Firewall rule for entire AS (Autonomous System)
-
Is it possible to create rules based on AS? Or do I need to manually add every prefix in the AS as an alias and use that? Thanks!
-
Not at the moment, no. We've discussed doing this in the future but there isn't a feature to do this right now.
-
Sorry to bump my old question, I was just curious if any decisions have been made on this? Manually entering a huge range of cidr's into an alias today reminded me of it ;D
-
You can do to this in pfBlockerNG using a site like Hurricane Electric. It can create an aliastable that can automatically create a firewall rule to Block/Reject or Permit. You can also just create an aliastable and manually create your own rules. You will need to use the "html" format setting.
Here is an example to collect the IPs for Facebook: (you can search for any AS)
http://bgp.he.net/search?search[search]=facebook&commit=Search
-
You can do to this in pfBlockerNG using a site like Hurricane Electric. It can create an aliastable that can automatically create a firewall rule to Block/Reject or Permit. You can also just create an aliastable and manually create your own rules. You will need to use the "html" format setting.
Here is an example to collect the IPs for Facebook: (you can search for any AS)
http://bgp.he.net/search?search[search]=facebook&commit=Search
Wow! This is fantastic, I really couldn't have asked for something better! I just installed it and tossed it http://bgp.he.net/AS30081#_prefixes and it seems to have worked first try. Is it possible to see the IP's for the alias it created just to verify there aren't any errors? I noticed the alias value it creates is a url but I haven't been able to find it's content.
-
Goto the pfBNG Log Browser tab and look at "original" folder and either "deny/permit/match" folder depending on what you setup in the alias.
-
-
Hi, woke up this morning and did some looking around on ntopng / Autonomous Systems and found "AS140979 – China Unicom Shanghai FuTe IDC network" activity and other IP's from China:
Trying to figure out the solution you gave here, in pfBlockerNG I do see Asia / Continent - Asia / China [1814991] CN (7330), but will adding this be the solution in blocking AS your referring here? If not, is there some doc's that will show me how to do this suggesting
@bbcan177 said in Firewall rule for entire AS (Autonomous System):
You can do to this in pfBlockerNG using a site like Hurricane Electric. It can create an aliastable that can automatically create a firewall rule to Block/Reject or Permit. You can also just create an aliastable and manually create your own rules. You will need to use the "html" format setting.
Thanks!....
-
Is this "pfblocker but for ASN " how you it?