#!/usr/bin/env python3

import ipaddress
import requests

blocked_asns = [
    "45102", # Alibaba (US) Technology Co., Ltd.
]

r = requests.get('https://bgp.tools/table.txt', stream=True, headers={
    "User-Agent": "https://git.clerie.de/clerie/nixfiles",
})

selected_ipv6_prefixes = []
selected_ipv4_prefixes = []

for line in r.iter_lines(decode_unicode=True):
    prefix_string, asn_string = line.split()

    if asn_string in blocked_asns:
        prefix = ipaddress.ip_network(prefix_string)

        if prefix.version == 6:
            selected_ipv6_prefixes.append(prefix)
        else:
            selected_ipv4_prefixes.append(prefix)

selected_ipv6_prefixes = list(ipaddress.collapse_addresses(selected_ipv6_prefixes))
selected_ipv4_prefixes = list(ipaddress.collapse_addresses(selected_ipv4_prefixes))

selected_ipv6_prefixes.sort()
selected_ipv4_prefixes.sort()

with open("hosts/web-2/blocked-prefixes.txt", "w") as blocked_ips_file:
    for ipv6_prefix in selected_ipv6_prefixes:
            blocked_ips_file.write(f"ip6tables -I nixos-fw -s {ipv6_prefix} -j nixos-fw-refuse\n")

    for ipv4_prefix in selected_ipv4_prefixes:
            blocked_ips_file.write(f"iptables -I nixos-fw -s {ipv4_prefix} -j nixos-fw-refuse\n")