Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    network alias blocks more than defined

    Scheduled Pinned Locked Moved Firewalling
    16 Posts 3 Posters 420 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • N
      nopanic @johnpoz
      last edited by

      @johnpoz inthe attached file: china is beginninbg with inetnum in discription

      Thanks Stefan

      johnpozJ 1 Reply Last reply Reply Quote 0
      • johnpozJ
        johnpoz LAYER 8 Global Moderator @nopanic
        last edited by

        @nopanic and which specific IP is being blocked and logged that you feel is wrong?

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.11 | Lab VMs 2.7.2, 24.11

        N 1 Reply Last reply Reply Quote 0
        • N
          nopanic @johnpoz
          last edited by

          @johnpoz ex. the mailinglist server of debian:

          ;; ANSWER SECTION:
          bendel.debian.org. 600 IN A 82.195.75.100

          thanks
          Stefan

          johnpozJ 1 Reply Last reply Reply Quote 0
          • johnpozJ
            johnpoz LAYER 8 Global Moderator @nopanic
            last edited by johnpoz

            @nopanic that is in your log? that 82.195.75.100 IP - just because that is what the A record and dns shows - doesn't mean that is the IP that actually sending email - please show the log where a specific IP was blocked.

            there is no 82.x in that alias list you posted.

            example: here are some IPs that were blocked by different rules I have with aliases

            blocked.jpg

            blocklogrules.jpg

            Also notice that not allowed rule is a ! rule, so the stuff it blocks would be IPs that are NOT listed in the alias/table

            edit2: dude - this entry would block that

            64.0.0.0/2

            Which would be this huge range that 82.x falls into
            64.0.0.0 - 127.255.255.255

            That for sure can not be correct..

            You also have a 128.0.0.0/2 which is also huge
            128.0.0.0 - 191.255.255.255

            I think something went wrong why does the 64/2 show this for text?

            64.0.0.0/2 inetnum: 58.56.0.0 - 58.59.127.255 netname:

            These don't seem correct for sure

            notright.jpg

            edit3: just a quick scan, and you have lots of them in there that are way to big for what the text says it should be blocking

            27.115.0.0/17 inetnum: 27.115.5.0 - 27.115.5.7 netname:

            that /17 would block all ips between 27.115.0.0 - 27.115.127.255, not just what the text says 27.115.5.0 - 27.115.5.7

            edit4: another one that is just huge compared to the text

            36.192.0.0/11 inetnum: 36.212.0.0 - 36.215.255.255 netname:

            36.192/11 would block 36.192.0.0 - 36.223.255.255, not that 36.212-215 range. If you wanted to block 36.212 to 36.215 that would be a 36.212.0.0/14 mask. not a 36.192/11

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 24.11 | Lab VMs 2.7.2, 24.11

            N 2 Replies Last reply Reply Quote 0
            • N
              nopanic @johnpoz
              last edited by

              @johnpoz ahh okay thanks!!!

              I attach the screenshot of the block:
              fw-rule-blocking network-alias.png

              S johnpozJ 2 Replies Last reply Reply Quote 0
              • N
                nopanic @johnpoz
                last edited by

                @johnpoz

                I get the inetnum from whois. ipcalc deaggrigate some nets so I have same discription ....

                tia
                Stefan

                johnpozJ 1 Reply Last reply Reply Quote 0
                • S
                  SteveITS Galactic Empire @nopanic
                  last edited by

                  @nopanic 10.x.x.x is a private IP range...?

                  Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
                  When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
                  Upvote 👍 helpful posts!

                  1 Reply Last reply Reply Quote 0
                  • johnpozJ
                    johnpoz LAYER 8 Global Moderator @nopanic
                    last edited by johnpoz

                    @nopanic you might want to start over - there is a lot of wrong stuff in there for sure

                    8.0.0.0/8 net 8 Alibaba Cloud

                    Not sure how that is Alibaba Cloud, the 8/8 is owned by multiple different companies.

                    NetRange:       8.0.0.0 - 8.8.3.255
                    CIDR:           8.0.0.0/13, 8.8.0.0/22
                    Organization:   Level 3 Parent, LLC (LPL-141)
                    

                    I show

                    inetnum:        8.128.0.0 - 8.159.255.255
                    netname:        ALICLOUD
                    

                    So you can not block 8/8 without blocking a whole bunch of stuff you prob don't want to block.

                    edit: If you are wanting to block whole countries, etc. you might want to look into pfblocker as someone else mentioned.. It allows you to create aliases based on countries - so you could block china and korea, etc. etc..

                    An intelligent man is sometimes forced to be drunk to spend time with his fools
                    If you get confused: Listen to the Music Play
                    Please don't Chat/PM me for help, unless mod related
                    SG-4860 24.11 | Lab VMs 2.7.2, 24.11

                    1 Reply Last reply Reply Quote 0
                    • johnpozJ
                      johnpoz LAYER 8 Global Moderator @nopanic
                      last edited by

                      @nopanic however your creating these netblocks - your blocking way more than just the netblock of the bad guy.. I mean that 64.0.0.0/2 is a HUGE amount of addresses - HUGE!!

                      An intelligent man is sometimes forced to be drunk to spend time with his fools
                      If you get confused: Listen to the Music Play
                      Please don't Chat/PM me for help, unless mod related
                      SG-4860 24.11 | Lab VMs 2.7.2, 24.11

                      N 1 Reply Last reply Reply Quote 0
                      • N
                        nopanic @johnpoz
                        last edited by

                        @johnpoz super!
                        you helped my a lot.I will have a look to pfblocker and I check the alias again.

                        Thanks for help!
                        Stefan

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.