spirillen · May 16, 2019 20:18
diff --git a/nftable.sh b/nftable.sh
 #!/usr/bin/env bash

 # Copyright
 # GNU AGPLv3, MODIFIED FOR NON COMMERCIAL USE

 # This script is published at https://bitbucket.org/snippets/spirillen/neG47k

 # Import a bunch of busted busters by there AS.
 # This script will block the following privacy fuckers 
 # Google.tld facebook.tld, TDC and Fullrate

 nft flush table ip filter
 nft flush table ip6 filter

 IPv4=/tmp/IPv4.tmp
 IPv6=/tmp/IPv6.tmp

 touch $IPv4
 chmod 0777 $IPv4

 touch $IPv6
 chmod 0777 $IPv6

 # IPv4 fuckers
 whois -h whois.radb.net -- '-i origin AS3292' | grep "^route:" | awk '{ print $2 }' > $IPv4 # TDC
 whois -h whois.radb.net -- '-i origin AS39554' | grep "^route:" | awk '{ print $2 }' >> $IPv4	# fullrate A/S
 whois -h whois.radb.net -- '-i origin AS15224' | grep "^route:" | awk '{ print $2 }' >> $IPv4	# Adobe Systems
 whois -h whois.radb.net -- '-i origin AS15169' | grep "^route:" | awk '{ print $2 }' >> $IPv4	# Goole
 whois -h whois.radb.net -- '-i origin AS32934' | grep "^route:" | awk '{ print $2 }' >> $IPv4	# Facebook
 whois -h whois.radb.net -- '-i origin AS202984' | grep "^route:" | awk '{ print $2 }' >> $IPv4	# TEAM-HOST AS RU ; tracking

 # IPv6 Suckers
 whois -h whois.radb.net -- '-i origin AS3292' | grep "^route6" | awk '{ print $2 }' > $IPv6 # TDC
 whois -h whois.radb.net -- '-i origin AS39554' | grep "^route6" | awk '{ print $2 }' >> $IPv6	# fullrate A/S
 whois -h whois.radb.net -- '-i origin AS15224' | grep "^route6" | awk '{ print $2 }' >> $IPv6	# Adobe Systems
 whois -h whois.radb.net -- '-i origin AS15169' | grep "^route6" | awk '{ print $2 }' >> $IPv6	# Goole
 whois -h whois.radb.net -- '-i origin AS32934' | grep "^route6" | awk '{ print $2 }' >> $IPv6	# Facebook
 whois -h whois.radb.net -- '-i origin AS202984' | grep "^route6" | awk '{ print $2 }' >> $IPv6	# TEAM-HOST AS RU ; tracking

 exec 4<"$IPv4"
 	echo Start
 	while read -r -u4 IPv4 ; do
 	    nft insert rule ip filter INPUT ip saddr "$IPv4" counter drop
 	    nft add rule ip filter OUTPUT ip daddr "$IPv4" counter drop
 done < "$IPv4"



 exec 4<"$IPv6"
 	echo Start
 	while read -r -u4 IPv6 ; do
 	    nft insert rule ip6 filter INPUT ip6 saddr "$IPv6" counter drop
 	    nft add rule ip6 filter OUTPUT ip6 daddr "$IPv6" counter drop
 done < "$IPv6"


 # Clean up temps
 rm -f $IPv4 $IPv6

 # Did we load any rules?

 nft list ruleset
	#!/usr/bin/env bash

	# Copyright
	# GNU AGPLv3, MODIFIED FOR NON COMMERCIAL USE

	# This script is published at https://bitbucket.org/snippets/spirillen/neG47k

	# Import a bunch of busted busters by there AS.
	# This script will block the following privacy fuckers
	# Google.tld facebook.tld, TDC and Fullrate

	nft flush table ip filter
	nft flush table ip6 filter

	IPv4=/tmp/IPv4.tmp
	IPv6=/tmp/IPv6.tmp

	touch $IPv4
	chmod 0777 $IPv4

	touch $IPv6
	chmod 0777 $IPv6

	# IPv4 fuckers
	whois -h whois.radb.net -- '-i origin AS3292' \| grep "^route:" \| awk '{ print $2 }' > $IPv4 # TDC
	whois -h whois.radb.net -- '-i origin AS39554' \| grep "^route:" \| awk '{ print $2 }' >> $IPv4 # fullrate A/S
	whois -h whois.radb.net -- '-i origin AS15224' \| grep "^route:" \| awk '{ print $2 }' >> $IPv4 # Adobe Systems
	whois -h whois.radb.net -- '-i origin AS15169' \| grep "^route:" \| awk '{ print $2 }' >> $IPv4 # Goole
	whois -h whois.radb.net -- '-i origin AS32934' \| grep "^route:" \| awk '{ print $2 }' >> $IPv4 # Facebook
	whois -h whois.radb.net -- '-i origin AS202984' \| grep "^route:" \| awk '{ print $2 }' >> $IPv4 # TEAM-HOST AS RU ; tracking

	# IPv6 Suckers
	whois -h whois.radb.net -- '-i origin AS3292' \| grep "^route6" \| awk '{ print $2 }' > $IPv6 # TDC
	whois -h whois.radb.net -- '-i origin AS39554' \| grep "^route6" \| awk '{ print $2 }' >> $IPv6 # fullrate A/S
	whois -h whois.radb.net -- '-i origin AS15224' \| grep "^route6" \| awk '{ print $2 }' >> $IPv6 # Adobe Systems
	whois -h whois.radb.net -- '-i origin AS15169' \| grep "^route6" \| awk '{ print $2 }' >> $IPv6 # Goole
	whois -h whois.radb.net -- '-i origin AS32934' \| grep "^route6" \| awk '{ print $2 }' >> $IPv6 # Facebook
	whois -h whois.radb.net -- '-i origin AS202984' \| grep "^route6" \| awk '{ print $2 }' >> $IPv6 # TEAM-HOST AS RU ; tracking

	exec 4<"$IPv4"
	echo Start
	while read -r -u4 IPv4 ; do
	nft insert rule ip filter INPUT ip saddr "$IPv4" counter drop
	nft add rule ip filter OUTPUT ip daddr "$IPv4" counter drop
	done < "$IPv4"



	exec 4<"$IPv6"
	echo Start
	while read -r -u4 IPv6 ; do
	nft insert rule ip6 filter INPUT ip6 saddr "$IPv6" counter drop
	nft add rule ip6 filter OUTPUT ip6 daddr "$IPv6" counter drop
	done < "$IPv6"


	# Clean up temps
	rm -f $IPv4 $IPv6

	# Did we load any rules?

	nft list ruleset