nftables/README.md

# CollabNet IP Blocklists

## How to use
To use these lists, first clone them to the nftables.d directory like this:
`sudo git clone https://git.computernewb.com/collabvm/nftables /etc/nftables.d`

then, make the following changes to `/etc/nftables.conf`:

Add this below `flush ruleset` at the top of the file:
```
include "/etc/nftables.d/blocklist.nft"
```

Add this below `table inet filter {`:
```
        set blocklist {
          type ipv4_addr
          flags interval
          elements = { $blocklist }
        }
```

Add this after `udp dport 443 log prefix "Dropped (UDP/443): " drop` within `chain noforward {`:
```
                meta iifname $LAN ip daddr @blocklist log prefix "Dropped (BLOCKED IP): " drop
                meta iifname $LAN ip saddr @blocklist log prefix "Dropped (BLOCKED IP): " drop
```

Reload nftables: `sudo nft -f /etc/nftables.conf`
Add lists 2024-02-12 12:28:12 -05:00			`# CollabNet IP Blocklists`

			`## How to use`
			`To use these lists, first clone them to the nftables.d directory like this:`
			`sudo git clone https://git.computernewb.com/collabvm/nftables /etc/nftables.d`

			then, make the following changes to `/etc/nftables.conf`:

			Add this below `flush ruleset` at the top of the file:
			```
			`include "/etc/nftables.d/blocklist.nft"`
			```

			Add this below `table inet filter {`:
			```
			`set blocklist {`
			`type ipv4_addr`
			`flags interval`
			`elements = { $blocklist }`
			`}`
			```

			Add this after `udp dport 443 log prefix "Dropped (UDP/443): " drop` within `chain noforward {`:
			```
			`meta iifname $LAN ip daddr @blocklist log prefix "Dropped (BLOCKED IP): " drop`
			`meta iifname $LAN ip saddr @blocklist log prefix "Dropped (BLOCKED IP): " drop`
			```

			Reload nftables: `sudo nft -f /etc/nftables.conf`