Expand country blocking to more high-risk countries

- Add IN, VN, BR, TR, ID, TH, BD, PK, RO to blocked list - Update alternative IP ranges for new countries in script - Enhance documentation with rationale, risk assessment, and best practices - Add test script for verifying country blocking functionality - Improve Ansible tasks for dependency installation
2025-06-15 01:53:42 +02:00
parent 0f35a7b9e2
commit 3774ea6233
5 changed files with 386 additions and 16 deletions
--- a/config/ansible/files/generate_country_blocks.py
+++ b/config/ansible/files/generate_country_blocks.py
@@ -69,19 +69,77 @@ def get_alternative_ranges(countries: List[str]) -> Dict[str, List[str]]:
            '1.0.1.0/24', '1.0.2.0/23', '1.0.8.0/21', '1.0.32.0/19',
            '14.0.12.0/22', '14.0.36.0/22', '14.1.0.0/18', '14.16.0.0/12',
            '27.0.0.0/11', '27.50.40.0/21', '27.54.192.0/18', '27.98.208.0/20',
-            # Add more ranges as needed
+            '36.0.0.0/10', '39.0.0.0/11', '42.0.0.0/8', '58.0.0.0/9',
+            '59.32.0.0/11', '60.0.0.0/8', '61.0.0.0/10', '110.0.0.0/7',
+            '112.0.0.0/5', '120.0.0.0/6', '124.0.0.0/7', '180.76.0.0/16'
        ],
        'RU': [
            '2.56.96.0/19', '2.58.56.0/21', '5.8.0.0/19', '5.34.96.0/19',
            '5.42.192.0/19', '5.44.64.0/18', '5.53.96.0/19', '5.61.24.0/21',
-            # Add more ranges as needed
+            '31.31.192.0/19', '37.9.64.0/18', '37.18.0.0/16', '46.17.40.0/21',
+            '77.88.0.0/18', '78.24.216.0/21', '79.104.0.0/14', '80.66.176.0/20',
+            '81.68.0.0/14', '82.138.140.0/22', '84.201.128.0/18', '85.143.192.0/18',
+            '91.103.0.0/17', '91.208.165.0/24', '94.181.160.0/20', '95.165.0.0/16'
+        ],
+        'IN': [
+            '1.22.0.0/15', '14.96.0.0/11', '27.34.0.0/15', '36.255.0.0/16',
+            '39.32.0.0/11', '49.248.0.0/13', '58.84.0.0/15', '59.144.0.0/12',
+            '103.21.58.0/24', '106.51.0.0/16', '110.224.0.0/11', '117.192.0.0/10',
+            '122.160.0.0/12', '125.16.0.0/12', '150.129.0.0/16', '157.32.0.0/11',
+            '163.47.0.0/16', '180.179.0.0/16', '182.64.0.0/10', '183.82.0.0/15'
        ],
        'KP': [
            '175.45.176.0/22', '210.52.109.0/24', '77.94.35.0/24'
        ],
        'IR': [
            '2.176.0.0/12', '5.22.0.0/16', '5.23.0.0/16', '5.56.128.0/17',
-            # Add more ranges as needed
+            '5.144.128.0/17', '31.2.128.0/17', '37.156.0.0/14', '37.191.0.0/16',
+            '46.32.0.0/11', '78.39.192.0/18', '79.175.128.0/18', '80.191.0.0/16',
+            '81.91.128.0/17', '82.99.192.0/18', '85.15.0.0/16', '91.98.0.0/15'
+        ],
+        'VN': [
+            '14.160.0.0/11', '27.64.0.0/10', '42.112.0.0/13', '45.117.0.0/16',
+            '103.21.148.0/22', '103.56.156.0/22', '113.160.0.0/11', '115.73.0.0/16',
+            '116.96.0.0/10', '118.69.0.0/16', '171.224.0.0/11', '203.113.128.0/18'
+        ],
+        'BR': [
+            '138.0.0.0/8', '177.0.0.0/8', '179.0.0.0/8', '186.192.0.0/12',
+            '189.0.0.0/8', '191.0.0.0/8', '200.128.0.0/9', '201.0.0.0/8'
+        ],
+        'TR': [
+            '31.145.0.0/16', '46.1.0.0/16', '78.160.0.0/11', '85.111.0.0/16',
+            '88.229.0.0/16', '94.54.0.0/15', '176.88.0.0/13', '185.2.0.0/16',
+            '188.119.0.0/16', '212.156.0.0/14'
+        ],
+        'ID': [
+            '36.64.0.0/10', '43.218.0.0/15', '103.10.0.0/15', '103.56.0.0/14',
+            '114.4.0.0/14', '118.96.0.0/11', '125.160.0.0/11', '139.228.0.0/15',
+            '182.253.0.0/16', '202.43.0.0/16'
+        ],
+        'TH': [
+            '27.130.0.0/15', '49.228.0.0/14', '58.8.0.0/14', '101.51.0.0/16',
+            '103.10.228.0/22', '110.164.0.0/14', '124.120.0.0/13', '171.96.0.0/13',
+            '182.232.0.0/14', '202.28.0.0/14'
+        ],
+        'BD': [
+            '27.147.0.0/16', '43.245.8.0/22', '103.4.92.0/22', '103.15.200.0/22',
+            '114.130.0.0/16', '118.179.0.0/16', '119.40.64.0/18', '180.211.192.0/18',
+            '202.40.32.0/19', '203.83.160.0/19'
+        ],
+        'PK': [
+            '39.32.0.0/11', '58.27.0.0/16', '103.11.60.0/22', '110.93.192.0/18',
+            '115.42.0.0/16', '119.63.128.0/20', '175.107.0.0/16', '182.176.0.0/12',
+            '202.47.96.0/19', '203.124.0.0/14'
+        ],
+        'RO': [
+            '31.13.224.0/19', '37.233.0.0/16', '46.19.0.0/16', '79.114.0.0/15',
+            '86.35.0.0/16', '89.136.0.0/13', '94.177.0.0/16', '109.166.0.0/15',
+            '188.24.0.0/13', '212.146.0.0/15'
+        ],
+        'BY': [
+            '31.130.176.0/20', '37.17.128.0/18', '46.16.104.0/21', '78.108.176.0/20',
+            '85.113.0.0/16', '86.57.0.0/17', '93.84.64.0/18', '178.120.0.0/13',
+            '178.172.160.0/19', '212.98.160.0/19'
        ]
    }