2024-02-12 12:28:12 -05:00
|
|
|
# CollabNet IP Blocklists
|
|
|
|
|
|
|
|
|
|
## How to use
|
|
|
|
|
To use these lists, first clone them to the nftables.d directory like this:
|
|
|
|
|
`sudo git clone https://git.computernewb.com/collabvm/nftables /etc/nftables.d`
|
|
|
|
|
|
|
|
|
|
then, make the following changes to `/etc/nftables.conf`:
|
|
|
|
|
|
|
|
|
|
Add this below `flush ruleset` at the top of the file:
|
|
|
|
|
```
|
|
|
|
|
include "/etc/nftables.d/blocklist.nft"
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
Add this below `table inet filter {`:
|
|
|
|
|
```
|
|
|
|
|
set blocklist {
|
|
|
|
|
type ipv4_addr
|
|
|
|
|
flags interval
|
|
|
|
|
elements = { $blocklist }
|
|
|
|
|
}
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
Add this after `udp dport 443 log prefix "Dropped (UDP/443): " drop` within `chain noforward {`:
|
|
|
|
|
```
|
|
|
|
|
meta iifname $LAN ip daddr @blocklist log prefix "Dropped (BLOCKED IP): " drop
|
|
|
|
|
meta iifname $LAN ip saddr @blocklist log prefix "Dropped (BLOCKED IP): " drop
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
Reload nftables: `sudo nft -f /etc/nftables.conf`
|
2024-02-12 12:32:39 -05:00
|
|
|
|
|
|
|
|
|
|
|
|
|
## Configuring automated updates
|
|
|
|
|
To automatically update these lists, add the following to root's crontab (`sudo crontab -e`):
|
|
|
|
|
```
|
|
|
|
|
0 * * * * /etc/nftables.d/update.sh >/dev/null 2>&1
|
|
|
|
|
```
|
