@@ -1,71 +1,93 @@
table inet filter {
set abuse-mail {
table inet filter { # handle 20
set abuse-mail { # handle 4
type ipv4_addr
flags interval
auto-merge
elements = { 62.60.188.0/22, 81.30.107.0/24 }
elements = { 45.146.130.0/24, 59.112.0.0-59.123.255.255,
60.249.159.94, 61.12.86.0/24,
62.60.188.0/22, 74.112.64.182,
77.90.185.6, 81.30.107.0/24,
85.140.60.0/23, 113.125.155.158,
129.41.173.76, 171.22.28.26,
185.170.167.0/24, 193.46.255.0/24,
210.202.31.42 }
}
set abuse {
set abuse { # handle 5
type ipv4_addr
flags interval
auto-merge
elements = { 3.22.0.0/16, 3.129.208.0/24,
3.142.0.0/16, 4.227.36.0/24,
5.9.0.0/16, 5.75.128.0/17,
5.161.0.0/16, 8.208.0.0/12,
13.59.0.0/16, 18.118.0.0/15,
18.217.0.0/16, 18.221.0.0-18.223.255.255,
23.88.0.0/17, 37.27.0.0/16,
45.145.227.0/24, 46.4.0.0/16,
46.62.128.0/17, 47.79.0.0/16,
47.82.0.0/16, 49.12.0.0/15,
50.114.203.0/24, 51.222.253.0/24,
52.14.0.0/16, 54.36.148.0/23,
57.141.3.0/24, 59.120.113.205,
60.249.159.94, 65.21.0.0/16,
65.108.0.0/15, 66.220.149.0/24,
66.249.65.105, 68.235.45.0/24,
69.171.249.0/24, 78.46.0.0/15,
78.138.62.0/24, 85.10.192.0/18,
85.208.96.0/24, 87.120.93.0/24,
88.99.0.0/16, 88.198.0.0/16,
23.88.0.0/17, 34.9.181.184,
37.27.0.0/16, 43.130.3.0/24,
43.135.128.0/18, 43.160.0.0/12,
45.5.48.0/22, 45.145.227.0/24,
45.240.0.0/13, 46.4.0.0/16,
46.62.128.0/17, 47.76.0.0/16,
47.79.0.0/16, 47.82.0.0/16,
47.235.0.0-47.246.255.255, 49.12.0.0/15,
49.51.128.0/17, 50.114.203.0/24,
51.222.253.0/24, 52.14.0.0/16,
54.36.148.0/23, 57.141.0.0-57.149.255.255,
59.103.33.0/24, 59.120.113.205,
60.249.159.94, 64.124.8.188,
65.21.0.0/16, 65.108.0.0/15,
66.220.149.0/24, 66.249.65.105,
68.235.45.0/24, 69.171.249.0/24,
73.46.21.251, 78.46.0.0/15,
78.138.62.0/24, 79.166.0.0/16,
85.10.192.0/18, 85.208.96.0/24,
87.120.93.0/24, 88.99.0.0/16,
88.198.0.0/16, 88.218.193.107,
91.99.0.0/16, 91.107.128.0/17,
91.190.240.0/21, 94.130.0.0/16,
95.216.0.0/15, 104.156.155.30,
116.202.0.0/15, 128.140.0.0/17,
106.203.0.0/16, 116.202.0.0/15,
124.156.0.0/16, 128.140.0.0/17,
130.162.46.197, 131.255.36.0/22,
134.209.102.166, 135.181.0.0/16,
136.243.0.0/16, 138.199.128.0/17,
138.201.0.0/16, 139.28.242.0/23,
142.132.128.0/17, 144.76.0.0/16,
148.251.0.0/16, 157.90.0.0/16,
148.251.0.0/16, 154.83.103.106,
154.83.103.205, 157.90.0.0/16,
157.180.0.0/17, 159.69.0.0/16,
162.55.0.0/16, 167.233.0.0/16,
160.20.84.0/22, 162.55.0.0/16,
163.223.210.0/23, 167.233.0.0/16,
167.235.0.0/16, 168.119.0.0/16,
170.39.218.0/24, 171.25.225.0/24,
170.39.218.0/24, 170.106.0.0/16,
171.25.225.0/24, 172.178.59.159,
173.252.83.0/24, 176.9.0.0/16,
178.63.0.0/16, 178.212.75.0/24,
185.50.120.0/23, 185.107.52.0/22,
185.126.28.0/22, 185.157.83.0/24,
185.157.176.0/22, 185.171.224.0/22,
185.189.228.0/22, 185.191.171.0/24,
185.213.45.0/24, 185.216.237.0/24,
185.226.99.0/24, 185.228.8.0/23,
185.157.176.0/22, 185.170.167.0/24,
185.171.224.0/22, 185.189.228.0/22,
185.191.171.0/24, 185.213.45.0/24,
185.216.237.0/24, 185.226.99.0/24,
185.228.8.0/23, 187.19.80.0/20,
188.34.128.0/17, 188.40.0.0/16,
188.245.0.0/16, 193.41.206.176,
193.110.6.0/23, 193.163.198.0/24,
194.42.180.0-194.42.187.255, 194.62.106.0/24,
195.60.226.0/24, 195.178.110.0/24,
195.201.0.0/16, 195.248.224.0/24,
197.242.84.0/22, 201.131.3.0/24,
204.29.146.0/24, 210.202.31.42,
213.133.96.0/19, 213.239.192.0/18,
216.55.108.0/22 }
188.245.0.0/16, 191.220.0.0/15,
193.41.206.176, 193.110.6.0/23,
193.163.198.0/24, 194.42.180.0-194.42.187.255,
194.62.106.0/24, 195.60.226.0/24,
195.178.110.0/24, 195.201.0.0/16,
195.248.224.0/24, 197.242.84.0/22,
201.131.3.0/24, 204.29.146.0/24,
210.202.31.42, 213.133.96.0/19,
213.239.192.0/18, 216.55.108.0/22 }
}
chain input {
ip saddr @abuse drop
# ip saddr @abuse tcp dport { 80, 443 } drop
ip saddr @abuse-mail drop
# ip saddr @abuse tcp dport { 25, 143, 465, 993 } drop
chain input { # handle 1
type filter hook input priority 0; policy accept;
ip saddr @abuse tcp dport { 80, 443 } counter packets 28351 bytes 1710361 # handle 20
ip saddr @abuse tcp dport { 80, 443 } reject with icmpx 3 # handle 18
ip saddr @abuse-mail tcp dport { 25, 143, 465, 993, 4545, 65444 } drop # handle 12
}
}