Project

General

Profile

Actions

Bug #9707

open

Some networks already existing in deny Feeds are not stopped even if existing in custom deny list

Added by Laurent BONNIN over 4 years ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
pfBlockerNG
Target version:
-
Start date:
08/28/2019
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Affected Version:
2.2.5
Affected Plus Version:
Affected Architecture:

Description

Hi.

I have a Freepbx that use Fail2ban / IPtables that creates entries in IPtables for banned IP.
Using a little batch file I collect the banned IP from IPtables and create a dedicated file for pfblockerNG.

Each hours, the banned IP file is updated with newer IP banned (IP are added).
Using Feeds settings in PfblockerNG, I read the file 2 minutes later.

When I see multiple IP comming from same network out of my country (France), I use to ban all the network manually.
i.e : for IP 185.53.88.50, I use to manually ban 185.53.88.0/24, so I open my IP Banned file and enter the full network with a comment to remember the full range, and then I remove the IP from the file. I also "reset" IPtables so the IP just removed never comes back.

My main issue is that some networks are not integrated into the pfblockerNG file.

i.e :
185.53.88.0/24 is in the original file, not in pfblockerNG file.
77.247.109.0/24 is in the original file, not in pfblockerNG file.

When I check log files, I do not see the networks too.

Any idea why pfblockerNG is missing some data ?

Here is my IP Banned file (my personal Feed) :

# Generation du 22-08-2019 a 09:58:01
92.119.177.250
89.39.106.72
89.187.176.0/22         # CDN77-NYC US DataCamp Limited London (89.187.176.0 - 89.187.179.255)
80.211.245.240
77.247.110.0/24         # VITOX TELECOM Reykjavik Iceland
77.247.109.0/24         # VITOX TELECOM Delhi 110081 India Netherlands
77.247.108.0/24         # VITOX TELECOM NETHERLANDS ICELAND ROMANIA EUROPE
69.162.99.102
64.91.235.8
64.31.33.70
63.143.35.146
62.210.172.134
60.12.144.62
5.62.40.0/23            # Privax LTD AVAST cloud London (5.62.40.0 - 5.62.41.255)
5.62.23.0/24            # Privax LTD PRCDN-CONSUMER-AU3-20181203 PoP Sydney Australia (5.62.23.0 - 5.62.23.255)
5.62.19.0/24            # PRCDN-CONSUMER-RU-LED-20190515 Russia (5.62.19.0 - 5.62.19.255)
54.36.0.0/16            # OVH GmbH Deutschland (54.36.0.0 - 54.36.255.254)
54.202.26.234
51.83.226.3
51.68.80.168
5.135.250.23
51.15.161.116
46.166.151.23
216.245.196.206
216.245.195.202
216.245.193.238
212.83.187.125
212.83.163.170
212.83.150.134
212.129.63.196
210.73.207.47
209.59.128.0/18         # Liquid Web, L.L.C Lansing US (209.59.128.0 - 209.59.191.255)
209.126.80.0/21         # River City Internet Group St. Louis US (209.126.80.0 - 209.126.87.255)
209.126.64.0/20         # River City Internet Group St. Louis US (209.126.64.0 - 209.126.79.255)
195.154.191.98
195.154.191.141
195.154.107.226
185.53.91.0/24          # ORG-CSHS2-RIPE CLOUDSTAR-MNT Iceland
185.53.88.50
185.53.88.0/24          # ORG-CSHS2-RIPE CLOUDSTAR-MNT Iceland
173.247.231.58
167.71.141.59
165.22.94.12
165.227.0.0/16          # DigitalOcean, LLC New York (165.227.0.0 - 165.227.255.255)
165.22.0.0/16           # DigitalOcean, LLC New York (165.22.0.0 - 165.22.255.255)
158.140.64.0/18         # RIPE Network Coordination Centre Amsterdam (158.140.64.0 - 158.140.127.255)
147.135.138.220
134.209.0.0/16          # DigitalOcean, LLC New York (134.209.0.0 - 134.209.255.255)
116.0.0.0/6             # APNIC Asia Pacific Network Information Centre Australia (116.0.0.0 - 119.255.255.255)
115.236.54.2
113.136.0.0/12          # CHINANET-SN China Telecom (113.136.0.0 - 113.143.255.255)
103.60.13.162

And here is the content of the "Deny file" corresponding into pfblockerNG

103.60.13.162
113.136.0.0/12
115.236.54.2
116.0.0.0/6
134.209.0.0/16
147.135.138.220
158.140.64.0/18
165.22.0.0/16
165.22.94.12
165.227.0.0/16
167.71.141.59
173.247.231.58
185.53.91.0/24
195.154.107.226
195.154.191.141
195.154.191.98
209.126.64.0/20
209.126.80.0/21
209.59.128.0/18
210.73.207.47
212.129.63.196
212.83.150.134
212.83.163.170
212.83.187.125
216.245.193.238
216.245.195.202
216.245.196.206
46.166.151.23
5.135.250.23
5.62.19.0/24
5.62.23.0/24
5.62.40.0/23
51.15.161.116
51.68.80.168
51.83.226.3
54.202.26.234
54.36.0.0/16
60.12.144.62
62.210.172.134
63.143.35.146
64.31.33.70
64.91.235.8
69.162.99.102
77.247.108.0/24
77.247.110.0/24
80.211.245.240
89.187.176.0/22
89.39.106.72
92.119.177.250

No data to display

Actions

Also available in: Atom PDF