nixfiles/pkgs/generate-blocked-prefixes/generate-blocked-prefixes.py

#!/usr/bin/env python3

import requests

blocked_asns = [
    "45102", # Alibaba (US) Technology Co., Ltd.
]

r = requests.get('https://bgp.tools/table.txt', stream=True, headers={
    "User-Agent": "https://git.clerie.de/clerie/nixfiles",
    })

with open("hosts/web-2/blocked-prefixes.txt", "w") as blocked_ips_file:
    for line in r.iter_lines(decode_unicode=True):
        ip, asn = line.split()

        if asn in blocked_asns:
            if ":" in ip:
                blocked_ips_file.write(f"ip6tables -I nixos-fw -s {ip} -j nixos-fw-refuse\n")
            else:
                blocked_ips_file.write(f"iptables -I nixos-fw -s {ip} -j nixos-fw-refuse\n")