initial commit
This commit is contained in:
commit
62adbf5cbb
GPG key ID:
3CCC4D267742C8E8
2 changed files with 39 additions and 0 deletions
8
README.md
Normal file
8
README.md
Normal file
|
|
@ -0,0 +1,8 @@
|
||||||
|
this script makes nftables allows only bunny.net ips on some port so it's a must if you're using that cdn \
|
||||||
|
|
||||||
|
# Usage
|
||||||
|
By default it only affects port `31491`, oddly specific but that's because it's recommended to use a random port for hidden services. But if you use it it's not random anymore so get your own \
|
||||||
|
You can also add your own filter rules \
|
||||||
|
You must schedule the script, like with crontab or systemd. \
|
||||||
|
The output ruleset is saved in `rules.nft` and ⚠️ `sudo nft -f rules.nft` is executed to apply that ruleset. The reason ⚠️ is because you might not want to do sudo and instead do safer stuff like I don't know \
|
||||||
|
Only legacy internet protocol (also called IPv4 (ew)) is supported at this time. Not my fault
|
||||||
31
update.py
Normal file
31
update.py
Normal file
|
|
@ -0,0 +1,31 @@
|
||||||
|
import requests
|
||||||
|
import json
|
||||||
|
import os
|
||||||
|
|
||||||
|
print("Downloading...")
|
||||||
|
|
||||||
|
data = requests.get('https://bunnycdn.com/api/system/edgeserverlist').text
|
||||||
|
ips = json.loads(data)
|
||||||
|
|
||||||
|
print("Compiling...")
|
||||||
|
text = """#!/usr/sbin/nft -f
|
||||||
|
|
||||||
|
table inet bunny {
|
||||||
|
chain input {
|
||||||
|
type filter hook input priority 10;
|
||||||
|
tcp dport != 31491 return;
|
||||||
|
"""
|
||||||
|
|
||||||
|
for ip in ips:
|
||||||
|
text += f" ip saddr {ip} accept;\n"
|
||||||
|
|
||||||
|
text += """ drop;
|
||||||
|
}
|
||||||
|
}"""
|
||||||
|
|
||||||
|
file = open('rules.nft', 'w')
|
||||||
|
file.write(text)
|
||||||
|
file.close()
|
||||||
|
|
||||||
|
print("Submitting...")
|
||||||
|
os.system('sudo nft -f rules.nft')
|
||||||
Loading…
Reference in a new issue