Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Firewall rule for entire AS (Autonomous System)

    Scheduled Pinned Locked Moved Firewalling
    9 Posts 5 Posters 3.4k Views 1 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D Offline
      diablo266
      last edited by

      Is it possible to create rules based on AS? Or do I need to manually add every prefix in the AS as an alias and use that? Thanks!

      1 Reply Last reply Reply Quote 0
      • jimpJ Offline
        jimp Rebel Alliance Developer Netgate
        last edited by

        Not at the moment, no. We've discussed doing this in the future but there isn't a feature to do this right now.

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • D Offline
          diablo266
          last edited by

          Sorry to bump my old question, I was just curious if any decisions have been made on this? Manually entering a huge range of cidr's into an alias today reminded me of it  ;D

          1 Reply Last reply Reply Quote 0
          • BBcan177B Offline
            BBcan177 Moderator
            last edited by

            You can do to this in pfBlockerNG using a site like Hurricane Electric. It can create an aliastable that can automatically create a firewall rule to Block/Reject or Permit. You can also just create an aliastable and manually create your own rules. You will need to use the "html" format setting.

            Here is an example to collect the IPs for Facebook: (you can search for any AS)

            http://bgp.he.net/search?search[search]=facebook&commit=Search

            "Experience is something you don't get until just after you need it."

            Website: http://pfBlockerNG.com
            Twitter: @BBcan177  #pfBlockerNG
            Reddit: https://www.reddit.com/r/pfBlockerNG/new/

            1 Reply Last reply Reply Quote 0
            • D Offline
              diablo266
              last edited by

              @BBcan177:

              You can do to this in pfBlockerNG using a site like Hurricane Electric. It can create an aliastable that can automatically create a firewall rule to Block/Reject or Permit. You can also just create an aliastable and manually create your own rules. You will need to use the "html" format setting.

              Here is an example to collect the IPs for Facebook: (you can search for any AS)

              http://bgp.he.net/search?search[search]=facebook&commit=Search

              Wow! This is fantastic, I really couldn't have asked for something better! I just installed it and tossed it http://bgp.he.net/AS30081#_prefixes and it seems to have worked first try. Is it possible to see the IP's for the alias it created just to verify there aren't any errors? I noticed the alias value it creates is a url but I haven't been able to find it's content.

              1 Reply Last reply Reply Quote 0
              • BBcan177B Offline
                BBcan177 Moderator
                last edited by

                Goto the pfBNG Log Browser tab and look at "original" folder and either "deny/permit/match" folder depending on what you setup in the alias.

                "Experience is something you don't get until just after you need it."

                Website: http://pfBlockerNG.com
                Twitter: @BBcan177  #pfBlockerNG
                Reddit: https://www.reddit.com/r/pfBlockerNG/new/

                1 Reply Last reply Reply Quote 0
                • C Offline
                  cmb
                  last edited by

                  @diablo266:

                  but I haven't been able to find it's content.

                  Diag>Tables.

                  1 Reply Last reply Reply Quote 0
                  • N Offline
                    nasheayahu
                    last edited by nasheayahu

                    Hi, woke up this morning and did some looking around on ntopng / Autonomous Systems and found "AS140979 – China Unicom Shanghai FuTe IDC network" activity and other IP's from China:

                    Trying to figure out the solution you gave here, in pfBlockerNG I do see Asia / Continent - Asia / China [1814991] CN (7330), but will adding this be the solution in blocking AS your referring here? If not, is there some doc's that will show me how to do this suggesting

                    Screenshot (5).png

                    @bbcan177 said in Firewall rule for entire AS (Autonomous System):

                    You can do to this in pfBlockerNG using a site like Hurricane Electric. It can create an aliastable that can automatically create a firewall rule to Block/Reject or Permit. You can also just create an aliastable and manually create your own rules. You will need to use the "html" format setting.

                    Thanks!....

                    N 1 Reply Last reply Reply Quote 0
                    • N Offline
                      nasheayahu @nasheayahu
                      last edited by

                      Is this "pfblocker but for ASN " how you it?

                      1 Reply Last reply Reply Quote 0
                      • First post
                        Last post
                      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.