From c5bdc5bafdd0dcff5f8f387b5400c24b059ddc86 Mon Sep 17 00:00:00 2001
From: Nguyễn Gia Phong <cnx@loang.net>
Date: Thu, 17 Aug 2023 18:05:53 +0900
Subject: Block GPTBot

---
 configuration.nix | 36 ++++++++++++++++++++++++++++++++++++
 1 file changed, 36 insertions(+)

diff --git a/configuration.nix b/configuration.nix
index c76e151..617a042 100644
--- a/configuration.nix
+++ b/configuration.nix
@@ -47,6 +47,42 @@
   networking = {
     domain = "loang.net";
     hostName = "brno";
+
+    nftables = {
+      enable = true;
+      ruleset = ''
+        table inet filter {
+          # https://openai.com/gptbot-ranges.txt
+          set gptbot_ipv4 {
+            type ipv4_addr
+            flags interval
+            elements = {
+              20.15.240.64/28,
+              20.15.240.80/28,
+              20.15.240.96/28,
+              20.15.240.176/28,
+              20.15.241.0/28,
+              20.15.242.128/28,
+              20.15.242.144/28,
+              20.15.242.192/28,
+              40.83.2.64/28
+            }
+          }
+
+          chain output {
+            type filter hook output priority 0
+            policy accept
+            ip daddr @gptbot_ipv4 counter reject
+          }
+
+          chain input {
+            type filter hook output priority 0
+            policy accept
+            ip saddr @gptbot_ipv4 counter reject
+          }
+        }
+      '';
+    };
   };
 
   security.sudo = {
-- 
cgit 1.4.1