Block GPTBot

author: Nguyễn Gia Phong <cnx@loang.net> 2023-08-17 18:05:53 +0900
committer: Nguyễn Gia Phong <cnx@loang.net> 2023-08-17 18:05:53 +0900
commit: c5bdc5bafdd0dcff5f8f387b5400c24b059ddc86 (patch)
tree: e7b5b81da09caefae59f1c43b491ea616d4d6378
parent: 761dccb19e885167638118363592fa839b532f20 (diff)
download: nixos-conf-c5bdc5bafdd0dcff5f8f387b5400c24b059ddc86.tar.gz
1 files changed, 36 insertions, 0 deletions
diff --git a/configuration.nix b/configuration.nix
index c76e151..617a042 100644
--- a/configuration.nix
+++ b/configuration.nix
@@ -47,6 +47,42 @@
   networking = {
     domain = "loang.net";
     hostName = "brno";
+
+    nftables = {
+      enable = true;
+      ruleset = ''
+        table inet filter {
+          # https://openai.com/gptbot-ranges.txt
+          set gptbot_ipv4 {
+            type ipv4_addr
+            flags interval
+            elements = {
+              20.15.240.64/28,
+              20.15.240.80/28,
+              20.15.240.96/28,
+              20.15.240.176/28,
+              20.15.241.0/28,
+              20.15.242.128/28,
+              20.15.242.144/28,
+              20.15.242.192/28,
+              40.83.2.64/28
+            }
+          }
+
+          chain output {
+            type filter hook output priority 0
+            policy accept
+            ip daddr @gptbot_ipv4 counter reject
+          }
+
+          chain input {
+            type filter hook output priority 0
+            policy accept
+            ip saddr @gptbot_ipv4 counter reject
+          }
+        }
+      '';
+    };
   };
 
   security.sudo = {
author	Nguyễn Gia Phong <cnx@loang.net>	2023-08-17 18:05:53 +0900
committer	Nguyễn Gia Phong <cnx@loang.net>	2023-08-17 18:05:53 +0900
commit	c5bdc5bafdd0dcff5f8f387b5400c24b059ddc86 (patch)
tree	e7b5b81da09caefae59f1c43b491ea616d4d6378
parent	761dccb19e885167638118363592fa839b532f20 (diff)
download	nixos-conf-c5bdc5bafdd0dcff5f8f387b5400c24b059ddc86.tar.gz