Added IP Table Generation

.gitignore

@@ -1 +1,2 @@
-.venv/
+.venv/
+__pycache__/

License.md

@@ -0,0 +1,27 @@
+Unlicense (Public Domain)
+============================
+
+This is free and unencumbered software released into the public domain.
+
+Anyone is free to copy, modify, publish, use, compile, sell, or
+distribute this software, either in source code form or as a compiled
+binary, for any purpose, commercial or non-commercial, and by any
+means.
+
+In jurisdictions that recognize copyright laws, the author or authors
+of this software dedicate any and all copyright interest in the
+software to the public domain. We make this dedication for the benefit
+of the public at large and to the detriment of our heirs and
+successors. We intend this dedication to be an overt act of
+relinquishment in perpetuity of all present and future rights to this
+software under copyright law.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
+IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY CLAIM, DAMAGES OR
+OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
+ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
+OTHER DEALINGS IN THE SOFTWARE.
+
+For more information, please refer to &lt;<http://unlicense.org/>&gt;

ReadMe.md

@@ -0,0 +1,26 @@
+# What's This About
+
+Meta is planning on joining the Fediverse via a project called Project 92, or P92 for short. Many people including myself know how Meta is bad when it comes to respecting human rights. I'm not even just talking about Cambridge Analytica, but am talking about the [genocide which Meta helped perpetuate such as in Myanmar](https://www.amnesty.org/en/latest/news/2022/09/myanmar-facebooks-systems-promoted-violence-against-rohingya-meta-owes-reparations-new-report/). [Meta also has a history of mistreating queer people](https://www.aclu.org/news/lgbtq-rights/facebooks-discrimination-against-the-lgbt-community) and that's not even including the ["real" name policy](https://www.eff.org/deeplinks/2014/09/facebooks-real-name-policy-can-cause-real-world-harm-lgbtq-community). Of course, for me, I say that the name the person tells you is there name, is there real name. Not the name they were born with or their legal name, but the name that the person identifies with.
+
+To help explain why the reaction is so strong against Meta, it helps to know that the Fediverse is very, very queer. The Fediverse is made of people, including LGBT people who had to flee from other platforms due to the abuse they've received from the platforms they used to be on. This includes the large influx of people which came from Twitter when Musk took over and started implementing transphobic policies and hiding trans people's tweets while allowing transphobic tweets and slurs to proliferate. Meta only wants to connect to the Fediverse because they see it as a means to make a profit, and they'll do that no matter how much it harms people or tears about the community.
+
+You can read more about Meta and the Fediverse at the article, [Should the Fediverse welcome its new surveillance-capitalism overlords?](https://privacy.thenexus.today/should-the-fediverse-welcome-surveillance-capitalism)
+
+You can also check out [the pact against Meta](https://fedipact.online).
+
+# What's This Repo
+
+This repo is a means to forcibly remove Meta from the Fediverse, by any means necessary. I've started this to collect a list of ip addresses which are owned by Meta and then to block Meta in ways that'll make life much more difficult for them. This includes silently dropping packets without notifying Meta, so their computers have to time out for each server which uses this method, as well as sending fake ActivityPub data to Meta and also throttling the connection, so as to slow their computers down and to make it harder for them to differentiate between which data is real, and which data is fake. It'll make their data much less valuable to anyone wanting to buy it.
+
+# What Else Can We Do
+
+You can always sign the [the pact against Meta](https://fedipact.online) as well as update people with new Meta instances via the #FediBlock hashtag. You can also contribute means of obtaining lists of Meta's servers by ip, and domain. This list can include both scrapers, and ActivityPub powered instances.
+
+If you're a server owner, you can also update your .env.production file if you'd like to make it harder for others to read posts without authentication, however, this may make things less convenient for your denizens. I'd advise [reading about these options](https://hub.sunny.garden/2023/06/28/what-does-authorized_fetch-actually-do/) and consulting with your denizens before you enable them.
+
+```ini
+AUTHORIZED_FETCH=true
+DISALLOW_UNAUTHENTICATED_API_ACCESS=true
+```
+
+I intentionally set everything in this repo as Public Domain (or [Unlicense](License.md) where Public Domain does not exist). This way anyone can work on improving this anti-Meta measure without restriction.

functions/iptables_generator.py

@@ -0,0 +1,30 @@
+# sudo iptables -A INPUT -s 116.10.0.0/16 -j DROP
+
+from typing import Generator
+
+def generate_iptable_rules(addresses: list[dict]) -> Generator[str, dict, None]:
+    # Commands
+    sudo: str = "sudo"
+    iptables: str = "iptables"
+
+    # Variables
+    chain_name: str = "PROTECT_FEDI"
+    policy: str = "DROP"  # REJECT tells the server you're dropping them, DROP is more evil in that you drop the connection silently
+
+    # IP Tables Setup
+    create_chain: str = f"{sudo} {iptables} -N {chain_name}"
+    delete_chain: str = f"{sudo} {iptables} -X {chain_name}"
+    empty_chain: str = f"{sudo} {iptables} -F {chain_name}"
+    add_chain_to_incoming_packets: str = f"{sudo} {iptables} -I INPUT 1 -j {chain_name}"
+
+    handle_route: str = "{sudo} {iptables} -A {chain_name} -s {address} -j {policy}"
+
+    # Setup Stage
+    yield create_chain
+    yield add_chain_to_incoming_packets
+
+    # I was going to pipe data directly from one generator to the other, but that made the code far more complex than is needed
+    # If the addresses list get's large enough to warrant piping, it may be time to look into another method of handling blocking Meta
+    for address in addresses:
+        if address is dict and "route" in address:
+            yield handle_route.format(sudo=sudo, iptables=iptables, chain_name=chain_name, address=address["route"], policy=policy)

functions/whois_lookup.py

@@ -1,35 +1,46 @@
 import whois
 
+from typing import Generator
+
+# https://developers.facebook.com/docs/sharing/webmasters/crawler/
+# whois -h whois.radb.net -- '-i origin AS32934' | grep ^route
+# The results are in the format of address:mask
+
 def lookup_records(query: str, host: str, flags: int = 0, many_results: bool = True, quiet: bool = True) -> str:
-    # whois -h whois.radb.net -- '-i origin AS32934' | grep ^route
     client: whois.NICClient = whois.NICClient()
 
     response: bytes = client.whois(query=query, hostname=host, flags=flags, many_results=many_results, quiet=quiet)
 
     return response
 
-def lookup_ips(query: str, host: str, flags: int = 0, many_results: bool = True, quiet: bool = True):
+def lookup_ips(query: str, host: str, flags: int = 0, many_results: bool = True, quiet: bool = True) -> Generator[dict, None, None]:
     response = lookup_records(query=query, host=host, flags=flags, many_results=many_results, quiet=quiet)
 
     for line in response.splitlines():
         if line.startswith("route:"):
-            route: str = ":".join(line.split(":")[2:]).strip()
+            route: str = ":".join(line.split(":")[1:]).strip()
 
             yield {
                 "ip_version": 4,
                 "route": route
             }
         elif line.startswith("route6:"):
-            route: str = ":".join(line.split(":")[2:]).strip()
+            route: str = ":".join(line.split(":")[1:]).strip()
 
             yield {
                 "ip_version": 6,
                 "route": route
             }
 
-if __name__ == "__main__":
+def get_ips():
     query: str = "-i origin AS32934"
     host: str = "whois.radb.net"
 
-    for ip in lookup_ips(query=query, host=host):
-        print(ip)
+    return lookup_ips(query=query, host=host)
+
+if __name__ == "__main__":
+    for ip in get_ips():
+        if ip is dict and "route" in ip:
+            print(ip["route"])
+        else:
+            print(ip)

main.py

@@ -0,0 +1,12 @@
+from functions import whois_lookup, iptables_generator
+
+if __name__ == "__main__":
+    addresses: list[dict] = []
+
+    # Get IP Addresses To Ban
+    for address in whois_lookup.get_ips():
+        addresses.append(address)
+
+    # Generate IP Table Rules
+    for rule in iptables_generator.generate_iptable_rules(addresses=addresses):
+        print(rule)