yanistyle/AS_Network_List
1
0
Fork 0
mirror of https://github.com/C24Be/AS_Network_List.git synced 2026-01-24 23:26:38 +03:00
Code Issues Packages Projects Releases Wiki Activity
Files
main
AS_Network_List/blacklists_iptables
History
C24Be 53f07e0822 Update 2026.01.24 06:23:23
2026-01-24 06:23:23 +00:00
..
.keep
README, nginx, iptables, vk, mail.ru
2025-10-23 12:17:01 +02:00
blacklist-v4.ipset
Update 2026.01.24 06:23:23
2026-01-24 06:23:23 +00:00
blacklist-v6.ipset
Update 2026.01.24 06:23:23
2026-01-24 06:23:23 +00:00
blacklist.ipset
Update 2026.01.24 06:23:23
2026-01-24 06:23:23 +00:00
README.md
README, nginx, iptables, vk, mail.ru
2025-10-23 12:17:01 +02:00

README.md

IPTables/IPSet Blacklist Configurations

Auto-generated ipset configuration files for blocking networks and IP addresses with iptables/ip6tables.

Available Files

IPv4 Only

  • blacklist-v4.ipset - Contains only IPv4 networks (806 entries)

IPv6 Only

  • blacklist-v6.ipset - Contains only IPv6 networks (3 entries)

Mixed IPv4/IPv6

  • blacklist.ipset - Contains both IPv4 and IPv6 sets (809 total entries)

Usage

1. Load the IPSet

# For IPv4 only
ipset restore < blacklist-v4.ipset

# For IPv6 only
ipset restore < blacklist-v6.ipset

# For both IPv4 and IPv6 (loads both sets)
ipset restore < blacklist.ipset

2. Apply IPTables Rules

# For IPv4
iptables -I INPUT -m set --match-set blacklist-v4 src -j DROP
iptables -I FORWARD -m set --match-set blacklist-v4 src -j DROP

# For IPv6
ip6tables -I INPUT -m set --match-set blacklist-v6 src -j DROP
ip6tables -I FORWARD -m set --match-set blacklist-v6 src -j DROP

3. Persist Rules (Optional)

To make the rules persistent across reboots:

On Debian/Ubuntu:

# Save iptables rules
iptables-save > /etc/iptables/rules.v4
ip6tables-save > /etc/iptables/rules.v6

# Save ipset
ipset save > /etc/ipset.conf

On RHEL/CentOS:

# Save iptables rules
service iptables save
service ip6tables save

# Save ipset
ipset save > /etc/sysconfig/ipset

4. Update Existing Sets

To update the blacklist without restarting iptables:

# Flush and reload
ipset flush blacklist-v4
ipset restore < blacklist-v4.ipset

5. Remove Sets

# Remove IPv4 set
ipset flush blacklist-v4
ipset destroy blacklist-v4

# Remove IPv6 set
ipset flush blacklist-v6
ipset destroy blacklist-v6

Performance Benefits

IPSet uses hash tables for O(1) lookup performance, making it ideal for large blacklists:

  • Much faster than individual iptables rules
  • Minimal CPU overhead
  • Supports up to 65536 entries per set (configurable)
  • Kernel-level implementation for maximum efficiency

Automatic Updates

These files are automatically regenerated when the blacklists are updated via the GitHub Actions workflow.

Source

Generated from the blacklist files in the blacklists/ directory.