40 lines
1.2 KiB
Python
Executable File
40 lines
1.2 KiB
Python
Executable File
#!/usr/bin/env python3
|
|
|
|
import ipaddress
|
|
import requests
|
|
|
|
blocked_asns = [
|
|
"45102", # Alibaba (US) Technology Co., Ltd.
|
|
]
|
|
|
|
r = requests.get('https://bgp.tools/table.txt', stream=True, headers={
|
|
"User-Agent": "https://git.clerie.de/clerie/nixfiles",
|
|
})
|
|
|
|
selected_ipv6_prefixes = []
|
|
selected_ipv4_prefixes = []
|
|
|
|
for line in r.iter_lines(decode_unicode=True):
|
|
prefix_string, asn_string = line.split()
|
|
|
|
if asn_string in blocked_asns:
|
|
prefix = ipaddress.ip_network(prefix_string)
|
|
|
|
if prefix.version == 6:
|
|
selected_ipv6_prefixes.append(prefix)
|
|
else:
|
|
selected_ipv4_prefixes.append(prefix)
|
|
|
|
selected_ipv6_prefixes = list(ipaddress.collapse_addresses(selected_ipv6_prefixes))
|
|
selected_ipv4_prefixes = list(ipaddress.collapse_addresses(selected_ipv4_prefixes))
|
|
|
|
selected_ipv6_prefixes.sort()
|
|
selected_ipv4_prefixes.sort()
|
|
|
|
with open("hosts/web-2/blocked-prefixes.txt", "w") as blocked_ips_file:
|
|
for ipv6_prefix in selected_ipv6_prefixes:
|
|
blocked_ips_file.write(f"ip6tables -I nixos-fw -s {ipv6_prefix} -j nixos-fw-refuse\n")
|
|
|
|
for ipv4_prefix in selected_ipv4_prefixes:
|
|
blocked_ips_file.write(f"iptables -I nixos-fw -s {ipv4_prefix} -j nixos-fw-refuse\n")
|