nftables blacklist, packaged for YunoHost
Overview
A script to ban large numbers of IP addresses published in blocklists, associated with countries or Autonomous Systems (AS).
Screenshot
Notes
This “app” is rather a script nicely wrapped in a YunoHost configuration panel. Open it from your webadmin’s apps menu.
Blocklists and allowlists
- The app offers to include several blocklists that include bad IP ranges.
- You own server’s IP address is automagically allowlisted to avoid self-owning.
- You can upload you own block and allowlists. Note that the IPv6 notation for that script does not support the CIDR format (
).
On blocking ASNs
It might be tempting to block all Big Tech ASNs. However, bear in mind this might break YunoHost or its app installations, as they rely on some of them, e.g. Google for the Go programming language, or GitHub for the app repositories.
These few have already been allowlisted, but the list is definitely not complete and might be subject to change. Feel free to drop a message to the maintainers to update the allowlist if you find more.
Links
- App repository: https://github.com/YunoHost-Apps/nftables-blacklist_ynh
- Upstream app repository: https://github.com/trick77/nftables-blacklist
