bundlewrap/libs/firewall.py

from ipaddress import IPv4Network, ip_network
from os.path import abspath, dirname, join

REPO_PATH = dirname(dirname(abspath(__file__)))

def generate_ip_list_from_routes(filename):
    # generated using:
    # whois -i origin as8881 | awk '/^route/ {print $2}' > configs/as8881.txt
    with open(join(REPO_PATH, 'configs', f'{filename}.txt')) as f:
        networks = f.read().splitlines()

    result = {
        'ipv4': set(),
        'ipv6': set(),
    }

    for line in networks:
        line = line.strip()

        if not line or line.startswith('#'):
            continue

        ip = ip_network(line)

        if isinstance(ip, IPv4Network):
            result['ipv4'].add(ip)
        else:
            result['ipv6'].add(ip)

    return result


named_networks = {
    'versatel': generate_ip_list_from_routes('as8881'),
    'telekom': generate_ip_list_from_routes('as3320'),
    'rfc1918': {
        'ipv4': {
            '10.0.0.0/8',
            '172.16.0.0/12',
            '192.168.0.0/16',
        },
        'ipv6': {
            'fc00::/7', # actually RFC 4193, but good enough here
        },
    },
}

global_ip4_blocklist = {
    "141.98.11.0/24", # 2024-01-21, smtp login bruteforce
}
global_ip6_blocklist = set()