yanistyle/AS_Network_List
1
0
Fork 0
mirror of https://github.com/C24Be/AS_Network_List.git synced 2026-03-29 21:58:59 +03:00
Code Issues Packages Projects Releases Wiki Activity
Files
4502515ab14440e04f93d440ee05b8f17fc1e3e4
AS_Network_List/blacklists_nftables
History
C24Be 754f545764 Update 2026.03.27 18:14:06
2026-03-27 18:14:07 +00:00
..
blacklist-v4.nft
Update 2026.03.27 18:14:06
2026-03-27 18:14:07 +00:00
blacklist-v6.nft
Update 2026.03.27 18:14:06
2026-03-27 18:14:07 +00:00
blacklist-vk-v4.nft
Update 2026.03.27 18:14:06
2026-03-27 18:14:07 +00:00
blacklist-vk-v6.nft
Update 2026.03.27 18:14:06
2026-03-27 18:14:07 +00:00
blacklist-vk.nft
Update 2026.03.27 18:14:06
2026-03-27 18:14:07 +00:00
blacklist.nft
Update 2026.03.27 18:14:06
2026-03-27 18:14:07 +00:00
README.md
big update
2026-03-27 19:11:52 +01:00

README.md

nftables blacklists

Short: ready-to-use nftables set files (general and VK-only, separated by IPv4/IPv6).

Download links

How to use

1) Protect VM from incoming connections (general blacklists)

Load either mixed or split general set files:

sudo nft -f blacklist.nft
# or:
sudo nft -f blacklist-v4.nft
sudo nft -f blacklist-v6.nft

Apply rules for inbound traffic to the VM:

sudo nft add chain inet filter input '{ type filter hook input priority 0; policy accept; }'
sudo nft add rule inet filter input ip saddr @blacklist_v4 counter reject
sudo nft add rule inet filter input ip6 saddr @blacklist_v6 counter reject

2) Block VK outbound traffic for VPN clients via NAT/FORWARD

Load either mixed or split VK set files:

sudo nft -f blacklist-vk.nft
# or:
sudo nft -f blacklist-vk-v4.nft
sudo nft -f blacklist-vk-v6.nft

Apply rules for forwarded client traffic (replace <VPN_IFACE>):

sudo nft add chain inet filter forward '{ type filter hook forward priority 0; policy accept; }'
sudo nft add rule inet filter forward iifname "<VPN_IFACE>" ip daddr @blacklist_vk_v4 counter reject
sudo nft add rule inet filter forward iifname "<VPN_IFACE>" ip6 daddr @blacklist_vk_v6 counter reject