# CollabNet IP Blocklists

## How to use
To use these lists, first clone them to the nftables.d directory like this:
`sudo git clone https://git.computernewb.com/collabvm/nftables /etc/nftables.d`

then, make the following changes to `/etc/nftables.conf`:

Add this below `flush ruleset` at the top of the file:
```
include "/etc/nftables.d/blocklist.nft"
```

Add this below `table inet filter {`:
```
        set blocklist {
          type ipv4_addr
          flags interval
          elements = { $blocklist }
        }
```

Add this after `udp dport 443 log prefix "Dropped (UDP/443): " drop` within `chain noforward {`:
```
                meta iifname $LAN ip daddr @blocklist log prefix "Dropped (BLOCKED IP): " drop
                meta iifname $LAN ip saddr @blocklist log prefix "Dropped (BLOCKED IP): " drop
```

Reload nftables: `sudo nft -f /etc/nftables.conf`


## Configuring automated updates
To automatically update these lists, add the following to root's crontab (`sudo crontab -e`):
```
0 * * * * /etc/nftables.d/update.sh >/dev/null 2>&1
```