diff --git a/bundles/nftables/metadata.py b/bundles/nftables/metadata.py
index 0d7819a..8212d3c 100644
--- a/bundles/nftables/metadata.py
+++ b/bundles/nftables/metadata.py
@@ -6,6 +6,10 @@ defaults = {
             'nftables': {},
         },
     },
+    'nftables': {
+        'blocked_v4': repo.libs.firewall.global_ip4_blocklist,
+        'blocked_v6': repo.libs.firewall.global_ip6_blocklist,
+    },
     'pacman': {
         'packages': {
             'nftables': {},
diff --git a/libs/firewall.py b/libs/firewall.py
index b343824..7a2fa32 100644
--- a/libs/firewall.py
+++ b/libs/firewall.py
@@ -44,3 +44,8 @@ named_networks = {
         },
     },
 }
+
+global_ip4_blocklist = {
+    "141.98.11.0/24", # 2024-01-21, smtp login bruteforce
+}
+global_ip6_blocklist = set()