diff --git a/group_vars/all/vars.yml b/group_vars/all/vars.yml index 355f05a..e210906 100644 --- a/group_vars/all/vars.yml +++ b/group_vars/all/vars.yml @@ -83,3 +83,77 @@ global_systemd_configuration_directory: "/etc/systemd/system" # WG Minecraft project_wg_minecraft_port: 25566 + +# Miscellaneous + +## IP Blocklist + +global_ip_blocklist: + - 110.249.212.46 + - 111.162.145.119 + - 111.93.235.74 + - 114.104.188.208 + - 116.105.216.179 + - 118.27.6.66 + - 13.75.232.117 + - 138.68.190.89 + - 140.143.16.158 + - 142.93.235.47 + - 157.230.123.253 + - 163.172.135.42 + - 163.172.174.5 + - 164.68.112.178 + - 167.71.57.61 + - 167.86.81.151 + - 167.86.81.223 + - 178.62.247.89 + - 185.202.1.164 + - 185.202.1.240 + - 185.202.2.57 + - 185.247.118.171 + - 188.226.156.171 + - 190.249.138.78 + - 192.241.244.143 + - 193.29.15.107 + - 193.57.40.38 + - 194.180.224.249 + - 198.199.95.19 + - 202.70.66.228 + - 212.47.246.0 + - 2.134.147.126 + - 220.200.161.148 + - 222.186.19.221 + - 27.66.24.65 + - 27.78.14.83 + - 37.139.19.95 + - 37.139.8.105 + - 41.234.66.22 + - 42.113.145.3 + - 45.136.108.20 + - 45.136.108.84 + - 45.227.255.119 + - 45.33.70.146 + - 5.189.140.225 + - 54.37.65.76 + - 54.38.185.226 + - 62.171.147.114 + - 69.148.241.18 + - 69.164.198.223 + - 79.183.19.228 + - 80.82.65.234 + - 83.97.20.36 + - 86.36.20.20 + - 91.229.23.92 + - 92.63.194.104 + - 92.63.194.105 + - 92.63.194.106 + - 92.63.194.107 + - 92.63.194.108 + - 92.63.194.11 + - 92.63.194.22 + - 92.63.194.25 + - 92.63.194.32 + - 92.63.194.59 + - 92.63.194.7 + - 92.63.194.90 + - 94.53.199.250 diff --git a/roles/common/tasks/ufw.yml b/roles/common/tasks/ufw.yml index e84f803..8d0a805 100644 --- a/roles/common/tasks/ufw.yml +++ b/roles/common/tasks/ufw.yml @@ -5,3 +5,12 @@ state: enabled policy: deny direction: incoming + +- name: Block known addresses + ufw: + insert: 1 # Insert before common rules + rule: deny + from_ip: "{{ item }}" + direction: in + comment: "IP from Blocklist" + loop: "{{ global_ip_blocklist }}"