[nftables-blacklist] Manage IP, geographical, ASN bans on the firewall

nftables blacklist, packaged for YunoHost

Integration level
Install nftables-blacklist with YunoHost

Overview

A script to ban large numbers of IP addresses published in blocklists, associated with countries or Autonomous Systems (AS).

Screenshot

Notes

This “app” is rather a script nicely wrapped in a YunoHost configuration panel. Open it from your webadmin’s apps menu.

Blocklists and allowlists

  • The app offers to include several blocklists that include bad IP ranges.
  • You own server’s IP address is automagically allowlisted to avoid self-owning.
  • You can upload you own block and allowlists. Note that the IPv6 notation for that script does not support the CIDR format (:distorted_face:).

On blocking ASNs

:warning: It might be tempting to block all Big Tech ASNs. However, bear in mind this might break YunoHost or its app installations, as they rely on some of them, e.g. Google for the Go programming language, or GitHub for the app repositories.
:warning: These few have already been allowlisted, but the list is definitely not complete and might be subject to change. Feel free to drop a message to the maintainers to update the allowlist if you find more.

Links

8 Likes

That looks interesting.
I’ll take a look.
Thanks :wink:

For the list of countries, why not use a checklist or something similar to avoid typos errors ?

The application is not available in the Apps Catalogue. Wouldn’t it be better to wait until she’s available?
It’s programmed, but doesn’t seem ready for installation and use it…

It’s only a two-letter code to look up for, and the script will not crash if the code does not exist.

It is in the catalogue, it only did not get its CI level yet. Wait as you wish. :slight_smile:
(however, pointing to the dev CI is misleading, the main one is the one that will update the catalog)

Okay, thanks for the info :wink: