Skip to content
Securely generates sanitized, aggregate, IP blacklists
Crystal Makefile
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Type Name Latest commit message Commit time
Failed to load latest commit information.


GitHub release

Aggregates multiple IP blacklists, validates each entry, and outputs a new, sanitized, and reduced, newline delimited list.

nongrata is already very safe as it only connects to services you think are reputable. That being said the assumption has be that it is exploitable are the underlying libraries. As such nongrata is privilege separated, chrooted, and on OpenBSD pledged. If someone attempts to exploit this software they will have trouble, won't get far, or will outright kill the process.


sudo make install
make clean


Basic Usage:


Cron Usage:

nongrata -c

Cron Usage + pf:

nongrata -c && (pfctl -q -t drop -T replace -f /etc/pf.list/drop)


Usage: nongrata [arguments]
    -f file          Specifies the configuration file. The default is /etc/nongrata.conf.
    -c, --cron       Silences the applications output unless there is an error. Useful for cron.
    -v, --version    Show the version number.
    -h, --help       Show this help.


There are included sample configurations under the sample subdirectory.

I recommend whitelisting your LAN block, WAN address, and any other known good addresses or blocks. This will prevent them from being on the resultant list.


The configuration is a collection of named lists you would like to construct. Each List should contain an output where the list will be written and optionally a whitelist, which can contain addresses or address blocks which will not be allowed in the resulting list. Additionally It needs to contain a collection of named sources from which to get the source data.

  • output: string
  • whitelist: [ optional, list, of, addresses, and, blocks ]
BadGuyList: {
	output: /etc/pf.lists/badguys
	whitelist: [ "", "", "" ]
	sources: {
		// Your collection of named sources.


Sources can currently be 1 of 2 types, list or table. By default if type is not specified list is used. Both types have the url key which contains the url for the source.

A source which is a list is (by default) a newline delimited list of addresses and blocks. With this type you also have the option of selecting the entry delimiter with the delimiter key (by default a newline), as well as the comment style with the comment key (by default a #).

  • url: url string
  • type: list
  • delimiter: string - by default \n
  • comment: string - by default #
Spamhaus: {
	type: list
	comment: ;

A source which is a table is a table with newline delimited rows where a column contains an address or block. With this type you also have the option of selecting the column whcih will be interpreted as an address or block with the column key (by default 0), the column delimiter with the delimiter key (by default a comma), the comment style with the comment key (by default a #), and selectors of a line based on the lines prefix, or suffix using the keys prefix, and suffix respectively.

  • url: url string
  • type: table
  • column: integer
  • delimiter: string - by default ,
  • comment: string - by default #
  • prefix: string or null - disabled by default
  • suffix: string or null - disabled by default
Tor: {
	type: table
	column: 1
	delimiter: " "
	prefix: ExitAddress
	suffix: nil


  1. Fork it ( )
  2. Create your feature branch (git checkout -b my-new-feature)
  3. Commit your changes (git commit -am 'Add some feature')
  4. Push to the branch (git push origin my-new-feature)
  5. Create a new Pull Request


You can’t perform that action at this time.