Remove always accept ICMP

Other minor cosmetic changes

Author: tomasz-c

nft-blackhole.conf

@@ -1,8 +1,7 @@
 # Config file for nft-blackhole in yaml
 
 
-
-# IP versions supported
+# IP versions supported: 'on' or 'off', default 'off'
 IP_VERSION:
   v4: on
   v6: on

nft-blackhole.py

@@ -4,7 +4,7 @@
 
 __author__ = "Tomasz Cebula <tomasz.cebula@gmail.com>"
 __license__ = "MIT"
-__version__ = "0.1.1"
+__version__ = "1.0.0"
 
 import argparse
 from sys import stderr
@@ -38,7 +38,7 @@
     COUNTRY_LIST[COUNTRY_LIST.index(False)] = 'no'
 
 SET_TEMPLATE = ('table inet blackhole {\n\tset ${set_name} {\n\t\ttype ${ip_ver}_addr\n'
-                '\t\tflags interval\n\t\tauto-merge\n\t\telements = { ${ip_list} }\n\t}\n}')
+                '\t\tflags interval\n\t\tauto-merge\n\t\telements = { ${ip_list} }\n\t}\n}').expandtabs()
 
 IP_VER = []
 for ip_v in ['v4', 'v6']:
@@ -76,6 +76,7 @@ def stop():
     '''Stopping nft-blackhole'''
     run(['nft', 'delete', 'table', 'inet', 'blackhole'], check=False)
 
+
 def start():
     '''Starting nft-blackhole'''
     nft_template = open('/usr/share/nft-blackhole/nft-blackhole.template').read()
@@ -151,6 +152,7 @@ def whitelist_sets(reload=False):
         if WHITELIST[ip_ver]:
             run(['nft', '-f', '-'], input=nft_set.encode(), check=True)
 
+
 def blacklist_sets(reload=False):
     '''Create blacklist sets'''
     for ip_ver in IP_VER:
@@ -163,6 +165,7 @@ def blacklist_sets(reload=False):
         if ip_list:
             run(['nft', '-f', '-'], input=nft_set.encode(), check=True)
 
+
 def country_sets(reload=False):
     '''Create country sets'''
     for ip_ver in IP_VER:

nft-blackhole.template

@@ -45,7 +45,6 @@ table inet blackhole {
                 ip6 saddr @blacklist-v6 counter ${block_policy}
                 ip saddr @country-v4 counter ${country_policy}
                 ip6 saddr @country-v6 counter ${country_policy}
-                ip protocol icmp accept
                 counter
         }
 }