From ArchWiki

Merge-arrows-2.pngThis article or section is a candidate for merging with nftables.Merge-arrows-2.png

Notes: Why copy github README, and why just not include mention of your software as simple 2 line in nftables, see Template:App? (Discuss in Talk:Nft-blackhole)

nft-blackhole - script / daemon to blocking IP in nftables by country and black lists.


  • download publicly available blacklists and block IPs from them,
  • block or whitelist individual countries,
  • whitelist individual networks or IP addresses,


Install the nft-blackholeAUR package.

Configuration file

In the configuration file /etc/nft-blackhole.conf you can define:

  • IP versions supported (ipv4, ipv6),
  • blocking policy (reject, drop,)
  • network or IP addresses for the white list,
  • blacklist url addresses,
  • list of countries, policy for countries (accept, block)


Start/enable the nft-blackhole.service unit.

List counter packages dropped/accept

# nft list chain inet blackhole input

List table and sets for blackhole

# nft list table inet blackhole

Refresh lists

This can be done manually by reloading nft-blackhole.service. Start/enable nft-blackhole-reload.timer to automatically refresh lists using a systemd timer. This can also be done via a crontab:

0 */6 * * * systemctl reload nft-blackhole.service