MrStonedOne
/ loadblacklist.sh
Last active
December 29, 2023 22:12
Load newline ipv4 subnet list into nftables set. ip blacklist blackhole denylist filter
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| nft add set netdev filter blackhole {type ipv4_addr\; counter\; auto-merge\; flags interval\; elements={$(grep -oP '^ *(?:[0-9]{1,3}\.){3}[0-9]{1,3}/{0,1}[0-9]{0,2}' blacklist.txt | tr '\n' ',' | sed 's/,*$//')}\;} | |
| # (don't forget to add a drop rule checking the @blackhole rule) |