Automatically downloads IP CIDR blocks for specified countries to block.
Supports additional manually blocked IPs from a configurable file.
Updates the disallowed_clients section in the AdGuard Home config.
Configurable update frequency via cron expression environment variable.
Automatically restarts the AdGuard Home container after updates via Docker socket proxy.
Backup AdguardHome.yaml at first startup, then create a second backup at each update.

Environment Variables

Variable	Description	Default
`TZ`	Your Time Zone	(required)
`BLOCK_COUNTRIES`	Comma-separated country codes to block (e.g., `CN,RU,IR`)	(required)
`BLOCKLIST_CRON`	Cron expression for update frequency (e.g., `0 6 * * *`)	`0 6 * * *` (at 6:00 everydays)
`DOCKER_API_URL`	URL of Docker socket proxy to restart AdGuard container	`http://socket-proxy-adguard:2375`
`ADGUARD_CONTAINER_NAME`	Name of your adguard container	`adguardhome`

File Structure

update-blocklist.sh: Main script to download CIDRs, merge manual IPs, update config, and restart AdGuard.
entrypoint.sh: Sets up the cron job to periodically run the update script.
Dockerfile: Builds the lightweight Alpine-based image.
docker-compose.yml: Example compose file to run the container.
manually_blocked_ips.conf: (Volume mount) Add extra IPs to block manually.

Installation and Usage

With our docker image

Create docker-compose.yml in your adguard-cidre folder

---
services:
adguard-cidre:
    image: git.djeex.fr/djeex/adguard-cidre:latest
    container_name: adguard-cidre
    restart: unless-stopped
    environment:
    - TZ=Europe/Paris # change to your timezone
    - BLOCK_COUNTRIES=cn,ru # choose countries listed IP to block. Full lists here https://github.com/vulnebify/cidre/tree/main/output/cidr/ipv4
    - BLOCKLIST_CRON=0 6 * * * # at 6:00 every days
    - DOCKER_API_URL=http://socket-proxy-adguard:2375 # docker socket proxy
    - ADGUARD_CONTAINER_NAME=adguardhome # adguard container name
    volumes:
    - /path/to/adguard/confdir:/adguard

socket-proxy:
    image: lscr.io/linuxserver/socket-proxy:latest
    container_name: socket-proxy-adguard
    security_opt:
    - no-new-privileges:true
    environment:
    - CONTAINERS=1
    - ALLOW_RESTARTS=1
    volumes:
    - /var/run/docker.sock:/var/run/docker.sock:ro
    restart: unless-stopped
    read_only: true
    tmpfs:
    - /run

Modify docker-compose.yml

Set BLOCK_COUNTRIES environment variable with the countries you want to block.
Adjust BLOCKLIST_CRON if you want a different update frequency.
Bind mount your adguard configuration folder (wich contains AdGuardHome.yaml) to /adguard
(optionnally) create and edit manually_blocked_ips.conf file in your adguard configuration folder to add other IPs you want to block. Only valid IP or CIDR entries will be processed, for exemple :
```
192.168.1.100
10.0.0.0/24
# Comments or empty lines are ignored
```

Start the container
```
docker compose up -d
```
Check logs to verify updates
```
docker compose logs -f
```

With git (developer)

Clone the repository:

git clone https://git.djeex.fr/Djeex/adguard-cidre
cd adguard-cidre

Modify docker-compose.yml

Set BLOCK_COUNTRIES environment variable with the countries you want to block.
Adjust BLOCKLIST_CRON if you want a different update frequency.
Bind mount your adguard configuration folder (wich contains AdGuardHome.yaml) to /adguard
(optionnally) create and edit manually_blocked_ips.conf file in your adguard configuration folder to add other IPs you want to block. Only valid IP or CIDR entries will be processed, for exemple :
```
192.168.1.100
10.0.0.0/24
# Comments or empty lines are ignored
```

Build and start the container

docker compose build
docker compose up -d

Check logs to verify updates
```
docker compose logs -f
```

Releases 4

v1.3 Latest

2025-06-06 14:20:38 +02:00

Languages

Python 95.8%

Dockerfile 4.2%