IP banning for server

2025-11-30 14:43:59 +05:30 · 2025-10-12 16:42:18 -05:00 · 2025-10-12 16:42:18 -05:00 · 65501d698e
commit 65501d698e
parent 41e760d484
1 changed files with 167 additions and 0 deletions
--- a/hosts/ori/configuration.nix
+++ b/hosts/ori/configuration.nix
@ -51,6 +51,173 @@
    ];
    programs.fuse.userAllowOther = true;
    networking.firewall.extraCommands =
    # ip ban ai crawlers
    let createDropRulesForIpAddress = address:
      ''
      iptables -C INPUT -s ${address} -j DROP || iptables -A INPUT -s ${address} -j DROP
      iptables -C OUTPUT -s ${address} -j DROP || iptables -A OUTPUT -s ${address} -j DROP
      iptables -C FORWARD -s ${address} -j DROP || iptables -A FORWARD -s ${address} -j DROP
      iptables -C DOCKER -s ${address} -j DROP || iptables -A DOCKER -s ${address} -j DROP
      iptables -C DOCKER-BRIDGE -s ${address} -j DROP || iptables -A DOCKER-BRIDGE -s ${address} -j DROP
      iptables -C DOCKER-FORWARD -s ${address} -j DROP || iptables -A DOCKER-FORWARD -s ${address} -j DROP
      iptables -C DOCKER-USER -s ${address} -j DROP || iptables -A DOCKER-USER -s ${address} -j DROP
      iptables -C DOCKER-ISOLATION-STAGE-1 -s ${address} -j DROP || iptables -A DOCKER-ISOLATION-STAGE-1 -s ${address} -j DROP
      iptables -C DOCKER-ISOLATION-STAGE-2 -s ${address} -j DROP || iptables -A DOCKER-ISOLATION-STAGE-2 -s ${address} -j DROP
      '';
      in
      ''
        ${createDropRulesForIpAddress "216.73.216.143"}
        ${createDropRulesForIpAddress "100.24.149.244"}
        ${createDropRulesForIpAddress "100.24.167.60"}
        ${createDropRulesForIpAddress "100.25.120.246"}
        ${createDropRulesForIpAddress "100.27.153.9"}
        ${createDropRulesForIpAddress "100.28.204.82"}
        ${createDropRulesForIpAddress "100.28.44.58"}
        ${createDropRulesForIpAddress "18.204.152.114"}
        ${createDropRulesForIpAddress "18.205.127.11"}
        ${createDropRulesForIpAddress "18.205.213.231"}
        ${createDropRulesForIpAddress "18.205.91.101"}
        ${createDropRulesForIpAddress "18.209.201.119"}
        ${createDropRulesForIpAddress "18.210.58.238"}
        ${createDropRulesForIpAddress "18.211.148.239"}
        ${createDropRulesForIpAddress "18.213.102.186"}
        ${createDropRulesForIpAddress "18.214.138.148"}
        ${createDropRulesForIpAddress "18.215.112.101"}
        ${createDropRulesForIpAddress "18.233.24.238"}
        ${createDropRulesForIpAddress "184.72.95.195"}
        ${createDropRulesForIpAddress "184.73.167.217"}
        ${createDropRulesForIpAddress "184.73.239.35"}
        ${createDropRulesForIpAddress "23.20.178.124"}
        ${createDropRulesForIpAddress "23.21.119.232"}
        ${createDropRulesForIpAddress "23.21.175.228"}
        ${createDropRulesForIpAddress "23.21.227.240"}
        ${createDropRulesForIpAddress "23.22.105.143"}
        ${createDropRulesForIpAddress "23.22.59.87"}
        ${createDropRulesForIpAddress "23.23.137.202"}
        ${createDropRulesForIpAddress "23.23.180.225"}
        ${createDropRulesForIpAddress "23.23.212.212"}
        ${createDropRulesForIpAddress "23.23.213.182"}
        ${createDropRulesForIpAddress "3.208.146.193"}
        ${createDropRulesForIpAddress "3.210.114.189"}
        ${createDropRulesForIpAddress "3.210.223.61"}
        ${createDropRulesForIpAddress "3.210.29.96"}
        ${createDropRulesForIpAddress "3.211.105.134"}
        ${createDropRulesForIpAddress "3.211.181.86"}
        ${createDropRulesForIpAddress "3.212.205.90"}
        ${createDropRulesForIpAddress "3.213.85.234"}
        ${createDropRulesForIpAddress "3.215.221.125"}
        ${createDropRulesForIpAddress "3.216.13.10"}
        ${createDropRulesForIpAddress "3.216.86.144"}
        ${createDropRulesForIpAddress "3.217.171.106"}
        ${createDropRulesForIpAddress "3.218.103.254"}
        ${createDropRulesForIpAddress "3.219.81.66"}
        ${createDropRulesForIpAddress "3.221.222.168"}
        ${createDropRulesForIpAddress "3.223.134.5"}
        ${createDropRulesForIpAddress "3.225.9.97"}
        ${createDropRulesForIpAddress "3.227.180.70"}
        ${createDropRulesForIpAddress "3.232.82.72"}
        ${createDropRulesForIpAddress "3.235.215.92"}
        ${createDropRulesForIpAddress "34.193.2.57"}
        ${createDropRulesForIpAddress "34.194.14.255"}
        ${createDropRulesForIpAddress "34.194.233.48"}
        ${createDropRulesForIpAddress "34.195.248.30"}
        ${createDropRulesForIpAddress "34.197.28.78"}
        ${createDropRulesForIpAddress "34.203.111.15"}
        ${createDropRulesForIpAddress "34.205.170.13"}
        ${createDropRulesForIpAddress "34.206.249.188"}
        ${createDropRulesForIpAddress "34.224.132.215"}
        ${createDropRulesForIpAddress "34.225.87.80"}
        ${createDropRulesForIpAddress "34.226.89.140"}
        ${createDropRulesForIpAddress "34.231.156.59"}
        ${createDropRulesForIpAddress "34.233.114.237"}
        ${createDropRulesForIpAddress "34.234.197.175"}
        ${createDropRulesForIpAddress "34.234.200.207"}
        ${createDropRulesForIpAddress "35.168.238.50"}
        ${createDropRulesForIpAddress "35.169.119.108"}
        ${createDropRulesForIpAddress "35.169.240.53"}
        ${createDropRulesForIpAddress "35.170.205.140"}
        ${createDropRulesForIpAddress "35.173.38.202"}
        ${createDropRulesForIpAddress "3.93.211.16"}
        ${createDropRulesForIpAddress "3.94.199.128"}
        ${createDropRulesForIpAddress "44.205.120.22"}
        ${createDropRulesForIpAddress "44.205.74.196"}
        ${createDropRulesForIpAddress "44.206.65.8"}
        ${createDropRulesForIpAddress "44.207.207.36"}
        ${createDropRulesForIpAddress "44.207.252.58"}
        ${createDropRulesForIpAddress "44.209.35.147"}
        ${createDropRulesForIpAddress "44.214.19.8"}
        ${createDropRulesForIpAddress "44.215.235.20"}
        ${createDropRulesForIpAddress "44.218.170.184"}
        ${createDropRulesForIpAddress "44.220.2.97"}
        ${createDropRulesForIpAddress "44.221.180.179"}
        ${createDropRulesForIpAddress "44.221.227.90"}
        ${createDropRulesForIpAddress "44.223.115.10"}
        ${createDropRulesForIpAddress "44.223.116.149"}
        ${createDropRulesForIpAddress "44.223.232.55"}
        ${createDropRulesForIpAddress "50.19.102.70"}
        ${createDropRulesForIpAddress "50.19.79.213"}
        ${createDropRulesForIpAddress "52.0.218.219"}
        ${createDropRulesForIpAddress "52.0.63.151"}
        ${createDropRulesForIpAddress "52.200.142.199"}
        ${createDropRulesForIpAddress "52.202.233.37"}
        ${createDropRulesForIpAddress "52.203.152.231"}
        ${createDropRulesForIpAddress "52.203.65.83"}
        ${createDropRulesForIpAddress "52.204.174.139"}
        ${createDropRulesForIpAddress "52.204.71.8"}
        ${createDropRulesForIpAddress "52.204.89.12"}
        ${createDropRulesForIpAddress "52.205.113.104"}
        ${createDropRulesForIpAddress "52.21.62.139"}
        ${createDropRulesForIpAddress "52.2.191.202"}
        ${createDropRulesForIpAddress "52.22.87.224"}
        ${createDropRulesForIpAddress "52.3.102.51"}
        ${createDropRulesForIpAddress "52.3.127.170"}
        ${createDropRulesForIpAddress "52.3.155.146"}
        ${createDropRulesForIpAddress "52.4.213.199"}
        ${createDropRulesForIpAddress "52.4.229.9"}
        ${createDropRulesForIpAddress "52.4.238.8"}
        ${createDropRulesForIpAddress "52.45.15.233"}
        ${createDropRulesForIpAddress "52.45.92.83"}
        ${createDropRulesForIpAddress "52.54.249.218"}
        ${createDropRulesForIpAddress "52.54.95.127"}
        ${createDropRulesForIpAddress "52.6.5.24"}
        ${createDropRulesForIpAddress "52.70.123.241"}
        ${createDropRulesForIpAddress "52.71.216.196"}
        ${createDropRulesForIpAddress "52.71.218.25"}
        ${createDropRulesForIpAddress "52.73.6.26"}
        ${createDropRulesForIpAddress "54.145.82.217"}
        ${createDropRulesForIpAddress "54.147.238.89"}
        ${createDropRulesForIpAddress "54.147.80.137"}
        ${createDropRulesForIpAddress "54.156.55.147"}
        ${createDropRulesForIpAddress "54.157.84.74"}
        ${createDropRulesForIpAddress "54.159.18.27"}
        ${createDropRulesForIpAddress "54.159.98.248"}
        ${createDropRulesForIpAddress "54.162.69.192"}
        ${createDropRulesForIpAddress "54.163.136.244"}
        ${createDropRulesForIpAddress "54.167.32.123"}
        ${createDropRulesForIpAddress "54.197.114.76"}
        ${createDropRulesForIpAddress "54.225.181.161"}
        ${createDropRulesForIpAddress "54.225.199.17"}
        ${createDropRulesForIpAddress "54.235.125.129"}
        ${createDropRulesForIpAddress "54.243.63.52"}
        ${createDropRulesForIpAddress "54.83.180.239"}
        ${createDropRulesForIpAddress "54.83.56.1"}
        ${createDropRulesForIpAddress "54.85.7.119"}
        ${createDropRulesForIpAddress "54.88.84.219"}
        ${createDropRulesForIpAddress "54.89.90.224"}
        ${createDropRulesForIpAddress "98.82.39.241"}
        ${createDropRulesForIpAddress "98.83.10.183"}
        ${createDropRulesForIpAddress "98.83.177.42"}
        ${createDropRulesForIpAddress "98.83.8.142"}
        ${createDropRulesForIpAddress "98.84.131.195"}
        ${createDropRulesForIpAddress "98.84.184.80"}
        ${createDropRulesForIpAddress "98.84.200.43"}
        ${createDropRulesForIpAddress "98.84.60.17"}
        ${createDropRulesForIpAddress "98.84.70.201"}
        ${createDropRulesForIpAddress "172.24.0.21"}
    '';
    virtualisation.docker.extraOptions="--iptables=true";
  };
 }