Blocking company ranges



  • This maybe a stupid question or one that's already been asked but on cracking open one of the lists that blocklist.com gives me for apple inside all I found was a range so it got me thinking can you just block a range in pfsense or pfbloker?

    example

    ns3.bbc.co.uk            156.154.66.17  2610:a1:1015::17
            ns3.bbc.net.uk
            ns4.bbc.co.uk            156.154.67.17  2001:502:4612::17
            ns4.bbc.net.uk

    Can I just block 156.154.66.17-156.154.67.17 instead of the hole list?

    or just 156.154.66.17/16


  • Galactic Empire

    @anttechs:

    This maybe a stupid question or one that's already been asked but on cracking open one of the lists that blocklist.com gives me for apple inside all I found was a range so it got me thinking can you just block a range in pfsense or pfbloker?

    example

    ns3.bbc.co.uk            156.154.66.17  2610:a1:1015::17
            ns3.bbc.net.uk
            ns4.bbc.co.uk            156.154.67.17  2001:502:4612::17
            ns4.bbc.net.uk

    Can I just block 156.154.66.17-156.154.67.17 instead of the hole list?

    or just 156.154.66.17/16

    if you want to block by IPv4 address only use 156.154.66.17/24 &156.154.67.17/24 156.154.66.17/32 &156.154.67.17/32 AS13037 just the IP addresses.

    If you want to block the range you need to see where the network starts and use a mask the included both IP addresses, the above two lie in 156.154.66.0/23.

    Anyhow the addresses you've listed are the BBC name servers, not really much point blocking those.

    FYI looks like the BBC use the following subnets, i'm sure there are more :-

    AS2818 is used by the BBC

    mac-pro:~ andy$ whois -h whois.radb.net – '-i origin AS2818' | grep ^route:
    route:          132.185.0.0/16
    route:          132.185.240.0/20
    route:          132.185.128.0/20
    route:          132.185.144.0/20
    route:          212.58.224.0/19
    route:          132.185.241.0/24
    route:          212.58.224.0/24
    route:          212.58.225.0/24
    route:          212.58.226.0/24
    route:          212.58.227.0/24
    route:          212.58.228.0/24
    route:          212.58.229.0/24
    route:          212.58.230.0/24
    route:          212.58.231.0/24
    route:          212.58.232.0/24
    route:          212.58.233.0/24
    route:          212.58.234.0/24
    route:          212.58.235.0/24
    route:          212.58.236.0/24
    route:          212.58.237.0/24
    route:          212.58.238.0/24
    route:          212.58.239.0/24
    route:          212.58.240.0/24
    route:          212.58.241.0/24
    route:          212.58.242.0/24
    route:          212.58.243.0/24
    route:          212.58.244.0/24
    route:          212.58.245.0/24
    route:          212.58.246.0/24
    route:          212.58.247.0/24
    route:          212.58.248.0/24
    route:          212.58.249.0/24
    route:          212.58.250.0/24
    route:          212.58.251.0/24
    route:          212.58.252.0/24
    route:          212.58.253.0/24
    route:          212.58.254.0/24
    route:          212.58.255.0/24
    route:          212.58.224.0/20
    route:          212.58.240.0/20
    route:          132.185.240.0/24
    route:          132.185.242.0/24
    route:          132.185.243.0/24
    route:          132.185.244.0/24
    route:          132.185.245.0/24
    route:          132.185.246.0/24
    route:          132.185.247.0/24
    route:          132.185.248.0/24
    route:          132.185.249.0/24
    route:          132.185.250.0/24
    route:          132.185.251.0/24
    route:          132.185.252.0/24
    route:          132.185.253.0/24
    route:          132.185.254.0/24
    route:          132.185.255.0/24
    route:          132.185.144.0/24
    route:          132.185.145.0/24
    route:          132.185.146.0/24
    route:          132.185.147.0/24
    route:          132.185.148.0/24
    route:          132.185.149.0/24
    route:          132.185.150.0/24
    route:          132.185.151.0/24
    route:          132.185.152.0/24
    route:          132.185.153.0/24
    route:          132.185.154.0/24
    route:          132.185.155.0/24
    route:          132.185.156.0/24
    route:          132.185.157.0/24
    route:          132.185.158.0/24
    route:          132.185.159.0/24
    route:          132.185.132.0/24

    mac-pro:~ andy$ whois -h whois.radb.net -- '-i origin AS2818' | grep ^route6:
    route6:          2001:41c0::/32
    route6:          2001:41c0::/33
    route6:          2001:41c1::/32
    mac-pro:~ andy$

    The IP addresses you list aren't using the BBC AS, they're using AS12008

    route:      156.154.66.0/24
    descr:      Neustar Ultra Services
    origin:    AS12008
    mnt-by:    MAINT-AS12008
    changed:    lking@ultradns.com 20060926
    source:    RADB

    route:      156.154.67.0/24
    descr:      Neustar Ultra Services
    origin:    AS12008
    mnt-by:    MAINT-AS12008
    changed:    lking@ultradns.com 20060926
    source:    RADB




  • Rebel Alliance Global Moderator

    "if you want to block by IPv4 address only use 156.154.66.17**/24** &156.154.67.17**/24** or just the IP addresses."

    Um if you want to block just the specific IP then the mask would be /32 not /24 or just the IP without a mask.


  • Galactic Empire

    @johnpoz:

    "if you want to block by IPv4 address only use 156.154.66.17**/24** &156.154.67.17**/24** or just the IP addresses."

    Um if you want to block just the specific IP then the mask would be /32 not /24 or just the IP without a mask.

    LOL indeed, trying to do 3 things at once


  • Rebel Alliance Global Moderator

    Yeah it happens ;)  Just wanted to clarify it since users might take it as gospel vs just a typo…