Home Explore Help
Sign In
sarman
/
tftsr_ai
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: f188c046ed
Branches Tags
tftsr_ai
/
tftsr_nginx-hardening
/
nginx-hardening
/
roles
/
geo_blocking
/
templates
/
geo-block.nft.j2

geo-block.nft.j2 601 B
History Raw

1234567891011121314151617181920212223242526 
  1. #!/usr/sbin/nft -f
    2. 

  2. # Managed by Ansible — do not edit manually
    3. 

  3. 

  4. # Ensure table exists, then flush for idempotency
    5. 

  5. add table inet geo_block
    6. 

  6. flush table inet geo_block
    7. 

  7. 

  8. table inet geo_block {
    9. 

  9.     set blocked_countries {
    10. 

  10.         type ipv4_addr
    11. 

  11.         flags interval
    12. 

  12. {% if geo_blocked_cidrs | length > 0 %}
    13. 

  13.         elements = {
    14. 

  14. {% for cidr in geo_blocked_cidrs %}
    15. 

  15.             {{ cidr }}{% if not loop.last %},{% endif %}
    16. 

  16. 

  17. {% endfor %}
    18. 

  18.         }
    19. 

  19. {% endif %}
    20. 

  20.     }
    21. 

  21. 

  22.     chain prerouting {
    23. 

  23.         type filter hook prerouting priority -100; policy accept;
    24. 

  24.         ip saddr @blocked_countries drop
    25. 

  25.     }
    26. 

  26. }
    27.