soopy.moe
1{ lib, ... }:
2let
3 banned = {
4 ip = [
5 "156.229.232.142" # added 2025-04-10: minecraft server scanner with 30m intervals
6 "156.146.63.199" # added 2025-04-11: minecraft server scanner, found no contact methods
7 "167.86.121.64" # added 2025-04-24: minecraft server pinger, does not properly disconnect, no contacts
8 ];
9 ip6 = [ ];
10 };
11in
12{
13 networking.firewall.extraCommands = builtins.concatStringsSep "\n" (
14 [
15 # i'd be damned if they rename the helper, but i also cba writing it *again*, for the same util to show up
16 # 3 times in the final script.
17 "ip46tables -N gensokyo-blackhole"
18 "ip46tables -I INPUT -j gensokyo-blackhole"
19 ]
20 ++ lib.flatten (
21 lib.mapAttrsToList (
22 family: ips: builtins.map (ip: "${family}tables -w -I gensokyo-blackhole -s ${ip} -j DROP") ips
23 ) banned
24 )
25 );
26
27 networking.firewall.extraStopCommands = ''
28 ip46tables -D INPUT -j gensokyo-blackhole || true
29 ip46tables -F gensokyo-blackhole || true
30 ip46tables -X gensokyo-blackhole || true
31 '';
32}