Модная обходилка говнолиста: Инит-скрипт для openrc: #!/sbin/openrc-run # Copyright 1999-2018 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 savefile=/var/db/iptables-rbl/saved depend() { need net } start() { ipset restore < "$savefile" ipset create -q vpn-whitelist hash:net maxelem 4294967295 iptables -t mangle -A OUTPUT -m set --match-set vpn-whitelist dst -j MARK --set-xmark 0x103 # ip rule add fwmark 0x103 lookup 3 # ip r a default dev myvpn table 3 } stop() { ipset save vpn-whitelist > "$savefile" } Скрипт для крона: #!/bin/bash echo Updating iptables-rbl | logger cd /var/db/iptables-rbl TARGET_SET=vpn-whitelist TARGET_TMP=vpn-whitelist-tmp mkset() { ipset destroy -q ${TARGET_TMP} || true ipset create -q ${TARGET_SET} hash:net maxelem 13107200 || true ipset create ${TARGET_TMP} hash:net maxelem 13107200 { cat list # rutracker echo 195.82.146.214 # pornhub echo 216.18.168.162 } | xargs -n1 ipset -q add ${TARGET_TMP} ipset swap ${TARGET_TMP} ${TARGET_SET} ipset destroy ${TARGET_TMP} } code=&#39;import pandas as pd import sys data = pd.read_csv(sys.argv[1], sep=";", header=None, skiprows=[0], encoding="cp1251", names=["ip", "url", "full_url", "blocked_by", "law", "date"]) ip_list = {ip for sublist in data["ip"].dropna().unique() for ip in sublist.split(" | ")} print("\n".join(ip_list))&#39; python3 -c "$code" <(wget -O - https://raw.githubusercontent.com/zapret-info/z-i/master/dump.csv 2>/dev/null) > list-new if [ $(wc -c list-new | cut -d\ -f 1) -gt 7 ]; then mv list-new list mkset else echo "iptables-rbl haven&#39;t received an address list" | logger mkset fi