Question: Is it possible to add an entire IP range to the blacklist file? example range: 210.0.0.0 - 211.255.255.255 I read <http://www.shorewall.net/Documentation.htm#Blacklist> http://www.shorewall.net/Documentation.htm#Blacklist but did not see any mention of blacklisting an entire range. thank-you. -Kyle A. Gasho ************************************************************************* This document and any files transmitted with it are confidential and are intended solely for the use of the individual or entity to whom they are addressed. This communication may contain material protected by the attorney-client privilege or other privileges or protections from discovery, such as the physician-patient privilege, or a peer review privilege, such as California Evidence Code Section 1157. If you are not the intended recipient or the individual responsible for delivering the document to the intended recipient, please be advised that you have received this document in error and that any use, dissemination, forwarding, printing, or copying of this document is strictly prohibited. If you have received this document in error, please notify the sender immediately, and destroy all copies of the document. *************************************************************************
On Wed, 2003-10-01 at 11:51, Kyle Gasho wrote:> Question: > > Is it possible to add an entire IP range to the blacklist file? > > example range: 210.0.0.0 - 211.255.255.255 > > I read <http://www.shorewall.net/Documentation.htm#Blacklist> > http://www.shorewall.net/Documentation.htm#Blacklist but did not see any > mention of blacklisting an entire range. >You must use CIDR notation. The above example would be 210.0.0.0/7. For more complex examples, at the shell prompt type "shorewall iprange <address>-<address>" (no embedded spaces in the address part); it will print out the list of networks in CIDR format that are equivalent to the range. Example: [root@gateway etc]# shorewall iprange 192.168.4.5-192.168.6.12 192.168.4.5 192.168.4.6/31 192.168.4.8/29 192.168.4.16/28 192.168.4.32/27 192.168.4.64/26 192.168.4.128/25 192.168.5.0/24 192.168.6.0/29 192.168.6.8/30 192.168.6.12 [root@gateway etc]# So to blacklist the range 192.168.4.5 - 192.168.6.12 would require 11 entries in the blacklist file. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net
Why would you want to block 17 million some odd ip addresses? <using the initial example of 210.0.0.1 -210.255.255.254> I would think that this would have adverse affects if your were trying to get to a public web/ftp/mail site that happened to have an ip address that fell in that range. Say you set your blacklist to block a whole /8 range, wouldn''t the "syn ack" coming back from <what ever server.com> inside that blacklisted range get blocked. If my hunch is right then I don''t think blocking a whole 17 milliion addresses sequentially would be benificial. JBanks --- Tom Eastep <teastep@shorewall.net> wrote:> On Wed, 2003-10-01 at 11:51, Kyle Gasho wrote: > > Question: > > > > Is it possible to add an entire IP range to the blacklist file? > > > > example range: 210.0.0.0 - 211.255.255.255 > > > > I read <http://www.shorewall.net/Documentation.htm#Blacklist> > > http://www.shorewall.net/Documentation.htm#Blacklist but did not see any > > mention of blacklisting an entire range. > > > > You must use CIDR notation. The above example would be 210.0.0.0/7. For > more complex examples, at the shell prompt type "shorewall iprange > <address>-<address>" (no embedded spaces in the address part); it will > print out the list of networks in CIDR format that are equivalent to the > range. > > Example: > > [root@gateway etc]# shorewall iprange 192.168.4.5-192.168.6.12 > 192.168.4.5 > 192.168.4.6/31 > 192.168.4.8/29 > 192.168.4.16/28 > 192.168.4.32/27 > 192.168.4.64/26 > 192.168.4.128/25 > 192.168.5.0/24 > 192.168.6.0/29 > 192.168.6.8/30 > 192.168.6.12 > [root@gateway etc]# > > So to blacklist the range 192.168.4.5 - 192.168.6.12 would require 11 > entries in the blacklist file. > > -Tom > -- > Tom Eastep \ Nothing is foolproof to a sufficiently talented fool > Shoreline, \ http://shorewall.net > Washington USA \ teastep@shorewall.net > > > _______________________________________________ > Shorewall-users mailing list > Post: Shorewall-users@lists.shorewall.net > Subscribe/Unsubscribe: https://lists.shorewall.net/mailman/listinfo/shorewall-users > Support: http://www.shorewall.net/support.htm > FAQ: http://www.shorewall.net/FAQ.htm__________________________________ Do you Yahoo!? The New Yahoo! Shopping - with improved product search http://shopping.yahoo.com
On 1 Oct 2003 at 13:14, Joshua Banks wrote:> Why would you want to block 17 million some odd ip addresses? <using > the initial example of 210.0.0.1 -210.255.255.254>Depends if they are in Korea or not... ;-) You can also blacklist for certain protocols only to prevent Korean spam while still allowing browsing to those sites. -- ______________________________________ John Andersen NORCOM / Juneau, Alaska http://www.screenio.com/ (907) 790-3386 ._______________________________________ John S. Andersen NORCOM mailto:JAndersen@norcomsoftware.com Juneau, Alaska http://www.screenio.com/
On Wed, 2003-10-01 at 13:46, John S. Andersen wrote:> On 1 Oct 2003 at 13:14, Joshua Banks wrote: > > > Why would you want to block 17 million some odd ip addresses? <using > > the initial example of 210.0.0.1 -210.255.255.254> > > Depends if they are in Korea or not... ;-) > You can also blacklist for certain protocols only > to prevent Korean spam while still allowing > browsing to those sites.Consider your post rephrased thusly: "Depends if they are in Alaska or not... ;-) You can also blacklist for certain protocols only to prevent Alaskan spam while still allowing browsing to those sites". Let''s not be singling out any country or region as *the* spam source -- spammers are ubiquitous and subscribers to this mailing list live in all corners of the globe. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net
On 1 Oct 2003 at 14:06, Tom Eastep wrote:> Let''s not be singling out any country or region as *the* spam source > --The difference is I (and You) can read Alaskan Spam but I can''t (but perhaps you can) read Korean spam. Because I was on a TurboLinuux ENGLISH news group for some time on one of my home accounts, Korean Language spam it got so bad that I had to blacklist smtp for several Korean "class A" subnets. 4 or 5 hundred per day. -- ______________________________________ John Andersen NORCOM / Juneau, Alaska http://www.screenio.com/ (907) 790-3386 ._______________________________________ John S. Andersen NORCOM mailto:JAndersen@norcomsoftware.com Juneau, Alaska http://www.screenio.com/