPv4 Only
- **`blacklist-v4.ipset`** - Contains only IPv4 networks (806 entries)
### IPv6 Only
- **`blacklist-v6.ipset`** - Contains only IPv6 networks (3 entries)
### Mixed IPv4/IPv6
- **`blacklist.ipset`** - Contains both IPv4 and IPv6 sets (809 total entries)
## Usage
### 1. Load the IPSet
```bash
# For IPv4 only
ipset restore < blacklist-v4.ipset
# For IPv6 only
ipset restore < blacklist-v6.ipset
# For both IPv4 and IPv6 (loads both sets)
ipset restore < blacklist.ipset
```
### 2. Apply IPTables Rules
```bash
# For IPv4
iptables -I INPUT -m set --match-set blacklist-v4 src -j DROP
iptables -I FORWARD -m set --match-set blacklist-v4 src -j DROP
# For IPv6
ip6tables -I INPUT -m set --match-set blacklist-v6 src -j DROP
ip6tables -I FORWARD -m set --match-set blacklist-v6 src -j DROP
```
### 3. Persist Rules (Optional)
To make the rules persistent across reboots:
**On Debian/Ubuntu:**
```bash
# Save iptables rules
iptables-save > /etc/iptables/rules.v4
ip6tables-save > /etc/iptables/rules.v6
# Save ipset
ipset save > /etc/ipset.conf
```
**On RHEL/CentOS:**
```bash
# Save iptables rules
service iptables save
service ip6tables save
# Save ipset
ipset save > /etc/sysconfig/ipset
```
### 4. Update Existing Sets
To update the blacklist without restarting iptables:
```bash
# Flush and reload
ipset flush blacklist-v4
ipset restore < blacklist-v4.ipset
```
### 5. Remove Sets
```bash
# Remove IPv4 set
ipset flush blacklist-v4
ipset destroy blacklist-v4
# Remove IPv6 set
ipset flush blacklist-v6
ipset destroy blacklist-v6
```
## Performance Benefits
IPSet uses hash tables for O(1) lookup performance, making it ideal for large blacklists:
- Much faster than individual iptables rules
- Minimal CPU overhead
- Supports up to 65536 entries per set (configurable)
- Kernel-level implementation for maximum efficiency
## Automatic Updates
These files are automatically regenerated when the blacklists are updated via the GitHub Actions workflow.
## Source
Generated from the blacklist files in the `blacklists/` directory.

118
blacklists_iptables/blacklist-v4.ipset
View File

@@ -1,21 +1,21 @@
# IPSet blacklist configuration (IPv4 only)
# Auto-generated from blacklist-v4.txt
# Last updated: 2026-03-29 06:56:51 UTC
# Last updated: 2025-11-30 06:21:47 UTC
#
# Usage:
# 1. Load the ipset:
# ipset restore < blacklist-v4.ipset
#
# 2. Use with iptables/ip6tables:
# iptables -I INPUT -m set --match-set blacklist-v4 src -m conntrack --ctstate NEW -j DROP
# iptables -I FORWARD -m set --match-set blacklist-v4 src -m conntrack --ctstate NEW -j DROP
# iptables -I INPUT -m set --match-set blacklist-v4 src -j DROP
# iptables -I FORWARD -m set --match-set blacklist-v4 src -j DROP
#
# 3. To flush/delete the set:
# ipset flush blacklist-v4
# ipset destroy blacklist-v4
#
create blacklist-v4 hash:net family inet hashsize 1083 maxelem 2166
create blacklist-v4 hash:net family inet hashsize 1173 maxelem 2346
add blacklist-v4 109.120.180.0/22
add blacklist-v4 109.120.180.0/23
add blacklist-v4 109.120.182.0/23
@@ -48,6 +48,7 @@ add blacklist-v4 128.140.168.0/23
add blacklist-v4 128.140.170.0/24
add blacklist-v4 128.140.171.0/24
add blacklist-v4 128.140.172.0/22
add blacklist-v4 128.140.173.0/24
add blacklist-v4 130.49.224.0/19
add blacklist-v4 145.255.238.240/28
add blacklist-v4 146.185.208.0/22
@@ -59,13 +60,28 @@ add blacklist-v4 146.185.242.0/23
add blacklist-v4 149.62.55.240/30
add blacklist-v4 155.212.192.0/20
add blacklist-v4 176.109.0.0/21
add blacklist-v4 176.109.0.0/24
add blacklist-v4 176.109.1.0/24
add blacklist-v4 176.109.2.0/24
add blacklist-v4 176.109.3.0/24
add blacklist-v4 176.109.5.0/24
add blacklist-v4 176.109.6.0/24
add blacklist-v4 176.112.168.0/21
add blacklist-v4 176.116.112.0/22
add blacklist-v4 176.116.96.0/20
add blacklist-v4 178.16.156.148/30
add blacklist-v4 178.17.176.0/23
add blacklist-v4 178.17.178.0/23
add blacklist-v4 178.17.180.0/23
add blacklist-v4 178.17.182.0/23
add blacklist-v4 178.20.234.224/29
add blacklist-v4 178.22.88.0/21
add blacklist-v4 178.22.88.0/24
add blacklist-v4 178.22.89.0/26
add blacklist-v4 178.22.89.128/25
add blacklist-v4 178.22.89.64/26
add blacklist-v4 178.22.90.0/24
add blacklist-v4 178.22.91.0/24
add blacklist-v4 178.22.92.0/23
add blacklist-v4 178.22.94.0/23
add blacklist-v4 178.237.16.0/20
add blacklist-v4 178.237.16.0/21
@@ -77,6 +93,7 @@ add blacklist-v4 178.237.24.0/24
add blacklist-v4 178.237.240.0/20
add blacklist-v4 178.237.248.0/21
add blacklist-v4 178.237.28.0/24
add blacklist-v4 178.237.29.0/24
add blacklist-v4 178.237.30.0/23
add blacklist-v4 178.248.232.137/32
add blacklist-v4 178.248.232.60/32
@@ -123,16 +140,21 @@ add blacklist-v4 185.130.112.0/22
add blacklist-v4 185.130.112.0/23
add blacklist-v4 185.130.114.0/23
add blacklist-v4 185.131.68.0/22
add blacklist-v4 185.131.68.0/23
add blacklist-v4 185.149.160.0/24
add blacklist-v4 185.149.161.0/24
add blacklist-v4 185.149.162.0/24
add blacklist-v4 185.149.163.0/24
add blacklist-v4 185.16.10.0/23
add blacklist-v4 185.16.148.0/22
add blacklist-v4 185.16.148.0/23
add blacklist-v4 185.16.150.0/23
add blacklist-v4 185.16.244.0/22
add blacklist-v4 185.16.244.0/23
add blacklist-v4 185.16.246.0/23
add blacklist-v4 185.16.246.0/24
add blacklist-v4 185.16.247.0/24
add blacklist-v4 185.16.8.0/23
add blacklist-v4 185.168.60.0/24
add blacklist-v4 185.168.61.0/24
add blacklist-v4 185.168.62.0/24
@@ -200,17 +222,21 @@ add blacklist-v4 188.93.56.0/21
add blacklist-v4 188.93.56.0/24
add blacklist-v4 188.93.57.0/24
add blacklist-v4 188.93.58.0/24
add blacklist-v4 188.93.59.0/24
add blacklist-v4 188.93.60.0/24
add blacklist-v4 188.93.61.0/24
add blacklist-v4 188.93.62.0/24
add blacklist-v4 188.93.63.0/24
add blacklist-v4 193.203.40.0/22
add blacklist-v4 193.232.70.0/24
add blacklist-v4 193.33.230.0/23
add blacklist-v4 193.47.146.0/24
add blacklist-v4 194.140.247.0/25
add blacklist-v4 194.140.247.128/25
add blacklist-v4 194.150.202.0/23
add blacklist-v4 194.165.22.0/23
add blacklist-v4 194.186.112.80/28
add blacklist-v4 194.186.63.0/24
add blacklist-v4 194.190.9.0/24
add blacklist-v4 194.215.248.0/24
add blacklist-v4 194.226.116.0/22
@@ -242,11 +268,15 @@ add blacklist-v4 195.182.151.216/30
add blacklist-v4 195.182.155.164/30
add blacklist-v4 195.182.156.96/30
add blacklist-v4 195.209.120.0/22
add blacklist-v4 195.209.122.0/24
add blacklist-v4 195.209.123.0/24
add blacklist-v4 195.211.20.0/22
add blacklist-v4 195.211.20.0/23
add blacklist-v4 195.211.22.0/24
add blacklist-v4 195.211.23.0/24
add blacklist-v4 195.218.175.40/29
add blacklist-v4 195.218.190.0/23
add blacklist-v4 195.226.203.0/24
add blacklist-v4 195.239.113.0/24
add blacklist-v4 195.239.247.0/24
add blacklist-v4 195.239.80.32/29
@@ -267,6 +297,7 @@ add blacklist-v4 195.98.38.16/28
add blacklist-v4 195.98.43.104/29
add blacklist-v4 195.98.73.56/29
add blacklist-v4 195.98.77.100/30
add blacklist-v4 212.111.84.0/22
add blacklist-v4 212.119.174.0/24
add blacklist-v4 212.119.175.0/24
add blacklist-v4 212.120.169.48/29
@@ -290,8 +321,15 @@ add blacklist-v4 212.17.17.176/28
add blacklist-v4 212.17.8.176/29
add blacklist-v4 212.17.9.144/28
add blacklist-v4 212.192.156.0/22
add blacklist-v4 212.192.156.0/24
add blacklist-v4 212.192.157.0/24
add blacklist-v4 212.192.158.0/24
add blacklist-v4 212.23.85.48/30
add blacklist-v4 212.23.85.56/29
add blacklist-v4 212.233.120.0/22
add blacklist-v4 212.233.72.0/21
add blacklist-v4 212.233.88.0/21
add blacklist-v4 212.233.96.0/22
add blacklist-v4 212.32.198.64/29
add blacklist-v4 212.48.134.192/26
add blacklist-v4 212.48.138.240/28
@@ -396,6 +434,8 @@ add blacklist-v4 213.172.27.224/30
add blacklist-v4 213.172.27.252/30
add blacklist-v4 213.172.30.136/30
add blacklist-v4 213.172.4.192/26
add blacklist-v4 213.176.232.0/23
add blacklist-v4 213.176.234.0/23
add blacklist-v4 213.177.111.0/24
add blacklist-v4 213.183.253.56/29
add blacklist-v4 213.219.212.0/22
@@ -451,9 +491,7 @@ add blacklist-v4 217.106.203.240/29
add blacklist-v4 217.106.203.88/29
add blacklist-v4 217.106.93.192/26
add blacklist-v4 217.106.95.112/28
add blacklist-v4 217.107.0.0/18
add blacklist-v4 217.107.200.0/21
add blacklist-v4 217.107.208.0/20
add blacklist-v4 217.107.5.112/29
add blacklist-v4 217.107.5.16/29
add blacklist-v4 217.107.5.24/29
@@ -469,7 +507,7 @@ add blacklist-v4 217.16.16.0/20
add blacklist-v4 217.16.16.0/21
add blacklist-v4 217.16.24.0/21
add blacklist-v4 217.172.18.0/23
add blacklist-v4 217.172.20.0/22
add blacklist-v4 217.174.188.0/22
add blacklist-v4 217.174.188.0/23
add blacklist-v4 217.195.92.16/28
add blacklist-v4 217.195.93.144/29
@@ -484,10 +522,7 @@ add blacklist-v4 217.20.156.0/23
add blacklist-v4 217.20.158.0/24
add blacklist-v4 217.20.159.0/24
add blacklist-v4 217.20.86.128/26
add blacklist-v4 217.20.86.192/27
add blacklist-v4 217.20.86.224/29
add blacklist-v4 217.20.86.232/29
add blacklist-v4 217.20.86.240/28
add blacklist-v4 217.23.88.168/29
add blacklist-v4 217.23.88.248/29
add blacklist-v4 217.27.142.176/30
@@ -496,7 +531,10 @@ add blacklist-v4 217.65.219.160/29
add blacklist-v4 217.67.177.208/29
add blacklist-v4 217.69.128.0/20
add blacklist-v4 217.69.128.0/21
add blacklist-v4 217.69.132.0/24
add blacklist-v4 217.69.136.0/21
add blacklist-v4 31.148.205.0/24
add blacklist-v4 31.177.104.0/22
add blacklist-v4 31.177.95.0/24
add blacklist-v4 31.44.63.64/29
add blacklist-v4 37.139.32.0/22
@@ -518,8 +556,8 @@ add blacklist-v4 45.84.128.0/23
add blacklist-v4 45.84.130.0/23
add blacklist-v4 46.20.70.160/28
add blacklist-v4 46.228.0.232/29
add blacklist-v4 46.245.234.0/24
add blacklist-v4 46.29.152.0/22
add blacklist-v4 46.29.156.0/23
add blacklist-v4 46.46.142.160/28
add blacklist-v4 46.46.148.40/29
add blacklist-v4 46.47.197.128/30
@@ -562,20 +600,31 @@ add blacklist-v4 5.61.239.48/28
add blacklist-v4 5.61.239.64/26
add blacklist-v4 62.105.158.200/29
add blacklist-v4 62.112.110.64/28
add blacklist-v4 62.118.0.208/28
add blacklist-v4 62.118.101.184/29
add blacklist-v4 62.118.113.232/29
add blacklist-v4 62.118.125.188/30
add blacklist-v4 62.118.127.240/28
add blacklist-v4 62.118.15.16/28
add blacklist-v4 62.118.17.152/29
add blacklist-v4 62.118.19.112/30
add blacklist-v4 62.118.19.40/30
add blacklist-v4 62.118.193.8/29
add blacklist-v4 62.118.205.68/30
add blacklist-v4 62.118.208.100/30
add blacklist-v4 62.118.209.192/30
add blacklist-v4 62.118.21.160/29
add blacklist-v4 62.118.216.60/30
add blacklist-v4 62.118.219.184/30
add blacklist-v4 62.118.230.4/30
add blacklist-v4 62.118.233.224/29
add blacklist-v4 62.118.234.64/29
add blacklist-v4 62.118.239.128/29
add blacklist-v4 62.118.25.112/28
add blacklist-v4 62.118.37.168/30
add blacklist-v4 62.118.37.180/30
add blacklist-v4 62.118.37.4/30
add blacklist-v4 62.118.38.212/30
add blacklist-v4 62.141.125.0/25
add blacklist-v4 62.217.160.0/20
add blacklist-v4 62.217.160.0/21
@@ -584,6 +633,7 @@ add blacklist-v4 62.28.169.168/30
add blacklist-v4 62.33.199.80/29
add blacklist-v4 62.33.34.16/28
add blacklist-v4 62.33.87.128/28
add blacklist-v4 62.33.87.152/29
add blacklist-v4 62.5.130.104/29
add blacklist-v4 62.5.132.224/29
add blacklist-v4 62.5.189.80/29
@@ -631,6 +681,9 @@ add blacklist-v4 79.137.132.128/25
add blacklist-v4 79.137.139.0/24
add blacklist-v4 79.137.139.0/25
add blacklist-v4 79.137.139.128/25
add blacklist-v4 79.137.140.0/24
add blacklist-v4 79.137.142.0/24
add blacklist-v4 79.137.157.0/24
add blacklist-v4 79.137.157.0/25
add blacklist-v4 79.137.157.128/25
add blacklist-v4 79.137.164.0/24
@@ -650,6 +703,9 @@ add blacklist-v4 79.137.240.0/21
add blacklist-v4 79.137.240.0/22
add blacklist-v4 79.137.244.0/22
add blacklist-v4 79.142.88.0/28
add blacklist-v4 79.143.229.0/24
add blacklist-v4 79.143.230.0/24
add blacklist-v4 79.143.232.0/24
add blacklist-v4 80.237.11.88/29
add blacklist-v4 80.237.39.112/29
add blacklist-v4 80.237.98.80/28
@@ -659,6 +715,8 @@ add blacklist-v4 80.247.46.0/24
add blacklist-v4 80.254.100.40/29
add blacklist-v4 80.254.119.168/29
add blacklist-v4 80.73.16.0/20
add blacklist-v4 80.73.16.0/21
add blacklist-v4 80.73.16.0/24
add blacklist-v4 80.73.168.80/28
add blacklist-v4 80.73.169.244/30
add blacklist-v4 80.82.43.24/29
@@ -711,6 +769,7 @@ add blacklist-v4 81.222.194.200/29
add blacklist-v4 81.222.209.136/29
add blacklist-v4 81.222.210.24/29
add blacklist-v4 81.3.168.148/30
add blacklist-v4 82.110.69.200/29
add blacklist-v4 82.140.65.240/29
add blacklist-v4 82.142.162.104/29
add blacklist-v4 82.151.107.136/29
@@ -796,7 +855,6 @@ add blacklist-v4 85.141.33.64/28
add blacklist-v4 85.141.60.96/28
add blacklist-v4 85.141.61.160/28
add blacklist-v4 85.143.125.0/24
add blacklist-v4 85.146.204.44/30
add blacklist-v4 85.192.32.0/22
add blacklist-v4 85.192.32.0/23
add blacklist-v4 85.192.34.0/23
@@ -863,6 +921,8 @@ add blacklist-v4 87.239.108.0/22
add blacklist-v4 87.240.128.0/18
add blacklist-v4 87.240.128.0/19
add blacklist-v4 87.240.160.0/19
add blacklist-v4 87.240.166.0/24
add blacklist-v4 87.240.167.0/24
add blacklist-v4 87.242.112.0/22
add blacklist-v4 87.245.133.0/24
add blacklist-v4 87.249.16.32/28
@@ -930,6 +990,11 @@ add blacklist-v4 89.21.140.104/29
add blacklist-v4 89.21.152.104/29
add blacklist-v4 89.221.228.0/22
add blacklist-v4 89.221.232.0/21
add blacklist-v4 89.221.232.0/22
add blacklist-v4 89.221.233.0/24
add blacklist-v4 89.221.234.0/24
add blacklist-v4 89.221.235.0/24
add blacklist-v4 89.221.236.0/22
add blacklist-v4 89.28.253.168/29
add blacklist-v4 89.28.255.56/29
add blacklist-v4 90.150.176.52/30
@@ -952,6 +1017,7 @@ add blacklist-v4 90.150.189.32/29
add blacklist-v4 90.156.148.0/22
add blacklist-v4 90.156.148.0/23
add blacklist-v4 90.156.150.0/23
add blacklist-v4 90.156.151.0/24
add blacklist-v4 90.156.212.0/22
add blacklist-v4 90.156.212.0/23
add blacklist-v4 90.156.214.0/23
@@ -959,13 +1025,27 @@ add blacklist-v4 90.156.216.0/22
add blacklist-v4 90.156.216.0/23
add blacklist-v4 90.156.218.0/23
add blacklist-v4 90.156.232.0/21
add blacklist-v4 90.156.248.0/22
add blacklist-v4 91.103.194.184/29
add blacklist-v4 91.135.212.0/22
add blacklist-v4 91.135.216.0/21
add blacklist-v4 91.135.220.0/24
add blacklist-v4 91.135.221.0/24
add blacklist-v4 91.195.136.0/23
add blacklist-v4 91.208.20.0/24
add blacklist-v4 91.215.168.0/22
add blacklist-v4 91.217.34.0/23
add blacklist-v4 91.219.192.0/22
add blacklist-v4 91.219.224.0/22
add blacklist-v4 91.221.140.0/23
add blacklist-v4 91.221.140.0/24
add blacklist-v4 91.221.141.0/24
add blacklist-v4 91.226.250.0/24
add blacklist-v4 91.227.32.0/24
add blacklist-v4 91.231.132.0/22
add blacklist-v4 91.231.132.0/24
add blacklist-v4 91.231.133.0/24
add blacklist-v4 91.231.134.0/24
add blacklist-v4 91.237.76.0/24
add blacklist-v4 92.101.253.152/29
add blacklist-v4 92.101.253.96/29
@@ -977,6 +1057,7 @@ add blacklist-v4 92.50.198.124/30
add blacklist-v4 92.50.198.72/30
add blacklist-v4 92.50.219.136/29
add blacklist-v4 92.50.238.224/29
add blacklist-v4 92.60.186.0/28
add blacklist-v4 93.153.134.112/29
add blacklist-v4 93.153.135.88/30
add blacklist-v4 93.153.136.132/30
@@ -1010,6 +1091,7 @@ add blacklist-v4 94.100.184.0/21
add blacklist-v4 94.124.192.192/29
add blacklist-v4 94.139.244.0/22
add blacklist-v4 94.139.244.0/23
add blacklist-v4 94.139.244.0/24
add blacklist-v4 94.139.246.0/23
add blacklist-v4 94.199.64.0/21
add blacklist-v4 94.25.119.228/30
@@ -1026,6 +1108,9 @@ add blacklist-v4 95.142.200.0/21
add blacklist-v4 95.142.201.0/24
add blacklist-v4 95.142.202.0/24
add blacklist-v4 95.142.203.0/24
add blacklist-v4 95.142.204.0/23
add blacklist-v4 95.142.207.0/24
add blacklist-v4 95.163.133.0/24
add blacklist-v4 95.163.180.0/22
add blacklist-v4 95.163.180.0/23
add blacklist-v4 95.163.182.0/23
@@ -1063,7 +1148,6 @@ add blacklist-v4 95.167.5.64/28
add blacklist-v4 95.167.5.80/28
add blacklist-v4 95.167.54.76/30
add blacklist-v4 95.167.59.244/30
add blacklist-v4 95.167.59.248/30
add blacklist-v4 95.167.64.20/30
add blacklist-v4 95.167.68.216/29
add blacklist-v4 95.167.69.116/30
@@ -1081,6 +1165,7 @@ add blacklist-v4 95.173.128.0/19
add blacklist-v4 95.173.128.0/20
add blacklist-v4 95.173.144.0/20
add blacklist-v4 95.213.0.0/17
add blacklist-v4 95.213.0.0/18
add blacklist-v4 95.213.0.0/20
add blacklist-v4 95.213.16.0/21
add blacklist-v4 95.213.24.0/23
@@ -1095,7 +1180,12 @@ add blacklist-v4 95.213.33.0/24
add blacklist-v4 95.213.34.0/23
add blacklist-v4 95.213.36.0/22
add blacklist-v4 95.213.40.0/21
add blacklist-v4 95.213.44.0/24
add blacklist-v4 95.213.45.0/24
add blacklist-v4 95.213.48.0/20
add blacklist-v4 95.213.64.0/18
add blacklist-v4 95.47.189.0/24
add blacklist-v4 95.47.191.0/24
add blacklist-v4 95.47.244.0/24
add blacklist-v4 95.53.248.0/29
add blacklist-v4 95.54.193.80/28

26
blacklists_iptables/blacklist-v6.ipset
View File

@@ -1,23 +1,41 @@
# IPSet blacklist configuration (IPv6 only)
# Auto-generated from blacklist-v6.txt
# Last updated: 2026-03-29 06:56:51 UTC
# Last updated: 2025-11-30 06:21:47 UTC
#
# Usage:
# 1. Load the ipset:
# ipset restore < blacklist-v6.ipset
#
# 2. Use with iptables/ip6tables:
# ip6tables -I INPUT -m set --match-set blacklist-v6 src -m conntrack --ctstate NEW -j DROP
# ip6tables -I FORWARD -m set --match-set blacklist-v6 src -m conntrack --ctstate NEW -j DROP
# iptables -I INPUT -m set --match-set blacklist-v6 src -j DROP
# iptables -I FORWARD -m set --match-set blacklist-v6 src -j DROP
#
# 3. To flush/delete the set:
# ipset flush blacklist-v6
# ipset destroy blacklist-v6
#
create blacklist-v6 hash:net family inet6 hashsize 1024 maxelem 10
create blacklist-v6 hash:net family inet6 hashsize 1024 maxelem 46
add blacklist-v6 2a00:1148::/29
add blacklist-v6 2a00:1148::/32
add blacklist-v6 2a00:a300::/32
add blacklist-v6 2a00:b4c0::/32
add blacklist-v6 2a00:bdc0:8000::/34
add blacklist-v6 2a00:bdc0::/33
add blacklist-v6 2a00:bdc0:c000::/35
add blacklist-v6 2a00:bdc0:e002::/48
add blacklist-v6 2a00:bdc0:e003::/48
add blacklist-v6 2a00:bdc0:e004::/48
add blacklist-v6 2a00:bdc0:e005::/48
add blacklist-v6 2a00:bdc0:e007::/48
add blacklist-v6 2a00:bdc0:f000::/36
add blacklist-v6 2a00:bdc1::/32
add blacklist-v6 2a00:bdc2::/31
add blacklist-v6 2a00:bdc4::/30
add blacklist-v6 2a0c:a9c7:156::/48
add blacklist-v6 2a0c:a9c7:157::/48
add blacklist-v6 2a0c:a9c7:158::/48
add blacklist-v6 2a14:25c0::/32
add blacklist-v6 2a14:25c5::/32
add blacklist-v6 2a14:25c6::/32
add blacklist-v6 2a14:25c7::/32

284
blacklists_iptables/blacklist-vk-v4.ipset
View File

@@ -1,284 +0,0 @@
# IPSet blacklist configuration (VK names, IPv4 only)
# Auto-generated from blacklist-vk-v4.txt
# Last updated: 2026-03-29 06:56:51 UTC
#
# Usage:
# 1. Load the ipset:
# ipset restore < blacklist-vk-v4.ipset
#
# 2. Use with iptables/ip6tables:
# iptables -I OUTPUT -m set --match-set blacklist-vk-v4 dst -j REJECT
# iptables -I FORWARD -m set --match-set blacklist-vk-v4 dst -j REJECT
#
# 3. To flush/delete the set:
# ipset flush blacklist-vk-v4
# ipset destroy blacklist-vk-v4
#
create blacklist-vk-v4 hash:net family inet hashsize 1024 maxelem 532
add blacklist-vk-v4 109.120.180.0/22
add blacklist-vk-v4 109.120.180.0/23
add blacklist-vk-v4 109.120.182.0/23
add blacklist-vk-v4 109.120.188.0/22
add blacklist-vk-v4 109.120.188.0/23
add blacklist-vk-v4 109.120.190.0/23
add blacklist-vk-v4 128.140.168.0/21
add blacklist-vk-v4 128.140.168.0/23
add blacklist-vk-v4 128.140.170.0/24
add blacklist-vk-v4 128.140.171.0/24
add blacklist-vk-v4 128.140.172.0/22
add blacklist-vk-v4 130.49.224.0/19
add blacklist-vk-v4 146.185.208.0/22
add blacklist-vk-v4 146.185.208.0/23
add blacklist-vk-v4 146.185.210.0/23
add blacklist-vk-v4 146.185.240.0/22
add blacklist-vk-v4 146.185.240.0/23
add blacklist-vk-v4 146.185.242.0/23
add blacklist-vk-v4 155.212.192.0/20
add blacklist-vk-v4 176.112.168.0/21
add blacklist-vk-v4 178.22.88.0/21
add blacklist-vk-v4 178.22.89.64/26
add blacklist-vk-v4 178.22.94.0/23
add blacklist-vk-v4 178.237.16.0/20
add blacklist-vk-v4 178.237.16.0/21
add blacklist-vk-v4 178.237.24.0/22
add blacklist-vk-v4 178.237.30.0/23
add blacklist-vk-v4 185.100.104.0/22
add blacklist-vk-v4 185.100.104.0/23
add blacklist-vk-v4 185.100.106.0/23
add blacklist-vk-v4 185.130.112.0/22
add blacklist-vk-v4 185.130.112.0/23
add blacklist-vk-v4 185.130.114.0/23
add blacklist-vk-v4 185.131.68.0/22
add blacklist-vk-v4 185.16.148.0/22
add blacklist-vk-v4 185.16.148.0/23
add blacklist-vk-v4 185.16.150.0/23
add blacklist-vk-v4 185.16.244.0/22
add blacklist-vk-v4 185.16.244.0/23
add blacklist-vk-v4 185.16.246.0/23
add blacklist-vk-v4 185.180.200.0/22
add blacklist-vk-v4 185.187.63.0/24
add blacklist-vk-v4 185.187.63.0/25
add blacklist-vk-v4 185.187.63.128/25
add blacklist-vk-v4 185.226.52.0/22
add blacklist-vk-v4 185.226.52.0/23
add blacklist-vk-v4 185.226.54.0/23
add blacklist-vk-v4 185.241.192.0/22
add blacklist-vk-v4 185.241.192.0/23
add blacklist-vk-v4 185.241.194.0/23
add blacklist-vk-v4 185.29.128.0/22
add blacklist-vk-v4 185.29.130.0/24
add blacklist-vk-v4 185.32.248.0/22
add blacklist-vk-v4 185.32.248.0/23
add blacklist-vk-v4 185.32.250.0/23
add blacklist-vk-v4 185.5.136.0/22
add blacklist-vk-v4 185.5.136.0/23
add blacklist-vk-v4 185.5.138.0/23
add blacklist-vk-v4 185.6.244.0/22
add blacklist-vk-v4 185.6.244.0/23
add blacklist-vk-v4 185.6.246.0/23
add blacklist-vk-v4 185.86.144.0/22
add blacklist-vk-v4 185.86.144.0/23
add blacklist-vk-v4 185.86.146.0/23
add blacklist-vk-v4 188.93.56.0/21
add blacklist-vk-v4 188.93.56.0/24
add blacklist-vk-v4 188.93.57.0/24
add blacklist-vk-v4 188.93.58.0/24
add blacklist-vk-v4 188.93.60.0/24
add blacklist-vk-v4 188.93.61.0/24
add blacklist-vk-v4 188.93.62.0/24
add blacklist-vk-v4 193.203.40.0/22
add blacklist-vk-v4 194.84.16.12/30
add blacklist-vk-v4 195.211.20.0/22
add blacklist-vk-v4 195.211.22.0/24
add blacklist-vk-v4 195.211.23.0/24
add blacklist-vk-v4 212.111.84.0/22
add blacklist-vk-v4 212.233.120.0/22
add blacklist-vk-v4 212.233.72.0/21
add blacklist-vk-v4 212.233.88.0/21
add blacklist-vk-v4 212.233.96.0/22
add blacklist-vk-v4 213.219.212.0/22
add blacklist-vk-v4 213.219.212.0/23
add blacklist-vk-v4 213.219.214.0/23
add blacklist-vk-v4 217.16.16.0/20
add blacklist-vk-v4 217.16.16.0/21
add blacklist-vk-v4 217.16.24.0/21
add blacklist-vk-v4 217.174.188.0/23
add blacklist-vk-v4 217.20.144.0/20
add blacklist-vk-v4 217.20.144.0/22
add blacklist-vk-v4 217.20.148.0/24
add blacklist-vk-v4 217.20.149.0/24
add blacklist-vk-v4 217.20.150.0/23
add blacklist-vk-v4 217.20.152.0/22
add blacklist-vk-v4 217.20.156.0/23
add blacklist-vk-v4 217.20.158.0/24
add blacklist-vk-v4 217.20.159.0/24
add blacklist-vk-v4 217.69.128.0/20
add blacklist-vk-v4 217.69.128.0/21
add blacklist-vk-v4 217.69.136.0/21
add blacklist-vk-v4 37.139.32.0/22
add blacklist-vk-v4 37.139.32.0/23
add blacklist-vk-v4 37.139.34.0/23
add blacklist-vk-v4 37.139.40.0/22
add blacklist-vk-v4 37.139.40.0/23
add blacklist-vk-v4 37.139.42.0/23
add blacklist-vk-v4 45.136.20.0/22
add blacklist-vk-v4 45.136.20.0/23
add blacklist-vk-v4 45.136.22.0/23
add blacklist-vk-v4 45.84.128.0/22
add blacklist-vk-v4 45.84.128.0/23
add blacklist-vk-v4 45.84.130.0/23
add blacklist-vk-v4 5.101.40.0/22
add blacklist-vk-v4 5.101.40.0/23
add blacklist-vk-v4 5.101.42.0/23
add blacklist-vk-v4 5.181.60.0/22
add blacklist-vk-v4 5.181.60.0/24
add blacklist-vk-v4 5.181.61.0/24
add blacklist-vk-v4 5.181.62.0/23
add blacklist-vk-v4 5.188.140.0/22
add blacklist-vk-v4 5.188.140.0/23
add blacklist-vk-v4 5.188.142.0/23
add blacklist-vk-v4 5.61.16.0/21
add blacklist-vk-v4 5.61.16.0/22
add blacklist-vk-v4 5.61.20.0/22
add blacklist-vk-v4 5.61.232.0/21
add blacklist-vk-v4 5.61.232.0/22
add blacklist-vk-v4 5.61.236.0/23
add blacklist-vk-v4 5.61.238.0/24
add blacklist-vk-v4 5.61.239.0/27
add blacklist-vk-v4 5.61.239.128/25
add blacklist-vk-v4 5.61.239.40/29
add blacklist-vk-v4 5.61.239.48/28
add blacklist-vk-v4 5.61.239.64/26
add blacklist-vk-v4 62.217.160.0/20
add blacklist-vk-v4 62.217.160.0/21
add blacklist-vk-v4 62.217.168.0/21
add blacklist-vk-v4 79.137.132.0/24
add blacklist-vk-v4 79.137.132.0/25
add blacklist-vk-v4 79.137.132.128/25
add blacklist-vk-v4 79.137.139.0/24
add blacklist-vk-v4 79.137.139.0/25
add blacklist-vk-v4 79.137.139.128/25
add blacklist-vk-v4 79.137.157.0/25
add blacklist-vk-v4 79.137.157.128/25
add blacklist-vk-v4 79.137.164.0/24
add blacklist-vk-v4 79.137.164.0/25
add blacklist-vk-v4 79.137.164.128/25
add blacklist-vk-v4 79.137.167.0/24
add blacklist-vk-v4 79.137.167.0/25
add blacklist-vk-v4 79.137.167.128/25
add blacklist-vk-v4 79.137.174.0/23
add blacklist-vk-v4 79.137.174.0/24
add blacklist-vk-v4 79.137.175.0/24
add blacklist-vk-v4 79.137.180.0/24
add blacklist-vk-v4 79.137.180.0/25
add blacklist-vk-v4 79.137.180.128/25
add blacklist-vk-v4 79.137.240.0/21
add blacklist-vk-v4 79.137.240.0/22
add blacklist-vk-v4 79.137.244.0/22
add blacklist-vk-v4 83.166.232.0/21
add blacklist-vk-v4 83.166.232.0/22
add blacklist-vk-v4 83.166.236.0/22
add blacklist-vk-v4 83.166.248.0/21
add blacklist-vk-v4 83.166.248.0/22
add blacklist-vk-v4 83.166.252.0/22
add blacklist-vk-v4 83.217.216.0/22
add blacklist-vk-v4 83.217.216.0/23
add blacklist-vk-v4 83.217.218.0/23
add blacklist-vk-v4 83.222.28.0/22
add blacklist-vk-v4 84.23.52.0/22
add blacklist-vk-v4 84.23.52.0/23
add blacklist-vk-v4 84.23.54.0/23
add blacklist-vk-v4 85.114.31.108/30
add blacklist-vk-v4 85.192.32.0/22
add blacklist-vk-v4 85.192.32.0/23
add blacklist-vk-v4 85.192.34.0/23
add blacklist-vk-v4 85.198.106.0/24
add blacklist-vk-v4 85.198.107.0/24
add blacklist-vk-v4 87.239.104.0/21
add blacklist-vk-v4 87.239.104.0/22
add blacklist-vk-v4 87.239.108.0/22
add blacklist-vk-v4 87.240.128.0/18
add blacklist-vk-v4 87.240.128.0/19
add blacklist-vk-v4 87.240.160.0/19
add blacklist-vk-v4 87.242.112.0/22
add blacklist-vk-v4 89.208.196.0/22
add blacklist-vk-v4 89.208.196.0/23
add blacklist-vk-v4 89.208.198.0/23
add blacklist-vk-v4 89.208.208.0/22
add blacklist-vk-v4 89.208.208.0/23
add blacklist-vk-v4 89.208.210.0/23
add blacklist-vk-v4 89.208.216.0/21
add blacklist-vk-v4 89.208.216.0/23
add blacklist-vk-v4 89.208.218.0/23
add blacklist-vk-v4 89.208.220.0/22
add blacklist-vk-v4 89.208.228.0/22
add blacklist-vk-v4 89.208.228.0/23
add blacklist-vk-v4 89.208.230.0/23
add blacklist-vk-v4 89.208.84.0/22
add blacklist-vk-v4 89.208.84.0/23
add blacklist-vk-v4 89.208.86.0/23
add blacklist-vk-v4 89.221.228.0/22
add blacklist-vk-v4 89.221.232.0/21
add blacklist-vk-v4 90.156.148.0/22
add blacklist-vk-v4 90.156.148.0/23
add blacklist-vk-v4 90.156.150.0/23
add blacklist-vk-v4 90.156.212.0/22
add blacklist-vk-v4 90.156.212.0/23
add blacklist-vk-v4 90.156.214.0/23
add blacklist-vk-v4 90.156.216.0/22
add blacklist-vk-v4 90.156.216.0/23
add blacklist-vk-v4 90.156.218.0/23
add blacklist-vk-v4 90.156.232.0/21
add blacklist-vk-v4 91.219.224.0/22
add blacklist-vk-v4 91.231.132.0/22
add blacklist-vk-v4 91.237.76.0/24
add blacklist-vk-v4 93.153.255.84/30
add blacklist-vk-v4 93.186.224.0/20
add blacklist-vk-v4 93.186.224.0/21
add blacklist-vk-v4 93.186.232.0/21
add blacklist-vk-v4 94.100.176.0/20
add blacklist-vk-v4 94.100.176.0/21
add blacklist-vk-v4 94.100.184.0/21
add blacklist-vk-v4 94.139.244.0/22
add blacklist-vk-v4 94.139.244.0/23
add blacklist-vk-v4 94.139.246.0/23
add blacklist-vk-v4 95.142.192.0/20
add blacklist-vk-v4 95.142.192.0/21
add blacklist-vk-v4 95.142.200.0/21
add blacklist-vk-v4 95.163.180.0/22
add blacklist-vk-v4 95.163.180.0/23
add blacklist-vk-v4 95.163.182.0/23
add blacklist-vk-v4 95.163.208.0/21
add blacklist-vk-v4 95.163.208.0/23
add blacklist-vk-v4 95.163.210.0/23
add blacklist-vk-v4 95.163.212.0/22
add blacklist-vk-v4 95.163.216.0/22
add blacklist-vk-v4 95.163.216.0/23
add blacklist-vk-v4 95.163.218.0/23
add blacklist-vk-v4 95.163.248.0/21
add blacklist-vk-v4 95.163.248.0/22
add blacklist-vk-v4 95.163.252.0/23
add blacklist-vk-v4 95.163.254.0/23
add blacklist-vk-v4 95.163.32.0/19
add blacklist-vk-v4 95.163.32.0/22
add blacklist-vk-v4 95.163.36.0/22
add blacklist-vk-v4 95.163.40.0/21
add blacklist-vk-v4 95.163.48.0/20
add blacklist-vk-v4 95.213.0.0/17
add blacklist-vk-v4 95.213.0.0/20
add blacklist-vk-v4 95.213.16.0/21
add blacklist-vk-v4 95.213.24.0/23
add blacklist-vk-v4 95.213.26.0/24
add blacklist-vk-v4 95.213.27.0/24
add blacklist-vk-v4 95.213.28.0/24
add blacklist-vk-v4 95.213.29.0/24
add blacklist-vk-v4 95.213.30.0/24
add blacklist-vk-v4 95.213.31.0/24
add blacklist-vk-v4 95.213.32.0/24
add blacklist-vk-v4 95.213.33.0/24
add blacklist-vk-v4 95.213.34.0/23
add blacklist-vk-v4 95.213.36.0/22
add blacklist-vk-v4 95.213.40.0/21
add blacklist-vk-v4 95.213.48.0/20
add blacklist-vk-v4 95.213.64.0/18

19
blacklists_iptables/blacklist-vk-v6.ipset
View File

@@ -1,19 +0,0 @@
# IPSet blacklist configuration (VK names, IPv6 only)
# Auto-generated from blacklist-vk-v6.txt
# Last updated: 2026-03-29 06:56:51 UTC
#
# Usage:
# 1. Load the ipset:
# ipset restore < blacklist-vk-v6.ipset
#
# 2. Use with iptables/ip6tables:
# ip6tables -I OUTPUT -m set --match-set blacklist-vk-v6 dst -j REJECT
# ip6tables -I FORWARD -m set --match-set blacklist-vk-v6 dst -j REJECT
#
# 3. To flush/delete the set:
# ipset flush blacklist-vk-v6
# ipset destroy blacklist-vk-v6
#
create blacklist-vk-v6 hash:net family inet6 hashsize 1024 maxelem 2
add blacklist-vk-v6 2a00:bdc0::/29

1218
blacklists_iptables/blacklist.ipset Normal file
View File

File diff suppressed because it is too large Load Diff

52
blacklists_nftables/README.md
View File

@@ -1,52 +0,0 @@
# nftables blacklists
Short: ready-to-use nftables set files (general and VK-only, separated by IPv4/IPv6).
## Download links
- https://raw.githubusercontent.com/C24Be/AS_Network_List/refs/heads/main/blacklists_nftables/blacklist.nft
- https://raw.githubusercontent.com/C24Be/AS_Network_List/refs/heads/main/blacklists_nftables/blacklist-v4.nft
- https://raw.githubusercontent.com/C24Be/AS_Network_List/refs/heads/main/blacklists_nftables/blacklist-v6.nft
- https://raw.githubusercontent.com/C24Be/AS_Network_List/refs/heads/main/blacklists_nftables/blacklist-vk.nft
- https://raw.githubusercontent.com/C24Be/AS_Network_List/refs/heads/main/blacklists_nftables/blacklist-vk-v4.nft
- https://raw.githubusercontent.com/C24Be/AS_Network_List/refs/heads/main/blacklists_nftables/blacklist-vk-v6.nft
## How to use
### 1) Protect VM from incoming connections (general blacklists)
Load either mixed or split general set files:
```bash
sudo nft -f blacklist.nft
# or:
sudo nft -f blacklist-v4.nft
sudo nft -f blacklist-v6.nft
```
Apply rules for inbound traffic to the VM:
```bash
sudo nft add chain inet filter input '{ type filter hook input priority 0; policy accept; }'
sudo nft add rule inet filter input ip saddr @blacklist_v4 counter reject
sudo nft add rule inet filter input ip6 saddr @blacklist_v6 counter reject
```
### 2) Block VK outbound traffic for VPN clients via NAT/FORWARD
Load either mixed or split VK set files:
```bash
sudo nft -f blacklist-vk.nft
# or:
sudo nft -f blacklist-vk-v4.nft
sudo nft -f blacklist-vk-v6.nft
```
Apply rules for forwarded client traffic (replace `<VPN_IFACE>`):
```bash
sudo nft add chain inet filter forward '{ type filter hook forward priority 0; policy accept; }'
sudo nft add rule inet filter forward iifname "<VPN_IFACE>" ip daddr @blacklist_vk_v4 counter reject
sudo nft add rule inet filter forward iifname "<VPN_IFACE>" ip6 daddr @blacklist_vk_v6 counter reject
```

805
blacklists_nftables/blacklist-v4.nft
View File

@@ -1,805 +0,0 @@
# Autogenerated nftables blacklist
# Generated: 2026-03-29T06:56:51.790157Z
# Source: /tmp/blacklist-v4.txt
# IPv4: 778, IPv6: 0
#
# Usage:
# sudo nft -f <this-file>
# # VM protection from incoming blacklist sources
# sudo nft add chain inet filter input '{ type filter hook input priority 0; policy accept; }'
# sudo nft add rule inet filter input ip saddr @blacklist_v4 counter reject
# sudo nft add rule inet filter input ip6 saddr @blacklist_v6 counter reject
table inet filter {
set blacklist_v4 {
type ipv4_addr
flags interval
elements = {
5.61.16.0/21,
5.61.232.0/21,
5.101.40.0/22,
5.181.60.0/22,
5.188.140.0/22,
31.44.63.64/29,
31.177.95.0/24,
37.28.161.48/30,
37.29.53.16/30,
37.29.57.52/30,
37.29.57.64/30,
37.29.59.56/30,
37.139.32.0/22,
37.139.40.0/22,
45.84.128.0/22,
45.136.20.0/22,
46.20.70.160/28,
46.29.152.0/22,
46.29.156.0/23,
46.46.142.160/28,
46.46.148.40/29,
46.47.197.128/30,
46.47.199.76/30,
46.47.203.52/30,
46.47.207.96/30,
46.47.208.84/30,
46.47.210.76/30,
46.47.211.0/24,
46.47.212.204/30,
46.47.213.0/24,
46.47.214.200/30,
46.47.219.200/30,
46.47.223.196/30,
46.47.229.0/28,
46.47.238.144/30,
46.47.249.176/29,
46.61.208.0/24,
46.228.0.232/29,
62.5.130.104/29,
62.5.132.224/29,
62.5.189.80/29,
62.5.202.60/30,
62.5.218.204/30,
62.5.224.188/30,
62.5.242.80/28,
62.28.169.168/30,
62.33.34.16/28,
62.33.87.128/28,
62.33.199.80/29,
62.63.96.32/28,
62.63.98.24/29,
62.63.100.160/30,
62.63.101.80/29,
62.76.98.0/24,
62.105.158.200/29,
62.112.110.64/28,
62.118.101.184/29,
62.118.113.232/29,
62.118.125.188/30,
62.118.127.240/28,
62.118.193.8/29,
62.118.205.68/30,
62.118.208.100/30,
62.118.209.192/30,
62.118.216.60/30,
62.118.219.184/30,
62.118.230.4/30,
62.118.233.224/29,
62.118.234.64/29,
62.118.239.128/29,
62.141.125.0/25,
62.217.160.0/20,
77.34.209.160/28,
77.35.76.80/28,
77.35.98.240/28,
77.37.128.0/17,
77.72.139.0/28,
77.82.124.112/29,
77.243.9.80/28,
78.24.159.48/29,
78.37.67.24/29,
78.37.69.160/27,
78.37.84.120/29,
78.37.97.88/29,
78.37.104.0/29,
78.107.3.208/28,
78.107.13.208/28,
78.107.16.96/28,
78.107.18.112/28,
78.107.40.160/28,
78.107.42.144/28,
78.107.51.16/28,
78.107.61.96/28,
78.107.86.32/28,
78.108.192.0/21,
78.108.200.0/24,
78.109.140.112/29,
79.133.74.160/30,
79.133.74.168/30,
79.133.75.44/30,
79.133.75.176/30,
79.137.132.0/24,
79.137.139.0/24,
79.137.157.0/24,
79.137.164.0/24,
79.137.167.0/24,
79.137.174.0/23,
79.137.180.0/24,
79.137.183.0/24,
79.137.240.0/21,
79.142.88.0/28,
80.73.16.0/20,
80.73.168.80/28,
80.73.169.244/30,
80.82.43.24/29,
80.89.152.220/30,
80.237.11.88/29,
80.237.39.112/29,
80.237.98.80/28,
80.247.32.0/20,
80.254.100.40/29,
80.254.119.168/29,
81.1.195.0/28,
81.1.205.96/27,
81.2.1.0/28,
81.2.10.192/27,
81.3.168.148/30,
81.17.2.192/28,
81.17.3.16/29,
81.176.70.0/26,
81.176.235.0/27,
81.177.12.0/24,
81.177.31.64/26,
81.177.156.0/24,
81.195.36.48/28,
81.195.44.248/30,
81.195.45.64/30,
81.195.50.72/29,
81.195.90.44/30,
81.195.92.48/30,
81.195.93.192/27,
81.195.94.72/29,
81.195.105.160/28,
81.195.108.164/30,
81.195.112.36/30,
81.195.118.48/30,
81.195.118.128/30,
81.195.120.16/29,
81.195.124.52/30,
81.195.125.96/30,
81.195.148.140/30,
81.195.150.248/30,
81.195.151.172/30,
81.195.155.0/30,
81.195.161.12/30,
81.195.165.64/28,
81.195.168.24/30,
81.195.177.160/30,
81.195.178.224/27,
81.195.182.64/28,
81.195.192.96/30,
81.195.231.128/26,
81.195.244.32/29,
81.195.245.0/28,
81.195.247.128/28,
81.195.250.16/29,
81.211.32.16/28,
81.222.194.200/29,
81.222.209.136/29,
81.222.210.24/29,
82.140.65.240/29,
82.142.162.104/29,
82.151.107.136/29,
82.162.72.208/28,
82.162.76.176/28,
82.162.80.192/28,
82.162.87.192/28,
82.162.90.0/28,
82.162.103.144/28,
82.162.126.96/28,
82.162.149.160/28,
82.162.157.64/28,
82.162.158.176/28,
82.162.172.112/28,
82.179.86.32/27,
82.196.69.152/30,
82.196.130.0/27,
82.198.176.16/29,
82.198.176.144/29,
82.198.176.208/29,
82.198.189.128/26,
82.198.190.64/26,
82.198.191.96/27,
82.198.191.248/29,
82.200.13.0/27,
82.200.22.136/29,
82.200.22.144/28,
82.200.64.0/24,
82.208.68.240/28,
82.208.77.104/29,
82.208.81.0/24,
82.208.93.160/27,
83.69.207.248/29,
83.149.42.64/29,
83.166.232.0/21,
83.166.248.0/21,
83.172.36.224/29,
83.217.216.0/22,
83.219.5.248/29,
83.219.6.72/29,
83.219.13.128/29,
83.219.13.184/29,
83.219.23.8/29,
83.219.23.48/29,
83.219.25.0/29,
83.219.25.112/29,
83.219.138.16/28,
83.220.53.16/28,
83.222.28.0/22,
83.229.181.192/26,
83.229.232.16/29,
84.23.52.0/22,
84.53.210.144/28,
84.204.7.144/29,
84.204.93.232/30,
84.204.143.44/30,
84.204.154.16/30,
84.204.170.220/30,
84.204.217.164/30,
84.204.245.208/29,
85.21.99.48/28,
85.21.99.64/28,
85.21.102.224/28,
85.21.103.64/28,
85.21.104.192/27,
85.21.148.0/26,
85.21.149.48/28,
85.21.155.208/28,
85.21.157.48/28,
85.21.204.208/28,
85.90.98.144/30,
85.90.99.168/29,
85.90.100.72/29,
85.90.101.112/28,
85.90.101.192/29,
85.90.102.168/29,
85.90.120.72/29,
85.90.121.72/29,
85.90.125.96/29,
85.90.127.16/29,
85.94.52.160/27,
85.94.53.32/28,
85.114.30.192/30,
85.114.30.204/30,
85.114.31.108/30,
85.114.93.88/29,
85.141.17.24/30,
85.141.17.112/30,
85.141.18.80/30,
85.141.19.56/30,
85.141.21.236/30,
85.141.28.0/30,
85.141.31.68/30,
85.141.32.96/28,
85.141.33.0/28,
85.141.33.64/28,
85.141.60.96/28,
85.141.61.160/28,
85.143.125.0/24,
85.146.204.44/30,
85.192.32.0/22,
85.198.106.0/23,
85.236.29.160/27,
86.102.72.240/28,
86.102.74.64/28,
86.102.100.48/28,
86.102.108.32/28,
86.102.109.32/27,
86.102.115.80/28,
86.102.126.80/28,
86.102.126.160/28,
87.117.18.144/29,
87.117.20.64/26,
87.117.20.128/28,
87.117.21.0/26,
87.117.21.64/28,
87.117.21.80/29,
87.117.23.128/28,
87.117.31.56/29,
87.225.56.224/28,
87.226.156.64/26,
87.226.191.0/24,
87.226.213.0/24,
87.226.239.180/30,
87.237.47.204/30,
87.239.104.0/21,
87.240.128.0/18,
87.242.112.0/22,
87.245.133.0/24,
87.249.3.64/28,
87.249.5.48/30,
87.249.7.120/29,
87.249.16.32/28,
87.249.18.60/30,
87.249.22.72/29,
87.249.28.232/29,
87.249.30.176/30,
88.83.195.248/30,
88.151.200.0/24,
88.200.208.112/29,
89.21.129.16/28,
89.21.140.104/29,
89.21.152.104/29,
89.28.253.168/29,
89.28.255.56/29,
89.106.172.160/29,
89.107.123.120/29,
89.107.123.136/29,
89.107.127.136/29,
89.109.7.176/29,
89.109.250.28/30,
89.109.250.80/30,
89.109.250.88/29,
89.109.250.96/30,
89.109.250.132/30,
89.109.250.140/30,
89.111.176.0/22,
89.175.6.64/27,
89.175.8.36/30,
89.175.8.40/29,
89.175.8.52/30,
89.175.8.68/30,
89.175.8.104/30,
89.175.8.140/30,
89.175.8.192/30,
89.175.9.4/30,
89.175.10.160/30,
89.175.165.208/28,
89.175.170.144/28,
89.175.174.136/29,
89.175.176.88/30,
89.175.176.140/30,
89.175.176.176/30,
89.175.188.184/29,
89.179.155.192/28,
89.179.179.16/28,
89.179.181.0/24,
89.208.84.0/22,
89.208.196.0/22,
89.208.208.0/22,
89.208.216.0/21,
89.208.228.0/22,
89.221.228.0/22,
89.221.232.0/21,
90.150.176.52/30,
90.150.189.32/29,
90.150.189.128/26,
90.150.189.192/27,
90.150.189.224/28,
90.150.189.248/29,
90.156.148.0/22,
90.156.212.0/22,
90.156.216.0/22,
90.156.232.0/21,
91.103.194.184/29,
91.215.168.0/22,
91.217.34.0/23,
91.219.192.0/22,
91.226.250.0/24,
91.227.32.0/24,
91.231.132.0/22,
91.237.76.0/24,
92.39.106.20/30,
92.39.106.168/30,
92.39.111.84/30,
92.39.128.0/21,
92.50.198.72/30,
92.50.198.124/30,
92.50.219.136/29,
92.50.238.224/29,
92.101.253.96/29,
92.101.253.152/29,
93.153.134.112/29,
93.153.135.88/30,
93.153.136.132/30,
93.153.142.4/30,
93.153.144.60/30,
93.153.171.204/30,
93.153.172.100/30,
93.153.175.44/30,
93.153.183.104/30,
93.153.194.160/29,
93.153.220.192/29,
93.153.223.8/29,
93.153.229.232/29,
93.153.244.188/30,
93.153.244.248/29,
93.153.251.0/24,
93.153.255.84/30,
93.178.104.32/29,
93.178.104.64/29,
93.178.106.0/26,
93.186.224.0/20,
93.188.20.72/29,
93.190.110.0/24,
94.25.53.56/29,
94.25.57.176/29,
94.25.57.224/28,
94.25.65.16/29,
94.25.70.64/30,
94.25.90.240/29,
94.25.95.136/30,
94.25.119.228/30,
94.100.176.0/20,
94.124.192.192/29,
94.139.244.0/22,
94.199.64.0/21,
95.53.248.0/29,
95.54.193.80/28,
95.142.192.0/20,
95.163.32.0/19,
95.163.180.0/22,
95.163.208.0/21,
95.163.216.0/22,
95.163.248.0/21,
95.167.2.4/30,
95.167.4.168/29,
95.167.5.64/27,
95.167.21.104/29,
95.167.29.104/29,
95.167.54.76/30,
95.167.59.244/30,
95.167.59.248/30,
95.167.64.20/30,
95.167.68.216/29,
95.167.69.116/30,
95.167.70.32/28,
95.167.70.136/29,
95.167.70.176/28,
95.167.72.48/30,
95.167.72.140/30,
95.167.72.204/30,
95.167.74.136/29,
95.167.74.180/30,
95.167.76.160/27,
95.167.99.48/28,
95.167.113.48/30,
95.167.114.48/30,
95.167.121.68/30,
95.167.122.128/28,
95.167.142.32/30,
95.167.157.156/30,
95.167.162.76/30,
95.167.162.236/30,
95.167.176.0/23,
95.167.213.0/24,
95.173.128.0/19,
95.213.0.0/17,
109.73.4.224/27,
109.120.180.0/22,
109.120.188.0/22,
109.124.66.128/30,
109.124.66.160/28,
109.124.71.64/29,
109.124.78.108/30,
109.124.80.132/30,
109.124.83.20/30,
109.124.87.96/29,
109.124.89.36/30,
109.124.89.140/30,
109.124.89.212/30,
109.124.90.32/30,
109.124.90.128/30,
109.124.97.4/30,
109.124.99.16/30,
109.124.99.160/28,
109.124.119.88/29,
109.204.204.232/29,
109.207.0.0/20,
109.232.187.16/29,
109.248.197.0/24,
128.140.168.0/21,
130.49.224.0/19,
145.255.238.240/28,
146.185.208.0/22,
146.185.240.0/22,
149.62.55.240/30,
155.212.192.0/20,
176.109.0.0/21,
176.112.168.0/21,
176.116.96.0/20,
176.116.112.0/22,
178.16.156.148/30,
178.20.234.224/29,
178.22.88.0/21,
178.49.148.176/29,
178.237.16.0/20,
178.237.206.0/24,
178.237.240.0/20,
178.248.232.60/32,
178.248.232.137/32,
178.248.233.26/32,
178.248.233.32/32,
178.248.233.60/32,
178.248.233.136/32,
178.248.233.244/31,
178.248.234.30/32,
178.248.234.33/32,
178.248.234.60/32,
178.248.234.79/32,
178.248.234.83/32,
178.248.234.136/32,
178.248.234.204/32,
178.248.234.228/32,
178.248.234.238/32,
178.248.235.60/32,
178.248.235.75/32,
178.248.235.244/32,
178.248.236.20/32,
178.248.236.83/32,
178.248.236.244/32,
178.248.237.18/32,
178.248.237.98/32,
178.248.237.136/32,
178.248.237.242/32,
178.248.238.55/32,
178.248.238.102/32,
178.248.238.128/31,
178.248.238.136/32,
178.248.238.155/32,
178.248.238.172/32,
178.248.238.205/32,
178.248.238.255/32,
178.248.239.215/32,
185.5.136.0/22,
185.6.244.0/22,
185.7.234.188/30,
185.16.148.0/22,
185.16.244.0/22,
185.29.128.0/22,
185.32.248.0/22,
185.65.149.170/32,
185.86.144.0/22,
185.100.104.0/22,
185.130.112.0/22,
185.131.68.0/22,
185.149.160.0/22,
185.168.60.0/22,
185.179.224.0/22,
185.180.200.0/22,
185.183.172.0/22,
185.187.63.0/24,
185.224.228.0/22,
185.226.52.0/22,
185.241.192.0/22,
188.93.56.0/21,
188.128.8.240/30,
188.128.11.196/30,
188.128.89.0/30,
188.128.92.104/30,
188.128.94.204/30,
188.128.98.204/30,
188.128.101.108/30,
188.128.112.216/29,
188.128.112.240/29,
188.128.113.0/28,
188.128.114.128/28,
188.128.115.232/29,
188.128.118.224/27,
188.128.119.104/30,
188.128.122.240/30,
188.247.36.124/30,
188.247.36.128/28,
188.247.36.204/30,
193.47.146.0/24,
193.203.40.0/22,
193.232.70.0/24,
194.8.70.0/23,
194.8.246.0/23,
194.67.63.200/30,
194.84.16.12/30,
194.140.247.0/24,
194.150.202.0/23,
194.165.22.0/23,
194.186.112.80/28,
194.190.9.0/24,
194.215.248.0/24,
194.226.80.0/20,
194.226.116.0/22,
194.226.127.0/24,
195.3.240.0/22,
195.16.55.224/27,
195.42.75.8/29,
195.54.20.168/29,
195.54.28.72/30,
195.54.221.0/24,
195.58.5.16/29,
195.58.13.120/30,
195.58.21.196/30,
195.58.29.57/32,
195.58.30.164/30,
195.58.30.200/29,
195.80.224.0/24,
195.98.38.16/28,
195.98.43.104/29,
195.98.73.56/29,
195.98.77.100/30,
195.128.157.0/24,
195.131.7.8/29,
195.131.53.248/29,
195.131.61.80/29,
195.131.63.24/29,
195.144.226.224/28,
195.144.232.144/30,
195.144.240.128/28,
195.149.110.0/24,
195.151.25.48/29,
195.162.36.64/28,
195.170.218.24/29,
195.170.218.88/29,
195.182.142.128/26,
195.182.145.64/28,
195.182.151.212/30,
195.182.151.216/30,
195.182.155.164/30,
195.182.156.96/30,
195.209.120.0/22,
195.211.20.0/22,
195.218.175.40/29,
195.218.190.0/23,
195.239.80.32/29,
195.239.113.0/24,
195.239.247.0/24,
212.13.104.116/30,
212.13.113.100/30,
212.15.105.64/28,
212.15.114.156/30,
212.15.115.80/28,
212.17.8.176/29,
212.17.9.144/28,
212.17.16.192/27,
212.17.17.176/28,
212.23.85.48/30,
212.23.85.56/29,
212.32.198.64/29,
212.48.34.176/28,
212.48.53.76/30,
212.48.53.84/30,
212.48.53.88/29,
212.48.53.100/30,
212.48.53.144/30,
212.48.53.152/29,
212.48.53.160/29,
212.48.53.184/29,
212.48.53.192/29,
212.48.53.200/30,
212.48.53.216/30,
212.48.53.236/30,
212.48.53.240/28,
212.48.54.0/30,
212.48.54.8/29,
212.48.54.16/28,
212.48.54.32/29,
212.48.54.44/30,
212.48.54.48/28,
212.48.54.64/28,
212.48.54.80/29,
212.48.54.92/30,
212.48.54.96/27,
212.48.54.128/27,
212.48.54.164/30,
212.48.54.168/29,
212.48.54.176/28,
212.48.54.196/30,
212.48.54.200/30,
212.48.54.208/28,
212.48.54.240/28,
212.48.134.192/26,
212.48.138.240/28,
212.48.141.160/27,
212.49.107.224/27,
212.49.124.0/26,
212.57.133.0/24,
212.57.159.0/24,
212.59.98.48/29,
212.59.99.96/27,
212.119.174.0/23,
212.120.169.48/29,
212.120.174.88/29,
212.120.184.48/28,
212.120.184.64/29,
212.120.189.208/29,
212.120.189.224/29,
212.120.190.112/29,
212.120.190.240/29,
212.120.191.120/29,
212.120.191.248/29,
212.192.156.0/22,
213.24.34.0/24,
213.24.75.0/24,
213.24.76.0/23,
213.24.128.0/22,
213.24.143.0/24,
213.24.152.0/22,
213.24.160.0/28,
213.33.171.240/29,
213.59.59.16/29,
213.59.59.64/29,
213.59.59.120/29,
213.59.59.128/29,
213.59.59.144/29,
213.59.59.168/29,
213.59.91.48/29,
213.59.91.128/27,
213.59.91.176/28,
213.85.2.64/28,
213.85.2.80/29,
213.85.20.8/30,
213.85.20.32/30,
213.85.20.84/30,
213.85.77.64/27,
213.85.142.176/28,
213.147.55.108/30,
213.172.4.192/26,
213.172.17.252/30,
213.172.18.60/30,
213.172.18.124/30,
213.172.18.148/30,
213.172.18.160/29,
213.172.18.252/30,
213.172.27.0/30,
213.172.27.116/30,
213.172.27.160/30,
213.172.27.204/30,
213.172.27.212/30,
213.172.27.224/30,
213.172.27.252/30,
213.172.30.136/30,
213.177.111.0/24,
213.183.253.56/29,
213.219.212.0/22,
213.219.237.68/30,
213.234.8.8/30,
213.234.13.60/30,
213.234.15.228/30,
213.234.15.248/30,
213.234.18.52/30,
213.242.204.76/30,
213.242.204.236/30,
213.242.205.88/30,
213.242.215.68/30,
213.242.215.192/29,
213.243.84.80/28,
213.243.106.48/28,
213.243.116.0/24,
217.16.16.0/20,
217.20.86.128/25,
217.20.144.0/20,
217.23.88.168/29,
217.23.88.248/29,
217.27.142.176/30,
217.65.214.24/29,
217.65.219.160/29,
217.67.177.208/29,
217.69.128.0/20,
217.106.0.0/16,
217.107.0.0/18,
217.107.200.0/21,
217.107.208.0/20,
217.147.23.112/28,
217.148.216.156/30,
217.148.220.160/29,
217.172.18.0/23,
217.172.20.0/22,
217.174.188.0/23,
217.195.92.16/28,
217.195.93.144/29,
217.195.94.200/29
}
}
set blacklist_v6 {
type ipv6_addr
flags interval
}
}

30
blacklists_nftables/blacklist-v6.nft
View File

@@ -1,30 +0,0 @@
# Autogenerated nftables blacklist
# Generated: 2026-03-29T06:56:51.821007Z
# Source: /tmp/blacklist-v6.txt
# IPv4: 0, IPv6: 3
#
# Usage:
# sudo nft -f <this-file>
# # VM protection from incoming blacklist sources
# sudo nft add chain inet filter input '{ type filter hook input priority 0; policy accept; }'
# sudo nft add rule inet filter input ip saddr @blacklist_v4 counter reject
# sudo nft add rule inet filter input ip6 saddr @blacklist_v6 counter reject
table inet filter {
set blacklist_v4 {
type ipv4_addr
flags interval
}
set blacklist_v6 {
type ipv6_addr
flags interval
elements = {
2a00:bdc0:e002::/47,
2a00:bdc0:e004::/47,
2a00:bdc0:e007::/48
}
}
}

119
blacklists_nftables/blacklist-vk-v4.nft
View File

@@ -1,119 +0,0 @@
# Autogenerated nftables blacklist
# Generated: 2026-03-29T06:56:51.880649Z
# Source: /home/runner/work/AS_Network_List/AS_Network_List/blacklists/blacklist-vk-v4.txt
# IPv4: 92, IPv6: 0
#
# Usage:
# sudo nft -f <this-file>
# # VK egress blocking for VPN clients via NAT/FORWARD
# sudo nft add chain inet filter forward '{ type filter hook forward priority 0; policy accept; }'
# sudo nft add rule inet filter forward iifname "<VPN_IFACE>" ip daddr @blacklist_vk_v4 counter reject
# sudo nft add rule inet filter forward iifname "<VPN_IFACE>" ip6 daddr @blacklist_vk_v6 counter reject
table inet filter {
set blacklist_vk_v4 {
type ipv4_addr
flags interval
elements = {
5.61.16.0/21,
5.61.232.0/21,
5.101.40.0/22,
5.181.60.0/22,
5.188.140.0/22,
37.139.32.0/22,
37.139.40.0/22,
45.84.128.0/22,
45.136.20.0/22,
62.217.160.0/20,
79.137.132.0/24,
79.137.139.0/24,
79.137.157.0/24,
79.137.164.0/24,
79.137.167.0/24,
79.137.174.0/23,
79.137.180.0/24,
79.137.240.0/21,
83.166.232.0/21,
83.166.248.0/21,
83.217.216.0/22,
83.222.28.0/22,
84.23.52.0/22,
85.114.31.108/30,
85.192.32.0/22,
85.198.106.0/23,
87.239.104.0/21,
87.240.128.0/18,
87.242.112.0/22,
89.208.84.0/22,
89.208.196.0/22,
89.208.208.0/22,
89.208.216.0/21,
89.208.228.0/22,
89.221.228.0/22,
89.221.232.0/21,
90.156.148.0/22,
90.156.212.0/22,
90.156.216.0/22,
90.156.232.0/21,
91.219.224.0/22,
91.231.132.0/22,
91.237.76.0/24,
93.153.255.84/30,
93.186.224.0/20,
94.100.176.0/20,
94.139.244.0/22,
95.142.192.0/20,
95.163.32.0/19,
95.163.180.0/22,
95.163.208.0/21,
95.163.216.0/22,
95.163.248.0/21,
95.213.0.0/17,
109.120.180.0/22,
109.120.188.0/22,
128.140.168.0/21,
130.49.224.0/19,
146.185.208.0/22,
146.185.240.0/22,
155.212.192.0/20,
176.112.168.0/21,
178.22.88.0/21,
178.237.16.0/20,
185.5.136.0/22,
185.6.244.0/22,
185.16.148.0/22,
185.16.244.0/22,
185.29.128.0/22,
185.32.248.0/22,
185.86.144.0/22,
185.100.104.0/22,
185.130.112.0/22,
185.131.68.0/22,
185.180.200.0/22,
185.187.63.0/24,
185.226.52.0/22,
185.241.192.0/22,
188.93.56.0/21,
193.203.40.0/22,
194.84.16.12/30,
195.211.20.0/22,
212.111.84.0/22,
212.233.72.0/21,
212.233.88.0/21,
212.233.96.0/22,
212.233.120.0/22,
213.219.212.0/22,
217.16.16.0/20,
217.20.144.0/20,
217.69.128.0/20,
217.174.188.0/23
}
}
set blacklist_vk_v6 {
type ipv6_addr
flags interval
}
}

28
blacklists_nftables/blacklist-vk-v6.nft
View File

@@ -1,28 +0,0 @@
# Autogenerated nftables blacklist
# Generated: 2026-03-29T06:56:51.906867Z
# Source: /home/runner/work/AS_Network_List/AS_Network_List/blacklists/blacklist-vk-v6.txt
# IPv4: 0, IPv6: 1
#
# Usage:
# sudo nft -f <this-file>
# # VK egress blocking for VPN clients via NAT/FORWARD
# sudo nft add chain inet filter forward '{ type filter hook forward priority 0; policy accept; }'
# sudo nft add rule inet filter forward iifname "<VPN_IFACE>" ip daddr @blacklist_vk_v4 counter reject
# sudo nft add rule inet filter forward iifname "<VPN_IFACE>" ip6 daddr @blacklist_vk_v6 counter reject
table inet filter {
set blacklist_vk_v4 {
type ipv4_addr
flags interval
}
set blacklist_vk_v6 {
type ipv6_addr
flags interval
elements = {
2a00:bdc0::/29
}
}
}

122
blacklists_nftables/blacklist-vk.nft
View File

@@ -1,122 +0,0 @@
# Autogenerated nftables blacklist
# Generated: 2026-03-29T06:56:51.850694Z
# Source: /home/runner/work/AS_Network_List/AS_Network_List/blacklists/blacklist-vk.txt
# IPv4: 92, IPv6: 1
#
# Usage:
# sudo nft -f <this-file>
# # VK egress blocking for VPN clients via NAT/FORWARD
# sudo nft add chain inet filter forward '{ type filter hook forward priority 0; policy accept; }'
# sudo nft add rule inet filter forward iifname "<VPN_IFACE>" ip daddr @blacklist_vk_v4 counter reject
# sudo nft add rule inet filter forward iifname "<VPN_IFACE>" ip6 daddr @blacklist_vk_v6 counter reject
table inet filter {
set blacklist_vk_v4 {
type ipv4_addr
flags interval
elements = {
5.61.16.0/21,
5.61.232.0/21,
5.101.40.0/22,
5.181.60.0/22,
5.188.140.0/22,
37.139.32.0/22,
37.139.40.0/22,
45.84.128.0/22,
45.136.20.0/22,
62.217.160.0/20,
79.137.132.0/24,
79.137.139.0/24,
79.137.157.0/24,
79.137.164.0/24,
79.137.167.0/24,
79.137.174.0/23,
79.137.180.0/24,
79.137.240.0/21,
83.166.232.0/21,
83.166.248.0/21,
83.217.216.0/22,
83.222.28.0/22,
84.23.52.0/22,
85.114.31.108/30,
85.192.32.0/22,
85.198.106.0/23,
87.239.104.0/21,
87.240.128.0/18,
87.242.112.0/22,
89.208.84.0/22,
89.208.196.0/22,
89.208.208.0/22,
89.208.216.0/21,
89.208.228.0/22,
89.221.228.0/22,
89.221.232.0/21,
90.156.148.0/22,
90.156.212.0/22,
90.156.216.0/22,
90.156.232.0/21,
91.219.224.0/22,
91.231.132.0/22,
91.237.76.0/24,
93.153.255.84/30,
93.186.224.0/20,
94.100.176.0/20,
94.139.244.0/22,
95.142.192.0/20,
95.163.32.0/19,
95.163.180.0/22,
95.163.208.0/21,
95.163.216.0/22,
95.163.248.0/21,
95.213.0.0/17,
109.120.180.0/22,
109.120.188.0/22,
128.140.168.0/21,
130.49.224.0/19,
146.185.208.0/22,
146.185.240.0/22,
155.212.192.0/20,
176.112.168.0/21,
178.22.88.0/21,
178.237.16.0/20,
185.5.136.0/22,
185.6.244.0/22,
185.16.148.0/22,
185.16.244.0/22,
185.29.128.0/22,
185.32.248.0/22,
185.86.144.0/22,
185.100.104.0/22,
185.130.112.0/22,
185.131.68.0/22,
185.180.200.0/22,
185.187.63.0/24,
185.226.52.0/22,
185.241.192.0/22,
188.93.56.0/21,
193.203.40.0/22,
194.84.16.12/30,
195.211.20.0/22,
212.111.84.0/22,
212.233.72.0/21,
212.233.88.0/21,
212.233.96.0/22,
212.233.120.0/22,
213.219.212.0/22,
217.16.16.0/20,
217.20.144.0/20,
217.69.128.0/20,
217.174.188.0/23
}
}
set blacklist_vk_v6 {
type ipv6_addr
flags interval
elements = {
2a00:bdc0::/29
}
}
}

810
blacklists_nftables/blacklist.nft
View File

@@ -1,810 +0,0 @@
# Autogenerated nftables blacklist
# Generated: 2026-03-29T06:56:51.740005Z
# Source: /home/runner/work/AS_Network_List/AS_Network_List/blacklists/blacklist.txt
# IPv4: 778, IPv6: 3
#
# Usage:
# sudo nft -f <this-file>
# # VM protection from incoming blacklist sources
# sudo nft add chain inet filter input '{ type filter hook input priority 0; policy accept; }'
# sudo nft add rule inet filter input ip saddr @blacklist_v4 counter reject
# sudo nft add rule inet filter input ip6 saddr @blacklist_v6 counter reject
table inet filter {
set blacklist_v4 {
type ipv4_addr
flags interval
elements = {
5.61.16.0/21,
5.61.232.0/21,
5.101.40.0/22,
5.181.60.0/22,
5.188.140.0/22,
31.44.63.64/29,
31.177.95.0/24,
37.28.161.48/30,
37.29.53.16/30,
37.29.57.52/30,
37.29.57.64/30,
37.29.59.56/30,
37.139.32.0/22,
37.139.40.0/22,
45.84.128.0/22,
45.136.20.0/22,
46.20.70.160/28,
46.29.152.0/22,
46.29.156.0/23,
46.46.142.160/28,
46.46.148.40/29,
46.47.197.128/30,
46.47.199.76/30,
46.47.203.52/30,
46.47.207.96/30,
46.47.208.84/30,
46.47.210.76/30,
46.47.211.0/24,
46.47.212.204/30,
46.47.213.0/24,
46.47.214.200/30,
46.47.219.200/30,
46.47.223.196/30,
46.47.229.0/28,
46.47.238.144/30,
46.47.249.176/29,
46.61.208.0/24,
46.228.0.232/29,
62.5.130.104/29,
62.5.132.224/29,
62.5.189.80/29,
62.5.202.60/30,
62.5.218.204/30,
62.5.224.188/30,
62.5.242.80/28,
62.28.169.168/30,
62.33.34.16/28,
62.33.87.128/28,
62.33.199.80/29,
62.63.96.32/28,
62.63.98.24/29,
62.63.100.160/30,
62.63.101.80/29,
62.76.98.0/24,
62.105.158.200/29,
62.112.110.64/28,
62.118.101.184/29,
62.118.113.232/29,
62.118.125.188/30,
62.118.127.240/28,
62.118.193.8/29,
62.118.205.68/30,
62.118.208.100/30,
62.118.209.192/30,
62.118.216.60/30,
62.118.219.184/30,
62.118.230.4/30,
62.118.233.224/29,
62.118.234.64/29,
62.118.239.128/29,
62.141.125.0/25,
62.217.160.0/20,
77.34.209.160/28,
77.35.76.80/28,
77.35.98.240/28,
77.37.128.0/17,
77.72.139.0/28,
77.82.124.112/29,
77.243.9.80/28,
78.24.159.48/29,
78.37.67.24/29,
78.37.69.160/27,
78.37.84.120/29,
78.37.97.88/29,
78.37.104.0/29,
78.107.3.208/28,
78.107.13.208/28,
78.107.16.96/28,
78.107.18.112/28,
78.107.40.160/28,
78.107.42.144/28,
78.107.51.16/28,
78.107.61.96/28,
78.107.86.32/28,
78.108.192.0/21,
78.108.200.0/24,
78.109.140.112/29,
79.133.74.160/30,
79.133.74.168/30,
79.133.75.44/30,
79.133.75.176/30,
79.137.132.0/24,
79.137.139.0/24,
79.137.157.0/24,
79.137.164.0/24,
79.137.167.0/24,
79.137.174.0/23,
79.137.180.0/24,
79.137.183.0/24,
79.137.240.0/21,
79.142.88.0/28,
80.73.16.0/20,
80.73.168.80/28,
80.73.169.244/30,
80.82.43.24/29,
80.89.152.220/30,
80.237.11.88/29,
80.237.39.112/29,
80.237.98.80/28,
80.247.32.0/20,
80.254.100.40/29,
80.254.119.168/29,
81.1.195.0/28,
81.1.205.96/27,
81.2.1.0/28,
81.2.10.192/27,
81.3.168.148/30,
81.17.2.192/28,
81.17.3.16/29,
81.176.70.0/26,
81.176.235.0/27,
81.177.12.0/24,
81.177.31.64/26,
81.177.156.0/24,
81.195.36.48/28,
81.195.44.248/30,
81.195.45.64/30,
81.195.50.72/29,
81.195.90.44/30,
81.195.92.48/30,
81.195.93.192/27,
81.195.94.72/29,
81.195.105.160/28,
81.195.108.164/30,
81.195.112.36/30,
81.195.118.48/30,
81.195.118.128/30,
81.195.120.16/29,
81.195.124.52/30,
81.195.125.96/30,
81.195.148.140/30,
81.195.150.248/30,
81.195.151.172/30,
81.195.155.0/30,
81.195.161.12/30,
81.195.165.64/28,
81.195.168.24/30,
81.195.177.160/30,
81.195.178.224/27,
81.195.182.64/28,
81.195.192.96/30,
81.195.231.128/26,
81.195.244.32/29,
81.195.245.0/28,
81.195.247.128/28,
81.195.250.16/29,
81.211.32.16/28,
81.222.194.200/29,
81.222.209.136/29,
81.222.210.24/29,
82.140.65.240/29,
82.142.162.104/29,
82.151.107.136/29,
82.162.72.208/28,
82.162.76.176/28,
82.162.80.192/28,
82.162.87.192/28,
82.162.90.0/28,
82.162.103.144/28,
82.162.126.96/28,
82.162.149.160/28,
82.162.157.64/28,
82.162.158.176/28,
82.162.172.112/28,
82.179.86.32/27,
82.196.69.152/30,
82.196.130.0/27,
82.198.176.16/29,
82.198.176.144/29,
82.198.176.208/29,
82.198.189.128/26,
82.198.190.64/26,
82.198.191.96/27,
82.198.191.248/29,
82.200.13.0/27,
82.200.22.136/29,
82.200.22.144/28,
82.200.64.0/24,
82.208.68.240/28,
82.208.77.104/29,
82.208.81.0/24,
82.208.93.160/27,
83.69.207.248/29,
83.149.42.64/29,
83.166.232.0/21,
83.166.248.0/21,
83.172.36.224/29,
83.217.216.0/22,
83.219.5.248/29,
83.219.6.72/29,
83.219.13.128/29,
83.219.13.184/29,
83.219.23.8/29,
83.219.23.48/29,
83.219.25.0/29,
83.219.25.112/29,
83.219.138.16/28,
83.220.53.16/28,
83.222.28.0/22,
83.229.181.192/26,
83.229.232.16/29,
84.23.52.0/22,
84.53.210.144/28,
84.204.7.144/29,
84.204.93.232/30,
84.204.143.44/30,
84.204.154.16/30,
84.204.170.220/30,
84.204.217.164/30,
84.204.245.208/29,
85.21.99.48/28,
85.21.99.64/28,
85.21.102.224/28,
85.21.103.64/28,
85.21.104.192/27,
85.21.148.0/26,
85.21.149.48/28,
85.21.155.208/28,
85.21.157.48/28,
85.21.204.208/28,
85.90.98.144/30,
85.90.99.168/29,
85.90.100.72/29,
85.90.101.112/28,
85.90.101.192/29,
85.90.102.168/29,
85.90.120.72/29,
85.90.121.72/29,
85.90.125.96/29,
85.90.127.16/29,
85.94.52.160/27,
85.94.53.32/28,
85.114.30.192/30,
85.114.30.204/30,
85.114.31.108/30,
85.114.93.88/29,
85.141.17.24/30,
85.141.17.112/30,
85.141.18.80/30,
85.141.19.56/30,
85.141.21.236/30,
85.141.28.0/30,
85.141.31.68/30,
85.141.32.96/28,
85.141.33.0/28,
85.141.33.64/28,
85.141.60.96/28,
85.141.61.160/28,
85.143.125.0/24,
85.146.204.44/30,
85.192.32.0/22,
85.198.106.0/23,
85.236.29.160/27,
86.102.72.240/28,
86.102.74.64/28,
86.102.100.48/28,
86.102.108.32/28,
86.102.109.32/27,
86.102.115.80/28,
86.102.126.80/28,
86.102.126.160/28,
87.117.18.144/29,
87.117.20.64/26,
87.117.20.128/28,
87.117.21.0/26,
87.117.21.64/28,
87.117.21.80/29,
87.117.23.128/28,
87.117.31.56/29,
87.225.56.224/28,
87.226.156.64/26,
87.226.191.0/24,
87.226.213.0/24,
87.226.239.180/30,
87.237.47.204/30,
87.239.104.0/21,
87.240.128.0/18,
87.242.112.0/22,
87.245.133.0/24,
87.249.3.64/28,
87.249.5.48/30,
87.249.7.120/29,
87.249.16.32/28,
87.249.18.60/30,
87.249.22.72/29,
87.249.28.232/29,
87.249.30.176/30,
88.83.195.248/30,
88.151.200.0/24,
88.200.208.112/29,
89.21.129.16/28,
89.21.140.104/29,
89.21.152.104/29,
89.28.253.168/29,
89.28.255.56/29,
89.106.172.160/29,
89.107.123.120/29,
89.107.123.136/29,
89.107.127.136/29,
89.109.7.176/29,
89.109.250.28/30,
89.109.250.80/30,
89.109.250.88/29,
89.109.250.96/30,
89.109.250.132/30,
89.109.250.140/30,
89.111.176.0/22,
89.175.6.64/27,
89.175.8.36/30,
89.175.8.40/29,
89.175.8.52/30,
89.175.8.68/30,
89.175.8.104/30,
89.175.8.140/30,
89.175.8.192/30,
89.175.9.4/30,
89.175.10.160/30,
89.175.165.208/28,
89.175.170.144/28,
89.175.174.136/29,
89.175.176.88/30,
89.175.176.140/30,
89.175.176.176/30,
89.175.188.184/29,
89.179.155.192/28,
89.179.179.16/28,
89.179.181.0/24,
89.208.84.0/22,
89.208.196.0/22,
89.208.208.0/22,
89.208.216.0/21,
89.208.228.0/22,
89.221.228.0/22,
89.221.232.0/21,
90.150.176.52/30,
90.150.189.32/29,
90.150.189.128/26,
90.150.189.192/27,
90.150.189.224/28,
90.150.189.248/29,
90.156.148.0/22,
90.156.212.0/22,
90.156.216.0/22,
90.156.232.0/21,
91.103.194.184/29,
91.215.168.0/22,
91.217.34.0/23,
91.219.192.0/22,
91.226.250.0/24,
91.227.32.0/24,
91.231.132.0/22,
91.237.76.0/24,
92.39.106.20/30,
92.39.106.168/30,
92.39.111.84/30,
92.39.128.0/21,
92.50.198.72/30,
92.50.198.124/30,
92.50.219.136/29,
92.50.238.224/29,
92.101.253.96/29,
92.101.253.152/29,
93.153.134.112/29,
93.153.135.88/30,
93.153.136.132/30,
93.153.142.4/30,
93.153.144.60/30,
93.153.171.204/30,
93.153.172.100/30,
93.153.175.44/30,
93.153.183.104/30,
93.153.194.160/29,
93.153.220.192/29,
93.153.223.8/29,
93.153.229.232/29,
93.153.244.188/30,
93.153.244.248/29,
93.153.251.0/24,
93.153.255.84/30,
93.178.104.32/29,
93.178.104.64/29,
93.178.106.0/26,
93.186.224.0/20,
93.188.20.72/29,
93.190.110.0/24,
94.25.53.56/29,
94.25.57.176/29,
94.25.57.224/28,
94.25.65.16/29,
94.25.70.64/30,
94.25.90.240/29,
94.25.95.136/30,
94.25.119.228/30,
94.100.176.0/20,
94.124.192.192/29,
94.139.244.0/22,
94.199.64.0/21,
95.53.248.0/29,
95.54.193.80/28,
95.142.192.0/20,
95.163.32.0/19,
95.163.180.0/22,
95.163.208.0/21,
95.163.216.0/22,
95.163.248.0/21,
95.167.2.4/30,
95.167.4.168/29,
95.167.5.64/27,
95.167.21.104/29,
95.167.29.104/29,
95.167.54.76/30,
95.167.59.244/30,
95.167.59.248/30,
95.167.64.20/30,
95.167.68.216/29,
95.167.69.116/30,
95.167.70.32/28,
95.167.70.136/29,
95.167.70.176/28,
95.167.72.48/30,
95.167.72.140/30,
95.167.72.204/30,
95.167.74.136/29,
95.167.74.180/30,
95.167.76.160/27,
95.167.99.48/28,
95.167.113.48/30,
95.167.114.48/30,
95.167.121.68/30,
95.167.122.128/28,
95.167.142.32/30,
95.167.157.156/30,
95.167.162.76/30,
95.167.162.236/30,
95.167.176.0/23,
95.167.213.0/24,
95.173.128.0/19,
95.213.0.0/17,
109.73.4.224/27,
109.120.180.0/22,
109.120.188.0/22,
109.124.66.128/30,
109.124.66.160/28,
109.124.71.64/29,
109.124.78.108/30,
109.124.80.132/30,
109.124.83.20/30,
109.124.87.96/29,
109.124.89.36/30,
109.124.89.140/30,
109.124.89.212/30,
109.124.90.32/30,
109.124.90.128/30,
109.124.97.4/30,
109.124.99.16/30,
109.124.99.160/28,
109.124.119.88/29,
109.204.204.232/29,
109.207.0.0/20,
109.232.187.16/29,
109.248.197.0/24,
128.140.168.0/21,
130.49.224.0/19,
145.255.238.240/28,
146.185.208.0/22,
146.185.240.0/22,
149.62.55.240/30,
155.212.192.0/20,
176.109.0.0/21,
176.112.168.0/21,
176.116.96.0/20,
176.116.112.0/22,
178.16.156.148/30,
178.20.234.224/29,
178.22.88.0/21,
178.49.148.176/29,
178.237.16.0/20,
178.237.206.0/24,
178.237.240.0/20,
178.248.232.60/32,
178.248.232.137/32,
178.248.233.26/32,
178.248.233.32/32,
178.248.233.60/32,
178.248.233.136/32,
178.248.233.244/31,
178.248.234.30/32,
178.248.234.33/32,
178.248.234.60/32,
178.248.234.79/32,
178.248.234.83/32,
178.248.234.136/32,
178.248.234.204/32,
178.248.234.228/32,
178.248.234.238/32,
178.248.235.60/32,
178.248.235.75/32,
178.248.235.244/32,
178.248.236.20/32,
178.248.236.83/32,
178.248.236.244/32,
178.248.237.18/32,
178.248.237.98/32,
178.248.237.136/32,
178.248.237.242/32,
178.248.238.55/32,
178.248.238.102/32,
178.248.238.128/31,
178.248.238.136/32,
178.248.238.155/32,
178.248.238.172/32,
178.248.238.205/32,
178.248.238.255/32,
178.248.239.215/32,
185.5.136.0/22,
185.6.244.0/22,
185.7.234.188/30,
185.16.148.0/22,
185.16.244.0/22,
185.29.128.0/22,
185.32.248.0/22,
185.65.149.170/32,
185.86.144.0/22,
185.100.104.0/22,
185.130.112.0/22,
185.131.68.0/22,
185.149.160.0/22,
185.168.60.0/22,
185.179.224.0/22,
185.180.200.0/22,
185.183.172.0/22,
185.187.63.0/24,
185.224.228.0/22,
185.226.52.0/22,
185.241.192.0/22,
188.93.56.0/21,
188.128.8.240/30,
188.128.11.196/30,
188.128.89.0/30,
188.128.92.104/30,
188.128.94.204/30,
188.128.98.204/30,
188.128.101.108/30,
188.128.112.216/29,
188.128.112.240/29,
188.128.113.0/28,
188.128.114.128/28,
188.128.115.232/29,
188.128.118.224/27,
188.128.119.104/30,
188.128.122.240/30,
188.247.36.124/30,
188.247.36.128/28,
188.247.36.204/30,
193.47.146.0/24,
193.203.40.0/22,
193.232.70.0/24,
194.8.70.0/23,
194.8.246.0/23,
194.67.63.200/30,
194.84.16.12/30,
194.140.247.0/24,
194.150.202.0/23,
194.165.22.0/23,
194.186.112.80/28,
194.190.9.0/24,
194.215.248.0/24,
194.226.80.0/20,
194.226.116.0/22,
194.226.127.0/24,
195.3.240.0/22,
195.16.55.224/27,
195.42.75.8/29,
195.54.20.168/29,
195.54.28.72/30,
195.54.221.0/24,
195.58.5.16/29,
195.58.13.120/30,
195.58.21.196/30,
195.58.29.57/32,
195.58.30.164/30,
195.58.30.200/29,
195.80.224.0/24,
195.98.38.16/28,
195.98.43.104/29,
195.98.73.56/29,
195.98.77.100/30,
195.128.157.0/24,
195.131.7.8/29,
195.131.53.248/29,
195.131.61.80/29,
195.131.63.24/29,
195.144.226.224/28,
195.144.232.144/30,
195.144.240.128/28,
195.149.110.0/24,
195.151.25.48/29,
195.162.36.64/28,
195.170.218.24/29,
195.170.218.88/29,
195.182.142.128/26,
195.182.145.64/28,
195.182.151.212/30,
195.182.151.216/30,
195.182.155.164/30,
195.182.156.96/30,
195.209.120.0/22,
195.211.20.0/22,
195.218.175.40/29,
195.218.190.0/23,
195.239.80.32/29,
195.239.113.0/24,
195.239.247.0/24,
212.13.104.116/30,
212.13.113.100/30,
212.15.105.64/28,
212.15.114.156/30,
212.15.115.80/28,
212.17.8.176/29,
212.17.9.144/28,
212.17.16.192/27,
212.17.17.176/28,
212.23.85.48/30,
212.23.85.56/29,
212.32.198.64/29,
212.48.34.176/28,
212.48.53.76/30,
212.48.53.84/30,
212.48.53.88/29,
212.48.53.100/30,
212.48.53.144/30,
212.48.53.152/29,
212.48.53.160/29,
212.48.53.184/29,
212.48.53.192/29,
212.48.53.200/30,
212.48.53.216/30,
212.48.53.236/30,
212.48.53.240/28,
212.48.54.0/30,
212.48.54.8/29,
212.48.54.16/28,
212.48.54.32/29,
212.48.54.44/30,
212.48.54.48/28,
212.48.54.64/28,
212.48.54.80/29,
212.48.54.92/30,
212.48.54.96/27,
212.48.54.128/27,
212.48.54.164/30,
212.48.54.168/29,
212.48.54.176/28,
212.48.54.196/30,
212.48.54.200/30,
212.48.54.208/28,
212.48.54.240/28,
212.48.134.192/26,
212.48.138.240/28,
212.48.141.160/27,
212.49.107.224/27,
212.49.124.0/26,
212.57.133.0/24,
212.57.159.0/24,
212.59.98.48/29,
212.59.99.96/27,
212.119.174.0/23,
212.120.169.48/29,
212.120.174.88/29,
212.120.184.48/28,
212.120.184.64/29,
212.120.189.208/29,
212.120.189.224/29,
212.120.190.112/29,
212.120.190.240/29,
212.120.191.120/29,
212.120.191.248/29,
212.192.156.0/22,
213.24.34.0/24,
213.24.75.0/24,
213.24.76.0/23,
213.24.128.0/22,
213.24.143.0/24,
213.24.152.0/22,
213.24.160.0/28,
213.33.171.240/29,
213.59.59.16/29,
213.59.59.64/29,
213.59.59.120/29,
213.59.59.128/29,
213.59.59.144/29,
213.59.59.168/29,
213.59.91.48/29,
213.59.91.128/27,
213.59.91.176/28,
213.85.2.64/28,
213.85.2.80/29,
213.85.20.8/30,
213.85.20.32/30,
213.85.20.84/30,
213.85.77.64/27,
213.85.142.176/28,
213.147.55.108/30,
213.172.4.192/26,
213.172.17.252/30,
213.172.18.60/30,
213.172.18.124/30,
213.172.18.148/30,
213.172.18.160/29,
213.172.18.252/30,
213.172.27.0/30,
213.172.27.116/30,
213.172.27.160/30,
213.172.27.204/30,
213.172.27.212/30,
213.172.27.224/30,
213.172.27.252/30,
213.172.30.136/30,
213.177.111.0/24,
213.183.253.56/29,
213.219.212.0/22,
213.219.237.68/30,
213.234.8.8/30,
213.234.13.60/30,
213.234.15.228/30,
213.234.15.248/30,
213.234.18.52/30,
213.242.204.76/30,
213.242.204.236/30,
213.242.205.88/30,
213.242.215.68/30,
213.242.215.192/29,
213.243.84.80/28,
213.243.106.48/28,
213.243.116.0/24,
217.16.16.0/20,
217.20.86.128/25,
217.20.144.0/20,
217.23.88.168/29,
217.23.88.248/29,
217.27.142.176/30,
217.65.214.24/29,
217.65.219.160/29,
217.67.177.208/29,
217.69.128.0/20,
217.106.0.0/16,
217.107.0.0/18,
217.107.200.0/21,
217.107.208.0/20,
217.147.23.112/28,
217.148.216.156/30,
217.148.220.160/29,
217.172.18.0/23,
217.172.20.0/22,
217.174.188.0/23,
217.195.92.16/28,
217.195.93.144/29,
217.195.94.200/29
}
}
set blacklist_v6 {
type ipv6_addr
flags interval
elements = {
2a00:bdc0:e002::/47,
2a00:bdc0:e004::/47,
2a00:bdc0:e007::/48
}
}
}

0
blacklists_nginx/.keep Normal file
View File

302
blacklists_nginx/README.md
View File

@@ -1,24 +1,302 @@
# nginx blacklists
# Nginx Blacklist Configurations
Short: ready-to-use deny lists for nginx (mixed, IPv4-only, and IPv6-only).
Auto-generated nginx configuration files for blocking networks and IP addresses.
## Download links
## Available Files
- https://raw.githubusercontent.com/C24Be/AS_Network_List/refs/heads/main/blacklists_nginx/blacklist.conf
- https://raw.githubusercontent.com/C24Be/AS_Network_List/refs/heads/main/blacklists_nginx/blacklist-v4.conf
- https://raw.githubusercontent.com/C24Be/AS_Network_List/refs/heads/main/blacklists_nginx/blacklist-v6.conf
### Mixed IPv4/IPv6
## How to use
- **`blacklist.conf`** - Contains both IPv4 and IPv6 deny rules (809 entries)
1. Download one file (`blacklist.conf`, `blacklist-v4.conf`, or `blacklist-v6.conf`).
2. Include it in your `server` or `location` block:
### IPv4 Only
- **`blacklist-v4.conf`** - Contains only IPv4 deny rules (806 entries)
### IPv6 Only
- **`blacklist-v6.conf`** - Contains only IPv6 deny rules (3 entries)
## Usage
### Basic Usage
Include the desired configuration file in your nginx `server` or `location` block:
```nginx
include /etc/nginx/blacklist.conf;
server {
listen 80;
server_name example.com;
# Include the blacklist
include /path/to/blacklist.conf;
location / {
# your configuration
}
}
```
3. Test and reload nginx:
### Separate IPv4/IPv6 Files
For more granular control, use separate files:
```nginx
server {
listen 80;
listen [::]:80;
server_name example.com;
# Include both IPv4 and IPv6 blacklists
include /path/to/blacklist-v4.conf;
include /path/to/blacklist-v6.conf;
location / {
# your configuration
}
}
```
### HTTP Block Level
Apply the blacklist globally to all virtual hosts:
```nginx
http {
# Apply blacklist globally
include /path/to/blacklist.conf;
server {
listen 80;
server_name example.com;
# ...
}
server {
listen 80;
server_name another.com;
# ...
}
}
```
### Location Block Level
For selective blocking within specific locations:
```nginx
server {
listen 80;
server_name example.com;
location /admin {
# Apply blacklist only to admin area
include /path/to/blacklist.conf;
# ...
}
location /public {
# Public area without blacklist
# ...
}
}
```
## Testing Configuration
After adding the blacklist, always test your nginx configuration:
```bash
sudo nginx -t && sudo systemctl reload nginx
# Test configuration
nginx -t
# Reload nginx if test passes
nginx -s reload
# or
systemctl reload nginx
```
## Custom Response
By default, denied IPs receive a connection drop. To customize the response:
```nginx
server {
listen 80;
server_name example.com;
# Return custom error page
error_page 403 /403.html;
include /path/to/blacklist.conf;
location = /403.html {
root /usr/share/nginx/html;
internal;
}
}
```
Note: For large blacklists, using `deny` directives (as in these files) is more efficient than `if` statements.
## Performance Considerations
- **Deny directives** are processed in order and stop at the first match
- For optimal performance, most frequently matched IPs should be at the top
- Current files are sorted for consistency
- Nginx handles hundreds of deny rules efficiently
- For very large blacklists (10,000+ entries), consider using:
- Nginx GeoIP2 module for geographic blocking
- nftables/iptables at the firewall level for better performance
- Stream module for TCP/UDP level blocking
## Integration Examples
### Docker Deployment
```dockerfile
FROM nginx:alpine
# Copy blacklist
COPY blacklist.conf /etc/nginx/blacklist.conf
# Copy nginx config that includes the blacklist
COPY nginx.conf /etc/nginx/nginx.conf
EXPOSE 80 443
CMD ["nginx", "-g", "daemon off;"]
```
### Kubernetes ConfigMap
```yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: nginx-blacklist
data:
blacklist.conf: |
# Include blacklist content here
deny 109.124.119.88/29;
deny 109.124.66.128/30;
# ...
```
### Automated Updates
Set up a cron job to automatically fetch the latest blacklist:
```bash
#!/bin/bash
# /etc/cron.daily/update-nginx-blacklist
# Download latest blacklist
wget -q https://raw.githubusercontent.com/C24Be/AS_Network_List/main/blacklists_nginx/blacklist.conf \
-O /etc/nginx/blacklist.conf.new
# Test nginx configuration
nginx -t -c /etc/nginx/nginx.conf
# If test passes, reload nginx
if [ $? -eq 0 ]; then
mv /etc/nginx/blacklist.conf.new /etc/nginx/blacklist.conf
systemctl reload nginx
echo "Blacklist updated successfully"
else
rm /etc/nginx/blacklist.conf.new
echo "Nginx config test failed, blacklist not updated"
fi
```
## Logging Blocked Requests
To log denied requests:
```nginx
server {
listen 80;
server_name example.com;
# Custom log format for denied IPs
log_format blocked '$remote_addr - $remote_user [$time_local] '
'"$request" 403 0 '
'"$http_referer" "$http_user_agent"';
access_log /var/log/nginx/blocked.log blocked;
include /path/to/blacklist.conf;
location / {
# your configuration
}
}
```
## Monitoring
Check how many IPs are being blocked:
```bash
# Count deny rules
grep -c "deny" /path/to/blacklist.conf
# Check blocked access logs
tail -f /var/log/nginx/blocked.log
# Count blocked requests today
grep "$(date +%d/%b/%Y)" /var/log/nginx/access.log | grep " 403 " | wc -l
```
## Troubleshooting
### Configuration Test Fails
```bash
# Check syntax
nginx -t
# Check for duplicate includes
grep -r "include.*blacklist" /etc/nginx/
# Verify file permissions
ls -l /path/to/blacklist.conf
```
### Legitimate Users Blocked
Check if their IP is in the blacklist:
```bash
grep "YOUR_IP" /path/to/blacklist.conf
```
Whitelist specific IPs before applying the blacklist:
```nginx
server {
listen 80;
server_name example.com;
# Whitelist before blacklist
allow 192.168.1.100; # Trusted IP
# Then apply blacklist
include /path/to/blacklist.conf;
# Deny all others not explicitly allowed
# deny all; # Optional
}
```
## Automatic Updates
These files are automatically regenerated daily when the blacklists are updated via the GitHub Actions workflow.
## Source
Generated from the blacklist files in the `blacklists/` directory by `blacklists_updater_nginx.sh`.
## See Also
- [IPTables/IPSet Format](../blacklists_iptables/README.md) - For firewall-level blocking
- [Text Format](../blacklists/README.md) - For custom integrations
- [Main Repository](https://github.com/C24Be/AS_Network_List) - Complete documentation

112
blacklists_nginx/blacklist-v4.conf
View File

@@ -1,6 +1,6 @@
# Nginx blacklist configuration (IPv4 only)
# Auto-generated from blacklist-v4.txt
# Last updated: 2026-03-29 06:56:50 UTC
# Last updated: 2025-11-30 06:21:47 UTC
#
# Usage: Include this file in your nginx server or location block:
# include /path/to/blacklist-v4.conf;
@@ -38,6 +38,7 @@ deny 128.140.168.0/23;
deny 128.140.170.0/24;
deny 128.140.171.0/24;
deny 128.140.172.0/22;
deny 128.140.173.0/24;
deny 130.49.224.0/19;
deny 145.255.238.240/28;
deny 146.185.208.0/22;
@@ -49,13 +50,28 @@ deny 146.185.242.0/23;
deny 149.62.55.240/30;
deny 155.212.192.0/20;
deny 176.109.0.0/21;
deny 176.109.0.0/24;
deny 176.109.1.0/24;
deny 176.109.2.0/24;
deny 176.109.3.0/24;
deny 176.109.5.0/24;
deny 176.109.6.0/24;
deny 176.112.168.0/21;
deny 176.116.112.0/22;
deny 176.116.96.0/20;
deny 178.16.156.148/30;
deny 178.17.176.0/23;
deny 178.17.178.0/23;
deny 178.17.180.0/23;
deny 178.17.182.0/23;
deny 178.20.234.224/29;
deny 178.22.88.0/21;
deny 178.22.88.0/24;
deny 178.22.89.0/26;
deny 178.22.89.128/25;
deny 178.22.89.64/26;
deny 178.22.90.0/24;
deny 178.22.91.0/24;
deny 178.22.92.0/23;
deny 178.22.94.0/23;
deny 178.237.16.0/20;
deny 178.237.16.0/21;
@@ -67,6 +83,7 @@ deny 178.237.24.0/24;
deny 178.237.240.0/20;
deny 178.237.248.0/21;
deny 178.237.28.0/24;
deny 178.237.29.0/24;
deny 178.237.30.0/23;
deny 178.248.232.137/32;
deny 178.248.232.60/32;
@@ -113,16 +130,21 @@ deny 185.130.112.0/22;
deny 185.130.112.0/23;
deny 185.130.114.0/23;
deny 185.131.68.0/22;
deny 185.131.68.0/23;
deny 185.149.160.0/24;
deny 185.149.161.0/24;
deny 185.149.162.0/24;
deny 185.149.163.0/24;
deny 185.16.10.0/23;
deny 185.16.148.0/22;
deny 185.16.148.0/23;
deny 185.16.150.0/23;
deny 185.16.244.0/22;
deny 185.16.244.0/23;
deny 185.16.246.0/23;
deny 185.16.246.0/24;
deny 185.16.247.0/24;
deny 185.16.8.0/23;
deny 185.168.60.0/24;
deny 185.168.61.0/24;
deny 185.168.62.0/24;
@@ -190,17 +212,21 @@ deny 188.93.56.0/21;
deny 188.93.56.0/24;
deny 188.93.57.0/24;
deny 188.93.58.0/24;
deny 188.93.59.0/24;
deny 188.93.60.0/24;
deny 188.93.61.0/24;
deny 188.93.62.0/24;
deny 188.93.63.0/24;
deny 193.203.40.0/22;
deny 193.232.70.0/24;
deny 193.33.230.0/23;
deny 193.47.146.0/24;
deny 194.140.247.0/25;
deny 194.140.247.128/25;
deny 194.150.202.0/23;
deny 194.165.22.0/23;
deny 194.186.112.80/28;
deny 194.186.63.0/24;
deny 194.190.9.0/24;
deny 194.215.248.0/24;
deny 194.226.116.0/22;
@@ -232,11 +258,15 @@ deny 195.182.151.216/30;
deny 195.182.155.164/30;
deny 195.182.156.96/30;
deny 195.209.120.0/22;
deny 195.209.122.0/24;
deny 195.209.123.0/24;
deny 195.211.20.0/22;
deny 195.211.20.0/23;
deny 195.211.22.0/24;
deny 195.211.23.0/24;
deny 195.218.175.40/29;
deny 195.218.190.0/23;
deny 195.226.203.0/24;
deny 195.239.113.0/24;
deny 195.239.247.0/24;
deny 195.239.80.32/29;
@@ -257,6 +287,7 @@ deny 195.98.38.16/28;
deny 195.98.43.104/29;
deny 195.98.73.56/29;
deny 195.98.77.100/30;
deny 212.111.84.0/22;
deny 212.119.174.0/24;
deny 212.119.175.0/24;
deny 212.120.169.48/29;
@@ -280,8 +311,15 @@ deny 212.17.17.176/28;
deny 212.17.8.176/29;
deny 212.17.9.144/28;
deny 212.192.156.0/22;
deny 212.192.156.0/24;
deny 212.192.157.0/24;
deny 212.192.158.0/24;
deny 212.23.85.48/30;
deny 212.23.85.56/29;
deny 212.233.120.0/22;
deny 212.233.72.0/21;
deny 212.233.88.0/21;
deny 212.233.96.0/22;
deny 212.32.198.64/29;
deny 212.48.134.192/26;
deny 212.48.138.240/28;
@@ -386,6 +424,8 @@ deny 213.172.27.224/30;
deny 213.172.27.252/30;
deny 213.172.30.136/30;
deny 213.172.4.192/26;
deny 213.176.232.0/23;
deny 213.176.234.0/23;
deny 213.177.111.0/24;
deny 213.183.253.56/29;
deny 213.219.212.0/22;
@@ -441,9 +481,7 @@ deny 217.106.203.240/29;
deny 217.106.203.88/29;
deny 217.106.93.192/26;
deny 217.106.95.112/28;
deny 217.107.0.0/18;
deny 217.107.200.0/21;
deny 217.107.208.0/20;
deny 217.107.5.112/29;
deny 217.107.5.16/29;
deny 217.107.5.24/29;
@@ -459,7 +497,7 @@ deny 217.16.16.0/20;
deny 217.16.16.0/21;
deny 217.16.24.0/21;
deny 217.172.18.0/23;
deny 217.172.20.0/22;
deny 217.174.188.0/22;
deny 217.174.188.0/23;
deny 217.195.92.16/28;
deny 217.195.93.144/29;
@@ -474,10 +512,7 @@ deny 217.20.156.0/23;
deny 217.20.158.0/24;
deny 217.20.159.0/24;
deny 217.20.86.128/26;
deny 217.20.86.192/27;
deny 217.20.86.224/29;
deny 217.20.86.232/29;
deny 217.20.86.240/28;
deny 217.23.88.168/29;
deny 217.23.88.248/29;
deny 217.27.142.176/30;
@@ -486,7 +521,10 @@ deny 217.65.219.160/29;
deny 217.67.177.208/29;
deny 217.69.128.0/20;
deny 217.69.128.0/21;
deny 217.69.132.0/24;
deny 217.69.136.0/21;
deny 31.148.205.0/24;
deny 31.177.104.0/22;
deny 31.177.95.0/24;
deny 31.44.63.64/29;
deny 37.139.32.0/22;
@@ -508,8 +546,8 @@ deny 45.84.128.0/23;
deny 45.84.130.0/23;
deny 46.20.70.160/28;
deny 46.228.0.232/29;
deny 46.245.234.0/24;
deny 46.29.152.0/22;
deny 46.29.156.0/23;
deny 46.46.142.160/28;
deny 46.46.148.40/29;
deny 46.47.197.128/30;
@@ -552,20 +590,31 @@ deny 5.61.239.48/28;
deny 5.61.239.64/26;
deny 62.105.158.200/29;
deny 62.112.110.64/28;
deny 62.118.0.208/28;
deny 62.118.101.184/29;
deny 62.118.113.232/29;
deny 62.118.125.188/30;
deny 62.118.127.240/28;
deny 62.118.15.16/28;
deny 62.118.17.152/29;
deny 62.118.19.112/30;
deny 62.118.19.40/30;
deny 62.118.193.8/29;
deny 62.118.205.68/30;
deny 62.118.208.100/30;
deny 62.118.209.192/30;
deny 62.118.21.160/29;
deny 62.118.216.60/30;
deny 62.118.219.184/30;
deny 62.118.230.4/30;
deny 62.118.233.224/29;
deny 62.118.234.64/29;
deny 62.118.239.128/29;
deny 62.118.25.112/28;
deny 62.118.37.168/30;
deny 62.118.37.180/30;
deny 62.118.37.4/30;
deny 62.118.38.212/30;
deny 62.141.125.0/25;
deny 62.217.160.0/20;
deny 62.217.160.0/21;
@@ -574,6 +623,7 @@ deny 62.28.169.168/30;
deny 62.33.199.80/29;
deny 62.33.34.16/28;
deny 62.33.87.128/28;
deny 62.33.87.152/29;
deny 62.5.130.104/29;
deny 62.5.132.224/29;
deny 62.5.189.80/29;
@@ -621,6 +671,9 @@ deny 79.137.132.128/25;
deny 79.137.139.0/24;
deny 79.137.139.0/25;
deny 79.137.139.128/25;
deny 79.137.140.0/24;
deny 79.137.142.0/24;
deny 79.137.157.0/24;
deny 79.137.157.0/25;
deny 79.137.157.128/25;
deny 79.137.164.0/24;
@@ -640,6 +693,9 @@ deny 79.137.240.0/21;
deny 79.137.240.0/22;
deny 79.137.244.0/22;
deny 79.142.88.0/28;
deny 79.143.229.0/24;
deny 79.143.230.0/24;
deny 79.143.232.0/24;
deny 80.237.11.88/29;
deny 80.237.39.112/29;
deny 80.237.98.80/28;
@@ -649,6 +705,8 @@ deny 80.247.46.0/24;
deny 80.254.100.40/29;
deny 80.254.119.168/29;
deny 80.73.16.0/20;
deny 80.73.16.0/21;
deny 80.73.16.0/24;
deny 80.73.168.80/28;
deny 80.73.169.244/30;
deny 80.82.43.24/29;
@@ -701,6 +759,7 @@ deny 81.222.194.200/29;
deny 81.222.209.136/29;
deny 81.222.210.24/29;
deny 81.3.168.148/30;
deny 82.110.69.200/29;
deny 82.140.65.240/29;
deny 82.142.162.104/29;
deny 82.151.107.136/29;
@@ -786,7 +845,6 @@ deny 85.141.33.64/28;
deny 85.141.60.96/28;
deny 85.141.61.160/28;
deny 85.143.125.0/24;
deny 85.146.204.44/30;
deny 85.192.32.0/22;
deny 85.192.32.0/23;
deny 85.192.34.0/23;
@@ -853,6 +911,8 @@ deny 87.239.108.0/22;
deny 87.240.128.0/18;
deny 87.240.128.0/19;
deny 87.240.160.0/19;
deny 87.240.166.0/24;
deny 87.240.167.0/24;
deny 87.242.112.0/22;
deny 87.245.133.0/24;
deny 87.249.16.32/28;
@@ -920,6 +980,11 @@ deny 89.21.140.104/29;
deny 89.21.152.104/29;
deny 89.221.228.0/22;
deny 89.221.232.0/21;
deny 89.221.232.0/22;
deny 89.221.233.0/24;
deny 89.221.234.0/24;
deny 89.221.235.0/24;
deny 89.221.236.0/22;
deny 89.28.253.168/29;
deny 89.28.255.56/29;
deny 90.150.176.52/30;
@@ -942,6 +1007,7 @@ deny 90.150.189.32/29;
deny 90.156.148.0/22;
deny 90.156.148.0/23;
deny 90.156.150.0/23;
deny 90.156.151.0/24;
deny 90.156.212.0/22;
deny 90.156.212.0/23;
deny 90.156.214.0/23;
@@ -949,13 +1015,27 @@ deny 90.156.216.0/22;
deny 90.156.216.0/23;
deny 90.156.218.0/23;
deny 90.156.232.0/21;
deny 90.156.248.0/22;
deny 91.103.194.184/29;
deny 91.135.212.0/22;
deny 91.135.216.0/21;
deny 91.135.220.0/24;
deny 91.135.221.0/24;
deny 91.195.136.0/23;
deny 91.208.20.0/24;
deny 91.215.168.0/22;
deny 91.217.34.0/23;
deny 91.219.192.0/22;
deny 91.219.224.0/22;
deny 91.221.140.0/23;
deny 91.221.140.0/24;
deny 91.221.141.0/24;
deny 91.226.250.0/24;
deny 91.227.32.0/24;
deny 91.231.132.0/22;
deny 91.231.132.0/24;
deny 91.231.133.0/24;
deny 91.231.134.0/24;
deny 91.237.76.0/24;
deny 92.101.253.152/29;
deny 92.101.253.96/29;
@@ -967,6 +1047,7 @@ deny 92.50.198.124/30;
deny 92.50.198.72/30;
deny 92.50.219.136/29;
deny 92.50.238.224/29;
deny 92.60.186.0/28;
deny 93.153.134.112/29;
deny 93.153.135.88/30;
deny 93.153.136.132/30;
@@ -1000,6 +1081,7 @@ deny 94.100.184.0/21;
deny 94.124.192.192/29;
deny 94.139.244.0/22;
deny 94.139.244.0/23;
deny 94.139.244.0/24;
deny 94.139.246.0/23;
deny 94.199.64.0/21;
deny 94.25.119.228/30;
@@ -1016,6 +1098,9 @@ deny 95.142.200.0/21;
deny 95.142.201.0/24;
deny 95.142.202.0/24;
deny 95.142.203.0/24;
deny 95.142.204.0/23;
deny 95.142.207.0/24;
deny 95.163.133.0/24;
deny 95.163.180.0/22;
deny 95.163.180.0/23;
deny 95.163.182.0/23;
@@ -1053,7 +1138,6 @@ deny 95.167.5.64/28;
deny 95.167.5.80/28;
deny 95.167.54.76/30;
deny 95.167.59.244/30;
deny 95.167.59.248/30;
deny 95.167.64.20/30;
deny 95.167.68.216/29;
deny 95.167.69.116/30;
@@ -1071,6 +1155,7 @@ deny 95.173.128.0/19;
deny 95.173.128.0/20;
deny 95.173.144.0/20;
deny 95.213.0.0/17;
deny 95.213.0.0/18;
deny 95.213.0.0/20;
deny 95.213.16.0/21;
deny 95.213.24.0/23;
@@ -1085,8 +1170,13 @@ deny 95.213.33.0/24;
deny 95.213.34.0/23;
deny 95.213.36.0/22;
deny 95.213.40.0/21;
deny 95.213.44.0/24;
deny 95.213.45.0/24;
deny 95.213.48.0/20;
deny 95.213.64.0/18;
deny 95.47.189.0/24;
deny 95.47.191.0/24;
deny 95.47.244.0/24;
deny 95.53.248.0/29;
deny 95.54.193.80/28;

20
blacklists_nginx/blacklist-v6.conf
View File

@@ -1,14 +1,32 @@
# Nginx blacklist configuration (IPv6 only)
# Auto-generated from blacklist-v6.txt
# Last updated: 2026-03-29 06:56:50 UTC
# Last updated: 2025-11-30 06:21:47 UTC
#
# Usage: Include this file in your nginx server or location block:
# include /path/to/blacklist-v6.conf;
#
deny 2a00:1148::/29;
deny 2a00:1148::/32;
deny 2a00:a300::/32;
deny 2a00:b4c0::/32;
deny 2a00:bdc0:8000::/34;
deny 2a00:bdc0::/33;
deny 2a00:bdc0:c000::/35;
deny 2a00:bdc0:e002::/48;
deny 2a00:bdc0:e003::/48;
deny 2a00:bdc0:e004::/48;
deny 2a00:bdc0:e005::/48;
deny 2a00:bdc0:e007::/48;
deny 2a00:bdc0:f000::/36;
deny 2a00:bdc1::/32;
deny 2a00:bdc2::/31;
deny 2a00:bdc4::/30;
deny 2a0c:a9c7:156::/48;
deny 2a0c:a9c7:157::/48;
deny 2a0c:a9c7:158::/48;
deny 2a14:25c0::/32;
deny 2a14:25c5::/32;
deny 2a14:25c6::/32;
deny 2a14:25c7::/32;

130
blacklists_nginx/blacklist.conf
View File

@@ -1,6 +1,6 @@
# Nginx blacklist configuration (mixed IPv4/IPv6)
# Auto-generated from blacklist.txt
# Last updated: 2026-03-29 06:56:50 UTC
# Last updated: 2025-11-30 06:21:47 UTC
#
# Usage: Include this file in your nginx server or location block:
# include /path/to/blacklist.conf;
@@ -38,6 +38,7 @@ deny 128.140.168.0/23;
deny 128.140.170.0/24;
deny 128.140.171.0/24;
deny 128.140.172.0/22;
deny 128.140.173.0/24;
deny 130.49.224.0/19;
deny 145.255.238.240/28;
deny 146.185.208.0/22;
@@ -49,13 +50,28 @@ deny 146.185.242.0/23;
deny 149.62.55.240/30;
deny 155.212.192.0/20;
deny 176.109.0.0/21;
deny 176.109.0.0/24;
deny 176.109.1.0/24;
deny 176.109.2.0/24;
deny 176.109.3.0/24;
deny 176.109.5.0/24;
deny 176.109.6.0/24;
deny 176.112.168.0/21;
deny 176.116.112.0/22;
deny 176.116.96.0/20;
deny 178.16.156.148/30;
deny 178.17.176.0/23;
deny 178.17.178.0/23;
deny 178.17.180.0/23;
deny 178.17.182.0/23;
deny 178.20.234.224/29;
deny 178.22.88.0/21;
deny 178.22.88.0/24;
deny 178.22.89.0/26;
deny 178.22.89.128/25;
deny 178.22.89.64/26;
deny 178.22.90.0/24;
deny 178.22.91.0/24;
deny 178.22.92.0/23;
deny 178.22.94.0/23;
deny 178.237.16.0/20;
deny 178.237.16.0/21;
@@ -67,6 +83,7 @@ deny 178.237.24.0/24;
deny 178.237.240.0/20;
deny 178.237.248.0/21;
deny 178.237.28.0/24;
deny 178.237.29.0/24;
deny 178.237.30.0/23;
deny 178.248.232.137/32;
deny 178.248.232.60/32;
@@ -113,16 +130,21 @@ deny 185.130.112.0/22;
deny 185.130.112.0/23;
deny 185.130.114.0/23;
deny 185.131.68.0/22;
deny 185.131.68.0/23;
deny 185.149.160.0/24;
deny 185.149.161.0/24;
deny 185.149.162.0/24;
deny 185.149.163.0/24;
deny 185.16.10.0/23;
deny 185.16.148.0/22;
deny 185.16.148.0/23;
deny 185.16.150.0/23;
deny 185.16.244.0/22;
deny 185.16.244.0/23;
deny 185.16.246.0/23;
deny 185.16.246.0/24;
deny 185.16.247.0/24;
deny 185.16.8.0/23;
deny 185.168.60.0/24;
deny 185.168.61.0/24;
deny 185.168.62.0/24;
@@ -190,17 +212,21 @@ deny 188.93.56.0/21;
deny 188.93.56.0/24;
deny 188.93.57.0/24;
deny 188.93.58.0/24;
deny 188.93.59.0/24;
deny 188.93.60.0/24;
deny 188.93.61.0/24;
deny 188.93.62.0/24;
deny 188.93.63.0/24;
deny 193.203.40.0/22;
deny 193.232.70.0/24;
deny 193.33.230.0/23;
deny 193.47.146.0/24;
deny 194.140.247.0/25;
deny 194.140.247.128/25;
deny 194.150.202.0/23;
deny 194.165.22.0/23;
deny 194.186.112.80/28;
deny 194.186.63.0/24;
deny 194.190.9.0/24;
deny 194.215.248.0/24;
deny 194.226.116.0/22;
@@ -232,11 +258,15 @@ deny 195.182.151.216/30;
deny 195.182.155.164/30;
deny 195.182.156.96/30;
deny 195.209.120.0/22;
deny 195.209.122.0/24;
deny 195.209.123.0/24;
deny 195.211.20.0/22;
deny 195.211.20.0/23;
deny 195.211.22.0/24;
deny 195.211.23.0/24;
deny 195.218.175.40/29;
deny 195.218.190.0/23;
deny 195.226.203.0/24;
deny 195.239.113.0/24;
deny 195.239.247.0/24;
deny 195.239.80.32/29;
@@ -257,6 +287,7 @@ deny 195.98.38.16/28;
deny 195.98.43.104/29;
deny 195.98.73.56/29;
deny 195.98.77.100/30;
deny 212.111.84.0/22;
deny 212.119.174.0/24;
deny 212.119.175.0/24;
deny 212.120.169.48/29;
@@ -280,8 +311,15 @@ deny 212.17.17.176/28;
deny 212.17.8.176/29;
deny 212.17.9.144/28;
deny 212.192.156.0/22;
deny 212.192.156.0/24;
deny 212.192.157.0/24;
deny 212.192.158.0/24;
deny 212.23.85.48/30;
deny 212.23.85.56/29;
deny 212.233.120.0/22;
deny 212.233.72.0/21;
deny 212.233.88.0/21;
deny 212.233.96.0/22;
deny 212.32.198.64/29;
deny 212.48.134.192/26;
deny 212.48.138.240/28;
@@ -386,6 +424,8 @@ deny 213.172.27.224/30;
deny 213.172.27.252/30;
deny 213.172.30.136/30;
deny 213.172.4.192/26;
deny 213.176.232.0/23;
deny 213.176.234.0/23;
deny 213.177.111.0/24;
deny 213.183.253.56/29;
deny 213.219.212.0/22;
@@ -441,9 +481,7 @@ deny 217.106.203.240/29;
deny 217.106.203.88/29;
deny 217.106.93.192/26;
deny 217.106.95.112/28;
deny 217.107.0.0/18;
deny 217.107.200.0/21;
deny 217.107.208.0/20;
deny 217.107.5.112/29;
deny 217.107.5.16/29;
deny 217.107.5.24/29;
@@ -459,7 +497,7 @@ deny 217.16.16.0/20;
deny 217.16.16.0/21;
deny 217.16.24.0/21;
deny 217.172.18.0/23;
deny 217.172.20.0/22;
deny 217.174.188.0/22;
deny 217.174.188.0/23;
deny 217.195.92.16/28;
deny 217.195.93.144/29;
@@ -474,10 +512,7 @@ deny 217.20.156.0/23;
deny 217.20.158.0/24;
deny 217.20.159.0/24;
deny 217.20.86.128/26;
deny 217.20.86.192/27;
deny 217.20.86.224/29;
deny 217.20.86.232/29;
deny 217.20.86.240/28;
deny 217.23.88.168/29;
deny 217.23.88.248/29;
deny 217.27.142.176/30;
@@ -486,12 +521,33 @@ deny 217.65.219.160/29;
deny 217.67.177.208/29;
deny 217.69.128.0/20;
deny 217.69.128.0/21;
deny 217.69.132.0/24;
deny 217.69.136.0/21;
deny 2a00:1148::/29;
deny 2a00:1148::/32;
deny 2a00:a300::/32;
deny 2a00:b4c0::/32;
deny 2a00:bdc0:8000::/34;
deny 2a00:bdc0::/33;
deny 2a00:bdc0:c000::/35;
deny 2a00:bdc0:e002::/48;
deny 2a00:bdc0:e003::/48;
deny 2a00:bdc0:e004::/48;
deny 2a00:bdc0:e005::/48;
deny 2a00:bdc0:e007::/48;
deny 2a00:bdc0:f000::/36;
deny 2a00:bdc1::/32;
deny 2a00:bdc2::/31;
deny 2a00:bdc4::/30;
deny 2a0c:a9c7:156::/48;
deny 2a0c:a9c7:157::/48;
deny 2a0c:a9c7:158::/48;
deny 2a14:25c0::/32;
deny 2a14:25c5::/32;
deny 2a14:25c6::/32;
deny 2a14:25c7::/32;
deny 31.148.205.0/24;
deny 31.177.104.0/22;
deny 31.177.95.0/24;
deny 31.44.63.64/29;
deny 37.139.32.0/22;
@@ -513,8 +569,8 @@ deny 45.84.128.0/23;
deny 45.84.130.0/23;
deny 46.20.70.160/28;
deny 46.228.0.232/29;
deny 46.245.234.0/24;
deny 46.29.152.0/22;
deny 46.29.156.0/23;
deny 46.46.142.160/28;
deny 46.46.148.40/29;
deny 46.47.197.128/30;
@@ -557,20 +613,31 @@ deny 5.61.239.48/28;
deny 5.61.239.64/26;
deny 62.105.158.200/29;
deny 62.112.110.64/28;
deny 62.118.0.208/28;
deny 62.118.101.184/29;
deny 62.118.113.232/29;
deny 62.118.125.188/30;
deny 62.118.127.240/28;
deny 62.118.15.16/28;
deny 62.118.17.152/29;
deny 62.118.19.112/30;
deny 62.118.19.40/30;
deny 62.118.193.8/29;
deny 62.118.205.68/30;
deny 62.118.208.100/30;
deny 62.118.209.192/30;
deny 62.118.21.160/29;
deny 62.118.216.60/30;
deny 62.118.219.184/30;
deny 62.118.230.4/30;
deny 62.118.233.224/29;
deny 62.118.234.64/29;
deny 62.118.239.128/29;
deny 62.118.25.112/28;
deny 62.118.37.168/30;
deny 62.118.37.180/30;
deny 62.118.37.4/30;
deny 62.118.38.212/30;
deny 62.141.125.0/25;
deny 62.217.160.0/20;
deny 62.217.160.0/21;
@@ -579,6 +646,7 @@ deny 62.28.169.168/30;
deny 62.33.199.80/29;
deny 62.33.34.16/28;
deny 62.33.87.128/28;
deny 62.33.87.152/29;
deny 62.5.130.104/29;
deny 62.5.132.224/29;
deny 62.5.189.80/29;
@@ -626,6 +694,9 @@ deny 79.137.132.128/25;
deny 79.137.139.0/24;
deny 79.137.139.0/25;
deny 79.137.139.128/25;
deny 79.137.140.0/24;
deny 79.137.142.0/24;
deny 79.137.157.0/24;
deny 79.137.157.0/25;
deny 79.137.157.128/25;
deny 79.137.164.0/24;
@@ -645,6 +716,9 @@ deny 79.137.240.0/21;
deny 79.137.240.0/22;
deny 79.137.244.0/22;
deny 79.142.88.0/28;
deny 79.143.229.0/24;
deny 79.143.230.0/24;
deny 79.143.232.0/24;
deny 80.237.11.88/29;
deny 80.237.39.112/29;
deny 80.237.98.80/28;
@@ -654,6 +728,8 @@ deny 80.247.46.0/24;
deny 80.254.100.40/29;
deny 80.254.119.168/29;
deny 80.73.16.0/20;
deny 80.73.16.0/21;
deny 80.73.16.0/24;
deny 80.73.168.80/28;
deny 80.73.169.244/30;
deny 80.82.43.24/29;
@@ -706,6 +782,7 @@ deny 81.222.194.200/29;
deny 81.222.209.136/29;
deny 81.222.210.24/29;
deny 81.3.168.148/30;
deny 82.110.69.200/29;
deny 82.140.65.240/29;
deny 82.142.162.104/29;
deny 82.151.107.136/29;
@@ -791,7 +868,6 @@ deny 85.141.33.64/28;
deny 85.141.60.96/28;
deny 85.141.61.160/28;
deny 85.143.125.0/24;
deny 85.146.204.44/30;
deny 85.192.32.0/22;
deny 85.192.32.0/23;
deny 85.192.34.0/23;
@@ -858,6 +934,8 @@ deny 87.239.108.0/22;
deny 87.240.128.0/18;
deny 87.240.128.0/19;
deny 87.240.160.0/19;
deny 87.240.166.0/24;
deny 87.240.167.0/24;
deny 87.242.112.0/22;
deny 87.245.133.0/24;
deny 87.249.16.32/28;
@@ -925,6 +1003,11 @@ deny 89.21.140.104/29;
deny 89.21.152.104/29;
deny 89.221.228.0/22;
deny 89.221.232.0/21;
deny 89.221.232.0/22;
deny 89.221.233.0/24;
deny 89.221.234.0/24;
deny 89.221.235.0/24;
deny 89.221.236.0/22;
deny 89.28.253.168/29;
deny 89.28.255.56/29;
deny 90.150.176.52/30;
@@ -947,6 +1030,7 @@ deny 90.150.189.32/29;
deny 90.156.148.0/22;
deny 90.156.148.0/23;
deny 90.156.150.0/23;
deny 90.156.151.0/24;
deny 90.156.212.0/22;
deny 90.156.212.0/23;
deny 90.156.214.0/23;
@@ -954,13 +1038,27 @@ deny 90.156.216.0/22;
deny 90.156.216.0/23;
deny 90.156.218.0/23;
deny 90.156.232.0/21;
deny 90.156.248.0/22;
deny 91.103.194.184/29;
deny 91.135.212.0/22;
deny 91.135.216.0/21;
deny 91.135.220.0/24;
deny 91.135.221.0/24;
deny 91.195.136.0/23;
deny 91.208.20.0/24;
deny 91.215.168.0/22;
deny 91.217.34.0/23;
deny 91.219.192.0/22;
deny 91.219.224.0/22;
deny 91.221.140.0/23;
deny 91.221.140.0/24;
deny 91.221.141.0/24;
deny 91.226.250.0/24;
deny 91.227.32.0/24;
deny 91.231.132.0/22;
deny 91.231.132.0/24;
deny 91.231.133.0/24;
deny 91.231.134.0/24;
deny 91.237.76.0/24;
deny 92.101.253.152/29;
deny 92.101.253.96/29;
@@ -972,6 +1070,7 @@ deny 92.50.198.124/30;
deny 92.50.198.72/30;
deny 92.50.219.136/29;
deny 92.50.238.224/29;
deny 92.60.186.0/28;
deny 93.153.134.112/29;
deny 93.153.135.88/30;
deny 93.153.136.132/30;
@@ -1005,6 +1104,7 @@ deny 94.100.184.0/21;
deny 94.124.192.192/29;
deny 94.139.244.0/22;
deny 94.139.244.0/23;
deny 94.139.244.0/24;
deny 94.139.246.0/23;
deny 94.199.64.0/21;
deny 94.25.119.228/30;
@@ -1021,6 +1121,9 @@ deny 95.142.200.0/21;
deny 95.142.201.0/24;
deny 95.142.202.0/24;
deny 95.142.203.0/24;
deny 95.142.204.0/23;
deny 95.142.207.0/24;
deny 95.163.133.0/24;
deny 95.163.180.0/22;
deny 95.163.180.0/23;
deny 95.163.182.0/23;
@@ -1058,7 +1161,6 @@ deny 95.167.5.64/28;
deny 95.167.5.80/28;
deny 95.167.54.76/30;
deny 95.167.59.244/30;
deny 95.167.59.248/30;
deny 95.167.64.20/30;
deny 95.167.68.216/29;
deny 95.167.69.116/30;
@@ -1076,6 +1178,7 @@ deny 95.173.128.0/19;
deny 95.173.128.0/20;
deny 95.173.144.0/20;
deny 95.213.0.0/17;
deny 95.213.0.0/18;
deny 95.213.0.0/20;
deny 95.213.16.0/21;
deny 95.213.24.0/23;
@@ -1090,8 +1193,13 @@ deny 95.213.33.0/24;
deny 95.213.34.0/23;
deny 95.213.36.0/22;
deny 95.213.40.0/21;
deny 95.213.44.0/24;
deny 95.213.45.0/24;
deny 95.213.48.0/20;
deny 95.213.64.0/18;
deny 95.47.189.0/24;
deny 95.47.191.0/24;
deny 95.47.244.0/24;
deny 95.53.248.0/29;
deny 95.54.193.80/28;

274
blacklists_route/blacklist-vk-v4.routes
View File

@@ -1,274 +0,0 @@
# Linux routes for VK networks (IPv4)
# Auto-generated by blacklists_updater_routes.sh
# Last updated: 2026-03-29 06:56:52 UTC
#
# Apply:
# sudo sh blacklist-vk-v4.routes
#
ip route replace 109.120.180.0/22 via 127.0.0.1 dev lo onlink
ip route replace 109.120.180.0/23 via 127.0.0.1 dev lo onlink
ip route replace 109.120.182.0/23 via 127.0.0.1 dev lo onlink
ip route replace 109.120.188.0/22 via 127.0.0.1 dev lo onlink
ip route replace 109.120.188.0/23 via 127.0.0.1 dev lo onlink
ip route replace 109.120.190.0/23 via 127.0.0.1 dev lo onlink
ip route replace 128.140.168.0/21 via 127.0.0.1 dev lo onlink
ip route replace 128.140.168.0/23 via 127.0.0.1 dev lo onlink
ip route replace 128.140.170.0/24 via 127.0.0.1 dev lo onlink
ip route replace 128.140.171.0/24 via 127.0.0.1 dev lo onlink
ip route replace 128.140.172.0/22 via 127.0.0.1 dev lo onlink
ip route replace 130.49.224.0/19 via 127.0.0.1 dev lo onlink
ip route replace 146.185.208.0/22 via 127.0.0.1 dev lo onlink
ip route replace 146.185.208.0/23 via 127.0.0.1 dev lo onlink
ip route replace 146.185.210.0/23 via 127.0.0.1 dev lo onlink
ip route replace 146.185.240.0/22 via 127.0.0.1 dev lo onlink
ip route replace 146.185.240.0/23 via 127.0.0.1 dev lo onlink
ip route replace 146.185.242.0/23 via 127.0.0.1 dev lo onlink
ip route replace 155.212.192.0/20 via 127.0.0.1 dev lo onlink
ip route replace 176.112.168.0/21 via 127.0.0.1 dev lo onlink
ip route replace 178.22.88.0/21 via 127.0.0.1 dev lo onlink
ip route replace 178.22.89.64/26 via 127.0.0.1 dev lo onlink
ip route replace 178.22.94.0/23 via 127.0.0.1 dev lo onlink
ip route replace 178.237.16.0/20 via 127.0.0.1 dev lo onlink
ip route replace 178.237.16.0/21 via 127.0.0.1 dev lo onlink
ip route replace 178.237.24.0/22 via 127.0.0.1 dev lo onlink
ip route replace 178.237.30.0/23 via 127.0.0.1 dev lo onlink
ip route replace 185.100.104.0/22 via 127.0.0.1 dev lo onlink
ip route replace 185.100.104.0/23 via 127.0.0.1 dev lo onlink
ip route replace 185.100.106.0/23 via 127.0.0.1 dev lo onlink
ip route replace 185.130.112.0/22 via 127.0.0.1 dev lo onlink
ip route replace 185.130.112.0/23 via 127.0.0.1 dev lo onlink
ip route replace 185.130.114.0/23 via 127.0.0.1 dev lo onlink
ip route replace 185.131.68.0/22 via 127.0.0.1 dev lo onlink
ip route replace 185.16.148.0/22 via 127.0.0.1 dev lo onlink
ip route replace 185.16.148.0/23 via 127.0.0.1 dev lo onlink
ip route replace 185.16.150.0/23 via 127.0.0.1 dev lo onlink
ip route replace 185.16.244.0/22 via 127.0.0.1 dev lo onlink
ip route replace 185.16.244.0/23 via 127.0.0.1 dev lo onlink
ip route replace 185.16.246.0/23 via 127.0.0.1 dev lo onlink
ip route replace 185.180.200.0/22 via 127.0.0.1 dev lo onlink
ip route replace 185.187.63.0/24 via 127.0.0.1 dev lo onlink
ip route replace 185.187.63.0/25 via 127.0.0.1 dev lo onlink
ip route replace 185.187.63.128/25 via 127.0.0.1 dev lo onlink
ip route replace 185.226.52.0/22 via 127.0.0.1 dev lo onlink
ip route replace 185.226.52.0/23 via 127.0.0.1 dev lo onlink
ip route replace 185.226.54.0/23 via 127.0.0.1 dev lo onlink
ip route replace 185.241.192.0/22 via 127.0.0.1 dev lo onlink
ip route replace 185.241.192.0/23 via 127.0.0.1 dev lo onlink
ip route replace 185.241.194.0/23 via 127.0.0.1 dev lo onlink
ip route replace 185.29.128.0/22 via 127.0.0.1 dev lo onlink
ip route replace 185.29.130.0/24 via 127.0.0.1 dev lo onlink
ip route replace 185.32.248.0/22 via 127.0.0.1 dev lo onlink
ip route replace 185.32.248.0/23 via 127.0.0.1 dev lo onlink
ip route replace 185.32.250.0/23 via 127.0.0.1 dev lo onlink
ip route replace 185.5.136.0/22 via 127.0.0.1 dev lo onlink
ip route replace 185.5.136.0/23 via 127.0.0.1 dev lo onlink
ip route replace 185.5.138.0/23 via 127.0.0.1 dev lo onlink
ip route replace 185.6.244.0/22 via 127.0.0.1 dev lo onlink
ip route replace 185.6.244.0/23 via 127.0.0.1 dev lo onlink
ip route replace 185.6.246.0/23 via 127.0.0.1 dev lo onlink
ip route replace 185.86.144.0/22 via 127.0.0.1 dev lo onlink
ip route replace 185.86.144.0/23 via 127.0.0.1 dev lo onlink
ip route replace 185.86.146.0/23 via 127.0.0.1 dev lo onlink
ip route replace 188.93.56.0/21 via 127.0.0.1 dev lo onlink
ip route replace 188.93.56.0/24 via 127.0.0.1 dev lo onlink
ip route replace 188.93.57.0/24 via 127.0.0.1 dev lo onlink
ip route replace 188.93.58.0/24 via 127.0.0.1 dev lo onlink
ip route replace 188.93.60.0/24 via 127.0.0.1 dev lo onlink
ip route replace 188.93.61.0/24 via 127.0.0.1 dev lo onlink
ip route replace 188.93.62.0/24 via 127.0.0.1 dev lo onlink
ip route replace 193.203.40.0/22 via 127.0.0.1 dev lo onlink
ip route replace 194.84.16.12/30 via 127.0.0.1 dev lo onlink
ip route replace 195.211.20.0/22 via 127.0.0.1 dev lo onlink
ip route replace 195.211.22.0/24 via 127.0.0.1 dev lo onlink
ip route replace 195.211.23.0/24 via 127.0.0.1 dev lo onlink
ip route replace 212.111.84.0/22 via 127.0.0.1 dev lo onlink
ip route replace 212.233.120.0/22 via 127.0.0.1 dev lo onlink
ip route replace 212.233.72.0/21 via 127.0.0.1 dev lo onlink
ip route replace 212.233.88.0/21 via 127.0.0.1 dev lo onlink
ip route replace 212.233.96.0/22 via 127.0.0.1 dev lo onlink
ip route replace 213.219.212.0/22 via 127.0.0.1 dev lo onlink
ip route replace 213.219.212.0/23 via 127.0.0.1 dev lo onlink
ip route replace 213.219.214.0/23 via 127.0.0.1 dev lo onlink
ip route replace 217.16.16.0/20 via 127.0.0.1 dev lo onlink
ip route replace 217.16.16.0/21 via 127.0.0.1 dev lo onlink
ip route replace 217.16.24.0/21 via 127.0.0.1 dev lo onlink
ip route replace 217.174.188.0/23 via 127.0.0.1 dev lo onlink
ip route replace 217.20.144.0/20 via 127.0.0.1 dev lo onlink
ip route replace 217.20.144.0/22 via 127.0.0.1 dev lo onlink
ip route replace 217.20.148.0/24 via 127.0.0.1 dev lo onlink
ip route replace 217.20.149.0/24 via 127.0.0.1 dev lo onlink
ip route replace 217.20.150.0/23 via 127.0.0.1 dev lo onlink
ip route replace 217.20.152.0/22 via 127.0.0.1 dev lo onlink
ip route replace 217.20.156.0/23 via 127.0.0.1 dev lo onlink
ip route replace 217.20.158.0/24 via 127.0.0.1 dev lo onlink
ip route replace 217.20.159.0/24 via 127.0.0.1 dev lo onlink
ip route replace 217.69.128.0/20 via 127.0.0.1 dev lo onlink
ip route replace 217.69.128.0/21 via 127.0.0.1 dev lo onlink
ip route replace 217.69.136.0/21 via 127.0.0.1 dev lo onlink
ip route replace 37.139.32.0/22 via 127.0.0.1 dev lo onlink
ip route replace 37.139.32.0/23 via 127.0.0.1 dev lo onlink
ip route replace 37.139.34.0/23 via 127.0.0.1 dev lo onlink
ip route replace 37.139.40.0/22 via 127.0.0.1 dev lo onlink
ip route replace 37.139.40.0/23 via 127.0.0.1 dev lo onlink
ip route replace 37.139.42.0/23 via 127.0.0.1 dev lo onlink
ip route replace 45.136.20.0/22 via 127.0.0.1 dev lo onlink
ip route replace 45.136.20.0/23 via 127.0.0.1 dev lo onlink
ip route replace 45.136.22.0/23 via 127.0.0.1 dev lo onlink
ip route replace 45.84.128.0/22 via 127.0.0.1 dev lo onlink
ip route replace 45.84.128.0/23 via 127.0.0.1 dev lo onlink
ip route replace 45.84.130.0/23 via 127.0.0.1 dev lo onlink
ip route replace 5.101.40.0/22 via 127.0.0.1 dev lo onlink
ip route replace 5.101.40.0/23 via 127.0.0.1 dev lo onlink
ip route replace 5.101.42.0/23 via 127.0.0.1 dev lo onlink
ip route replace 5.181.60.0/22 via 127.0.0.1 dev lo onlink
ip route replace 5.181.60.0/24 via 127.0.0.1 dev lo onlink
ip route replace 5.181.61.0/24 via 127.0.0.1 dev lo onlink
ip route replace 5.181.62.0/23 via 127.0.0.1 dev lo onlink
ip route replace 5.188.140.0/22 via 127.0.0.1 dev lo onlink
ip route replace 5.188.140.0/23 via 127.0.0.1 dev lo onlink
ip route replace 5.188.142.0/23 via 127.0.0.1 dev lo onlink
ip route replace 5.61.16.0/21 via 127.0.0.1 dev lo onlink
ip route replace 5.61.16.0/22 via 127.0.0.1 dev lo onlink
ip route replace 5.61.20.0/22 via 127.0.0.1 dev lo onlink
ip route replace 5.61.232.0/21 via 127.0.0.1 dev lo onlink
ip route replace 5.61.232.0/22 via 127.0.0.1 dev lo onlink
ip route replace 5.61.236.0/23 via 127.0.0.1 dev lo onlink
ip route replace 5.61.238.0/24 via 127.0.0.1 dev lo onlink
ip route replace 5.61.239.0/27 via 127.0.0.1 dev lo onlink
ip route replace 5.61.239.128/25 via 127.0.0.1 dev lo onlink
ip route replace 5.61.239.40/29 via 127.0.0.1 dev lo onlink
ip route replace 5.61.239.48/28 via 127.0.0.1 dev lo onlink
ip route replace 5.61.239.64/26 via 127.0.0.1 dev lo onlink
ip route replace 62.217.160.0/20 via 127.0.0.1 dev lo onlink
ip route replace 62.217.160.0/21 via 127.0.0.1 dev lo onlink
ip route replace 62.217.168.0/21 via 127.0.0.1 dev lo onlink
ip route replace 79.137.132.0/24 via 127.0.0.1 dev lo onlink
ip route replace 79.137.132.0/25 via 127.0.0.1 dev lo onlink
ip route replace 79.137.132.128/25 via 127.0.0.1 dev lo onlink
ip route replace 79.137.139.0/24 via 127.0.0.1 dev lo onlink
ip route replace 79.137.139.0/25 via 127.0.0.1 dev lo onlink
ip route replace 79.137.139.128/25 via 127.0.0.1 dev lo onlink
ip route replace 79.137.157.0/25 via 127.0.0.1 dev lo onlink
ip route replace 79.137.157.128/25 via 127.0.0.1 dev lo onlink
ip route replace 79.137.164.0/24 via 127.0.0.1 dev lo onlink
ip route replace 79.137.164.0/25 via 127.0.0.1 dev lo onlink
ip route replace 79.137.164.128/25 via 127.0.0.1 dev lo onlink
ip route replace 79.137.167.0/24 via 127.0.0.1 dev lo onlink
ip route replace 79.137.167.0/25 via 127.0.0.1 dev lo onlink
ip route replace 79.137.167.128/25 via 127.0.0.1 dev lo onlink
ip route replace 79.137.174.0/23 via 127.0.0.1 dev lo onlink
ip route replace 79.137.174.0/24 via 127.0.0.1 dev lo onlink
ip route replace 79.137.175.0/24 via 127.0.0.1 dev lo onlink
ip route replace 79.137.180.0/24 via 127.0.0.1 dev lo onlink
ip route replace 79.137.180.0/25 via 127.0.0.1 dev lo onlink
ip route replace 79.137.180.128/25 via 127.0.0.1 dev lo onlink
ip route replace 79.137.240.0/21 via 127.0.0.1 dev lo onlink
ip route replace 79.137.240.0/22 via 127.0.0.1 dev lo onlink
ip route replace 79.137.244.0/22 via 127.0.0.1 dev lo onlink
ip route replace 83.166.232.0/21 via 127.0.0.1 dev lo onlink
ip route replace 83.166.232.0/22 via 127.0.0.1 dev lo onlink
ip route replace 83.166.236.0/22 via 127.0.0.1 dev lo onlink
ip route replace 83.166.248.0/21 via 127.0.0.1 dev lo onlink
ip route replace 83.166.248.0/22 via 127.0.0.1 dev lo onlink
ip route replace 83.166.252.0/22 via 127.0.0.1 dev lo onlink
ip route replace 83.217.216.0/22 via 127.0.0.1 dev lo onlink
ip route replace 83.217.216.0/23 via 127.0.0.1 dev lo onlink
ip route replace 83.217.218.0/23 via 127.0.0.1 dev lo onlink
ip route replace 83.222.28.0/22 via 127.0.0.1 dev lo onlink
ip route replace 84.23.52.0/22 via 127.0.0.1 dev lo onlink
ip route replace 84.23.52.0/23 via 127.0.0.1 dev lo onlink
ip route replace 84.23.54.0/23 via 127.0.0.1 dev lo onlink
ip route replace 85.114.31.108/30 via 127.0.0.1 dev lo onlink
ip route replace 85.192.32.0/22 via 127.0.0.1 dev lo onlink
ip route replace 85.192.32.0/23 via 127.0.0.1 dev lo onlink
ip route replace 85.192.34.0/23 via 127.0.0.1 dev lo onlink
ip route replace 85.198.106.0/24 via 127.0.0.1 dev lo onlink
ip route replace 85.198.107.0/24 via 127.0.0.1 dev lo onlink
ip route replace 87.239.104.0/21 via 127.0.0.1 dev lo onlink
ip route replace 87.239.104.0/22 via 127.0.0.1 dev lo onlink
ip route replace 87.239.108.0/22 via 127.0.0.1 dev lo onlink
ip route replace 87.240.128.0/18 via 127.0.0.1 dev lo onlink
ip route replace 87.240.128.0/19 via 127.0.0.1 dev lo onlink
ip route replace 87.240.160.0/19 via 127.0.0.1 dev lo onlink
ip route replace 87.242.112.0/22 via 127.0.0.1 dev lo onlink
ip route replace 89.208.196.0/22 via 127.0.0.1 dev lo onlink
ip route replace 89.208.196.0/23 via 127.0.0.1 dev lo onlink
ip route replace 89.208.198.0/23 via 127.0.0.1 dev lo onlink
ip route replace 89.208.208.0/22 via 127.0.0.1 dev lo onlink
ip route replace 89.208.208.0/23 via 127.0.0.1 dev lo onlink
ip route replace 89.208.210.0/23 via 127.0.0.1 dev lo onlink
ip route replace 89.208.216.0/21 via 127.0.0.1 dev lo onlink
ip route replace 89.208.216.0/23 via 127.0.0.1 dev lo onlink
ip route replace 89.208.218.0/23 via 127.0.0.1 dev lo onlink
ip route replace 89.208.220.0/22 via 127.0.0.1 dev lo onlink
ip route replace 89.208.228.0/22 via 127.0.0.1 dev lo onlink
ip route replace 89.208.228.0/23 via 127.0.0.1 dev lo onlink
ip route replace 89.208.230.0/23 via 127.0.0.1 dev lo onlink
ip route replace 89.208.84.0/22 via 127.0.0.1 dev lo onlink
ip route replace 89.208.84.0/23 via 127.0.0.1 dev lo onlink
ip route replace 89.208.86.0/23 via 127.0.0.1 dev lo onlink
ip route replace 89.221.228.0/22 via 127.0.0.1 dev lo onlink
ip route replace 89.221.232.0/21 via 127.0.0.1 dev lo onlink
ip route replace 90.156.148.0/22 via 127.0.0.1 dev lo onlink
ip route replace 90.156.148.0/23 via 127.0.0.1 dev lo onlink
ip route replace 90.156.150.0/23 via 127.0.0.1 dev lo onlink
ip route replace 90.156.212.0/22 via 127.0.0.1 dev lo onlink
ip route replace 90.156.212.0/23 via 127.0.0.1 dev lo onlink
ip route replace 90.156.214.0/23 via 127.0.0.1 dev lo onlink
ip route replace 90.156.216.0/22 via 127.0.0.1 dev lo onlink
ip route replace 90.156.216.0/23 via 127.0.0.1 dev lo onlink
ip route replace 90.156.218.0/23 via 127.0.0.1 dev lo onlink
ip route replace 90.156.232.0/21 via 127.0.0.1 dev lo onlink
ip route replace 91.219.224.0/22 via 127.0.0.1 dev lo onlink
ip route replace 91.231.132.0/22 via 127.0.0.1 dev lo onlink
ip route replace 91.237.76.0/24 via 127.0.0.1 dev lo onlink
ip route replace 93.153.255.84/30 via 127.0.0.1 dev lo onlink
ip route replace 93.186.224.0/20 via 127.0.0.1 dev lo onlink
ip route replace 93.186.224.0/21 via 127.0.0.1 dev lo onlink
ip route replace 93.186.232.0/21 via 127.0.0.1 dev lo onlink
ip route replace 94.100.176.0/20 via 127.0.0.1 dev lo onlink
ip route replace 94.100.176.0/21 via 127.0.0.1 dev lo onlink
ip route replace 94.100.184.0/21 via 127.0.0.1 dev lo onlink
ip route replace 94.139.244.0/22 via 127.0.0.1 dev lo onlink
ip route replace 94.139.244.0/23 via 127.0.0.1 dev lo onlink
ip route replace 94.139.246.0/23 via 127.0.0.1 dev lo onlink
ip route replace 95.142.192.0/20 via 127.0.0.1 dev lo onlink
ip route replace 95.142.192.0/21 via 127.0.0.1 dev lo onlink
ip route replace 95.142.200.0/21 via 127.0.0.1 dev lo onlink
ip route replace 95.163.180.0/22 via 127.0.0.1 dev lo onlink
ip route replace 95.163.180.0/23 via 127.0.0.1 dev lo onlink
ip route replace 95.163.182.0/23 via 127.0.0.1 dev lo onlink
ip route replace 95.163.208.0/21 via 127.0.0.1 dev lo onlink
ip route replace 95.163.208.0/23 via 127.0.0.1 dev lo onlink
ip route replace 95.163.210.0/23 via 127.0.0.1 dev lo onlink
ip route replace 95.163.212.0/22 via 127.0.0.1 dev lo onlink
ip route replace 95.163.216.0/22 via 127.0.0.1 dev lo onlink
ip route replace 95.163.216.0/23 via 127.0.0.1 dev lo onlink
ip route replace 95.163.218.0/23 via 127.0.0.1 dev lo onlink
ip route replace 95.163.248.0/21 via 127.0.0.1 dev lo onlink
ip route replace 95.163.248.0/22 via 127.0.0.1 dev lo onlink
ip route replace 95.163.252.0/23 via 127.0.0.1 dev lo onlink
ip route replace 95.163.254.0/23 via 127.0.0.1 dev lo onlink
ip route replace 95.163.32.0/19 via 127.0.0.1 dev lo onlink
ip route replace 95.163.32.0/22 via 127.0.0.1 dev lo onlink
ip route replace 95.163.36.0/22 via 127.0.0.1 dev lo onlink
ip route replace 95.163.40.0/21 via 127.0.0.1 dev lo onlink
ip route replace 95.163.48.0/20 via 127.0.0.1 dev lo onlink
ip route replace 95.213.0.0/17 via 127.0.0.1 dev lo onlink
ip route replace 95.213.0.0/20 via 127.0.0.1 dev lo onlink
ip route replace 95.213.16.0/21 via 127.0.0.1 dev lo onlink
ip route replace 95.213.24.0/23 via 127.0.0.1 dev lo onlink
ip route replace 95.213.26.0/24 via 127.0.0.1 dev lo onlink
ip route replace 95.213.27.0/24 via 127.0.0.1 dev lo onlink
ip route replace 95.213.28.0/24 via 127.0.0.1 dev lo onlink
ip route replace 95.213.29.0/24 via 127.0.0.1 dev lo onlink
ip route replace 95.213.30.0/24 via 127.0.0.1 dev lo onlink
ip route replace 95.213.31.0/24 via 127.0.0.1 dev lo onlink
ip route replace 95.213.32.0/24 via 127.0.0.1 dev lo onlink
ip route replace 95.213.33.0/24 via 127.0.0.1 dev lo onlink
ip route replace 95.213.34.0/23 via 127.0.0.1 dev lo onlink
ip route replace 95.213.36.0/22 via 127.0.0.1 dev lo onlink
ip route replace 95.213.40.0/21 via 127.0.0.1 dev lo onlink
ip route replace 95.213.48.0/20 via 127.0.0.1 dev lo onlink
ip route replace 95.213.64.0/18 via 127.0.0.1 dev lo onlink

9
blacklists_route/blacklist-vk-v6.routes
View File

@@ -1,9 +0,0 @@
# Linux routes for VK networks (IPv6)
# Auto-generated by blacklists_updater_routes.sh
# Last updated: 2026-03-29 06:56:52 UTC
#
# Apply:
# sudo sh blacklist-vk-v6.routes
#
ip -6 route replace 2a00:bdc0::/29 via ::1 dev lo

104
blacklists_updater_iptables.sh
View File

@@ -1,43 +1,18 @@
#!/bin/sh
SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)"
# Input files (generated by blacklists_updater_txt.sh)
blacklist_file="${SCRIPT_DIR}/blacklists/blacklist.txt"
blacklist_v4_file="${SCRIPT_DIR}/blacklists/blacklist-v4.txt"
blacklist_v6_file="${SCRIPT_DIR}/blacklists/blacklist-v6.txt"
# Source files for name-based VK filtering
auto_all_v4_file="${SCRIPT_DIR}/auto/all-ru-ipv4.txt"
auto_all_v6_file="${SCRIPT_DIR}/auto/all-ru-ipv6.txt"
auto_ripe_v4_file="${SCRIPT_DIR}/auto/ripe-ru-ipv4.txt"
vk_name_pattern='vk[[:space:]-]*cloud|vkcompany|vkontakte'
# Additional VK-only text blacklists
blacklist_vk_file="${SCRIPT_DIR}/blacklists/blacklist-vk.txt"
blacklist_vk_v4_file="${SCRIPT_DIR}/blacklists/blacklist-vk-v4.txt"
blacklist_vk_v6_file="${SCRIPT_DIR}/blacklists/blacklist-vk-v6.txt"
blacklist_file="blacklists/blacklist.txt"
blacklist_v4_file="blacklists/blacklist-v4.txt"
blacklist_v6_file="blacklists/blacklist-v6.txt"
# Output directory and files
iptables_output_dir="${SCRIPT_DIR}/blacklists_iptables"
iptables_output_dir="blacklists_iptables"
iptables_output_file="${iptables_output_dir}/blacklist.ipset"
iptables_v4_output_file="${iptables_output_dir}/blacklist-v4.ipset"
iptables_v6_output_file="${iptables_output_dir}/blacklist-v6.ipset"
iptables_vk_v4_output_file="${iptables_output_dir}/blacklist-vk-v4.ipset"
iptables_vk_v6_output_file="${iptables_output_dir}/blacklist-vk-v6.ipset"
# Create required directories if they don't exist
mkdir -p "${iptables_output_dir}" "${SCRIPT_DIR}/blacklists"
# Build additional VK-only blacklist from network names in auto/*.txt files
tmp_vk_file="$(mktemp "${SCRIPT_DIR}/blacklists/.blacklist-vk.XXXXXX")"
for source_file in "${auto_all_v4_file}" "${auto_all_v6_file}" "${auto_ripe_v4_file}"; do
[ -f "${source_file}" ] || continue
awk -v pattern="${vk_name_pattern}" 'tolower($0) ~ pattern { print $1 }' "${source_file}" >> "${tmp_vk_file}"
done
sort -u "${tmp_vk_file}" > "${blacklist_vk_file}"
grep ':' "${blacklist_vk_file}" | sort -u > "${blacklist_vk_v6_file}" || true
grep -v ':' "${blacklist_vk_file}" | sort -u > "${blacklist_vk_v4_file}" || true
rm -f "${tmp_vk_file}"
# Create iptables directory if it doesn't exist
mkdir -p "${iptables_output_dir}"
# Function to generate ipset config from input file
generate_ipset_config() {
@@ -46,25 +21,12 @@ generate_ipset_config() {
local ip_version="$3"
local set_name="$4"
local family="$5"
local iptables_cmd="iptables"
local rule_primary=""
local rule_secondary=""
[ "${family}" = "inet6" ] && iptables_cmd="ip6tables"
if printf "%s" "${set_name}" | grep -q '^blacklist-vk'; then
rule_primary="${iptables_cmd} -I OUTPUT -m set --match-set ${set_name} dst -j REJECT"
rule_secondary="${iptables_cmd} -I FORWARD -m set --match-set ${set_name} dst -j REJECT"
else
rule_primary="${iptables_cmd} -I INPUT -m set --match-set ${set_name} src -m conntrack --ctstate NEW -j DROP"
rule_secondary="${iptables_cmd} -I FORWARD -m set --match-set ${set_name} src -m conntrack --ctstate NEW -j DROP"
fi
# Count entries for hash size calculation
local count=$(wc -l < "${input_file}" | tr -d ' ')
local hashsize=$((count > 1024 ? count : 1024))
local maxelem=$((count * 2))
# Generate ipset configuration with header
cat > "${output_file}" << EOF
# IPSet blacklist configuration ${ip_version}
@@ -76,8 +38,8 @@ generate_ipset_config() {
# ipset restore < $(basename ${output_file})
#
# 2. Use with iptables/ip6tables:
# ${rule_primary}
${rule_secondary:+# ${rule_secondary}}
# iptables -I INPUT -m set --match-set ${set_name} src -j DROP
# iptables -I FORWARD -m set --match-set ${set_name} src -j DROP
#
# 3. To flush/delete the set:
# ipset flush ${set_name}
@@ -93,7 +55,7 @@ EOF
[ -z "${network}" ] && continue
echo "add ${set_name} ${network}" >> "${output_file}"
done < "${input_file}"
echo "✓ Generated ${ip_version}: ${output_file}"
echo " Total entries: ${count}"
}
@@ -101,16 +63,34 @@ EOF
# Generate ipset configurations from blacklist files
generate_ipset_config "${blacklist_v4_file}" "${iptables_v4_output_file}" "(IPv4 only)" "blacklist-v4" "inet"
generate_ipset_config "${blacklist_v6_file}" "${iptables_v6_output_file}" "(IPv6 only)" "blacklist-v6" "inet6"
generate_ipset_config "${blacklist_vk_v4_file}" "${iptables_vk_v4_output_file}" "(VK names, IPv4 only)" "blacklist-vk-v4" "inet"
generate_ipset_config "${blacklist_vk_v6_file}" "${iptables_vk_v6_output_file}" "(VK names, IPv6 only)" "blacklist-vk-v6" "inet6"
echo ""
echo "VK outgoing block examples (iptables/ipset):"
echo " ipset restore < ${iptables_vk_v4_output_file}"
echo " ipset restore < ${iptables_vk_v6_output_file}"
echo " iptables -I OUTPUT -m set --match-set blacklist-vk-v4 dst -j REJECT"
echo " iptables -I FORWARD -m set --match-set blacklist-vk-v4 dst -j REJECT"
echo " ip6tables -I OUTPUT -m set --match-set blacklist-vk-v6 dst -j REJECT"
echo " ip6tables -I FORWARD -m set --match-set blacklist-vk-v6 dst -j REJECT"
echo ""
echo "Tip: Do not install Messenger MAX on the same phone/device that has VPN access configured."
# For mixed file, we need to create two sets (IPv4 and IPv6) as ipset doesn't support mixed families
cat > "${iptables_output_file}" << EOF
# IPSet blacklist configuration (mixed IPv4/IPv6)
# Auto-generated from $(basename ${blacklist_file})
# Last updated: $(date -u +"%Y-%m-%d %H:%M:%S UTC")
#
# Usage:
# 1. Load the ipset:
# ipset restore < $(basename ${iptables_output_file})
#
# 2. Use with iptables/ip6tables:
# iptables -I INPUT -m set --match-set blacklist-v4 src -j DROP
# iptables -I FORWARD -m set --match-set blacklist-v4 src -j DROP
# ip6tables -I INPUT -m set --match-set blacklist-v6 src -j DROP
# ip6tables -I FORWARD -m set --match-set blacklist-v6 src -j DROP
#
# 3. To flush/delete the sets:
# ipset flush blacklist-v4 && ipset destroy blacklist-v4
# ipset flush blacklist-v6 && ipset destroy blacklist-v6
#
EOF
# Append both IPv4 and IPv6 sets to the mixed file
tail -n +2 "${iptables_v4_output_file}" | grep -E "^(create|add)" >> "${iptables_output_file}"
echo "" >> "${iptables_output_file}"
tail -n +2 "${iptables_v6_output_file}" | grep -E "^(create|add)" >> "${iptables_output_file}"
echo "✓ Generated (mixed IPv4/IPv6): ${iptables_output_file}"
echo " Total entries: $(wc -l < "${blacklist_file}" | tr -d ' ')"

88
blacklists_updater_nftables.sh
View File

@@ -1,88 +0,0 @@
#!/bin/bash
# Generates nftables blacklist configurations from the main blacklist
set -e
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
INPUT_FILE="$SCRIPT_DIR/blacklists/blacklist.txt"
OUTPUT_DIR="$SCRIPT_DIR/blacklists_nftables"
# Source files for name-based VK filtering
AUTO_ALL_V4_FILE="$SCRIPT_DIR/auto/all-ru-ipv4.txt"
AUTO_ALL_V6_FILE="$SCRIPT_DIR/auto/all-ru-ipv6.txt"
AUTO_RIPE_V4_FILE="$SCRIPT_DIR/auto/ripe-ru-ipv4.txt"
VK_NAME_PATTERN='vk[[:space:]-]*cloud|vkcompany|vkontakte'
# Additional VK-only text blacklists
VK_INPUT_FILE="$SCRIPT_DIR/blacklists/blacklist-vk.txt"
VK_INPUT_V4_FILE="$SCRIPT_DIR/blacklists/blacklist-vk-v4.txt"
VK_INPUT_V6_FILE="$SCRIPT_DIR/blacklists/blacklist-vk-v6.txt"
# Create required directories if they don't exist
mkdir -p "$OUTPUT_DIR" "$SCRIPT_DIR/blacklists"
echo "Generating nftables blacklists..."
# Build additional VK-only blacklist from network names in auto/*.txt files
TMP_VK_FILE="$(mktemp "$SCRIPT_DIR/blacklists/.blacklist-vk.XXXXXX")"
for source_file in "$AUTO_ALL_V4_FILE" "$AUTO_ALL_V6_FILE" "$AUTO_RIPE_V4_FILE"; do
[[ -f "$source_file" ]] || continue
awk -v pattern="$VK_NAME_PATTERN" 'tolower($0) ~ pattern { print $1 }' "$source_file" >> "$TMP_VK_FILE"
done
sort -u "$TMP_VK_FILE" > "$VK_INPUT_FILE"
grep ':' "$VK_INPUT_FILE" | sort -u > "$VK_INPUT_V6_FILE" || true
grep -v ':' "$VK_INPUT_FILE" | sort -u > "$VK_INPUT_V4_FILE" || true
rm -f "$TMP_VK_FILE"
# Generate mixed IPv4/IPv6 blacklist (recommended single-file load)
python3 "$SCRIPT_DIR/generate_nft_blacklist.py" \
"$INPUT_FILE" \
"$OUTPUT_DIR/blacklist.nft"
# Generate IPv4-only blacklist
TMP_V4_FILE="/tmp/blacklist-v4.txt"
TMP_V6_FILE="/tmp/blacklist-v6.txt"
grep -E '^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+' "$INPUT_FILE" > "$TMP_V4_FILE" || true
python3 "$SCRIPT_DIR/generate_nft_blacklist.py" \
"$TMP_V4_FILE" \
"$OUTPUT_DIR/blacklist-v4.nft"
# Generate IPv6-only blacklist
grep -E '^[0-9a-fA-F:]+:' "$INPUT_FILE" > "$TMP_V6_FILE" || true
python3 "$SCRIPT_DIR/generate_nft_blacklist.py" \
"$TMP_V6_FILE" \
"$OUTPUT_DIR/blacklist-v6.nft"
# Generate VK-only blacklists (network names: VK Cloud / VKCOMPANY / VKONTAKTE)
python3 "$SCRIPT_DIR/generate_nft_blacklist.py" \
"$VK_INPUT_FILE" \
"$OUTPUT_DIR/blacklist-vk.nft"
python3 "$SCRIPT_DIR/generate_nft_blacklist.py" \
"$VK_INPUT_V4_FILE" \
"$OUTPUT_DIR/blacklist-vk-v4.nft"
python3 "$SCRIPT_DIR/generate_nft_blacklist.py" \
"$VK_INPUT_V6_FILE" \
"$OUTPUT_DIR/blacklist-vk-v6.nft"
# Clean up temp files
rm -f "$TMP_V4_FILE" "$TMP_V6_FILE"
echo "nftables blacklists generated successfully!"
echo ""
echo "VM incoming block examples (all lists, nftables):"
echo " sudo nft -f $OUTPUT_DIR/blacklist.nft"
echo " sudo nft -f $OUTPUT_DIR/blacklist-v4.nft"
echo " sudo nft -f $OUTPUT_DIR/blacklist-v6.nft"
echo " sudo nft add chain inet filter input '{ type filter hook input priority 0; policy accept; }'"
echo " sudo nft add rule inet filter input ip saddr @blacklist_v4 counter reject"
echo " sudo nft add rule inet filter input ip6 saddr @blacklist_v6 counter reject"
echo ""
echo "VK outbound block examples for VPN clients via NAT (nftables):"
echo " sudo nft -f $OUTPUT_DIR/blacklist-vk.nft"
echo " sudo nft -f $OUTPUT_DIR/blacklist-vk-v4.nft"
echo " sudo nft -f $OUTPUT_DIR/blacklist-vk-v6.nft"
echo " sudo nft add chain inet filter forward '{ type filter hook forward priority 0; policy accept; }'"
echo " sudo nft add rule inet filter forward iifname \"<VPN_IFACE>\" ip daddr @blacklist_vk_v4 counter reject"
echo " sudo nft add rule inet filter forward iifname \"<VPN_IFACE>\" ip6 daddr @blacklist_vk_v6 counter reject"
echo ""
echo "Tip: Do not install Messenger MAX on the same phone/device that has VPN access configured."

4
blacklists_updater_nginx.sh
View File

@@ -11,8 +11,8 @@ nginx_output_file="${nginx_output_dir}/blacklist.conf"
nginx_v4_output_file="${nginx_output_dir}/blacklist-v4.conf"
nginx_v6_output_file="${nginx_output_dir}/blacklist-v6.conf"
# Create required directories if they don't exist
mkdir -p "${nginx_output_dir}" "blacklists"
# Create nginx directory if it doesn't exist
mkdir -p "${nginx_output_dir}"
# Function to generate nginx config from input file
generate_nginx_config() {

78
blacklists_updater_routes.sh
View File

@@ -1,78 +0,0 @@
#!/bin/sh
set -e
SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)"
# Source files for name-based VK filtering
AUTO_ALL_V4_FILE="${SCRIPT_DIR}/auto/all-ru-ipv4.txt"
AUTO_ALL_V6_FILE="${SCRIPT_DIR}/auto/all-ru-ipv6.txt"
AUTO_RIPE_V4_FILE="${SCRIPT_DIR}/auto/ripe-ru-ipv4.txt"
VK_NAME_PATTERN='vk[[:space:]-]*cloud|vkcompany|vkontakte'
# Additional VK-only text blacklists
VK_INPUT_FILE="${SCRIPT_DIR}/blacklists/blacklist-vk.txt"
VK_INPUT_V4_FILE="${SCRIPT_DIR}/blacklists/blacklist-vk-v4.txt"
VK_INPUT_V6_FILE="${SCRIPT_DIR}/blacklists/blacklist-vk-v6.txt"
# Output directory and files
ROUTES_OUTPUT_DIR="${SCRIPT_DIR}/blacklists_route"
ROUTES_V4_FILE="${ROUTES_OUTPUT_DIR}/blacklist-vk-v4.routes"
ROUTES_V6_FILE="${ROUTES_OUTPUT_DIR}/blacklist-vk-v6.routes"
mkdir -p "${ROUTES_OUTPUT_DIR}" "${SCRIPT_DIR}/blacklists"
echo "Generating VK route blacklists..."
# Build additional VK-only blacklist from network names in auto/*.txt files
TMP_VK_FILE="$(mktemp "${SCRIPT_DIR}/blacklists/.blacklist-vk.XXXXXX")"
for source_file in "${AUTO_ALL_V4_FILE}" "${AUTO_ALL_V6_FILE}" "${AUTO_RIPE_V4_FILE}"; do
[ -f "${source_file}" ] || continue
awk -v pattern="${VK_NAME_PATTERN}" 'tolower($0) ~ pattern { print $1 }' "${source_file}" >> "${TMP_VK_FILE}"
done
sort -u "${TMP_VK_FILE}" > "${VK_INPUT_FILE}"
grep ':' "${VK_INPUT_FILE}" | sort -u > "${VK_INPUT_V6_FILE}" || true
grep -v ':' "${VK_INPUT_FILE}" | sort -u > "${VK_INPUT_V4_FILE}" || true
rm -f "${TMP_VK_FILE}"
# Generate IPv4 routes file (route VK prefixes to loopback via 127.0.0.1)
cat > "${ROUTES_V4_FILE}" << EOF
# Linux routes for VK networks (IPv4)
# Auto-generated by $(basename "$0")
# Last updated: $(date -u +"%Y-%m-%d %H:%M:%S UTC")
#
# Apply:
# sudo sh $(basename "${ROUTES_V4_FILE}")
#
EOF
while IFS= read -r network; do
[ -n "${network}" ] || continue
printf 'ip route replace %s via 127.0.0.1 dev lo onlink\n' "${network}" >> "${ROUTES_V4_FILE}"
done < "${VK_INPUT_V4_FILE}"
# Generate IPv6 routes file (route VK prefixes to loopback via ::1)
cat > "${ROUTES_V6_FILE}" << EOF
# Linux routes for VK networks (IPv6)
# Auto-generated by $(basename "$0")
# Last updated: $(date -u +"%Y-%m-%d %H:%M:%S UTC")
#
# Apply:
# sudo sh $(basename "${ROUTES_V6_FILE}")
#
EOF
while IFS= read -r network; do
[ -n "${network}" ] || continue
printf 'ip -6 route replace %s via ::1 dev lo\n' "${network}" >> "${ROUTES_V6_FILE}"
done < "${VK_INPUT_V6_FILE}"
echo "✓ Generated: ${ROUTES_V4_FILE} (entries: $(wc -l < "${VK_INPUT_V4_FILE}" | tr -d ' '))"
echo "✓ Generated: ${ROUTES_V6_FILE} (entries: $(wc -l < "${VK_INPUT_V6_FILE}" | tr -d ' '))"
echo ""
echo "Examples:"
echo " sudo sh ${ROUTES_V4_FILE}"
echo " sudo sh ${ROUTES_V6_FILE}"

2
blacklists_updater_txt.sh
View File

@@ -11,8 +11,6 @@ black_names="uvd|umvd|fgup|grchc|roskomnad|federalnaya sluzhba|ufsb|zonatelecom|
# M100 - mail.ru
white_names="ruvds"
mkdir -p blacklists auto
grep -iE "${black_names}" auto/all-ru-asn.txt | grep -viE "${white_names}" | awk '{ print "# AS-Name: " $0 "\n" $1}' > ${auto_black_ass}
./network_list_from_as.py ${auto_black_ass} > ${outfile_w_comments}
./network_list_from_netname.py lists/ru-gov-netnames.txt >> ${outfile_w_comments}

117
check_nft_blacklist.py
View File

@@ -1,117 +0,0 @@
#!/usr/bin/env python3
"""
check_nft_blacklist.py
Checks if an IP address is in the nftables blacklist configuration.
Usage:
check_nft_blacklist.py nft_bl.conf 192.168.1.1
check_nft_blacklist.py nft_bl.conf 2001:db8::1
"""
import sys
import re
from ipaddress import ip_address, ip_network, AddressValueError
from pathlib import Path
def iter_set_blocks(content):
current_name = None
current_lines = []
brace_depth = 0
for line in content.splitlines():
if current_name is None:
match = re.match(r"\s*set\s+([A-Za-z0-9_]+)\s*\{", line)
if match:
current_name = match.group(1)
current_lines = [line]
brace_depth = line.count("{") - line.count("}")
continue
current_lines.append(line)
brace_depth += line.count("{") - line.count("}")
if brace_depth == 0:
yield current_name, "\n".join(current_lines)
current_name = None
current_lines = []
def parse_nft_config(config_path):
"""Extract IPv4 and IPv6 prefixes from nftables config."""
p = Path(config_path)
if not p.exists():
raise FileNotFoundError(f"Config file not found: {config_path}")
content = p.read_text(encoding="utf-8")
v4_prefixes = []
v6_prefixes = []
for _, block in iter_set_blocks(content):
if "type ipv4_addr" in block:
for match in re.finditer(r"(\d+\.\d+\.\d+\.\d+(?:/\d+)?)", block):
try:
v4_prefixes.append(ip_network(match.group(1), strict=False))
except Exception as e:
print(f"Warning: Could not parse IPv4 prefix '{match.group(1)}': {e}", file=sys.stderr)
elif "type ipv6_addr" in block:
for match in re.finditer(r"([0-9a-fA-F:]+(?:/\d+)?)", block):
try:
v6_prefixes.append(ip_network(match.group(1), strict=False))
except Exception:
pass
return v4_prefixes, v6_prefixes
def check_ip_in_blacklist(ip_addr, v4_prefixes, v6_prefixes):
"""Check if IP address is in any of the blacklist prefixes."""
try:
addr = ip_address(ip_addr)
except AddressValueError as e:
raise ValueError(f"Invalid IP address: {ip_addr} ({e})")
prefixes = v4_prefixes if addr.version == 4 else v6_prefixes
for prefix in prefixes:
if addr in prefix:
return True, prefix
return False, None
def main(argv):
if len(argv) < 3:
print("Usage: python3 check_nft_blacklist.py <nft_config.conf> <ip_address>")
print("Examples:")
print(" check_nft_blacklist.py nft_bl.conf 192.168.1.1")
print(" check_nft_blacklist.py nft_bl.conf 2001:db8::1")
return 2
config_file = argv[1]
ip_to_check = argv[2]
# Parse the nftables config
try:
print(f"Loading blacklist from: {config_file}")
v4_prefixes, v6_prefixes = parse_nft_config(config_file)
print(f"Loaded {len(v4_prefixes)} IPv4 prefixes and {len(v6_prefixes)} IPv6 prefixes")
except Exception as e:
print(f"ERROR: Could not parse config file: {e}", file=sys.stderr)
return 3
# Check if IP is in blacklist
try:
is_blocked, matching_prefix = check_ip_in_blacklist(ip_to_check, v4_prefixes, v6_prefixes)
print(f"\nChecking IP: {ip_to_check}")
print("-" * 50)
if is_blocked:
print(f"✗ BLOCKED - IP is in blacklist")
print(f" Matching prefix: {matching_prefix}")
return 1
else:
print(f"✓ OK - IP is NOT in blacklist")
return 0
except ValueError as e:
print(f"ERROR: {e}", file=sys.stderr)
return 4
if __name__ == "__main__":
sys.exit(main(sys.argv))

174
generate_nft_blacklist.py
View File

@@ -1,174 +0,0 @@
#!/usr/bin/env python3
"""
generate_nft_blacklist.py
Reads prefixes from a file or stdin, aggregates them and writes nftables config.
Uses named sets for efficient blacklist management.
Usage:
git clone https://github.com/C24Be/AS_Network_List.git
generate_nft_blacklist.py ./AS_Network_List/blacklists/blacklist.txt nft_bl.conf
cp nft_bl.conf /etc/nftables.d/
systemctl restart nftables
"""
import sys
from ipaddress import ip_network, collapse_addresses
from pathlib import Path
from datetime import datetime, UTC
def read_lines(path_or_dash):
if path_or_dash == "-":
print("Reading prefixes from STDIN...")
return [ln.rstrip("\n") for ln in sys.stdin]
p = Path(path_or_dash)
if not p.exists():
raise FileNotFoundError(f"Input file not found: {path_or_dash}")
text = p.read_text(encoding="utf-8")
return text.splitlines()
def aggregate_prefixes(lines):
v4, v6, invalid = [], [], []
for lineno, ln in enumerate(lines, start=1):
s = ln.strip()
if not s or s.startswith("#"):
continue
try:
net = ip_network(s, strict=False)
if net.version == 4:
v4.append(net)
else:
v6.append(net)
except Exception as e:
invalid.append((lineno, s, str(e)))
agg_v4 = list(collapse_addresses(sorted(v4, key=lambda x: (int(x.network_address), x.prefixlen))))
agg_v6 = list(collapse_addresses(sorted(v6, key=lambda x: (int(x.network_address), x.prefixlen))))
return agg_v4, agg_v6, invalid
def make_nft_config(agg_v4, agg_v6, comment=None, usage_profile="vm_input"):
if usage_profile == "vk_forward":
set_v4_name = "blacklist_vk_v4"
set_v6_name = "blacklist_vk_v6"
rule_v4 = f'sudo nft add rule inet filter forward iifname "<VPN_IFACE>" ip daddr @{set_v4_name} counter reject'
rule_v6 = f'sudo nft add rule inet filter forward iifname "<VPN_IFACE>" ip6 daddr @{set_v6_name} counter reject'
else:
set_v4_name = "blacklist_v4"
set_v6_name = "blacklist_v6"
rule_v4 = f"sudo nft add rule inet filter input ip saddr @{set_v4_name} counter reject"
rule_v6 = f"sudo nft add rule inet filter input ip6 saddr @{set_v6_name} counter reject"
lines = []
lines.append("# Autogenerated nftables blacklist")
lines.append(f"# Generated: {datetime.now(UTC).isoformat().replace('+00:00', 'Z')}")
if comment:
lines.append(f"# {comment}")
lines.append(f"# IPv4: {len(agg_v4)}, IPv6: {len(agg_v6)}")
lines.append("#")
lines.append("# Usage:")
lines.append("# sudo nft -f <this-file>")
if usage_profile == "vk_forward":
lines.append("# # VK egress blocking for VPN clients via NAT/FORWARD")
lines.append("# sudo nft add chain inet filter forward '{ type filter hook forward priority 0; policy accept; }'")
lines.append(f"# {rule_v4}")
lines.append(f"# {rule_v6}")
else:
lines.append("# # VM protection from incoming blacklist sources")
lines.append("# sudo nft add chain inet filter input '{ type filter hook input priority 0; policy accept; }'")
lines.append(f"# {rule_v4}")
lines.append(f"# {rule_v6}")
lines.append("")
lines.append("table inet filter {")
lines.append("")
# Define IPv4 blacklist set
lines.append(f" set {set_v4_name} {{")
lines.append(" type ipv4_addr")
lines.append(" flags interval")
if agg_v4:
lines.append(" elements = {")
for i, net in enumerate(agg_v4):
comma = "," if i < len(agg_v4) - 1 else ""
rendered_net = net.with_prefixlen if hasattr(net, "with_prefixlen") else str(net)
lines.append(f" {rendered_net}{comma}")
lines.append(" }")
lines.append(" }")
lines.append("")
# Define IPv6 blacklist set
lines.append(f" set {set_v6_name} {{")
lines.append(" type ipv6_addr")
lines.append(" flags interval")
if agg_v6:
lines.append(" elements = {")
for i, net in enumerate(agg_v6):
comma = "," if i < len(agg_v6) - 1 else ""
rendered_net = net.with_prefixlen if hasattr(net, "with_prefixlen") else str(net)
lines.append(f" {rendered_net}{comma}")
lines.append(" }")
lines.append(" }")
lines.append("")
lines.append("}")
return "\n".join(lines)
def write_output(outpath, content):
if outpath == "-":
print(content)
return
p = Path(outpath)
p.write_text(content, encoding="utf-8")
p.chmod(0o644)
print(f"Wrote nft config to: {p} (size: {p.stat().st_size} bytes)")
def main(argv):
if len(argv) < 3:
print("Usage: python3 generate_nft_blacklist.py input.txt output.conf")
print("Use '-' as input or output to mean STDIN/STDOUT respectively.")
return 2
infile, outfile = argv[1], argv[2]
try:
lines = read_lines(infile)
except Exception as e:
print(f"ERROR reading input: {e}", file=sys.stderr)
return 3
if not any(line.strip() and not line.strip().startswith("#") for line in lines):
print("WARNING: input contains no prefixes (empty or only comments). Nothing to aggregate.")
profile = "vk_forward" if "vk" in Path(infile).name.lower() else "vm_input"
nft_conf = make_nft_config([], [], comment="Empty input produced no prefixes", usage_profile=profile)
write_output(outfile, nft_conf)
return 0
agg_v4, agg_v6, invalid = aggregate_prefixes(lines)
if invalid:
print("Some lines could not be parsed (line, text, error):")
for ln, txt, err in invalid:
print(f" {ln}: '{txt}' --> {err}", file=sys.stderr)
print(f"Aggregated IPv4 prefixes: {len(agg_v4)}")
for n in agg_v4:
print(" v4:", n)
print(f"Aggregated IPv6 prefixes: {len(agg_v6)}")
for n in agg_v6:
print(" v6:", n)
profile = "vk_forward" if "vk" in Path(infile).name.lower() else "vm_input"
nft_conf = make_nft_config(agg_v4, agg_v6, comment=f"Source: {infile}", usage_profile=profile)
try:
write_output(outfile, nft_conf)
except Exception as e:
print(f"ERROR writing output: {e}", file=sys.stderr)
return 4
print("Done.")
print("Load with: sudo nft -f <output.conf>")
if profile == "vk_forward":
print("View sets: sudo nft list set inet filter blacklist_vk_v4")
print(" sudo nft list set inet filter blacklist_vk_v6")
else:
print("View sets: sudo nft list set inet filter blacklist_v4")
print(" sudo nft list set inet filter blacklist_v6")
return 0
if __name__ == "__main__":
sys.exit(main(sys.argv))

94
network_list_from_as.py
View File

@@ -1,94 +1,60 @@
#!/usr/bin/env python3
import requests
import argparse
import re
import sys
import requests
from cymruwhois import Client
from pylib.whois import whois_query
ASN_RE = re.compile(r"\bAS\d+\b", re.IGNORECASE)
def get_as_prefixes(asn):
url = f"https://stat.ripe.net/data/announced-prefixes/data.json?resource={asn}"
response = requests.get(url, timeout=30)
response.raise_for_status()
data = response.json()
prefixes = data["data"]["prefixes"]
return [prefix["prefix"] for prefix in prefixes]
response = requests.get(url)
if response.status_code == 200:
data = response.json()
prefixes = data['data']['prefixes']
return [prefix['prefix'] for prefix in prefixes]
else:
return []
def convert_to_raw_github_url(url):
return url.replace("https://github.com/", "https://raw.githubusercontent.com/").replace("/blob", "")
def normalize_asn(value):
match = ASN_RE.search(value)
if match:
return match.group(0).upper()
return None
def print_prefixes(asn, quiet=False):
normalized_asn = normalize_asn(asn)
if normalized_asn is None:
return
if not quiet:
print(f"# Networks announced by {normalized_asn}")
response = whois_query(normalized_asn, "as-name", True)
def print_prefixes(asn):
line = re.sub(r'[^AS0-9]', '', asn)
if not args.quiet:
print(f"# Networks announced by {line}")
response = whois_query(line, "as-name", True)
if response is not None:
info = response.strip()
print(f"# AS-Name (ORG): {info}")
prefixes = get_as_prefixes(normalized_asn)
prefixes = get_as_prefixes(line)
for prefix in prefixes:
print(prefix)
def extract_asses(asn_filename_or_url, quiet=False):
if normalize_asn(asn_filename_or_url) and not asn_filename_or_url.startswith(("http://", "https://")):
print_prefixes(asn_filename_or_url, quiet=quiet)
def extract_asses(asn_filename_or_url):
if asn_filename_or_url.startswith('AS'):
print_prefixes(asn_filename_or_url)
return None
if asn_filename_or_url.startswith("http://") or asn_filename_or_url.startswith("https://"):
if "github.com" in asn_filename_or_url:
if asn_filename_or_url.startswith('http://') or asn_filename_or_url.startswith('https://'):
if 'github.com' in asn_filename_or_url:
asn_filename_or_url = convert_to_raw_github_url(asn_filename_or_url)
response = requests.get(asn_filename_or_url, timeout=30)
response.raise_for_status()
lines = response.text.splitlines()
response = requests.get(asn_filename_or_url)
lines = response.text.split('\n')
else:
with open(asn_filename_or_url, "r", encoding="utf-8") as file:
with open(asn_filename_or_url, 'r') as file:
lines = file.readlines()
for line in lines:
normalized_asn = normalize_asn(line)
if normalized_asn:
print_prefixes(normalized_asn, quiet=quiet)
if re.match(r'^AS.*', line):
print_prefixes(line)
return None
parser = argparse.ArgumentParser(description='./as_network_list.py -q AS61280')
parser.add_argument('asn_filename_or_url', help='The AS number to get networks / The file or URL to extract AS numbers from.')
parser.add_argument('-q', '--quiet', action='store_true', help='Disable all output except prefixes.')
args = parser.parse_args()
def build_parser():
parser = argparse.ArgumentParser(description="./network_list_from_as.py -q AS61280")
parser.add_argument("asn_filename_or_url", help="The AS number to get networks / The file or URL to extract AS numbers from.")
parser.add_argument("-q", "--quiet", action="store_true", help="Disable all output except prefixes.")
return parser
def main(argv=None):
parser = build_parser()
args = parser.parse_args(argv)
try:
extract_asses(args.asn_filename_or_url, quiet=args.quiet)
except requests.RequestException as exc:
print(f"ERROR: failed to fetch ASN data: {exc}", file=sys.stderr)
return 1
except OSError as exc:
print(f"ERROR: failed to read input: {exc}", file=sys.stderr)
return 1
return 0
if __name__ == "__main__":
sys.exit(main())
extract_asses(args.asn_filename_or_url)

81
network_list_from_netname.py
View File

@@ -1,72 +1,41 @@
#!/usr/bin/env python3
import argparse
import re
import sys
import requests
from pylib.ip import convert_to_cidr
from pylib.whois import whois_query
import re
from pylib.whois import whois_query
from pylib.ip import convert_to_cidr
def convert_to_raw_github_url(url):
return url.replace("https://github.com/", "https://raw.githubusercontent.com/").replace("/blob", "")
def iter_netnames(lines):
for line in lines:
stripped = line.strip()
if not stripped or stripped.startswith("#"):
continue
if re.match(r"^netname:", stripped, re.IGNORECASE):
yield stripped.split(":", 1)[1].strip()
else:
yield stripped
def extract_netname(filename_or_url, quiet=False):
if filename_or_url.startswith("http://") or filename_or_url.startswith("https://"):
if "github.com" in filename_or_url:
def extract_netname(filename_or_url):
if filename_or_url.startswith('http://') or filename_or_url.startswith('https://'):
if 'github.com' in filename_or_url:
filename_or_url = convert_to_raw_github_url(filename_or_url)
response = requests.get(filename_or_url, timeout=30)
response.raise_for_status()
lines = response.text.splitlines()
response = requests.get(filename_or_url)
lines = response.text.split('\n')
else:
with open(filename_or_url, "r", encoding="utf-8") as file:
with open(filename_or_url, 'r') as file:
lines = file.readlines()
for netname in iter_netnames(lines):
response = whois_query(netname, "inetnum")
if response is not None and len(response) > 0:
if not quiet:
print(f"# Network name: {netname}")
for cidr in response:
for network in convert_to_cidr(cidr):
print(network)
for line in lines:
if re.match(r'^netname:', line):
netname = line.split(':')[1].strip()
response = whois_query(netname, "inetnum")
if response is not None and len(response) > 0:
if not args.quiet:
print(f"# Network name: {netname}")
for cidr in response:
net = convert_to_cidr(cidr)
net = net[0]
print(net)
return None
parser = argparse.ArgumentParser(description='Extract netname from file.')
parser.add_argument('filename_or_url', help='The file or URL to extract netnames from.')
parser.add_argument('-q', '--quiet', action='store_true', help='Disable all output except prefixes.')
args = parser.parse_args()
def build_parser():
parser = argparse.ArgumentParser(description="Extract netname from file.")
parser.add_argument("filename_or_url", help="The file or URL to extract netnames from.")
parser.add_argument("-q", "--quiet", action="store_true", help="Disable all output except prefixes.")
return parser
def main(argv=None):
parser = build_parser()
args = parser.parse_args(argv)
try:
extract_netname(args.filename_or_url, quiet=args.quiet)
except requests.RequestException as exc:
print(f"ERROR: failed to fetch netname data: {exc}", file=sys.stderr)
return 1
except OSError as exc:
print(f"ERROR: failed to read input: {exc}", file=sys.stderr)
return 1
return 0
if __name__ == "__main__":
sys.exit(main())
extract_netname(args.filename_or_url)

112
parse_ripe_db.py
View File

@@ -1,84 +1,62 @@
#!/usr/bin/env python3
import argparse
import re
import json
import sys
from pylib.ip import convert_to_cidr
from pylib.ip import convert_to_cidr
country = "RU"
def normalize_record(record):
if not record:
return None
if record.get("country") != country:
return None
normalized = dict(record)
normalized["inetnum"] = convert_to_cidr(record["inetnum"])
return normalized
def parse(filename, output_text, output_json):
c_list = []
cList = []
record = {}
with open(filename, "r", encoding="latin-1") as f:
with open(filename, 'r', encoding='latin-1') as f:
lines = f.readlines()
f.close()
for line in lines:
if line.startswith("inetnum:"):
normalized = normalize_record(record)
if normalized is not None:
c_list.append(normalized)
if re.match(r'^inetnum:', line):
if record:
record['inetnum'] = convert_to_cidr(record['inetnum'])
if record['country'] == country:
# print(record)
cList.append(record)
record = {}
record["inetnum"] = line.split("inetnum:", 1)[1].strip()
record["descr"] = ""
record["netname"] = ""
record["country"] = ""
record["org"] = ""
if line.startswith("netname:"):
record["netname"] = line.split("netname:", 1)[1].strip()
if line.startswith("descr:"):
record["descr"] = str(record["descr"].strip() + " " + line.split("descr:", 1)[1].strip()).strip()
if line.startswith("mnt-by:"):
record["netname"] = str(record["netname"].strip() + " " + line.split("mnt-by:", 1)[1].strip()).strip()
if line.startswith("country:"):
record["country"] = line.split("country:", 1)[1].strip()
if line.startswith("org:"):
record["org"] = line.split("org:", 1)[1].strip()
record['inetnum'] = line.split('inetnum:', 1)[1].strip()
record['descr'] = ''
record['netname'] = ''
record['country'] = ''
record['org'] = ''
if re.match(r'^netname:', line):
record['netname'] = line.split('netname:', 1)[1].strip()
if re.match(r'^descr:', line):
record['descr'] = str(record['descr'].strip() + ' ' + line.split('descr:', 1)[1].strip()).strip()
if re.match(r'^mnt-by:', line):
record['netname'] = str(record['netname'].strip() + ' ' + line.split('mnt-by:', 1)[1].strip()).strip()
if re.match(r'^country:', line):
record['country'] = line.split('country:', 1)[1].strip()
if re.match(r'^org:', line):
record['org'] = line.split('org:', 1)[1].strip()
if record:
cList.append(record)
normalized = normalize_record(record)
if normalized is not None:
c_list.append(normalized)
with open(output_json, 'w') as f:
json.dump(cList, f, indent=4)
f.close()
with open(output_json, "w", encoding="utf-8") as f:
json.dump(c_list, f, indent=4)
with open(output_text, 'w') as f:
for record in cList:
for net in record['inetnum']:
f.write(net + ' ' + record['netname'] + ' (' + record['org'] + ') [' + record['descr'] + ']\n')
f.close()
with open(output_text, "w", encoding="utf-8") as f:
for item in c_list:
for net in item["inetnum"]:
f.write(net + " " + item["netname"] + " (" + item["org"] + ") [" + item["descr"] + "]\n")
parser = argparse.ArgumentParser(description='Parse RIPE DB for getting a list of RU networks.')
parser.add_argument('filename', help='ripe.db.inetnum file to parse.')
parser.add_argument('output_text', help='write text db to...')
parser.add_argument('output_json', help='write json do to...')
args = parser.parse_args()
if not (args.filename):
parser.print_help()
exit()
def build_parser():
parser = argparse.ArgumentParser(description="Parse RIPE DB for getting a list of RU networks.")
parser.add_argument("filename", help="ripe.db.inetnum file to parse.")
parser.add_argument("output_text", help="write text db to...")
parser.add_argument("output_json", help="write json db to...")
return parser
def main(argv=None):
parser = build_parser()
args = parser.parse_args(argv)
try:
parse(args.filename, args.output_text, args.output_json)
except OSError as exc:
print(f"ERROR: {exc}", file=sys.stderr)
return 1
return 0
if __name__ == "__main__":
sys.exit(main())
parse(args.filename, args.output_text, args.output_json)

26
tests/test_check_nft_blacklist.py
View File

@@ -1,26 +0,0 @@
import tempfile
import unittest
from pathlib import Path
from check_nft_blacklist import check_ip_in_blacklist, parse_nft_config
from generate_nft_blacklist import make_nft_config
class CheckNftBlacklistTests(unittest.TestCase):
def test_vk_sets_are_parsed(self):
config = make_nft_config(["87.240.128.0/18"], [], usage_profile="vk_forward")
with tempfile.TemporaryDirectory() as tmpdir:
config_path = Path(tmpdir) / "blacklist-vk-v4.nft"
config_path.write_text(config, encoding="utf-8")
v4_prefixes, v6_prefixes = parse_nft_config(config_path)
blocked, prefix = check_ip_in_blacklist("87.240.128.1", v4_prefixes, v6_prefixes)
self.assertEqual(len(v4_prefixes), 1)
self.assertTrue(blocked)
self.assertEqual(str(prefix), "87.240.128.0/18")
if __name__ == "__main__":
unittest.main()

25
tests/test_generate_nft_blacklist.py
View File

@@ -1,25 +0,0 @@
import unittest
from generate_nft_blacklist import make_nft_config
class GenerateNftBlacklistTests(unittest.TestCase):
def test_general_profile_generates_plain_sets_only(self):
config = make_nft_config(["10.0.0.0/24"], [], usage_profile="vm_input")
self.assertIn("set blacklist_v4", config)
self.assertNotIn("chain input", config)
self.assertIn("ip saddr @blacklist_v4", config)
def test_vk_profile_uses_vk_set_names_and_forward_example(self):
config = make_nft_config(["10.0.0.0/24"], ["2001:db8::/32"], usage_profile="vk_forward")
self.assertIn("set blacklist_vk_v4", config)
self.assertIn("set blacklist_vk_v6", config)
self.assertNotIn("chain forward", config)
self.assertIn("ip daddr @blacklist_vk_v4", config)
self.assertIn("ip6 daddr @blacklist_vk_v6", config)
if __name__ == "__main__":
unittest.main()

41
tests/test_parse_ripe_db.py
View File

@@ -1,41 +0,0 @@
import json
import tempfile
import unittest
from pathlib import Path
from parse_ripe_db import parse
class ParseRipeDbTests(unittest.TestCase):
def test_skips_non_ru_last_record_and_normalizes_last_ru_record(self):
sample = """\
inetnum: 10.0.0.0 - 10.0.0.255
netname: TEST1
country: RU
org: ORG-1
descr: desc1
inetnum: 20.0.0.0 - 20.0.0.255
netname: TEST2
country: US
org: ORG-2
"""
with tempfile.TemporaryDirectory() as tmpdir:
source = Path(tmpdir) / "ripe.db.inetnum"
output_text = Path(tmpdir) / "out.txt"
output_json = Path(tmpdir) / "out.json"
source.write_text(sample, encoding="latin-1")
parse(str(source), str(output_text), str(output_json))
payload = json.loads(output_json.read_text(encoding="utf-8"))
self.assertEqual(len(payload), 1)
self.assertEqual(payload[0]["inetnum"], ["10.0.0.0/24"])
self.assertEqual(payload[0]["country"], "RU")
text_lines = output_text.read_text(encoding="utf-8").splitlines()
self.assertEqual(text_lines, ["10.0.0.0/24 TEST1 (ORG-1) [desc1]"])
if __name__ == "__main__":
unittest.main()