If you need on your server additional blackholing/blacklisting scripts to automatically update your Nftables firewall to exclude countries or lists, use this software. Ideal. See: https://github.com/tomasz-c/nft-blackhole
Features
- download publicly available blacklists and block IPs from them,
- block or whitelist individual countries,
- whitelist individual networks or IP addresses,
Configuration file
In the configuration file you can define:
- IP versions supported (ipv4, ipv6),
- blocking policy (reject, drop,)
- network or IP addresses for the white list,
- blacklist url addresses,
- block oututput connections to blacklisted IPs,
- list of countries,
- policy for countries (accept, block),
- ports excluded from country blocks