# Autogenerated nftables blacklist
# Generated: 2026-03-28T06:52:02.624381Z
# Source: /tmp/blacklist-v6.txt
# IPv4: 0, IPv6: 12
#
# Usage:
#   sudo nft -f <this-file>
#   # VM protection from incoming blacklist sources
#   sudo nft add chain inet filter input '{ type filter hook input priority 0; policy accept; }'
#   sudo nft add rule inet filter input ip saddr @blacklist_v4 counter reject
#   sudo nft add rule inet filter input ip6 saddr @blacklist_v6 counter reject

table inet filter {

    set blacklist_v4 {
        type ipv4_addr
        flags interval
    }

    set blacklist_v6 {
        type ipv6_addr
        flags interval
        elements = {
            2a00:bdc0::/33,
            2a00:bdc0:8000::/34,
            2a00:bdc0:c000::/35,
            2a00:bdc0:e002::/47,
            2a00:bdc0:e004::/47,
            2a00:bdc0:e007::/48,
            2a00:bdc0:f000::/36,
            2a00:bdc1::/32,
            2a00:bdc2::/31,
            2a00:bdc4::/30,
            2a14:25c5::/32,
            2a14:25c7::/32
        }
    }

}