yanistyle/AS_Network_List
1
0
Fork 0
mirror of https://github.com/C24Be/AS_Network_List.git synced 2026-03-26 11:20:59 +03:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: yanistyle:main
Branches Tags
yanistyle:main
..
compare: yanistyle:534712d85822da98e64f04b8be2025eda64e6b83
Branches Tags
yanistyle:main

9 Commits
main ... 534712d858

Author SHA1 Message Date
C24Be
534712d858 Update 2026.01.01 07:46:09 2026-01-01 07:46:09 +00:00
C24Be
4bad88f7af Update 2026.01.01 07:33:52 2026-01-01 07:33:52 +00:00
C24Be
1d2b7b309b Update 2026.01.01 05:21:23 2026-01-01 05:21:24 +00:00
C24Be
e52cec5393 Update 2026.01.01 05:15:01 2026-01-01 05:15:01 +00:00
C24Be
c6b2d52abf Update 2026.01.01 04:57:10 2026-01-01 04:57:11 +00:00
C24Be
f54f902d9a Update 2026.01.01 04:18:28 2026-01-01 04:18:28 +00:00
C24Be
c7b18875bd Update 2026.01.01 04:11:28 2026-01-01 04:11:28 +00:00
C24Be
89ad95b1e6 Update 2026.01.01 04:00:25 2026-01-01 04:00:26 +00:00
C24Be
48afd374fc Update 2026.01.01 00:55:45 2026-01-01 00:55:46 +00:00
31 changed files with 39492 additions and 202413 deletions
Expand all files Collapse all files

4
.github/workflows/update_blacklists.yml vendored
View File

@@ -32,8 +32,6 @@ jobs:
- run: ./blacklists_updater_txt.sh
- run: ./blacklists_updater_nginx.sh
- run: ./blacklists_updater_iptables.sh
- run: ./blacklists_updater_nftables.sh
- run: ./blacklists_updater_routes.sh
- uses: ./.github/actions/gitPush
env:
PUSH_FILES: blacklists/ blacklists_nginx/ blacklists_iptables/ blacklists_nftables/
PUSH_FILES: blacklists/ blacklists_nginx/ blacklists_iptables/

33
.github/workflows/update_nftables.yml vendored
View File

@@ -1,33 +0,0 @@
name: Update nftables Blacklists
on:
schedule:
- cron: '30 2 * * *' # Daily at 02:30 UTC
workflow_dispatch:
jobs:
update-nftables:
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: '3.x'
- name: Generate nftables blacklists
run: |
chmod +x blacklists_updater_nftables.sh
./blacklists_updater_nftables.sh
- name: Commit and push if changed
run: |
git config --local user.email "github-actions[bot]@users.noreply.github.com"
git config --local user.name "github-actions[bot]"
git add blacklists_nftables/
git diff --quiet && git diff --staged --quiet || \
(git commit -m "Auto-update nftables blacklists [skip ci]" && git push)

73
README.md
View File

@@ -2,11 +2,6 @@
### Blacklists are updated daily!
> [!IMPORTANT]
> A very important feature has been added: dedicated lists of VK Cloud / VK networks that can be used to block **OUTGOING** traffic from your server (iptables/ipset and nftables formats are available).
> This can help reduce the risk of Messenger MAX being used to compromise your VPN server.
> The best security option is to avoid installing Messenger MAX at all on a phone where VPN access is configured.
This repository contains Python scripts that allow you to retrieve network lists based on either an Autonomous System (AS) name or a Network name. Also you can download and parse the whole RIPE database to get information about Networks for the further analysis.
**Ready-to-use blacklists in multiple formats:**
@@ -14,8 +9,6 @@ This repository contains Python scripts that allow you to retrieve network lists
- [Text blacklists in `blacklists/`](https://github.com/C24Be/AS_Network_List/tree/main/blacklists) - Plain text format with IPv4/IPv6 separation
- [Nginx configurations in `blacklists_nginx/`](https://github.com/C24Be/AS_Network_List/tree/main/blacklists_nginx) - Ready to include in your nginx config
- [IPTables/IPSet files in `blacklists_iptables/`](https://github.com/C24Be/AS_Network_List/tree/main/blacklists_iptables) - Optimized for iptables with ipset
- [nftables files in `blacklists_nftables/`](https://github.com/C24Be/AS_Network_List/tree/main/blacklists_nftables) - Ready-to-load sets and rules for nftables
- [Linux route files in `blacklists_route/`](https://github.com/C24Be/AS_Network_List/tree/main/blacklists_route) - VK route blackholes to loopback (IPv4/IPv6)
- [Other network and ASN lists in `auto/`](https://github.com/C24Be/AS_Network_List/tree/main/auto) - Comprehensive Russian network data
## Files and features
@@ -27,16 +20,12 @@ This repository contains Python scripts that allow you to retrieve network lists
- `get_info_from_ripe.py`: Retrieves information about Russian AS numbers and Networks from RIPE database for the further analysis.
- `get_description.py`: Retrieves network names, AS names and organisation names from RIPE. Updates the lists in the folder `auto/`.
- `parse_ripe_db.py`: Parses the whole RIPE database to get information about Networks for the further analysis.
- `generate_nft_blacklist.py`: Takes text blacklist on the input and generates nftables config with sets.
- `check_nft_blacklist.py`: Checks IPv4/IPv6 address against generated nftables config.
### Blacklist Generators
- `blacklists_updater_txt.sh`: Generates text-based blacklists with IPv4/IPv6 separation
- `blacklists_updater_nginx.sh`: Generates nginx configuration files with deny directives
- `blacklists_updater_iptables.sh`: Generates ipset configuration files for iptables/ip6tables
- `blacklists_updater_nftables.sh`: Generates nftables blacklist files (mixed/v4/v6 and VK-specific)
- `blacklists_updater_routes.sh`: Generates Linux route files to send VK networks to loopback (`127.0.0.1` / `::1`)
### Generated Blacklists
@@ -61,22 +50,6 @@ This repository contains Python scripts that allow you to retrieve network lists
- `blacklist-v6.ipset`: IPSet configuration for IPv6 only (**daily generated**)
- `README.md`: Complete usage documentation for iptables integration
**nftables Format** (`blacklists_nftables/` folder):
* `blacklist.nft`: nftables configuration for mixed IPv4/IPv6 (**daily generated**)
* `blacklist-v4.nft`: nftables configuration for IPv4 only (**daily generated**)
* `blacklist-v6.nft`: nftables configuration for IPv6 only (**daily generated**)
* `blacklist-vk.nft`: nftables configuration for VK-only networks (**daily generated**)
* `blacklist-vk-v4.nft`: nftables configuration for VK-only IPv4 networks (**daily generated**)
* `blacklist-vk-v6.nft`: nftables configuration for VK-only IPv6 networks (**daily generated**)
* `README.md`: Complete usage documentation for nftables integration
**Linux Routes Format** (`blacklists_route/` folder):
* `blacklist-vk-v4.routes`: IPv4 routes for VK-only networks to `127.0.0.1` via `lo` (**daily generated**)
* `blacklist-vk-v6.routes`: IPv6 routes for VK-only networks to `::1` via `lo` (**daily generated**)
### Reference Lists
**Contributors are welcome!**
@@ -117,38 +90,6 @@ iptables -I INPUT -m set --match-set blacklist-v4 src -j DROP
ip6tables -I INPUT -m set --match-set blacklist-v6 src -j DROP
```
**For nftables:**
````bash
# Download and load into nftables
wget https://raw.githubusercontent.com/C24Be/AS_Network_List/main/blacklists_nftables/blacklist.nft
sudo nft -f blacklist.nft
# Protect VM from incoming blacklist sources
sudo nft add chain inet filter input '{ type filter hook input priority 0; policy accept; }'
sudo nft add rule inet filter input ip saddr @blacklist_v4 counter reject
sudo nft add rule inet filter input ip6 saddr @blacklist_v6 counter reject
# VK-only outbound blocking for VPN clients via NAT/FORWARD
wget https://raw.githubusercontent.com/C24Be/AS_Network_List/main/blacklists_nftables/blacklist-vk.nft
sudo nft -f blacklist-vk.nft
sudo nft add chain inet filter forward '{ type filter hook forward priority 0; policy accept; }'
sudo nft add rule inet filter forward iifname "<VPN_IFACE>" ip daddr @blacklist_v4 counter reject
sudo nft add rule inet filter forward iifname "<VPN_IFACE>" ip6 daddr @blacklist_v6 counter reject
# View the loaded rules
sudo nft list ruleset
````
**For Linux Routes (VK loopback blackhole):**
```bash
# Download and apply VK route files
wget https://raw.githubusercontent.com/C24Be/AS_Network_List/main/blacklists_route/blacklist-vk-v4.routes
wget https://raw.githubusercontent.com/C24Be/AS_Network_List/main/blacklists_route/blacklist-vk-v6.routes
sudo sh blacklist-vk-v4.routes
sudo sh blacklist-vk-v6.routes
```
**For Custom Applications:**
```bash
@@ -242,20 +183,6 @@ See the README files in each folder for detailed usage instructions.
./network_list_from_netname.py --help
```
### `generate_nft_blacklist.py`
1. Generate nftables config from blacklist:
```bash
./generate_nft_blacklist.py blacklists/blacklist.txt blacklist.nft
```
### `check_nft_blacklist.py`
1. Check IP address against generated config:
```bash
./check_nft_blacklist.py blacklist.nft 77.37.166.239
```
## Screenshots
<img width="320" alt="image" src="https://github.com/C24Be/AS_Network_List/assets/153936414/71bd0ed4-0e9b-42f0-8e91-01964ea9b8e1">

212
auto/all-ru-asn.txt
View File

@@ -33,7 +33,7 @@ AS3277 RUSNET-AS (OOO "NPO FRACTEL")
AS3284 ServiceCloud-AS (ServiceCloud Ltd.)
AS3285 HOME-IP (Company Delfa Co. Ltd.)
AS3287 REDLINE-AS (Dmitry Vyacheslavovich Sharov)
AS3312 ELEKTRA-AS (Rosseti Digital JSC)
AS3312 ELEKTRA-AS (IT Energy Service LLC)
AS3315 UNSPECIFIED (Join-stock company "Internet Exchange"MSK-IX")
AS3316 RELARN (Join-stock company "Internet Exchange"MSK-IX")
AS3325 KFU (Kazan Federal University)
@@ -56,7 +56,7 @@ AS5523 CREDO-TELECOM (JSC "CREDO-TELECOM")
AS5537 RU-CENTER-AS (JSC "RU-CENTER")
AS5543 TEST-ASN1 (Joint Stock Company TransTeleCom)
AS5547 ORTEL-AS (JSC Orient-Telecom)
AS5548 RUT-MIIT-AS (Federalnoe gosudarstvennoe avtonomnoe obrazovatelnoe uchrezhdenie vysshego obrazovaniya "Rossiyskiy Universitet Transporta")
AS5548 RUT-MIIT-AS (Federal State Budget Educational Establishment of Higher Education "Russian University Of Transport (MIIT)")
AS5553 TAMBOVMAN-AS (Federal State Budgetary Educational Institution of Higher Education "Tambov State Technical University")
AS5563 URAL (JSC "ER-Telecom Holding")
AS5567 AS5567 (National Research Tomsk Polytechnic University)
@@ -212,7 +212,7 @@ AS9157 SAO-RAS (Federal State Budget Institution The Special Astrophysical Obser
AS9162 TSTU (The State Educational Institution of Higher Vocational Education "Tambov State Technical University")
AS9177 MZRTA-AS (RTA Telecom Ltd.)
AS9203 EVROKONTAKT-STRUSSA-AS (EUROCONTACT VELIKY NOVGOROD LLC)
AS9206 MAI (Federal State Autonomous Educational Institution of Higher Education "Moscow Aviation Institute (National Research University)")
AS9206 MAI (Federal State Budgetary Educational Institution of Higher Education Moscow Aviation Institute (National Research University))
AS12314 TESLATEL-DC-AS (TESLATEL LLC)
AS12332 PRIMORYE-AS (PJSC Rostelecom)
AS12335 TARIO (Tario Communications LLC)
@@ -420,7 +420,7 @@ AS21332 NTC-AS (PJSC "Vimpelcom")
AS21335 DigitOneSPB-AS (JSC "ER-Telecom Holding")
AS21353 ARTCOMS-AS (JSC "ER-Telecom Holding")
AS21365 INTELECA-AS (MTS PJSC)
AS21367 WILAND-AS (TrunkMobile JSC)
AS21367 WILAND-AS (Wiland Ltd)
AS21372 telehouse-as (LLC My Telecom)
AS21375 BNPP-AS (JSC "Concern Rosenergoatom")
AS21378 CTCTVER (PJSC Rostelecom)
@@ -463,6 +463,7 @@ AS24789 NOVGORODTELECOM-AS (PJSC Rostelecom)
AS24810 TELESET-KAZAN (PJSC Rostelecom)
AS24811 KES-AS (Joint Stock Company Kuzbassenergosviaz)
AS24823 VTB-BANK-AS (VTB Bank (Public Joint-Stock Company))
AS24832 TCU-COM-AS (LLC "Nauka-Svyaz")
AS24837 MEGALINK-AS (MegaLink LLC)
AS24866 Cloud-Megafon (PJSC MegaFon)
AS24873 ELLINK-AS (PJSC Rostelecom)
@@ -522,7 +523,7 @@ AS25591 BCLAN-AS (BCLan LLC)
AS25592 NETIS-AS (NETIS Telecom LLC)
AS25880 Yurgatelekom-AS (Public joint-stock company "RUTELEKOM")
AS28703 URAL-INTERCARD-AS (PJSC "Vimpelcom")
AS28709 VKONTAKTE-REGIONAL-CDN (LLC VK)
AS28709 VKONTAKTE-REGIONAL-CDN (VKontakte Ltd)
AS28712 ROSBANK ("TBANK" JSC)
AS28719 HMFES (PJSC Rostelecom)
AS28734 ATON-AS (Aton LLC)
@@ -730,7 +731,7 @@ AS33888 NCPLG-AS (Federal State Unitary Enterprise "State Scientific-research In
AS33892 SELS-AS (LLC "Severskelectrosvyaz")
AS33894 RIKT-AS (MTS PJSC)
AS33899 RU-HOTLINE-TELECOM-AS (JSC "ER-Telecom Holding")
AS33902 STARNET-AS (ePharmacy LLC)
AS33902 STARNET-AS (Invest Mobile LLC)
AS33903 CROC-AS (Closed Joint Stock Company CROC incorporated)
AS33904 TELCOMNET-AS (Limited Liability Company "Telcomnet")
AS33908 Kirovtelecom (AO Kirovtelecom)
@@ -745,7 +746,7 @@ AS34017 ASCNET-AS (FEDERAL STATE BUDGETARY INSTITUTION OF SCIENCES KHABAROVSK FE
AS34033 S2116-AS (OOO SALON 2116 Electronic Post Office)
AS34038 COMTEL-TMN-AS (PJSC "Vimpelcom")
AS34042 MTTELECOM-AS (MT-Telecom LLC)
AS34047 DGROUP-AS (LLC Internet-Service)
AS34047 DGROUP-AS (Bystrov Dmitriy Sergeevich)
AS34052 LOGIKA (OOO NPP Logika)
AS34085 NICO-BANK-AS (PJSC NICO-BANK)
AS34098 ZENIT-BANK-AS (PJSC Bank ZENIT)
@@ -965,7 +966,7 @@ AS35816 SEVSTAR (Lancom Ltd.)
AS35824 COMMASTER-AS (Commaster Ltd.)
AS35835 KUZDRAV-AS (Public Budget-Funded Health Care Institution "Kemerovo Regional Health Care Research and Information Center")
AS38917 komtel-as (INTERCOMTEL Limited Company)
AS38922 WILAND-AS (TrunkMobile JSC)
AS38922 WILAND-AS (Wiland Ltd)
AS38928 GLONASS (JSC GLONASS)
AS38934 PRIDENET-AS (Pride LLC)
AS38951 TKT-AS (PJSC Rostelecom)
@@ -992,7 +993,7 @@ AS39054 STBUR-AS (PJSC Rostelecom)
AS39058 STEP-AS (Step Logic LTD)
AS39061 LAYKA-LTD-AS (Layka Ltd.)
AS39068 MainTelecom (Main Telecom LLC)
AS39073 FGKUES-AS (PJSC Rosseti)
AS39073 FGKUES-AS (Branch of JSC FGC UES)
AS39087 PAKT-AS (P.A.K.T LLC)
AS39089 UGLETELECOM-AS (STATE UNITARY ENTERPRISE OF THE DONETSK PEOPLE'S REPUBLIC "UGLETELECOM")
AS39092 VENA-AS ("Baltica Breweries" LLC)
@@ -1027,7 +1028,7 @@ AS39289 MEGAMAX-AS (OOO "MediaSeti")
AS39293 RTCENTER-AS (RT Center LLC)
AS39294 LADA-MEDIA-AS (LADA-MEDIA Ltd.)
AS39303 C-RETAIL-AS (C-RETAIL LLC)
AS39304 DV-IX-AS (JOINT-STOCK COMPANY "MOSCOW ENERGY COMMUNICATION NODE")
AS39304 DV-IX-AS (Chitatehenergy JSC)
AS39317 AUTOLOCATOR (MegaPage Ltd.)
AS39321 Gazenergobank (Gazenergobank JSC)
AS39323 RCUP-AS (GBU SO "TSIFROVOY REGION")
@@ -1142,7 +1143,7 @@ AS41187 NSPK-SBP-AS (National system of payment cards Joint-stock Society)
AS41190 IDEATELECOM (PJSC Rostelecom)
AS41209 COMSTAR-VOLGA (MTS PJSC)
AS41212 Carcade (OOO Carcade)
AS41217 PNTZ-AS (PJSC "PIPE METALLURGICAL COMPANY")
AS41217 PNTZ-AS (JSC PNTZ)
AS41220 BKKVARTAL-AS (Building Service LLC)
AS41223 CPM-LTD-AS (CPM Ltd.)
AS41226 SUPERBANK-RU-AS (VTB Bank (Public Joint-Stock Company))
@@ -1249,7 +1250,7 @@ AS41864 Zelobit (ZELOBIT LLC)
AS41892 RSL-AS (Federal State Budget Institution "Russian State Library")
AS41895 INFORM-SVYAZ ("INFORM-Svyaz" LTD)
AS41904 LLC12BIT-AS (LLC 12BIT)
AS41914 MKS (Mediacom Svyaz LLC)
AS41914 YALTAONLINE (Inna Grigorevna Khoruzhaya)
AS41925 IZET-Chelyabinsk (Limited Liability Company Izet Telecom Ural)
AS41928 ITIS-AS (Olympia Ltd)
AS41929 SISTEMY-SVYAZI-AS (MTS PJSC)
@@ -1472,7 +1473,7 @@ AS43247 YooMoney-AS ("YooMoney" NBCO LLC)
AS43264 RTODON-AS (RTO-DON LLC)
AS43265 RNTelecom (RN Telecom Ltd.)
AS43267 SEVEREN-MSK-NET (JSC "Severen-Telecom")
AS43270 IT-TELECOM-AS (Ryabikov Ivan)
AS43270 SAFECITY-AS (Ryabikov Ivan)
AS43273 OPTIKLINE-AS (Optik Line LLC)
AS43274 TELEOS-1-AS (Teleradiocompany Teleos-1 Ltd)
AS43275 UNET-AS (PJSC "Vimpelcom")
@@ -1511,6 +1512,7 @@ AS43521 RECOM-OREL-AS (Recom LLC)
AS43526 NOVIKOM-AS (Joint-Stock Commercial Bank "NOVIKOMBANK")
AS43527 FINAMTECH-AS (Joint Stock Company Investment Company FINAM)
AS43530 IRTELCOM-AS (Limited Liability Company Irtelcom)
AS43544 Radist-AS (Radist LTD)
AS43550 DSC-AS (JSC Avantel)
AS43552 SIBNET-AS (Enterprise Medtech Ltd)
AS43559 SOESTA-AS ("Soesta" ZAO)
@@ -1599,7 +1601,7 @@ AS44014 VMI-AS (OOO NPO VMI)
AS44020 CLN-AS (Modern Solutions LTD)
AS44030 OTRADNOE-AS (Lentel Business Ltd.)
AS44035 RU-AXIOMA-AS (Nemerov Evgeniy Vladimirovish PE)
AS44039 CHTPZ-AS (PJSC "PIPE METALLURGICAL COMPANY")
AS44039 CHTPZ-AS (JSC "Chelyabinsk pipe-rolling factory")
AS44041 UNICOMLAB-AS (Korporatsia Svyazy Ltd.)
AS44046 TVERLINE-AS (TverLine Ltd.)
AS44048 MOSOBLGAZ-AS (Mosoblgaz JSC)
@@ -1690,7 +1692,7 @@ AS44552 SCTS-NET ("Altura" ltd.)
AS44554 IMPERCOM-AS (Impercom LLC)
AS44555 KONEKT-AS (KONEKT Ltd.)
AS44556 IQ-NET (DDOS-GUARD LTD)
AS44560 MIA-AS (FKU "GTsSIZI Ministry of Internal Affairs of Russia")
AS44560 MIA-AS (Ministry of Interior Affairs of Russian Federation)
AS44572 PARMATEL-AS (LTD ParmaTel)
AS44579 TNGS-FARNORTHNET (MTS PJSC)
AS44584 PTLINE-AS (Progress Tehnologiya LLC)
@@ -1709,6 +1711,7 @@ AS44640 CACTUS-AS (Cactus Ltd.)
AS44648 AVETEL-AS (AveTel LLC)
AS44657 SPK-AS (JSC Steel Industrial Company)
AS44660 UMKAST (Umkast Media LLC)
AS44661 PETROVICH-AS (STD Petrovich LLC)
AS44662 ARKHTELECENTR-AS (GBU Arkhangelskoi oblasti "Arkhtelecentr")
AS44665 SOVCOMFLOT-AS (PAO Sovcomflot)
AS44670 TVIGO (Tvigle Media LLC)
@@ -1743,7 +1746,7 @@ AS44804 EXGSPB-AS (Soft LLC)
AS44811 AVANTEL-NIZHNEVARTOVSK-ASN (JSC Avantel)
AS44812 IPSERVER-RU-NET (IP SERVER LLC)
AS44816 DELFINTELECOM-AS (Delfin Telecom OOO)
AS44834 POZITIVTELECOM-AS (LLC "POZITIV TELEKOM")
AS44834 POZITIVTELECOM-AS (Pozitiv Telecom Ltd.)
AS44835 PROSTOY-RU-AS (1T Ltd)
AS44840 KRONSHTADT-AS (Kronshtadt JSC)
AS44843 MALOCO-AS (MSS LLC.)
@@ -1876,8 +1879,8 @@ AS47528 RU-PITER-IX-VKZ (Piter-IX Co. Ltd.)
AS47530 NVTC-AS (Novokuznetsk Telecom Ltd)
AS47531 GorPTUs-AS (GorPTUs OOO)
AS47533 CTIS-AS (MBU CTIS EMR)
AS47541 VKONTAKTE-SPB-AS (LLC VK)
AS47542 VKONTAKTE-MSK-CDN-AS (LLC VK)
AS47541 VKONTAKTE-SPB-AS (VKontakte Ltd)
AS47542 VKONTAKTE-MSK-CDN-AS (VKontakte Ltd)
AS47550 NetLife-AS (Bratinov Oleg Vyacheslavovich)
AS47551 AS-MAYAK-NETWORK ("MAYAK NETWORK" LLC)
AS47560 KIT-MAGADAN (KIT-Magadan LLC)
@@ -2133,6 +2136,7 @@ AS48757 TRUSTINFO (TrustInfo LLC)
AS48758 FIBRENET-AS (Fibrenet Ltd)
AS48763 smartcenter-as (LLC "SMART CENTER")
AS48770 ASSIST (Assist Ltd.)
AS48780 OLTELECOM-AS (OLTELECOM JSC)
AS48781 AVK-COM-AS (AVK-computer ltd)
AS48788 SITRONICS (MTS PJSC)
AS48796 COMSTAR-R-SML-AS (MTS PJSC)
@@ -2162,7 +2166,7 @@ AS48936 ECO-RESERV2-AS (Altagen JSC)
AS48938 GUARD-INFORM-AS (Guard-Inform Ltd.)
AS48939 BITRIVER-K-AS (Bitriver-K LLC)
AS48940 LINK-AS (Link Ltd.)
AS48946 KOMF (Voxys LLC)
AS48946 KOMF (JSC Comfortel)
AS48949 MEDIA-TV-AS (Media-TV Ltd.)
AS48959 GARMONIYA-AS (MB Grupp LLC)
AS48969 PARUS-TELECOM-AS (Parus-Telecom Ltd.)
@@ -2217,7 +2221,7 @@ AS49241 SCB-NET5 (PJSC Sovkombank)
AS49246 GUM-AS (JSC TRADING HOUSE GUM)
AS49253 BRINGO-AS (Bringo Ltd)
AS49255 TELEGLOBAL-AS (TeleGlobal Ltd.)
AS49261 SVS-TELECOM-AS (Lekstar Communication LLC)
AS49261 SVS-TELECOM-AS (Lekstar Communication Ltd.)
AS49267 SIBCOM-AS (Sibcom Ltd)
AS49279 BEFL-AS (BEFL Ltd.)
AS49280 Saifullin-AS (Ruslan Saifullin)
@@ -2289,7 +2293,7 @@ AS49554 SIORAS-AS (P.P.Shirshov Institute of Oceanology RAS)
AS49557 STROYNET-AS (BuildNet Ltd)
AS49558 LIVECOMM-AS (IT-Yaroslavl Ltd.)
AS49568 INFORMSYAZ-AS (LLC "Convex-Kamensk")
AS49569 ZAYMER-AS (Microcredit Company Zaymer PJSC)
AS49569 ZAYMER-AS (Zaymer PJSC)
AS49577 DISNET (PE Romankov Dmitry Vladimirovich)
AS49578 FREGAT-AS (Fregat Ltd.)
AS49583 Kom_lan_ltd-AS (Kom lan Ltd)
@@ -2499,6 +2503,7 @@ AS50587 ATB-AS (LLC "M ADVICE")
AS50596 ITNET33 (Informatsionnye Tekhnologii LLC)
AS50600 INET-AS (I-NET Ltd.)
AS50608 HITECH (STIS Engineering LLC)
AS50612 SKY-AS (Auction LLC)
AS50615 AIKOM-RU-AS (LLC AIKOM)
AS50619 RAZU (RAZU.MEDIA LLC)
AS50636 RTP-Media (RTP LLC)
@@ -2603,7 +2608,7 @@ AS51054 TRANSCOM (OOO "TransKom")
AS51067 KRAZ-AS (Sibinfosoft LLC)
AS51070 TOKS-AS (TOKS Ltd)
AS51071 SIBTELEKOM-AS (SibTeleCom Ltd.)
AS51076 OBLAKA-AS (LNTech LLC)
AS51076 OBLAKA-AS (Chelombitko Elena Evgenevna)
AS51077 PTS-NET (Modern Technologies Ltd.)
AS51081 TETRON-AS (LLC "TETRON")
AS51084 IDEA-LTD-AS (Idea Ltd.)
@@ -2619,6 +2624,7 @@ AS51125 POLYANA (Limited Liability Company "Gazprom Polyana")
AS51133 MEDIAGRAND-AS (Mediagrand Ltd.)
AS51136 HCFBank (PJSC Sovkombank)
AS51138 ESTEITINVEST (JSC ESTEIT INVEST)
AS51145 LOGOSK-AS (LOGOS-K LLC)
AS51147 ASDELTATELECOM (Ltd. Delta-Telecom)
AS51153 INFKOM-AS ("Informational communications" LLC)
AS51156 ONGNET-AS (OngNet Plus LLC)
@@ -2838,6 +2844,7 @@ AS52197 SITC-OREL-MNT-AS (Oblastnoe gosudarstvennoe uchrejdenie Centr Gosudarstv
AS52201 TCTEL (OOO Suntel)
AS52205 SILON-SU-AS (Safronov Anton Sergeevich)
AS52207 TULA-AS (JSC "ER-Telecom Holding")
AS52208 ETC-Com-net (Engineering-technical center-communication LLC)
AS52217 ISKRA-AS (OOO ISKRA)
AS52218 CHYUS-NET-AS (Cherkasov Yuriy Sergiyovuch)
AS52222 ASMAGNITTV (Ltd Magnit-Tv)
@@ -2902,6 +2909,7 @@ AS56581 CIT-AS (GBU "Centre of Information Technologies of Amur Region")
AS56592 TELEWEST-INET-AS (Telewest Inet Ltd.)
AS56603 NET-AS (Aleksey Ershov)
AS56613 PSKAS (GBU PO "CIS PO")
AS56618 ASARCTICNET (Arctic net Ltd.)
AS56619 KSB (Safety Integrated Systems Ltd)
AS56621 IntexLtd-AS (Innovation Technologies Ltd)
AS56627 ITH-AS (ITH Ltd.)
@@ -2927,7 +2935,7 @@ AS56692 THEBANKOFKAZAN (KBER Bank Kazani limited liability company)
AS56694 SmartApe (LLC Smart Ape)
AS56699 NCEC (GUP NAO Neneckaya kompaniya electrosvyazi)
AS56701 AVANTA-AS (LLC "AVANTA TELECOM")
AS56702 Chitatechenergo-AS (JOINT-STOCK COMPANY "MOSCOW ENERGY COMMUNICATION NODE")
AS56702 Chitatechenergo-AS (Chitatehenergy JSC)
AS56705 OSMTELECOM-AS (OSM-Telecom LLC)
AS56707 NETCOM (OOO NETCOM)
AS56720 FORTUNA-AS (FORTUNA Ltd)
@@ -2937,48 +2945,48 @@ AS56725 GOZNAK-AS (JSC Goznak)
AS56741 GLORIA-JEANS-AS (JSC "Gloria-Jeans")
AS56760 GAU-RK-CIT-AS (Autonomous state organization or The Komi Republic Centre of informational technologies)
AS56761 MULTINEX-MIASS-AS (MTS PJSC)
AS56763 INFOTELL-AS (Infotell UK OOO)
AS56766 BAHILOV (Bahilov Ilya Vitalievich PE)
AS56768 MF-AS (PJSC MegaFon)
AS56776 DIALOGSIBERIA-AS (DialogSiberia-Barnaul Ltd)
AS56777 NIITP (Joint Stock Company "Science research institute for precise instruments")
AS56779 ASDRUZHBA (OOO UJK " Druzhba")
AS56785 GUP-GK-Berlin-AS (JSC GK Berlin)
AS56791 CT-AS (CityTelekom Ltd.)
AS56793 EFBANK-AS (JSC Commercial Bank Evrofinance Mosnarbank)
AS56794 NAUKANET-AS (LLC "Nauka-Svyaz")
AS56806 ascom4s (JSC Computing Forces)
AS56807 ASKLON (OOO UKS)
AS56810 TOLMACHEVO-AS (Airport Tolmachevo JSC)
AS56814 T2TELECOM-AS (M2 CONNECT LLC)
AS56820 EVRAZHOLDING (OOO EVRAZ)
AS56829 VNIITR-as (Institute of Television and Radio Broadcasting, Limited Liability Company)
AS56830 ASCHITATTK (Joint Stock Company TransTeleCom)
AS56836 ZSSK-AS (Zapadno-Sibirskaya Servisnaya Kompaniya LTD.)
AS56842 PLATFORMA-AS (Big Data Platform LLC)
AS56845 ASVLAZER (V-Lazer Ltd.)
AS56846 NSC-AS (JSC National satellite company)
AS56852 Aquaphor-AS (AQUAPHOR LLC)
AS56853 LMN-AS (Municipal educational institution The Centre of Information Technologies)
AS56854 Yemelyanovo-Airport (LLC "Yemelyanovo Airport")
AS56857 DKTEL-OPRF (DK Svyaz OOO)
AS56864 WELLSERVER-AS (Xeon LLC)
AS56866 VSC-AS (VSK LLC)
AS56874 ELECTROSVYAZ-AS (Electrosvyazstroy OOO)
AS56875 SPRINT-TEL-AS (Sprint Ltd)
AS56877 SPHAERA-AS (Sfera, JSC)
AS56879 PETROPAVLOVSK-AS (JSC POKROVSKIY RUDNIK)
AS56880 ASTECOM (Tecom Ltd.)
AS56881 ASRND (Joint Stock Company "Scientific and Technical Center "Atlas")
AS56886 RedStar-as (OOO "Red Star")
AS56888 KRNET-AS (Krasnogorsky networks Ltd.)
AS56889 RADIOTEKHNIKA-AS (TTC Radiotechnika LTD)
AS56893 TELECOM_108 (108 TELECOM LLC)
AS56895 SVIAZTELECOM-AS (Svyaztelecom ltd.)
AS56903 INTECH-GLOBAL ("INTECH GLOBAL", LLC)
AS56915 MALINA-AS (Malina LLC)
AS56917 DALTECH-AS (DalTech Ltd)
AS56923 VIRTUALFORT-AS (Virtualfort OOO)
AS56763 -no-description- (No org name found)
AS56766 -no-description- (No org name found)
AS56768 -no-description- (No org name found)
AS56776 -no-description- (No org name found)
AS56777 -no-description- (No org name found)
AS56779 -no-description- (No org name found)
AS56785 -no-description- (No org name found)
AS56791 -no-description- (No org name found)
AS56793 -no-description- (No org name found)
AS56794 -no-description- (No org name found)
AS56806 -no-description- (No org name found)
AS56807 -no-description- (No org name found)
AS56810 -no-description- (No org name found)
AS56814 -no-description- (No org name found)
AS56820 -no-description- (No org name found)
AS56829 -no-description- (No org name found)
AS56830 -no-description- (No org name found)
AS56836 -no-description- (No org name found)
AS56842 -no-description- (No org name found)
AS56845 -no-description- (No org name found)
AS56846 -no-description- (No org name found)
AS56852 -no-description- (No org name found)
AS56853 -no-description- (No org name found)
AS56854 -no-description- (No org name found)
AS56857 -no-description- (No org name found)
AS56864 -no-description- (No org name found)
AS56866 -no-description- (No org name found)
AS56874 -no-description- (No org name found)
AS56875 -no-description- (No org name found)
AS56877 -no-description- (No org name found)
AS56879 -no-description- (No org name found)
AS56880 -no-description- (No org name found)
AS56881 -no-description- (No org name found)
AS56886 -no-description- (No org name found)
AS56888 -no-description- (No org name found)
AS56889 -no-description- (No org name found)
AS56893 -no-description- (No org name found)
AS56895 -no-description- (No org name found)
AS56903 -no-description- (No org name found)
AS56915 -no-description- (No org name found)
AS56917 -no-description- (No org name found)
AS56923 -no-description- (No org name found)
AS56928 -no-description- (No org name found)
AS56930 -no-description- (No org name found)
AS56931 -no-description- (No org name found)
@@ -3765,6 +3773,7 @@ AS64461 -no-description- (No org name found)
AS64469 -no-description- (No org name found)
AS64486 -no-description- (No org name found)
AS64492 -no-description- (No org name found)
AS64494 -no-description- (No org name found)
AS196638 -no-description- (No org name found)
AS196641 -no-description- (No org name found)
AS196648 -no-description- (No org name found)
@@ -3821,6 +3830,7 @@ AS197068 -no-description- (No org name found)
AS197070 -no-description- (No org name found)
AS197074 -no-description- (No org name found)
AS197078 -no-description- (No org name found)
AS197080 -no-description- (No org name found)
AS197097 -no-description- (No org name found)
AS197120 -no-description- (No org name found)
AS197129 -no-description- (No org name found)
@@ -3916,6 +3926,7 @@ AS197868 -no-description- (No org name found)
AS197873 -no-description- (No org name found)
AS197878 -no-description- (No org name found)
AS197880 -no-description- (No org name found)
AS197888 -no-description- (No org name found)
AS197896 -no-description- (No org name found)
AS197905 -no-description- (No org name found)
AS197911 -no-description- (No org name found)
@@ -3942,6 +3953,7 @@ AS198070 -no-description- (No org name found)
AS198074 -no-description- (No org name found)
AS198076 -no-description- (No org name found)
AS198083 -no-description- (No org name found)
AS198086 -no-description- (No org name found)
AS198110 -no-description- (No org name found)
AS198117 -no-description- (No org name found)
AS198122 -no-description- (No org name found)
@@ -4186,6 +4198,7 @@ AS200054 -no-description- (No org name found)
AS200066 -no-description- (No org name found)
AS200095 -no-description- (No org name found)
AS200110 -no-description- (No org name found)
AS200120 -no-description- (No org name found)
AS200121 -no-description- (No org name found)
AS200123 -no-description- (No org name found)
AS200152 -no-description- (No org name found)
@@ -4225,11 +4238,9 @@ AS200524 -no-description- (No org name found)
AS200551 -no-description- (No org name found)
AS200563 -no-description- (No org name found)
AS200575 -no-description- (No org name found)
AS200579 -no-description- (No org name found)
AS200593 -no-description- (No org name found)
AS200613 -no-description- (No org name found)
AS200619 -no-description- (No org name found)
AS200620 -no-description- (No org name found)
AS200622 -no-description- (No org name found)
AS200624 -no-description- (No org name found)
AS200627 -no-description- (No org name found)
@@ -4243,11 +4254,9 @@ AS200685 -no-description- (No org name found)
AS200686 -no-description- (No org name found)
AS200687 -no-description- (No org name found)
AS200694 -no-description- (No org name found)
AS200697 -no-description- (No org name found)
AS200702 -no-description- (No org name found)
AS200722 -no-description- (No org name found)
AS200725 -no-description- (No org name found)
AS200733 -no-description- (No org name found)
AS200734 -no-description- (No org name found)
AS200743 -no-description- (No org name found)
AS200762 -no-description- (No org name found)
@@ -4257,17 +4266,12 @@ AS200803 -no-description- (No org name found)
AS200812 -no-description- (No org name found)
AS200838 -no-description- (No org name found)
AS200847 -no-description- (No org name found)
AS200897 -no-description- (No org name found)
AS200902 -no-description- (No org name found)
AS200907 -no-description- (No org name found)
AS200922 -no-description- (No org name found)
AS200926 -no-description- (No org name found)
AS200928 -no-description- (No org name found)
AS200935 -no-description- (No org name found)
AS200938 -no-description- (No org name found)
AS200945 -no-description- (No org name found)
AS200953 -no-description- (No org name found)
AS200954 -no-description- (No org name found)
AS200955 -no-description- (No org name found)
AS200976 -no-description- (No org name found)
AS200982 -no-description- (No org name found)
@@ -4285,7 +4289,6 @@ AS201065 -no-description- (No org name found)
AS201069 -no-description- (No org name found)
AS201083 -no-description- (No org name found)
AS201092 -no-description- (No org name found)
AS201097 -no-description- (No org name found)
AS201100 -no-description- (No org name found)
AS201119 -no-description- (No org name found)
AS201123 -no-description- (No org name found)
@@ -4310,7 +4313,6 @@ AS201267 -no-description- (No org name found)
AS201268 -no-description- (No org name found)
AS201270 -no-description- (No org name found)
AS201275 -no-description- (No org name found)
AS201279 -no-description- (No org name found)
AS201282 -no-description- (No org name found)
AS201285 -no-description- (No org name found)
AS201294 -no-description- (No org name found)
@@ -4351,12 +4353,10 @@ AS201582 -no-description- (No org name found)
AS201588 -no-description- (No org name found)
AS201593 -no-description- (No org name found)
AS201606 -no-description- (No org name found)
AS201610 -no-description- (No org name found)
AS201624 -no-description- (No org name found)
AS201631 -no-description- (No org name found)
AS201643 -no-description- (No org name found)
AS201646 -no-description- (No org name found)
AS201662 -no-description- (No org name found)
AS201669 -no-description- (No org name found)
AS201677 -no-description- (No org name found)
AS201706 -no-description- (No org name found)
@@ -4371,7 +4371,6 @@ AS201778 -no-description- (No org name found)
AS201781 -no-description- (No org name found)
AS201786 -no-description- (No org name found)
AS201788 -no-description- (No org name found)
AS201792 -no-description- (No org name found)
AS201794 -no-description- (No org name found)
AS201797 -no-description- (No org name found)
AS201800 -no-description- (No org name found)
@@ -4386,7 +4385,6 @@ AS201844 -no-description- (No org name found)
AS201848 -no-description- (No org name found)
AS201851 -no-description- (No org name found)
AS201858 -no-description- (No org name found)
AS201874 -no-description- (No org name found)
AS201913 -no-description- (No org name found)
AS201914 -no-description- (No org name found)
AS201916 -no-description- (No org name found)
@@ -4397,7 +4395,6 @@ AS201956 -no-description- (No org name found)
AS201970 -no-description- (No org name found)
AS201972 -no-description- (No org name found)
AS201974 -no-description- (No org name found)
AS202000 -no-description- (No org name found)
AS202009 -no-description- (No org name found)
AS202011 -no-description- (No org name found)
AS202058 -no-description- (No org name found)
@@ -4415,17 +4412,13 @@ AS202164 -no-description- (No org name found)
AS202173 -no-description- (No org name found)
AS202181 -no-description- (No org name found)
AS202202 -no-description- (No org name found)
AS202216 -no-description- (No org name found)
AS202234 -no-description- (No org name found)
AS202248 -no-description- (No org name found)
AS202250 -no-description- (No org name found)
AS202271 -no-description- (No org name found)
AS202273 -no-description- (No org name found)
AS202279 -no-description- (No org name found)
AS202289 -no-description- (No org name found)
AS202290 -no-description- (No org name found)
AS202317 -no-description- (No org name found)
AS202326 -no-description- (No org name found)
AS202342 -no-description- (No org name found)
AS202344 -no-description- (No org name found)
AS202378 -no-description- (No org name found)
@@ -4447,7 +4440,6 @@ AS202542 -no-description- (No org name found)
AS202570 -no-description- (No org name found)
AS202578 -no-description- (No org name found)
AS202594 -no-description- (No org name found)
AS202599 -no-description- (No org name found)
AS202611 -no-description- (No org name found)
AS202619 -no-description- (No org name found)
AS202629 -no-description- (No org name found)
@@ -4503,6 +4495,7 @@ AS203139 -no-description- (No org name found)
AS203163 -no-description- (No org name found)
AS203169 -no-description- (No org name found)
AS203173 -no-description- (No org name found)
AS203190 -no-description- (No org name found)
AS203203 -no-description- (No org name found)
AS203252 -no-description- (No org name found)
AS203270 -no-description- (No org name found)
@@ -4753,6 +4746,7 @@ AS205858 -no-description- (No org name found)
AS205864 -no-description- (No org name found)
AS205865 -no-description- (No org name found)
AS205866 -no-description- (No org name found)
AS205901 -no-description- (No org name found)
AS205907 -no-description- (No org name found)
AS205922 -no-description- (No org name found)
AS205952 -no-description- (No org name found)
@@ -4766,8 +4760,6 @@ AS206012 -no-description- (No org name found)
AS206027 -no-description- (No org name found)
AS206039 -no-description- (No org name found)
AS206054 -no-description- (No org name found)
AS206057 -no-description- (No org name found)
AS206061 -no-description- (No org name found)
AS206066 -no-description- (No org name found)
AS206083 -no-description- (No org name found)
AS206152 -no-description- (No org name found)
@@ -4802,7 +4794,6 @@ AS206435 -no-description- (No org name found)
AS206448 -no-description- (No org name found)
AS206465 -no-description- (No org name found)
AS206501 -no-description- (No org name found)
AS206503 -no-description- (No org name found)
AS206515 -no-description- (No org name found)
AS206536 -no-description- (No org name found)
AS206538 -no-description- (No org name found)
@@ -4825,7 +4816,6 @@ AS206756 -no-description- (No org name found)
AS206760 -no-description- (No org name found)
AS206764 -no-description- (No org name found)
AS206767 -no-description- (No org name found)
AS206787 -no-description- (No org name found)
AS206803 -no-description- (No org name found)
AS206805 -no-description- (No org name found)
AS206810 -no-description- (No org name found)
@@ -4943,6 +4933,7 @@ AS207978 -no-description- (No org name found)
AS207979 -no-description- (No org name found)
AS207984 -no-description- (No org name found)
AS207986 -no-description- (No org name found)
AS207997 -no-description- (No org name found)
AS208003 -no-description- (No org name found)
AS208008 -no-description- (No org name found)
AS208044 -no-description- (No org name found)
@@ -5055,7 +5046,6 @@ AS209024 -no-description- (No org name found)
AS209030 -no-description- (No org name found)
AS209037 -no-description- (No org name found)
AS209038 -no-description- (No org name found)
AS209057 -no-description- (No org name found)
AS209059 -no-description- (No org name found)
AS209067 -no-description- (No org name found)
AS209084 -no-description- (No org name found)
@@ -5069,7 +5059,6 @@ AS209165 -no-description- (No org name found)
AS209186 -no-description- (No org name found)
AS209188 -no-description- (No org name found)
AS209206 -no-description- (No org name found)
AS209207 -no-description- (No org name found)
AS209217 -no-description- (No org name found)
AS209219 -no-description- (No org name found)
AS209228 -no-description- (No org name found)
@@ -5079,6 +5068,7 @@ AS209269 -no-description- (No org name found)
AS209284 -no-description- (No org name found)
AS209289 -no-description- (No org name found)
AS209290 -no-description- (No org name found)
AS209298 -no-description- (No org name found)
AS209303 -no-description- (No org name found)
AS209307 -no-description- (No org name found)
AS209313 -no-description- (No org name found)
@@ -5272,11 +5262,13 @@ AS211400 -no-description- (No org name found)
AS211404 -no-description- (No org name found)
AS211406 -no-description- (No org name found)
AS211446 -no-description- (No org name found)
AS211473 -no-description- (No org name found)
AS211486 -no-description- (No org name found)
AS211497 -no-description- (No org name found)
AS211503 -no-description- (No org name found)
AS211506 -no-description- (No org name found)
AS211508 -no-description- (No org name found)
AS211515 -no-description- (No org name found)
AS211517 -no-description- (No org name found)
AS211520 -no-description- (No org name found)
AS211529 -no-description- (No org name found)
@@ -5438,21 +5430,21 @@ AS213075 -no-description- (No org name found)
AS213077 -no-description- (No org name found)
AS213105 -no-description- (No org name found)
AS213117 -no-description- (No org name found)
AS213133 -no-description- (No org name found)
AS213175 -no-description- (No org name found)
AS213182 -no-description- (No org name found)
AS213191 -no-description- (No org name found)
AS213194 -no-description- (No org name found)
AS213203 -no-description- (No org name found)
AS213220 -no-description- (No org name found)
AS213235 -no-description- (No org name found)
AS213258 -no-description- (No org name found)
AS213278 -no-description- (No org name found)
AS213294 -no-description- (No org name found)
AS213304 -no-description- (No org name found)
AS213316 -no-description- (No org name found)
AS213329 -no-description- (No org name found)
AS213334 -no-description- (No org name found)
AS213133 -no-description-
AS213175 -no-description-
AS213182 -no-description-
AS213191 -no-description-
AS213194 -no-description-
AS213203 -no-description-
AS213220 -no-description-
AS213235 -no-description-
AS213258 -no-description-
AS213278 -no-description-
AS213294 -no-description-
AS213304 -no-description-
AS213316 -no-description-
AS213329 -no-description-
AS213334 -no-description-
AS213348 -no-description-
AS213369 -no-description-
AS213381 -no-description-
@@ -5470,6 +5462,7 @@ AS213498 -no-description-
AS213499 -no-description-
AS213501 -no-description-
AS213503 -no-description-
AS213505 -no-description-
AS213506 -no-description-
AS213508 -no-description-
AS213523 -no-description-
@@ -5508,13 +5501,13 @@ AS213875 -no-description-
AS213883 -no-description-
AS213890 -no-description-
AS213917 -no-description-
AS213922 -no-description-
AS213926 -no-description-
AS213933 -no-description-
AS213937 -no-description-
AS213952 -no-description-
AS213961 -no-description-
AS213995 -no-description-
AS214009 -no-description-
AS214031 -no-description-
AS214048 -no-description-
AS214051 -no-description-
@@ -5580,6 +5573,7 @@ AS214767 -no-description-
AS214780 -no-description-
AS214787 -no-description-
AS214793 -no-description-
AS214804 -no-description-
AS214816 -no-description-
AS214817 -no-description-
AS214822 -no-description-
@@ -5608,7 +5602,6 @@ AS215077 -no-description-
AS215092 -no-description-
AS215096 -no-description-
AS215098 -no-description-
AS215103 -no-description-
AS215106 -no-description-
AS215109 -no-description-
AS215115 -no-description-
@@ -5663,7 +5656,6 @@ AS215678 -no-description-
AS215688 -no-description-
AS215705 -no-description-
AS215721 -no-description-
AS215751 -no-description-
AS215796 -no-description-
AS215805 -no-description-
AS215809 -no-description-

4802
auto/all-ru-ipv4.txt
View File

File diff suppressed because it is too large Load Diff

31
auto/all-ru-ipv6.txt
View File

@@ -53,7 +53,6 @@
2001:678:85c::/48 GIVC (Main Center of Information and Computing Ministry of culture of Russian Federation)
2001:678:8f0::/48 RU-PDV (Podolskii Dmitrii Vladimirovich)
2001:678:8fc::/48 RU-ROSNIIROS-20190111 (JSC Goznak)
2001:678:978::/48 PrivateNet (Yanislav Basiuk)
2001:678:99c::/48 CZ-VISSADO-20190515 (Mediasvyaz Ltd.)
2001:678:9c4::/48 BCC (JSC Business-center Capital)
2001:678:9d0::/48 RU-RETNNET-20190621 (LLC Zenit-Arena)
@@ -62,7 +61,6 @@
2001:678:a60::/48 RU-ONGNETPLUS-20190411 (OngNet Plus LLC)
2001:678:a70::/48 CZ-VISSADO-20190425 (VostokMediaSvyaz Ltd.)
2001:678:ab0::/48 PlanetaTelekom (Kurochkin Evgeniy Anatolievich)
2001:678:ac0::/48 CH-SECUREBIT-20260106 (Artur Zagidullin)
2001:678:b3c::/48 RU-DSP-20191017 (INVITRO-Information technology LLC)
2001:678:b40::/48 ORG-ITOA1-RIPE (Tsyapa Oleg Anatolyevich)
2001:678:b48::/48 LEMANAPRO-NET (Le Monlid LLC)
@@ -86,6 +84,7 @@
2001:678:e2c::/48 DWDM-RU-V6-NET (DWDM.RU llc)
2001:678:e30::/48 virtaldc-ipv6-backbone (Dmitrii Vladimirovich Malkov)
2001:678:e84::/48 RU-MSP2018-20201023 (VIP-TELECOM LLC)
2001:678:ee4::/48 IP-Petrosyan-Maksim-Markslenovicht (IP Petrosyan Maksim Markslenovich)
2001:678:ee8::/48 TRC-BRT-IPV6 (Teleradiocompany Bytradiotehnika Ltd.)
2001:678:eec::/48 NPI-TU (Federal State Budgetary Educational Institution of Higher Education "M.I.Platov South-Russian State Polytechnic University (NPI)")
2001:678:f38::/48 RU-RETNNET-20210504 (Traffic Ltd)
@@ -94,7 +93,7 @@
2001:678:1024::/48 SIRENATRAVEL-NETv6 (Sirena Travel AO)
2001:678:1034::/48 RU-ELKOMA (Elkoma LLC)
2001:678:1058::/48 CZ-VISSADO-20250305 (GP Internet Ltd.)
2001:67c:20::/48 ABSOLYT-NET (Limited liability company Absolut)
2001:67c:20::/48 ABSOLYT-NET (Limited liability company Absolyt)
2001:67c:84::/48 MANNET-6NET (MAN net Ltd.)
2001:67c:e8::/48 RU-NEMEROV (Nemerov Evgeniy Vladimirovish PE)
2001:67c:100::/48 RU-DINET-20210819 (Limited Liability Company "R-Business Svyaz")
@@ -116,7 +115,6 @@
2001:67c:5c4::/48 MBITCITY-NET (Mbit City Ltd.)
2001:67c:614::/48 RU-INDATA-20160728 (FOUNDATION FOR DEVELOPMENT OF NETWORKING TECHNOLOGIES "INDATA")
2001:67c:62c::/48 PRK-V6NET (JSC Trading house Perekriostok)
2001:67c:650::/48 RU-HYPERNET-20260210 (JSC ALIAS)
2001:67c:664::/48 BALTSOYA-AS (CJSC Sodruzhestvo Soya)
2001:67c:698::/48 AIRKHV (JSC "Khabarovsky airport")
2001:67c:6a0::/48 RSCC (Federal State Unitary Enterprise "Russian Satellite Communication Company")
@@ -137,7 +135,6 @@
2001:67c:948::/48 RU-OPTIBIT-20220218 (Mobilon Telecommunications LLC)
2001:67c:95c::/48 RU-RTK-20220223 (JSC COMMERCIAL BANK "KHLYNOV")
2001:67c:a5c::/48 RU-GSYSTEM-20220810 (LLC OZON BANK)
2001:67c:a80::/48 Foton-net (Foton Company Ltd)
2001:67c:ac4::/48 RU-SITENET-20220928 (Ministry of Finance of the Sakhalin region)
2001:67c:b00::/48 VMI-NET6 (OOO NPO VMI)
2001:67c:b18::/48 LITE-HOST (Rusachenko Evgenii Sergeevich)
@@ -160,7 +157,7 @@
2001:67c:f64::/48 AB-GAGRATEL (Gagra Telecom LLC)
2001:67c:f88::/48 RU-SIGNALTELECOM (Signal-Telecom LLC)
2001:67c:f98::/48 CZ-VISSADO-20241119 (Tecom Ltd.)
2001:67c:fa0::/48 SVYAZ6-NET (Svyaz Ltd)
2001:67c:fa0::/48 SVYAZ6-NET (Svyaz JSC)
2001:67c:fb0::/48 FAITID-NETWORK (Foundation for Assistance for Internet Technologies and Infrastructure Development)
2001:67c:fb4::/48 RU-KIPREY (Kiprey JSC)
2001:67c:fcc::/48 RU-SERGIENKO-20241220 (KAMETA LLC)
@@ -285,7 +282,7 @@
2001:67c:2e98::/48 RU-RTK-20151005 (FGBOU VO Saratov State Medical University named after V.I.Razumovsky)
2001:67c:2e9c::/48 SANTEKHKOMPLEKT (LTD Santekhkomplekt)
2001:67c:2ec8::/48 RU-RTK-20151021 (RusAccreditation. Federal Service for accreditation)
2001:67c:2ee0::/48 VIKS-NET (Vikscom Ltd.)
2001:67c:2ee0::/48 VIKSCOM-IPV6-NET (Vikscom Ltd.)
2001:67c:2f90::/48 SOFTBUILD (SOFTBUILD LLC)
2001:67c:2fd4::/48 ORG-IO52-RIPE (IPSvyaz OOO)
2001:6d0::/32 RU-MSK-IX-20010219 (Join-stock company "Internet Exchange"MSK-IX")
@@ -305,7 +302,7 @@
2001:7f8:a7::/48 BAIKAL-IX-NET-v6 (LLC Zero Kilometer)
2001:7f8:ac::/48 RU-OPTIBIT-20160922 (Optibit LLC)
2001:7f8:c8::/48 RU-DREAMNET-20180514 (Weacom Ltd)
2001:7f8:c9::/48 RU-CHTE-20180525 (JOINT-STOCK COMPANY "MOSCOW ENERGY COMMUNICATION NODE")
2001:7f8:c9::/48 RU-CHTE-20180525 (Chitatehenergy JSC)
2001:7f8:e6::/48 RU-PITER-IX-SPB (Piter-IX Co. Ltd.)
2001:7f8:eb::/48 RU-PITER-IX-MSK (Piter-IX Co. Ltd.)
2001:7f8:ee::/48 RU-LINXDATACENTER-20200218 (Svyaz VSD LLC)
@@ -329,7 +326,7 @@
2a00:eba::/31 RU-STACK-20100219 (StackNet Service, LLC)
2a00:ebc::/30 RU-STACK-20100219 (StackNet Service, LLC)
2a00:f00::/29 RU-MTU-20081124 (MTS PJSC)
2a00:f08::/32 RU-TRUNKMOBILE-20081124 (TrunkMobile JSC)
2a00:f08::/32 RU-WILAND-20081124 (Wiland Ltd)
2a00:f30::/32 RU-QUANTUM-20081127 (Quantum CJSC)
2a00:1020::/32 RU-SEVEREN-20090619 (JSC "Severen-Telecom")
2a00:1078::/32 RU-STROYTECHSERVICE-20090630 (Stroytechservice LLC)
@@ -478,7 +475,7 @@
2a00:b940::/32 RU-IGRA-SERVICE-20150520 (Igra-Service LLC)
2a00:bcc0::/32 RU-ELIT-TV-20160601 (Viter Evgeniy Vasilevich)
2a00:bd40::/32 RU-INEWS-20120314 (INEWS LLC)
2a00:bdc0::/29 RU-VKONTAKTE-20120314 (LLC VK)
2a00:bdc0::/29 RU-VKONTAKTE-20120314 (VKontakte Ltd)
2a00:be00::/29 RU-MASTERTEL-20110125 (JSC Mastertel)
2a00:be20::/32 RU-VERMONT-IT-20130725 (Vermont-IT Limited Liability Company)
2a00:bf00::/32 RU-CT-C-20110217 ("Computational technologies - consulting" LLC)
@@ -848,7 +845,7 @@
2a03:58c0::/32 RU-KAMENSKTEL-20121113 (Closed Joint Stock Company Radiotelephone)
2a03:5a00::/29 RU-LEADERTELECOM-20110204 (LeaderTelecom Ltd.)
2a03:5a60::/32 RU-LINENEW-20141125 (Limited liability company "New Line")
2a03:5a80::/32 RU-TRUNKMOBILE-20110915 (TrunkMobile JSC)
2a03:5a80::/32 RU-WILAND-20110915 (Wiland Ltd)
2a03:5b80::/32 RU-TRANSTELECOM-20140616 (Joint Stock Company TransTeleCom)
2a03:5c80::/32 RU-TELEMAKS-20110915 (TeleMaks Ltd)
2a03:5ca0::/32 RU-GTSS-20141128 (GeoTelecommunications LLC)
@@ -1444,7 +1441,7 @@
2a0b:9000::/29 RU-AU-20190621 (Auction LLC)
2a0b:9080::/29 RU-MGNHOST-NET-20220128 (Tyurin Viktor Mihaylovich)
2a0b:9480::/29 RU-TELECOM-20181002 (Telenet LLC)
2a0b:97c0::/29 RU-EESNET-20170725 (JOINT-STOCK COMPANY "MOSCOW ENERGY COMMUNICATION NODE")
2a0b:97c0::/29 RU-CHTE-20170725 (Chitatehenergy JSC)
2a0b:9a00::/29 RU-FIRSTDC-20200428 (Perviy TSOD LLC)
2a0b:9c40::/29 RU-FILI-TELECOM-20170725 (FILI-Telecom LLC)
2a0b:9fc0::/29 RU-RAID-20170726 (JSC "ER-Telecom Holding")
@@ -1497,7 +1494,6 @@
2a0c:5640::/29 RU-INTELLIN-20180412 (JSC Intellin)
2a0c:5ec0::/29 RU-SERVICE-IT-20180416 (LLC IT-service)
2a0c:6680::/29 RU-KLEYNKOM4-20180105 (Kleynkom LLC)
2a0c:68c0::/29 RU-WS1-20260130 ("Wireless systems" LLC)
2a0c:6900::/29 RU-LEK-20171113 (Alliance LLC)
2a0c:6c00::/29 RU-VDS-TELECOM-20230504 (VDS-TELECOM LLC)
2a0c:6d00::/32 RU-SPACE-20171113 (Federal State Budgetary Institution of Science "Space Research Institute of the Russian Academy of Sciences".)
@@ -1574,7 +1570,6 @@
2a0d:6d40::/29 RU-REGLAND-20240220 (Regland ltd)
2a0d:70c0::/29 RU-AT-20180914 (Apple Technologies LLC)
2a0d:7480::/29 RU-SETII-20180214 (Nets and Services JCS)
2a0d:7680::/32 RU-IAKHONTOV-20260203 (Iaroslav Iakhontov)
2a0d:7740::/29 RU-VPSVILLE1-20180917 (LLC Vpsville)
2a0d:7840::/29 RU-MAINACC-20180918 (Ivan Bulavkin)
2a0d:80c0::/29 RU-RSVOSPB-20180919 (JSC Russian Broadcasting and Notification Networks)
@@ -1814,7 +1809,7 @@
2a10:4f80::/29 RU-FIRSTDC-20200421 (Perviy TSOD LLC)
2a10:5080::/29 RU-FIRSTDC-20200421 (Perviy TSOD LLC)
2a10:5180::/29 RU-FIRSTDC-20200421 (Perviy TSOD LLC)
2a10:5cc0::/29 RU-MAI-20200904 (Federal State Autonomous Educational Institution of Higher Education "Moscow Aviation Institute (National Research University)")
2a10:5cc0::/29 RU-MAI-20200904 (Federal State Budgetary Educational Institution of Higher Education Moscow Aviation Institute (National Research University))
2a10:61c0::/29 RU-DATAFORT-20200909 (DataFort LLC)
2a10:62c0::/29 RU-OKKO-20200911 (OKKO LLC)
2a10:6a40::/29 RU-IITRUST-20200918 (InfoTeCS Internet Trust JSC)
@@ -1840,9 +1835,7 @@
2a10:9bc0::/29 RU-FIRSTDC-20210225 (Perviy TSOD LLC)
2a10:9c40::/29 RU-FIRSTDC-20210225 (Perviy TSOD LLC)
2a10:9cc0::/29 RU-FIRSTDC-20210225 (Perviy TSOD LLC)
2a10:a680::/29 RU-INTECH-20260213 (INTEX ltd.)
2a10:aa80::/29 RU-NUBES-20201217 (NUBES llc)
2a10:ab80::/29 RU-PREFIXLABS-20260216 (Denis Aleksandrovich Iakovlev)
2a10:ad00::/29 RU-FIRSTDC-20201117 (Perviy TSOD LLC)
2a10:ad80::/29 RU-IVC-20201218 (Information & Computing Center, Ltd.)
2a10:af00::/29 RU-FIRSTDC-20201117 (Perviy TSOD LLC)
@@ -1859,7 +1852,6 @@
2a10:cfc0::/29 RU-TALENTSUCCESS-20210408 (Educational Fund "Talent and success")
2a10:d240::/29 RU-MAINACC-20210412 (Ivan Bulavkin)
2a10:d5c0::/29 RU-MAINACC-20210414 (Ivan Bulavkin)
2a10:d740::/29 RU-KVANTA-20260216 (KVANTA LLC)
2a10:d8c0::/29 RU-VPSVILLE1-20210416 (LLC Vpsville)
2a10:df00::/29 RU-RVISION-20201124 (RVISION Ltd.)
2a10:e040::/29 RU-MAINACC-20210421 (Ivan Bulavkin)
@@ -1869,7 +1861,6 @@
2a10:f640::/29 RU-ACTIVEBC-20210506 (ActiveBusinessConsult LLC)
2a10:fa00::/29 RU-EVROKONTAKTVN-20201109 (EUROCONTACT VELIKY NOVGOROD LLC)
2a11:200::/29 RU-VPSVILLE1-20210511 (LLC Vpsville)
2a11:300::/29 RU-TUNDRA-TC-20260216 (LLC "TUNDRA TELECOM")
2a11:640::/29 RU-TELECOM-20210701 (Telenet LLC)
2a11:680::/29 RU-VPSVILLE1-20210514 (LLC Vpsville)
2a11:700::/29 RU-CTEL-20210512 (LLC Tatarstan-On-Line)
@@ -1959,7 +1950,7 @@
2a11:85c0::/29 RU-LOCAL-20211007 (LIR LLC)
2a11:8600::/29 RU-NICOS-20210720 (LLC Company NICOS)
2a11:8780::/29 RU-MESHNET-20210824 (Vladimir Dmitriev)
2a11:87c0::/29 RU-TELEGA-20251124 (JOINT STOCK COMPANY "TELEGA")
2a11:87c0::/29 RU-TELEGA-20251124 (JOINT STOCK COMPANY "DAL")
2a11:8940::/29 RU-AU-20211007 (Auction LLC)
2a11:8f80::/29 RU-LOCAL-20210825 (LIR LLC)
2a11:91c0::/29 RU-IPMAGNAT-20211008 (Mikhail Tonkonog)

185847
auto/all-ru.txt
View File

File diff suppressed because it is too large Load Diff

34787
auto/ripe-ru-ipv4.json
View File

File diff suppressed because it is too large Load Diff

5529
auto/ripe-ru-ipv4.txt
View File

File diff suppressed because it is too large Load Diff

0
blacklists/.keep_folder → blacklists/.keep
View File

1165
blacklists/blacklist-v4.txt Normal file
View File

File diff suppressed because it is too large Load Diff

25
blacklists/blacklist-v6.txt Normal file
View File

@@ -0,0 +1,25 @@
2a00:1148::/29
2a00:1148::/32
2a00:46e0:2::/48
2a00:46e0::/32
2a00:a300::/32
2a00:b4c0::/32
2a00:bdc0:8000::/34
2a00:bdc0::/33
2a00:bdc0:c000::/35
2a00:bdc0:e002::/48
2a00:bdc0:e003::/48
2a00:bdc0:e004::/48
2a00:bdc0:e005::/48
2a00:bdc0:e007::/48
2a00:bdc0:f000::/36
2a00:bdc1::/32
2a00:bdc2::/31
2a00:bdc4::/30
2a0c:a9c7:156::/48
2a0c:a9c7:157::/48
2a0c:a9c7:158::/48
2a14:25c0::/32
2a14:25c5::/32
2a14:25c6::/32
2a14:25c7::/32

1190
blacklists/blacklist.txt Normal file
View File

File diff suppressed because it is too large Load Diff

2427
blacklists/blacklist_with_comments.txt Normal file
View File

File diff suppressed because it is too large Load Diff

0
blacklists_iptables/.keep_folder → blacklists_iptables/.keep
View File

109
blacklists_iptables/README.md Normal file
View File

@@ -0,0 +1,109 @@
# IPTables/IPSet Blacklist Configurations
Auto-generated ipset configuration files for blocking networks and IP addresses with iptables/ip6tables.
## Available Files
### IPv4 Only
- **`blacklist-v4.ipset`** - Contains only IPv4 networks (806 entries)
### IPv6 Only
- **`blacklist-v6.ipset`** - Contains only IPv6 networks (3 entries)
### Mixed IPv4/IPv6
- **`blacklist.ipset`** - Contains both IPv4 and IPv6 sets (809 total entries)
## Usage
### 1. Load the IPSet
```bash
# For IPv4 only
ipset restore < blacklist-v4.ipset
# For IPv6 only
ipset restore < blacklist-v6.ipset
# For both IPv4 and IPv6 (loads both sets)
ipset restore < blacklist.ipset
```
### 2. Apply IPTables Rules
```bash
# For IPv4
iptables -I INPUT -m set --match-set blacklist-v4 src -j DROP
iptables -I FORWARD -m set --match-set blacklist-v4 src -j DROP
# For IPv6
ip6tables -I INPUT -m set --match-set blacklist-v6 src -j DROP
ip6tables -I FORWARD -m set --match-set blacklist-v6 src -j DROP
```
### 3. Persist Rules (Optional)
To make the rules persistent across reboots:
**On Debian/Ubuntu:**
```bash
# Save iptables rules
iptables-save > /etc/iptables/rules.v4
ip6tables-save > /etc/iptables/rules.v6
# Save ipset
ipset save > /etc/ipset.conf
```
**On RHEL/CentOS:**
```bash
# Save iptables rules
service iptables save
service ip6tables save
# Save ipset
ipset save > /etc/sysconfig/ipset
```
### 4. Update Existing Sets
To update the blacklist without restarting iptables:
```bash
# Flush and reload
ipset flush blacklist-v4
ipset restore < blacklist-v4.ipset
```
### 5. Remove Sets
```bash
# Remove IPv4 set
ipset flush blacklist-v4
ipset destroy blacklist-v4
# Remove IPv6 set
ipset flush blacklist-v6
ipset destroy blacklist-v6
```
## Performance Benefits
IPSet uses hash tables for O(1) lookup performance, making it ideal for large blacklists:
- Much faster than individual iptables rules
- Minimal CPU overhead
- Supports up to 65536 entries per set (configurable)
- Kernel-level implementation for maximum efficiency
## Automatic Updates
These files are automatically regenerated when the blacklists are updated via the GitHub Actions workflow.
## Source
Generated from the blacklist files in the `blacklists/` directory.

1183
blacklists_iptables/blacklist-v4.ipset Normal file
View File

File diff suppressed because it is too large Load Diff

43
blacklists_iptables/blacklist-v6.ipset Normal file
View File

@@ -0,0 +1,43 @@
# IPSet blacklist configuration (IPv6 only)
# Auto-generated from blacklist-v6.txt
# Last updated: 2025-12-31 06:24:51 UTC
#
# Usage:
# 1. Load the ipset:
# ipset restore < blacklist-v6.ipset
#
# 2. Use with iptables/ip6tables:
# iptables -I INPUT -m set --match-set blacklist-v6 src -m conntrack --ctstate NEW -j DROP
# iptables -I FORWARD -m set --match-set blacklist-v6 src -m conntrack --ctstate NEW -j DROP
#
# 3. To flush/delete the set:
# ipset flush blacklist-v6
# ipset destroy blacklist-v6
#
create blacklist-v6 hash:net family inet6 hashsize 1024 maxelem 50
add blacklist-v6 2a00:1148::/29
add blacklist-v6 2a00:1148::/32
add blacklist-v6 2a00:46e0:2::/48
add blacklist-v6 2a00:46e0::/32
add blacklist-v6 2a00:a300::/32
add blacklist-v6 2a00:b4c0::/32
add blacklist-v6 2a00:bdc0:8000::/34
add blacklist-v6 2a00:bdc0::/33
add blacklist-v6 2a00:bdc0:c000::/35
add blacklist-v6 2a00:bdc0:e002::/48
add blacklist-v6 2a00:bdc0:e003::/48
add blacklist-v6 2a00:bdc0:e004::/48
add blacklist-v6 2a00:bdc0:e005::/48
add blacklist-v6 2a00:bdc0:e007::/48
add blacklist-v6 2a00:bdc0:f000::/36
add blacklist-v6 2a00:bdc1::/32
add blacklist-v6 2a00:bdc2::/31
add blacklist-v6 2a00:bdc4::/30
add blacklist-v6 2a0c:a9c7:156::/48
add blacklist-v6 2a0c:a9c7:157::/48
add blacklist-v6 2a0c:a9c7:158::/48
add blacklist-v6 2a14:25c0::/32
add blacklist-v6 2a14:25c5::/32
add blacklist-v6 2a14:25c6::/32
add blacklist-v6 2a14:25c7::/32

1212
blacklists_iptables/blacklist.ipset Normal file
View File

File diff suppressed because it is too large Load Diff

0
blacklists_nftables/.keep_folder → blacklists_nginx/.keep
View File

0
blacklists_nginx/.keep_folder
View File

302
blacklists_nginx/README.md Normal file
View File

@@ -0,0 +1,302 @@
# Nginx Blacklist Configurations
Auto-generated nginx configuration files for blocking networks and IP addresses.
## Available Files
### Mixed IPv4/IPv6
- **`blacklist.conf`** - Contains both IPv4 and IPv6 deny rules (809 entries)
### IPv4 Only
- **`blacklist-v4.conf`** - Contains only IPv4 deny rules (806 entries)
### IPv6 Only
- **`blacklist-v6.conf`** - Contains only IPv6 deny rules (3 entries)
## Usage
### Basic Usage
Include the desired configuration file in your nginx `server` or `location` block:
```nginx
server {
listen 80;
server_name example.com;
# Include the blacklist
include /path/to/blacklist.conf;
location / {
# your configuration
}
}
```
### Separate IPv4/IPv6 Files
For more granular control, use separate files:
```nginx
server {
listen 80;
listen [::]:80;
server_name example.com;
# Include both IPv4 and IPv6 blacklists
include /path/to/blacklist-v4.conf;
include /path/to/blacklist-v6.conf;
location / {
# your configuration
}
}
```
### HTTP Block Level
Apply the blacklist globally to all virtual hosts:
```nginx
http {
# Apply blacklist globally
include /path/to/blacklist.conf;
server {
listen 80;
server_name example.com;
# ...
}
server {
listen 80;
server_name another.com;
# ...
}
}
```
### Location Block Level
For selective blocking within specific locations:
```nginx
server {
listen 80;
server_name example.com;
location /admin {
# Apply blacklist only to admin area
include /path/to/blacklist.conf;
# ...
}
location /public {
# Public area without blacklist
# ...
}
}
```
## Testing Configuration
After adding the blacklist, always test your nginx configuration:
```bash
# Test configuration
nginx -t
# Reload nginx if test passes
nginx -s reload
# or
systemctl reload nginx
```
## Custom Response
By default, denied IPs receive a connection drop. To customize the response:
```nginx
server {
listen 80;
server_name example.com;
# Return custom error page
error_page 403 /403.html;
include /path/to/blacklist.conf;
location = /403.html {
root /usr/share/nginx/html;
internal;
}
}
```
Note: For large blacklists, using `deny` directives (as in these files) is more efficient than `if` statements.
## Performance Considerations
- **Deny directives** are processed in order and stop at the first match
- For optimal performance, most frequently matched IPs should be at the top
- Current files are sorted for consistency
- Nginx handles hundreds of deny rules efficiently
- For very large blacklists (10,000+ entries), consider using:
- Nginx GeoIP2 module for geographic blocking
- nftables/iptables at the firewall level for better performance
- Stream module for TCP/UDP level blocking
## Integration Examples
### Docker Deployment
```dockerfile
FROM nginx:alpine
# Copy blacklist
COPY blacklist.conf /etc/nginx/blacklist.conf
# Copy nginx config that includes the blacklist
COPY nginx.conf /etc/nginx/nginx.conf
EXPOSE 80 443
CMD ["nginx", "-g", "daemon off;"]
```
### Kubernetes ConfigMap
```yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: nginx-blacklist
data:
blacklist.conf: |
# Include blacklist content here
deny 109.124.119.88/29;
deny 109.124.66.128/30;
# ...
```
### Automated Updates
Set up a cron job to automatically fetch the latest blacklist:
```bash
#!/bin/bash
# /etc/cron.daily/update-nginx-blacklist
# Download latest blacklist
wget -q https://raw.githubusercontent.com/C24Be/AS_Network_List/main/blacklists_nginx/blacklist.conf \
-O /etc/nginx/blacklist.conf.new
# Test nginx configuration
nginx -t -c /etc/nginx/nginx.conf
# If test passes, reload nginx
if [ $? -eq 0 ]; then
mv /etc/nginx/blacklist.conf.new /etc/nginx/blacklist.conf
systemctl reload nginx
echo "Blacklist updated successfully"
else
rm /etc/nginx/blacklist.conf.new
echo "Nginx config test failed, blacklist not updated"
fi
```
## Logging Blocked Requests
To log denied requests:
```nginx
server {
listen 80;
server_name example.com;
# Custom log format for denied IPs
log_format blocked '$remote_addr - $remote_user [$time_local] '
'"$request" 403 0 '
'"$http_referer" "$http_user_agent"';
access_log /var/log/nginx/blocked.log blocked;
include /path/to/blacklist.conf;
location / {
# your configuration
}
}
```
## Monitoring
Check how many IPs are being blocked:
```bash
# Count deny rules
grep -c "deny" /path/to/blacklist.conf
# Check blocked access logs
tail -f /var/log/nginx/blocked.log
# Count blocked requests today
grep "$(date +%d/%b/%Y)" /var/log/nginx/access.log | grep " 403 " | wc -l
```
## Troubleshooting
### Configuration Test Fails
```bash
# Check syntax
nginx -t
# Check for duplicate includes
grep -r "include.*blacklist" /etc/nginx/
# Verify file permissions
ls -l /path/to/blacklist.conf
```
### Legitimate Users Blocked
Check if their IP is in the blacklist:
```bash
grep "YOUR_IP" /path/to/blacklist.conf
```
Whitelist specific IPs before applying the blacklist:
```nginx
server {
listen 80;
server_name example.com;
# Whitelist before blacklist
allow 192.168.1.100; # Trusted IP
# Then apply blacklist
include /path/to/blacklist.conf;
# Deny all others not explicitly allowed
# deny all; # Optional
}
```
## Automatic Updates
These files are automatically regenerated daily when the blacklists are updated via the GitHub Actions workflow.
## Source
Generated from the blacklist files in the `blacklists/` directory by `blacklists_updater_nginx.sh`.
## See Also
- [IPTables/IPSet Format](../blacklists_iptables/README.md) - For firewall-level blocking
- [Text Format](../blacklists/README.md) - For custom integrations
- [Main Repository](https://github.com/C24Be/AS_Network_List) - Complete documentation

1174
blacklists_nginx/blacklist-v4.conf Normal file
View File

File diff suppressed because it is too large Load Diff

34
blacklists_nginx/blacklist-v6.conf Normal file
View File

@@ -0,0 +1,34 @@
# Nginx blacklist configuration (IPv6 only)
# Auto-generated from blacklist-v6.txt
# Last updated: 2025-12-31 06:24:51 UTC
#
# Usage: Include this file in your nginx server or location block:
# include /path/to/blacklist-v6.conf;
#
deny 2a00:1148::/29;
deny 2a00:1148::/32;
deny 2a00:46e0:2::/48;
deny 2a00:46e0::/32;
deny 2a00:a300::/32;
deny 2a00:b4c0::/32;
deny 2a00:bdc0:8000::/34;
deny 2a00:bdc0::/33;
deny 2a00:bdc0:c000::/35;
deny 2a00:bdc0:e002::/48;
deny 2a00:bdc0:e003::/48;
deny 2a00:bdc0:e004::/48;
deny 2a00:bdc0:e005::/48;
deny 2a00:bdc0:e007::/48;
deny 2a00:bdc0:f000::/36;
deny 2a00:bdc1::/32;
deny 2a00:bdc2::/31;
deny 2a00:bdc4::/30;
deny 2a0c:a9c7:156::/48;
deny 2a0c:a9c7:157::/48;
deny 2a0c:a9c7:158::/48;
deny 2a14:25c0::/32;
deny 2a14:25c5::/32;
deny 2a14:25c6::/32;
deny 2a14:25c7::/32;

1199
blacklists_nginx/blacklist.conf Normal file
View File

File diff suppressed because it is too large Load Diff

0
blacklists_routes/.keep_folder
View File

94
blacklists_updater_iptables.sh
View File

@@ -1,46 +1,19 @@
#!/bin/sh
SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)"
# Input files (generated by blacklists_updater_txt.sh)
blacklist_file="${SCRIPT_DIR}/blacklists/blacklist.txt"
blacklist_v4_file="${SCRIPT_DIR}/blacklists/blacklist-v4.txt"
blacklist_v6_file="${SCRIPT_DIR}/blacklists/blacklist-v6.txt"
# Source files for name-based VK filtering
auto_all_v4_file="${SCRIPT_DIR}/auto/all-ru-ipv4.txt"
auto_all_v6_file="${SCRIPT_DIR}/auto/all-ru-ipv6.txt"
auto_ripe_v4_file="${SCRIPT_DIR}/auto/ripe-ru-ipv4.txt"
vk_name_pattern='VK[[:space:]-]*CLOUD|VKCOMPANY|VKONTAKTE'
# Additional VK-only text blacklists
blacklist_vk_file="${SCRIPT_DIR}/blacklists/blacklist-vk.txt"
blacklist_vk_v4_file="${SCRIPT_DIR}/blacklists/blacklist-vk-v4.txt"
blacklist_vk_v6_file="${SCRIPT_DIR}/blacklists/blacklist-vk-v6.txt"
blacklist_file="blacklists/blacklist.txt"
blacklist_v4_file="blacklists/blacklist-v4.txt"
blacklist_v6_file="blacklists/blacklist-v6.txt"
# Output directory and files
iptables_output_dir="${SCRIPT_DIR}/blacklists_iptables"
iptables_output_dir="blacklists_iptables"
iptables_output_file="${iptables_output_dir}/blacklist.ipset"
iptables_v4_output_file="${iptables_output_dir}/blacklist-v4.ipset"
iptables_v6_output_file="${iptables_output_dir}/blacklist-v6.ipset"
iptables_vk_output_file="${iptables_output_dir}/blacklist-vk.ipset"
iptables_vk_v4_output_file="${iptables_output_dir}/blacklist-vk-v4.ipset"
iptables_vk_v6_output_file="${iptables_output_dir}/blacklist-vk-v6.ipset"
# Create iptables directory if it doesn't exist
mkdir -p "${iptables_output_dir}"
# Build additional VK-only blacklist from network names in auto/*.txt files
tmp_vk_file="$(mktemp "${SCRIPT_DIR}/blacklists/.blacklist-vk.XXXXXX")"
for source_file in "${auto_all_v4_file}" "${auto_all_v6_file}" "${auto_ripe_v4_file}"; do
[ -f "${source_file}" ] || continue
awk -v pattern="${vk_name_pattern}" 'BEGIN { IGNORECASE = 1 } $0 ~ pattern { print $1 }' "${source_file}" >> "${tmp_vk_file}"
done
sort -u "${tmp_vk_file}" > "${blacklist_vk_file}"
grep ':' "${blacklist_vk_file}" | sort -u > "${blacklist_vk_v6_file}" || true
grep -v ':' "${blacklist_vk_file}" | sort -u > "${blacklist_vk_v4_file}" || true
rm -f "${tmp_vk_file}"
# Function to generate ipset config from input file
generate_ipset_config() {
local input_file="$1"
@@ -48,19 +21,6 @@ generate_ipset_config() {
local ip_version="$3"
local set_name="$4"
local family="$5"
local iptables_cmd="iptables"
local rule_primary=""
local rule_secondary=""
[ "${family}" = "inet6" ] && iptables_cmd="ip6tables"
if printf "%s" "${set_name}" | grep -q '^blacklist-vk'; then
rule_primary="${iptables_cmd} -I OUTPUT -m set --match-set ${set_name} dst -j REJECT"
rule_secondary="${iptables_cmd} -I FORWARD -m set --match-set ${set_name} dst -j REJECT"
else
rule_primary="${iptables_cmd} -I INPUT -m set --match-set ${set_name} src -m conntrack --ctstate NEW -j DROP"
rule_secondary="${iptables_cmd} -I FORWARD -m set --match-set ${set_name} src -m conntrack --ctstate NEW -j DROP"
fi
# Count entries for hash size calculation
local count=$(wc -l < "${input_file}" | tr -d ' ')
@@ -78,8 +38,8 @@ generate_ipset_config() {
# ipset restore < $(basename ${output_file})
#
# 2. Use with iptables/ip6tables:
# ${rule_primary}
${rule_secondary:+# ${rule_secondary}}
# iptables -I INPUT -m set --match-set ${set_name} src -m conntrack --ctstate NEW -j DROP
# iptables -I FORWARD -m set --match-set ${set_name} src -m conntrack --ctstate NEW -j DROP
#
# 3. To flush/delete the set:
# ipset flush ${set_name}
@@ -103,8 +63,6 @@ EOF
# Generate ipset configurations from blacklist files
generate_ipset_config "${blacklist_v4_file}" "${iptables_v4_output_file}" "(IPv4 only)" "blacklist-v4" "inet"
generate_ipset_config "${blacklist_v6_file}" "${iptables_v6_output_file}" "(IPv6 only)" "blacklist-v6" "inet6"
generate_ipset_config "${blacklist_vk_v4_file}" "${iptables_vk_v4_output_file}" "(VK names, IPv4 only)" "blacklist-vk-v4" "inet"
generate_ipset_config "${blacklist_vk_v6_file}" "${iptables_vk_v6_output_file}" "(VK names, IPv6 only)" "blacklist-vk-v6" "inet6"
# For mixed file, we need to create two sets (IPv4 and IPv6) as ipset doesn't support mixed families
cat > "${iptables_output_file}" << EOF
@@ -136,43 +94,3 @@ tail -n +2 "${iptables_v6_output_file}" | grep -E "^(create|add)" >> "${iptables
echo "✓ Generated (mixed IPv4/IPv6): ${iptables_output_file}"
echo " Total entries: $(wc -l < "${blacklist_file}" | tr -d ' ')"
# Generate mixed VK-only ipset file (contains both v4 and v6 sets)
cat > "${iptables_vk_output_file}" << EOF
# IPSet blacklist configuration (VK names: VK Cloud / VKCOMPANY / VKONTAKTE)
# Auto-generated from name-filtered auto/*.txt sources
# Last updated: $(date -u +"%Y-%m-%d %H:%M:%S UTC")
#
# Usage:
# 1. Load the ipset:
# ipset restore < $(basename "${iptables_vk_output_file}")
#
# 2. Use with iptables/ip6tables:
# iptables -I OUTPUT -m set --match-set blacklist-vk-v4 dst -j REJECT
# iptables -I FORWARD -m set --match-set blacklist-vk-v4 dst -j REJECT
# ip6tables -I OUTPUT -m set --match-set blacklist-vk-v6 dst -j REJECT
# ip6tables -I FORWARD -m set --match-set blacklist-vk-v6 dst -j REJECT
#
# 3. To flush/delete the sets:
# ipset flush blacklist-vk-v4 && ipset destroy blacklist-vk-v4
# ipset flush blacklist-vk-v6 && ipset destroy blacklist-vk-v6
#
EOF
tail -n +2 "${iptables_vk_v4_output_file}" | grep -E "^(create|add)" >> "${iptables_vk_output_file}"
echo "" >> "${iptables_vk_output_file}"
tail -n +2 "${iptables_vk_v6_output_file}" | grep -E "^(create|add)" >> "${iptables_vk_output_file}"
echo "✓ Generated (VK names, mixed IPv4/IPv6): ${iptables_vk_output_file}"
echo " Total entries: $(wc -l < "${blacklist_vk_file}" | tr -d ' ')"
echo ""
echo "VK outgoing block examples (iptables/ipset):"
echo " ipset restore < ${iptables_vk_output_file}"
echo " iptables -I OUTPUT -m set --match-set blacklist-vk-v4 dst -j REJECT"
echo " iptables -I FORWARD -m set --match-set blacklist-vk-v4 dst -j REJECT"
echo " ip6tables -I OUTPUT -m set --match-set blacklist-vk-v6 dst -j REJECT"
echo " ip6tables -I FORWARD -m set --match-set blacklist-vk-v6 dst -j REJECT"
echo ""
echo "Tip: Do not install Messenger MAX on the same phone/device that has VPN access configured."

84
blacklists_updater_nftables.sh
View File

@@ -1,84 +0,0 @@
#!/bin/bash
# Generates nftables blacklist configurations from the main blacklist
set -e
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
INPUT_FILE="$SCRIPT_DIR/blacklists/blacklist.txt"
OUTPUT_DIR="$SCRIPT_DIR/blacklists_nftables"
# Source files for name-based VK filtering
AUTO_ALL_V4_FILE="$SCRIPT_DIR/auto/all-ru-ipv4.txt"
AUTO_ALL_V6_FILE="$SCRIPT_DIR/auto/all-ru-ipv6.txt"
AUTO_RIPE_V4_FILE="$SCRIPT_DIR/auto/ripe-ru-ipv4.txt"
VK_NAME_PATTERN='VK[[:space:]-]*CLOUD|VKCOMPANY|VKONTAKTE'
# Additional VK-only text blacklists
VK_INPUT_FILE="$SCRIPT_DIR/blacklists/blacklist-vk.txt"
VK_INPUT_V4_FILE="$SCRIPT_DIR/blacklists/blacklist-vk-v4.txt"
VK_INPUT_V6_FILE="$SCRIPT_DIR/blacklists/blacklist-vk-v6.txt"
# Create output directory if it doesn't exist
mkdir -p "$OUTPUT_DIR"
echo "Generating nftables blacklists..."
# Build additional VK-only blacklist from network names in auto/*.txt files
TMP_VK_FILE="$(mktemp "$SCRIPT_DIR/blacklists/.blacklist-vk.XXXXXX")"
for source_file in "$AUTO_ALL_V4_FILE" "$AUTO_ALL_V6_FILE" "$AUTO_RIPE_V4_FILE"; do
[[ -f "$source_file" ]] || continue
awk -v pattern="$VK_NAME_PATTERN" 'BEGIN { IGNORECASE = 1 } $0 ~ pattern { print $1 }' "$source_file" >> "$TMP_VK_FILE"
done
sort -u "$TMP_VK_FILE" > "$VK_INPUT_FILE"
grep ':' "$VK_INPUT_FILE" | sort -u > "$VK_INPUT_V6_FILE" || true
grep -v ':' "$VK_INPUT_FILE" | sort -u > "$VK_INPUT_V4_FILE" || true
rm -f "$TMP_VK_FILE"
# Generate mixed IPv4/IPv6 blacklist
python3 "$SCRIPT_DIR/generate_nft_blacklist.py" \
"$INPUT_FILE" \
"$OUTPUT_DIR/blacklist.nft"
# Generate IPv4-only blacklist
TMP_V4_FILE="/tmp/blacklist-v4.txt"
TMP_V6_FILE="/tmp/blacklist-v6.txt"
grep -E '^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+' "$INPUT_FILE" > "$TMP_V4_FILE" || true
python3 "$SCRIPT_DIR/generate_nft_blacklist.py" \
"$TMP_V4_FILE" \
"$OUTPUT_DIR/blacklist-v4.nft"
# Generate IPv6-only blacklist
grep -E '^[0-9a-fA-F:]+:' "$INPUT_FILE" > "$TMP_V6_FILE" || true
python3 "$SCRIPT_DIR/generate_nft_blacklist.py" \
"$TMP_V6_FILE" \
"$OUTPUT_DIR/blacklist-v6.nft"
# Generate VK-only blacklists (network names: VK Cloud / VKCOMPANY / VKONTAKTE)
python3 "$SCRIPT_DIR/generate_nft_blacklist.py" \
"$VK_INPUT_FILE" \
"$OUTPUT_DIR/blacklist-vk.nft"
python3 "$SCRIPT_DIR/generate_nft_blacklist.py" \
"$VK_INPUT_V4_FILE" \
"$OUTPUT_DIR/blacklist-vk-v4.nft"
python3 "$SCRIPT_DIR/generate_nft_blacklist.py" \
"$VK_INPUT_V6_FILE" \
"$OUTPUT_DIR/blacklist-vk-v6.nft"
# Clean up temp files
rm -f "$TMP_V4_FILE" "$TMP_V6_FILE"
echo "nftables blacklists generated successfully!"
echo ""
echo "VM incoming block examples (all lists, nftables):"
echo " sudo nft -f $OUTPUT_DIR/blacklist.nft"
echo " sudo nft add chain inet filter input '{ type filter hook input priority 0; policy accept; }'"
echo " sudo nft add rule inet filter input ip saddr @blacklist_v4 counter reject"
echo " sudo nft add rule inet filter input ip6 saddr @blacklist_v6 counter reject"
echo ""
echo "VK outbound block examples for VPN clients via NAT (nftables):"
echo " sudo nft -f $OUTPUT_DIR/blacklist-vk.nft"
echo " sudo nft add chain inet filter forward '{ type filter hook forward priority 0; policy accept; }'"
echo " sudo nft add rule inet filter forward iifname \"<VPN_IFACE>\" ip daddr @blacklist_v4 counter reject"
echo " sudo nft add rule inet filter forward iifname \"<VPN_IFACE>\" ip6 daddr @blacklist_v6 counter reject"
echo ""
echo "Tip: Do not install Messenger MAX on the same phone/device that has VPN access configured."

78
blacklists_updater_routes.sh
View File

@@ -1,78 +0,0 @@
#!/bin/sh
set -e
SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)"
# Source files for name-based VK filtering
AUTO_ALL_V4_FILE="${SCRIPT_DIR}/auto/all-ru-ipv4.txt"
AUTO_ALL_V6_FILE="${SCRIPT_DIR}/auto/all-ru-ipv6.txt"
AUTO_RIPE_V4_FILE="${SCRIPT_DIR}/auto/ripe-ru-ipv4.txt"
VK_NAME_PATTERN='VK[[:space:]-]*CLOUD|VKCOMPANY|VKONTAKTE'
# Additional VK-only text blacklists
VK_INPUT_FILE="${SCRIPT_DIR}/blacklists/blacklist-vk.txt"
VK_INPUT_V4_FILE="${SCRIPT_DIR}/blacklists/blacklist-vk-v4.txt"
VK_INPUT_V6_FILE="${SCRIPT_DIR}/blacklists/blacklist-vk-v6.txt"
# Output directory and files
ROUTES_OUTPUT_DIR="${SCRIPT_DIR}/blacklists_route"
ROUTES_V4_FILE="${ROUTES_OUTPUT_DIR}/blacklist-vk-v4.routes"
ROUTES_V6_FILE="${ROUTES_OUTPUT_DIR}/blacklist-vk-v6.routes"
mkdir -p "${ROUTES_OUTPUT_DIR}" "${SCRIPT_DIR}/blacklists"
echo "Generating VK route blacklists..."
# Build additional VK-only blacklist from network names in auto/*.txt files
TMP_VK_FILE="$(mktemp "${SCRIPT_DIR}/blacklists/.blacklist-vk.XXXXXX")"
for source_file in "${AUTO_ALL_V4_FILE}" "${AUTO_ALL_V6_FILE}" "${AUTO_RIPE_V4_FILE}"; do
[ -f "${source_file}" ] || continue
awk -v pattern="${VK_NAME_PATTERN}" 'BEGIN { IGNORECASE = 1 } $0 ~ pattern { print $1 }' "${source_file}" >> "${TMP_VK_FILE}"
done
sort -u "${TMP_VK_FILE}" > "${VK_INPUT_FILE}"
grep ':' "${VK_INPUT_FILE}" | sort -u > "${VK_INPUT_V6_FILE}" || true
grep -v ':' "${VK_INPUT_FILE}" | sort -u > "${VK_INPUT_V4_FILE}" || true
rm -f "${TMP_VK_FILE}"
# Generate IPv4 routes file (route VK prefixes to loopback via 127.0.0.1)
cat > "${ROUTES_V4_FILE}" << EOF
# Linux routes for VK networks (IPv4)
# Auto-generated by $(basename "$0")
# Last updated: $(date -u +"%Y-%m-%d %H:%M:%S UTC")
#
# Apply:
# sudo sh $(basename "${ROUTES_V4_FILE}")
#
EOF
while IFS= read -r network; do
[ -n "${network}" ] || continue
printf 'ip route replace %s via 127.0.0.1 dev lo onlink\n' "${network}" >> "${ROUTES_V4_FILE}"
done < "${VK_INPUT_V4_FILE}"
# Generate IPv6 routes file (route VK prefixes to loopback via ::1)
cat > "${ROUTES_V6_FILE}" << EOF
# Linux routes for VK networks (IPv6)
# Auto-generated by $(basename "$0")
# Last updated: $(date -u +"%Y-%m-%d %H:%M:%S UTC")
#
# Apply:
# sudo sh $(basename "${ROUTES_V6_FILE}")
#
EOF
while IFS= read -r network; do
[ -n "${network}" ] || continue
printf 'ip -6 route replace %s via ::1 dev lo\n' "${network}" >> "${ROUTES_V6_FILE}"
done < "${VK_INPUT_V6_FILE}"
echo "✓ Generated: ${ROUTES_V4_FILE} (entries: $(wc -l < "${VK_INPUT_V4_FILE}" | tr -d ' '))"
echo "✓ Generated: ${ROUTES_V6_FILE} (entries: $(wc -l < "${VK_INPUT_V6_FILE}" | tr -d ' '))"
echo ""
echo "Examples:"
echo " sudo sh ${ROUTES_V4_FILE}"
echo " sudo sh ${ROUTES_V6_FILE}"

113
check_nft_blacklist.py
View File

@@ -1,113 +0,0 @@
#!/usr/bin/env python3
"""
check_nft_blacklist.py
Checks if an IP address is in the nftables blacklist configuration.
Usage:
check_nft_blacklist.py nft_bl.conf 192.168.1.1
check_nft_blacklist.py nft_bl.conf 2001:db8::1
"""
import sys
import re
from ipaddress import ip_address, ip_network, AddressValueError
from pathlib import Path
def parse_nft_config(config_path):
"""Extract IPv4 and IPv6 prefixes from nftables config."""
p = Path(config_path)
if not p.exists():
raise FileNotFoundError(f"Config file not found: {config_path}")
content = p.read_text(encoding="utf-8")
v4_prefixes = []
v6_prefixes = []
# Parse IPv4 set (blacklist_v4)
v4_match = re.search(
r'set blacklist_v4\s*\{[^}]*elements\s*=\s*\{([^}]+)\}',
content,
re.DOTALL
)
if v4_match:
elements = v4_match.group(1)
# Extract all CIDR notations
for match in re.finditer(r'(\d+\.\d+\.\d+\.\d+(?:/\d+)?)', elements):
try:
v4_prefixes.append(ip_network(match.group(1), strict=False))
except Exception as e:
print(f"Warning: Could not parse IPv4 prefix '{match.group(1)}': {e}", file=sys.stderr)
# Parse IPv6 set (blacklist_v6)
v6_match = re.search(
r'set blacklist_v6\s*\{[^}]*elements\s*=\s*\{([^}]+)\}',
content,
re.DOTALL
)
if v6_match:
elements = v6_match.group(1)
# Extract all IPv6 CIDR notations
for match in re.finditer(r'([0-9a-fA-F:]+(?:/\d+)?)', elements):
try:
v6_prefixes.append(ip_network(match.group(1), strict=False))
except Exception as e:
# Skip false matches from comments or other text
pass
return v4_prefixes, v6_prefixes
def check_ip_in_blacklist(ip_addr, v4_prefixes, v6_prefixes):
"""Check if IP address is in any of the blacklist prefixes."""
try:
addr = ip_address(ip_addr)
except AddressValueError as e:
raise ValueError(f"Invalid IP address: {ip_addr} ({e})")
prefixes = v4_prefixes if addr.version == 4 else v6_prefixes
for prefix in prefixes:
if addr in prefix:
return True, prefix
return False, None
def main(argv):
if len(argv) < 3:
print("Usage: python3 check_nft_blacklist.py <nft_config.conf> <ip_address>")
print("Examples:")
print(" check_nft_blacklist.py nft_bl.conf 192.168.1.1")
print(" check_nft_blacklist.py nft_bl.conf 2001:db8::1")
return 2
config_file = argv[1]
ip_to_check = argv[2]
# Parse the nftables config
try:
print(f"Loading blacklist from: {config_file}")
v4_prefixes, v6_prefixes = parse_nft_config(config_file)
print(f"Loaded {len(v4_prefixes)} IPv4 prefixes and {len(v6_prefixes)} IPv6 prefixes")
except Exception as e:
print(f"ERROR: Could not parse config file: {e}", file=sys.stderr)
return 3
# Check if IP is in blacklist
try:
is_blocked, matching_prefix = check_ip_in_blacklist(ip_to_check, v4_prefixes, v6_prefixes)
print(f"\nChecking IP: {ip_to_check}")
print("-" * 50)
if is_blocked:
print(f"✗ BLOCKED - IP is in blacklist")
print(f" Matching prefix: {matching_prefix}")
return 1
else:
print(f"✓ OK - IP is NOT in blacklist")
return 0
except ValueError as e:
print(f"ERROR: {e}", file=sys.stderr)
return 4
if __name__ == "__main__":
sys.exit(main(sys.argv))

155
generate_nft_blacklist.py
View File

@@ -1,155 +0,0 @@
#!/usr/bin/env python3
"""
generate_nft_blacklist.py
Reads prefixes from a file or stdin, aggregates them and writes nftables config.
Uses named sets for efficient blacklist management.
Usage:
git clone https://github.com/C24Be/AS_Network_List.git
generate_nft_blacklist.py ./AS_Network_List/blacklists/blacklist.txt nft_bl.conf
cp nft_bl.conf /etc/nftables.d/
systemctl restart nftables
"""
import sys
from ipaddress import ip_network, collapse_addresses
from pathlib import Path
from datetime import datetime
def read_lines(path_or_dash):
if path_or_dash == "-":
print("Reading prefixes from STDIN...")
return [ln.rstrip("\n") for ln in sys.stdin]
p = Path(path_or_dash)
if not p.exists():
raise FileNotFoundError(f"Input file not found: {path_or_dash}")
text = p.read_text(encoding="utf-8")
return text.splitlines()
def aggregate_prefixes(lines):
v4, v6, invalid = [], [], []
for lineno, ln in enumerate(lines, start=1):
s = ln.strip()
if not s or s.startswith("#"):
continue
try:
net = ip_network(s, strict=False)
if net.version == 4:
v4.append(net)
else:
v6.append(net)
except Exception as e:
invalid.append((lineno, s, str(e)))
agg_v4 = list(collapse_addresses(sorted(v4, key=lambda x: (int(x.network_address), x.prefixlen))))
agg_v6 = list(collapse_addresses(sorted(v6, key=lambda x: (int(x.network_address), x.prefixlen))))
return agg_v4, agg_v6, invalid
def make_nft_config(agg_v4, agg_v6, comment=None):
lines = []
lines.append("# Autogenerated nftables blacklist")
lines.append(f"# Generated: {datetime.utcnow().isoformat()}Z")
if comment:
lines.append(f"# {comment}")
lines.append(f"# IPv4: {len(agg_v4)}, IPv6: {len(agg_v6)}")
lines.append("")
lines.append("table inet filter {")
lines.append("")
# Define IPv4 blacklist set
lines.append(" set blacklist_v4 {")
lines.append(" type ipv4_addr")
lines.append(" flags interval")
if agg_v4:
lines.append(" elements = {")
for i, net in enumerate(agg_v4):
comma = "," if i < len(agg_v4) - 1 else ""
lines.append(f" {net.with_prefixlen}{comma}")
lines.append(" }")
lines.append(" }")
lines.append("")
# Define IPv6 blacklist set
lines.append(" set blacklist_v6 {")
lines.append(" type ipv6_addr")
lines.append(" flags interval")
if agg_v6:
lines.append(" elements = {")
for i, net in enumerate(agg_v6):
comma = "," if i < len(agg_v6) - 1 else ""
lines.append(f" {net.with_prefixlen}{comma}")
lines.append(" }")
lines.append(" }")
lines.append("")
# Define input chain with set lookups
lines.append(" chain input {")
lines.append(" type filter hook input priority 0;")
lines.append(" policy accept;")
lines.append("")
lines.append(" ct state { established, related } accept")
lines.append("")
if agg_v4:
lines.append(" ip saddr @blacklist_v4 counter drop")
if agg_v6:
lines.append(" ip6 saddr @blacklist_v6 counter drop")
lines.append(" }")
lines.append("}")
return "\n".join(lines)
def write_output(outpath, content):
if outpath == "-":
print(content)
return
p = Path(outpath)
p.write_text(content, encoding="utf-8")
p.chmod(0o644)
print(f"Wrote nft config to: {p} (size: {p.stat().st_size} bytes)")
def main(argv):
if len(argv) < 3:
print("Usage: python3 generate_nft_blacklist.py input.txt output.conf")
print("Use '-' as input or output to mean STDIN/STDOUT respectively.")
return 2
infile, outfile = argv[1], argv[2]
try:
lines = read_lines(infile)
except Exception as e:
print(f"ERROR reading input: {e}", file=sys.stderr)
return 3
if not any(line.strip() and not line.strip().startswith("#") for line in lines):
print("WARNING: input contains no prefixes (empty or only comments). Nothing to aggregate.")
nft_conf = make_nft_config([], [], comment="Empty input produced no prefixes")
write_output(outfile, nft_conf)
return 0
agg_v4, agg_v6, invalid = aggregate_prefixes(lines)
if invalid:
print("Some lines could not be parsed (line, text, error):")
for ln, txt, err in invalid:
print(f" {ln}: '{txt}' --> {err}", file=sys.stderr)
print(f"Aggregated IPv4 prefixes: {len(agg_v4)}")
for n in agg_v4:
print(" v4:", n)
print(f"Aggregated IPv6 prefixes: {len(agg_v6)}")
for n in agg_v6:
print(" v6:", n)
nft_conf = make_nft_config(agg_v4, agg_v6, comment=f"Source: {infile}")
try:
write_output(outfile, nft_conf)
except Exception as e:
print(f"ERROR writing output: {e}", file=sys.stderr)
return 4
print("Done.")
print("Load with: sudo nft -f <output.conf>")
print("View counters: sudo nft list chain inet filter input -a")
print("View sets: sudo nft list set inet filter blacklist_v4")
print(" sudo nft list set inet filter blacklist_v6")
return 0
if __name__ == "__main__":
sys.exit(main(sys.argv))