From 2db0be9ae8427c9a90a698bf6537bb87aac3dae6 Mon Sep 17 00:00:00 2001
From: Kevin Fenzi <kevin@scrye.com>
Date: Tue, 13 May 2025 11:07:57 -0700
Subject: [PATCH] pagure: reject a bunch more heavy hitter networks

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
---
 inventory/group_vars/pagure | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/inventory/group_vars/pagure b/inventory/group_vars/pagure
index abe551a98e..8647ad0d2d 100644
--- a/inventory/group_vars/pagure
+++ b/inventory/group_vars/pagure
@@ -14,6 +14,22 @@ nft_block_rules:
   - 'add rule ip filter INPUT ip saddr 47.80.0.0/13  counter reject'
   - 'add rule ip filter INPUT ip saddr 47.74.0.0/15  counter reject'
   - 'add rule ip filter INPUT ip saddr 66.249.64.0/24  counter reject'
+  - 'add rule ip filter INPUT ip saddr 43.134.64.0/18  counter reject'
+  - 'add rule ip filter INPUT ip saddr 43.134.0.0/18  counter reject'
+  - 'add rule ip filter INPUT ip saddr 43.134.224.0/19  counter reject'
+  - 'add rule ip filter INPUT ip saddr 43.159.41.0/24  counter reject'
+  - 'add rule ip filter INPUT ip saddr 43.163.8.0/24  counter reject'
+  - 'add rule ip filter INPUT ip saddr 43.128.64.0/18  counter reject'
+  - 'add rule ip filter INPUT ip saddr 43.156.0.0/18  counter reject'
+  - 'add rule ip filter INPUT ip saddr 43.128.64.0/18  counter reject'
+  - 'add rule ip filter INPUT ip saddr 43.133.32.0/19  counter reject'
+  - 'add rule ip filter INPUT ip saddr 43.134.128.0/18  counter reject'
+  - 'add rule ip filter INPUT ip saddr 43.159.37.0/24  counter reject'
+  - 'add rule ip filter INPUT ip saddr 43.153.192.0/18  counter reject'
+  - 'add rule ip filter INPUT ip saddr 43.159.32.0/24  counter reject'
+  - 'add rule ip filter INPUT ip saddr 43.156.64.0/18  counter reject'
+  - 'add rule ip filter INPUT ip saddr 43.163.0.0/24  counter reject'
+  - 'add rule ip filter INPUT ip saddr 14.153.15.174  counter reject'
 # For the MOTD
 db_backup_dir: ['/backups']
 dbs_to_backup: ['pagure']