yanistyle/AS_Network_List
1
0
Fork 0
mirror of https://github.com/C24Be/AS_Network_List.git synced 2026-04-07 10:01:13 +03:00
Code Issues Packages Projects Releases Wiki Activity
Files
2609a465f3bb6a3a8585a4a6cbc44077a420b511
AS_Network_List/blacklists_updater_iptables.sh
C24Be 2be4631e02 New VK Exclude rules
2026-04-06 17:55:22 +02:00

92 lines
3.6 KiB
Bash
Executable File
Raw Blame History

#!/bin/sh
SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)"
. "${SCRIPT_DIR}/blacklists_updater_common.subr"
# Output directory and files
iptables_output_dir="${SCRIPT_DIR}/blacklists_iptables"
iptables_v4_output_file="${iptables_output_dir}/blacklist-v4.ipset"
iptables_v6_output_file="${iptables_output_dir}/blacklist-v6.ipset"
iptables_vk_v4_output_file="${iptables_output_dir}/blacklist-vk-v4.ipset"
iptables_vk_v6_output_file="${iptables_output_dir}/blacklist-vk-v6.ipset"
# Create required directories if they don't exist
mkdir -p "${iptables_output_dir}" "${BLACKLISTS_DIR}"
build_vk_name_blacklists
# Function to generate ipset config from input file
generate_ipset_config() {
local input_file="$1"
local output_file="$2"
local ip_version="$3"
local set_name="$4"
local family="$5"
local iptables_cmd="iptables"
local rule_primary=""
local rule_secondary=""
[ "${family}" = "inet6" ] && iptables_cmd="ip6tables"
if printf "%s" "${set_name}" | grep -q '^blacklist-vk'; then
rule_primary="${iptables_cmd} -I OUTPUT -m set --match-set ${set_name} dst -j REJECT"
rule_secondary="${iptables_cmd} -I FORWARD -m set --match-set ${set_name} dst -j REJECT"
else
rule_primary="${iptables_cmd} -I INPUT -m set --match-set ${set_name} src -m conntrack --ctstate NEW -j DROP"
rule_secondary="${iptables_cmd} -I FORWARD -m set --match-set ${set_name} src -m conntrack --ctstate NEW -j DROP"
fi
# Count entries for hash size calculation
local count=$(wc -l < "${input_file}" | tr -d ' ')
local hashsize=$((count > 1024 ? count : 1024))
local maxelem=$((count * 2))
# Generate ipset configuration with header
cat > "${output_file}" << EOF
# IPSet blacklist configuration ${ip_version}
# Auto-generated from $(basename ${input_file})
# Last updated: $(date -u +"%Y-%m-%d %H:%M:%S UTC")
#
# Usage:
# 1. Load the ipset:
# ipset restore < $(basename ${output_file})
#
# 2. Use with iptables/ip6tables:
# ${rule_primary}
${rule_secondary:+# ${rule_secondary}}
#
# 3. To flush/delete the set:
# ipset flush ${set_name}
# ipset destroy ${set_name}
#
create ${set_name} hash:net family ${family} hashsize ${hashsize} maxelem ${maxelem}
EOF
# Add entries for each network/IP
while IFS= read -r network; do
# Skip empty lines
[ -z "${network}" ] && continue
echo "add ${set_name} ${network}" >> "${output_file}"
done < "${input_file}"
echo "✓ Generated ${ip_version}: ${output_file}"
echo " Total entries: ${count}"
}
# Generate ipset configurations from blacklist files
generate_ipset_config "${BLACKLIST_V4_FILE}" "${iptables_v4_output_file}" "(IPv4 only)" "blacklist-v4" "inet"
generate_ipset_config "${BLACKLIST_V6_FILE}" "${iptables_v6_output_file}" "(IPv6 only)" "blacklist-v6" "inet6"
generate_ipset_config "${BLACKLIST_VK_V4_FILE}" "${iptables_vk_v4_output_file}" "(VK names, IPv4 only)" "blacklist-vk-v4" "inet"
generate_ipset_config "${BLACKLIST_VK_V6_FILE}" "${iptables_vk_v6_output_file}" "(VK names, IPv6 only)" "blacklist-vk-v6" "inet6"
echo ""
echo "VK outgoing block examples (iptables/ipset):"
echo " ipset restore < ${iptables_vk_v4_output_file}"
echo " ipset restore < ${iptables_vk_v6_output_file}"
echo " iptables -I OUTPUT -m set --match-set blacklist-vk-v4 dst -j REJECT"
echo " iptables -I FORWARD -m set --match-set blacklist-vk-v4 dst -j REJECT"
echo " ip6tables -I OUTPUT -m set --match-set blacklist-vk-v6 dst -j REJECT"
echo " ip6tables -I FORWARD -m set --match-set blacklist-vk-v6 dst -j REJECT"
echo ""
echo "Tip: Do not install Messenger MAX on the same phone/device that has VPN access configured."
Reference in New Issue View Git Blame Copy Permalink