Update CDN & Reject Hosts, Reject IPs

2025-12-12 17:20:35 +08:00 · 2025-01-26 12:12:12 +08:00 · 2025-01-26 12:12:12 +08:00 · deb0169846
commit deb0169846
parent 32e27a579b
5 changed files with 59 additions and 19 deletions
--- a/Build/build-reject-ip-list.ts
+++ b/Build/build-reject-ip-list.ts
@ -3,11 +3,12 @@ import path from 'node:path';
 import { createReadlineInterfaceFromResponse, readFileIntoProcessedArray } from './lib/fetch-text-by-line';
 import { task } from './trace';
 import { SHARED_DESCRIPTION } from './constants/description';
-import { RulesetOutput } from './lib/create-file';
-import { SOURCE_DIR } from './constants/dir';
+import { compareAndWriteFile, RulesetOutput } from './lib/create-file';
+import { OUTPUT_INTERNAL_DIR, SOURCE_DIR } from './constants/dir';
 import { $$fetch } from './lib/fetch-retry';
 import { fetchAssets } from './lib/fetch-assets';
 import { fastIpVersion } from './lib/misc';
+import { AUGUST_ASN } from '../Source/ip/august';

 const BOGUS_NXDOMAIN_URL = 'https://raw.githubusercontent.com/felixonmars/dnsmasq-china-list/master/bogus-nxdomain.china.conf';
 const getBogusNxDomainIPsPromise: Promise<[ipv4: string[], ipv6: string[]]> = $$fetch(BOGUS_NXDOMAIN_URL).then(async (resp) => {
@ -55,21 +56,25 @@ export const buildRejectIPList = task(require.main === module, __filename)(async
    span.traceChildPromise('get botnet ips', getBotNetFilterIPsPromise)
  ]);

-  return new RulesetOutput(span, 'reject', 'ip')
-    .withTitle('Sukka\'s Ruleset - Anti Bogus Domain')
-    .withDescription([
-      ...SHARED_DESCRIPTION,
-      '',
-      'This file contains known addresses that are hijacking NXDOMAIN results returned by DNS servers, and botnet controller IPs.',
-      '',
-      'Data from:',
-      ' - https://github.com/felixonmars/dnsmasq-china-list',
-      ' - https://github.com/curbengh/botnet-filter'
-    ])
-    .addFromRuleset(readLocalRejectIpListPromise)
-    .bulkAddCIDR4NoResolve(bogusNxDomainIPs[0])
-    .bulkAddCIDR6NoResolve(bogusNxDomainIPs[1])
-    .bulkAddCIDR4NoResolve(botNetIPs[0])
-    .bulkAddCIDR6NoResolve(botNetIPs[1])
-    .write();
+  return Promise.all([
+    new RulesetOutput(span, 'reject', 'ip')
+      .withTitle('Sukka\'s Ruleset - Anti Bogus Domain')
+      .withDescription([
+        ...SHARED_DESCRIPTION,
+        '',
+        'This file contains known addresses that are hijacking NXDOMAIN results returned by DNS servers, and botnet controller IPs.',
+        '',
+        'Data from:',
+        ' - https://github.com/felixonmars/dnsmasq-china-list',
+        ' - https://github.com/curbengh/botnet-filter'
+      ])
+      .addFromRuleset(readLocalRejectIpListPromise)
+      .bulkAddCIDR4NoResolve(bogusNxDomainIPs[0])
+      .bulkAddCIDR6NoResolve(bogusNxDomainIPs[1])
+      .bulkAddCIDR4NoResolve(botNetIPs[0])
+      .bulkAddCIDR6NoResolve(botNetIPs[1])
+      .bulkAddIPASN(AUGUST_ASN)
+      .write(),
+    compareAndWriteFile(span, [AUGUST_ASN.join(' ')], path.join(OUTPUT_INTERNAL_DIR, 'august_asn.txt'))
+  ]);
 });
--- a/Build/lib/rules/base.ts
+++ b/Build/lib/rules/base.ts
@ -123,6 +123,18 @@ export abstract class RuleOutput<TPreprocessed = unknown> {
    return this;
  }

+  addIPASN(asn: string) {
+    this.ipasn.add(asn);
+    return this;
+  }
+
+  bulkAddIPASN(asns: string[]) {
+    for (let i = 0, len = asns.length; i < len; i++) {
+      this.ipasn.add(asns[i]);
+    }
+    return this;
+  }
+
  private async addFromDomainsetPromise(source: AsyncIterable<string> | Iterable<string> | string[]) {
    for await (const line of source) {
      if (line[0] === '.') {
--- a/Source/domainset/cdn.conf
+++ b/Source/domainset/cdn.conf
@ -4027,3 +4027,4 @@ fdn.gsmarena.com
 fdn2.gsmarena.com
 static.fbot.me
 nav.yumenosora.co.jp
+.hgimg00.com
--- a/Source/ip/august.ts
+++ b/Source/ip/august.ts
@ -0,0 +1,12 @@
+export const AUGUST_ASN = [
+  '1012', // Moe BGP, peers with both AS40111 and AS945
+  '945', // hkgo LLC, peers with AS1012
+  '401111', // peers with both AS1012 and AS945
+  '62853', // hkgo LLC, peers with AS945
+  '27523', // Kawaii Networks, peers with AS945
+  '7719', // hkgo LLC
+  '54625', // peers with AS945
+  '7257', // only upstream is AS945
+  '18044', // only upstream is AS945
+  '62489' // only upstream is AS945 and AS1012
+];
--- a/Source/non_ip/reject.conf
+++ b/Source/non_ip/reject.conf
@ -127,6 +127,16 @@ DOMAIN-WILDCARD,adv0*.msa.cdn.mediaset.net
 DOMAIN-SUFFIX,juejin.im
 DOMAIN-SUFFIX,juejin.cn

+# >> hkgo LLC, a.k.a. August Internet
+DOMAIN-SUFFIX,pgi.com
+DOMAIN-SUFFIX,wakuwaku.ne.jp
+DOMAIN-SUFFIX,bgp.co
+DOMAIN-SUFFIX,moebgp.com
+DOMAIN-SUFFIX,august.tw
+DOMAIN-SUFFIX,esgltc.com
+DOMAIN-SUFFIX,kimo.tw
+DOMAIN-SUFFIX,lambda-ix.net
+
 # >> Google
 # DOMAIN-KEYWORD,adsense # unblocks adsense.google.com
 DOMAIN-KEYWORD,adwords