spirillen/nftable.sh

## nftable.sh
#!/usr/bin/env bash

# Copyright
# GNU AGPLv3, MODIFIED FOR NON COMMERCIAL USE

# This script is published at https://bitbucket.org/snippets/spirillen/neG47k

# Import a bunch of busted busters by there AS.
# This script will block the following privacy fuckers
# Google.tld facebook.tld, TDC and Fullrate

nft flush table ip filter
nft flush table ip6 filter

IPv4=/tmp/IPv4.tmp
IPv6=/tmp/IPv6.tmp

touch $IPv4
chmod 0777 $IPv4

touch $IPv6
chmod 0777 $IPv6

# IPv4 fuckers
whois -h whois.radb.net -- '-i origin AS3292' | grep "^route:" | awk '{ print $2 }' > $IPv4 # TDC
whois -h whois.radb.net -- '-i origin AS39554' | grep "^route:" | awk '{ print $2 }' >> $IPv4	# fullrate A/S
whois -h whois.radb.net -- '-i origin AS15224' | grep "^route:" | awk '{ print $2 }' >> $IPv4	# Adobe Systems
whois -h whois.radb.net -- '-i origin AS15169' | grep "^route:" | awk '{ print $2 }' >> $IPv4	# Goole
whois -h whois.radb.net -- '-i origin AS32934' | grep "^route:" | awk '{ print $2 }' >> $IPv4	# Facebook
whois -h whois.radb.net -- '-i origin AS202984' | grep "^route:" | awk '{ print $2 }' >> $IPv4	# TEAM-HOST AS RU ; tracking

# IPv6 Suckers
whois -h whois.radb.net -- '-i origin AS3292' | grep "^route6" | awk '{ print $2 }' > $IPv6 # TDC
whois -h whois.radb.net -- '-i origin AS39554' | grep "^route6" | awk '{ print $2 }' >> $IPv6	# fullrate A/S
whois -h whois.radb.net -- '-i origin AS15224' | grep "^route6" | awk '{ print $2 }' >> $IPv6	# Adobe Systems
whois -h whois.radb.net -- '-i origin AS15169' | grep "^route6" | awk '{ print $2 }' >> $IPv6	# Goole
whois -h whois.radb.net -- '-i origin AS32934' | grep "^route6" | awk '{ print $2 }' >> $IPv6	# Facebook
whois -h whois.radb.net -- '-i origin AS202984' | grep "^route6" | awk '{ print $2 }' >> $IPv6	# TEAM-HOST AS RU ; tracking

exec 4<"$IPv4"
	echo Start
	while read -r -u4 IPv4 ; do
	    nft insert rule ip filter INPUT ip saddr "$IPv4" counter drop
	    nft add rule ip filter OUTPUT ip daddr "$IPv4" counter drop
done < "$IPv4"


exec 4<"$IPv6"
	echo Start
	while read -r -u4 IPv6 ; do
	    nft insert rule ip6 filter INPUT ip6 saddr "$IPv6" counter drop
	    nft add rule ip6 filter OUTPUT ip6 daddr "$IPv6" counter drop
done < "$IPv6"


# Clean up temps
rm -f $IPv4 $IPv6

# Did we load any rules?

nft list ruleset
	#!/usr/bin/env bash

	# Copyright
	# GNU AGPLv3, MODIFIED FOR NON COMMERCIAL USE

	# This script is published at https://bitbucket.org/snippets/spirillen/neG47k

	# Import a bunch of busted busters by there AS.
	# This script will block the following privacy fuckers
	# Google.tld facebook.tld, TDC and Fullrate

	nft flush table ip filter
	nft flush table ip6 filter

	IPv4=/tmp/IPv4.tmp
	IPv6=/tmp/IPv6.tmp

	touch $IPv4
	chmod 0777 $IPv4

	touch $IPv6
	chmod 0777 $IPv6

	# IPv4 fuckers
	whois -h whois.radb.net -- '-i origin AS3292' \| grep "^route:" \| awk '{ print $2 }' > $IPv4 # TDC
	whois -h whois.radb.net -- '-i origin AS39554' \| grep "^route:" \| awk '{ print $2 }' >> $IPv4 # fullrate A/S
	whois -h whois.radb.net -- '-i origin AS15224' \| grep "^route:" \| awk '{ print $2 }' >> $IPv4 # Adobe Systems
	whois -h whois.radb.net -- '-i origin AS15169' \| grep "^route:" \| awk '{ print $2 }' >> $IPv4 # Goole
	whois -h whois.radb.net -- '-i origin AS32934' \| grep "^route:" \| awk '{ print $2 }' >> $IPv4 # Facebook
	whois -h whois.radb.net -- '-i origin AS202984' \| grep "^route:" \| awk '{ print $2 }' >> $IPv4 # TEAM-HOST AS RU ; tracking

	# IPv6 Suckers
	whois -h whois.radb.net -- '-i origin AS3292' \| grep "^route6" \| awk '{ print $2 }' > $IPv6 # TDC
	whois -h whois.radb.net -- '-i origin AS39554' \| grep "^route6" \| awk '{ print $2 }' >> $IPv6 # fullrate A/S
	whois -h whois.radb.net -- '-i origin AS15224' \| grep "^route6" \| awk '{ print $2 }' >> $IPv6 # Adobe Systems
	whois -h whois.radb.net -- '-i origin AS15169' \| grep "^route6" \| awk '{ print $2 }' >> $IPv6 # Goole
	whois -h whois.radb.net -- '-i origin AS32934' \| grep "^route6" \| awk '{ print $2 }' >> $IPv6 # Facebook
	whois -h whois.radb.net -- '-i origin AS202984' \| grep "^route6" \| awk '{ print $2 }' >> $IPv6 # TEAM-HOST AS RU ; tracking

	exec 4<"$IPv4"
	echo Start
	while read -r -u4 IPv4 ; do
	nft insert rule ip filter INPUT ip saddr "$IPv4" counter drop
	nft add rule ip filter OUTPUT ip daddr "$IPv4" counter drop
	done < "$IPv4"



	exec 4<"$IPv6"
	echo Start
	while read -r -u4 IPv6 ; do
	nft insert rule ip6 filter INPUT ip6 saddr "$IPv6" counter drop
	nft add rule ip6 filter OUTPUT ip6 daddr "$IPv6" counter drop
	done < "$IPv6"


	# Clean up temps
	rm -f $IPv4 $IPv6

	# Did we load any rules?

	nft list ruleset