Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Blocking company ranges

    Scheduled Pinned Locked Moved General pfSense Questions
    6 Posts 3 Posters 787 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      anttechs
      last edited by

      This maybe a stupid question or one that's already been asked but on cracking open one of the lists that blocklist.com gives me for apple inside all I found was a range so it got me thinking can you just block a range in pfsense or pfbloker?

      example

      ns3.bbc.co.uk            156.154.66.17  2610:a1:1015::17
              ns3.bbc.net.uk
              ns4.bbc.co.uk            156.154.67.17  2001:502:4612::17
              ns4.bbc.net.uk

      Can I just block 156.154.66.17-156.154.67.17 instead of the hole list?

      or just 156.154.66.17/16

      Intel(R) Celeron(R) CPU J1900 @ 1.99GHz
      Current: 1992 MHz, Max: 1993 MHz
      4 CPUs: 1 package(s) x 4 core(s)
      AES-NI CPU Crypto: No
      8 Gig RAM
      250GB SSD

      https://ant-techs.is/ip-blocklists

      1 Reply Last reply Reply Quote 0
      • NogBadTheBadN
        NogBadTheBad
        last edited by

        @anttechs:

        This maybe a stupid question or one that's already been asked but on cracking open one of the lists that blocklist.com gives me for apple inside all I found was a range so it got me thinking can you just block a range in pfsense or pfbloker?

        example

        ns3.bbc.co.uk            156.154.66.17  2610:a1:1015::17
                ns3.bbc.net.uk
                ns4.bbc.co.uk            156.154.67.17  2001:502:4612::17
                ns4.bbc.net.uk

        Can I just block 156.154.66.17-156.154.67.17 instead of the hole list?

        or just 156.154.66.17/16

        if you want to block by IPv4 address only use 156.154.66.17/24 &156.154.67.17/24 156.154.66.17/32 &156.154.67.17/32 AS13037 just the IP addresses.

        If you want to block the range you need to see where the network starts and use a mask the included both IP addresses, the above two lie in 156.154.66.0/23.

        Anyhow the addresses you've listed are the BBC name servers, not really much point blocking those.

        FYI looks like the BBC use the following subnets, i'm sure there are more :-

        AS2818 is used by the BBC

        mac-pro:~ andy$ whois -h whois.radb.net – '-i origin AS2818' | grep ^route:
        route:          132.185.0.0/16
        route:          132.185.240.0/20
        route:          132.185.128.0/20
        route:          132.185.144.0/20
        route:          212.58.224.0/19
        route:          132.185.241.0/24
        route:          212.58.224.0/24
        route:          212.58.225.0/24
        route:          212.58.226.0/24
        route:          212.58.227.0/24
        route:          212.58.228.0/24
        route:          212.58.229.0/24
        route:          212.58.230.0/24
        route:          212.58.231.0/24
        route:          212.58.232.0/24
        route:          212.58.233.0/24
        route:          212.58.234.0/24
        route:          212.58.235.0/24
        route:          212.58.236.0/24
        route:          212.58.237.0/24
        route:          212.58.238.0/24
        route:          212.58.239.0/24
        route:          212.58.240.0/24
        route:          212.58.241.0/24
        route:          212.58.242.0/24
        route:          212.58.243.0/24
        route:          212.58.244.0/24
        route:          212.58.245.0/24
        route:          212.58.246.0/24
        route:          212.58.247.0/24
        route:          212.58.248.0/24
        route:          212.58.249.0/24
        route:          212.58.250.0/24
        route:          212.58.251.0/24
        route:          212.58.252.0/24
        route:          212.58.253.0/24
        route:          212.58.254.0/24
        route:          212.58.255.0/24
        route:          212.58.224.0/20
        route:          212.58.240.0/20
        route:          132.185.240.0/24
        route:          132.185.242.0/24
        route:          132.185.243.0/24
        route:          132.185.244.0/24
        route:          132.185.245.0/24
        route:          132.185.246.0/24
        route:          132.185.247.0/24
        route:          132.185.248.0/24
        route:          132.185.249.0/24
        route:          132.185.250.0/24
        route:          132.185.251.0/24
        route:          132.185.252.0/24
        route:          132.185.253.0/24
        route:          132.185.254.0/24
        route:          132.185.255.0/24
        route:          132.185.144.0/24
        route:          132.185.145.0/24
        route:          132.185.146.0/24
        route:          132.185.147.0/24
        route:          132.185.148.0/24
        route:          132.185.149.0/24
        route:          132.185.150.0/24
        route:          132.185.151.0/24
        route:          132.185.152.0/24
        route:          132.185.153.0/24
        route:          132.185.154.0/24
        route:          132.185.155.0/24
        route:          132.185.156.0/24
        route:          132.185.157.0/24
        route:          132.185.158.0/24
        route:          132.185.159.0/24
        route:          132.185.132.0/24

        mac-pro:~ andy$ whois -h whois.radb.net -- '-i origin AS2818' | grep ^route6:
        route6:          2001:41c0::/32
        route6:          2001:41c0::/33
        route6:          2001:41c1::/32
        mac-pro:~ andy$

        The IP addresses you list aren't using the BBC AS, they're using AS12008

        route:      156.154.66.0/24
        descr:      Neustar Ultra Services
        origin:    AS12008
        mnt-by:    MAINT-AS12008
        changed:    lking@ultradns.com 20060926
        source:    RADB

        route:      156.154.67.0/24
        descr:      Neustar Ultra Services
        origin:    AS12008
        mnt-by:    MAINT-AS12008
        changed:    lking@ultradns.com 20060926
        source:    RADB

        Andy

        1 x Netgate SG-4860 - 3 x Linksys LGS308P - 1 x Aruba InstantOn AP22

        1 Reply Last reply Reply Quote 0
        • A
          anttechs
          last edited by

          Wow excellent I bookmarked this tool for my own lists ;)

          Many thanks

          https://www.dan.me.uk/filtergen?filtertype=cisco&filtername=filterlist&upto=1&upto_size=24&source=RADB&args=AS2818

          Intel(R) Celeron(R) CPU J1900 @ 1.99GHz
          Current: 1992 MHz, Max: 1993 MHz
          4 CPUs: 1 package(s) x 4 core(s)
          AES-NI CPU Crypto: No
          8 Gig RAM
          250GB SSD

          https://ant-techs.is/ip-blocklists

          1 Reply Last reply Reply Quote 0
          • johnpozJ
            johnpoz LAYER 8 Global Moderator
            last edited by

            "if you want to block by IPv4 address only use 156.154.66.17**/24** &156.154.67.17**/24** or just the IP addresses."

            Um if you want to block just the specific IP then the mask would be /32 not /24 or just the IP without a mask.

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 24.11 | Lab VMs 2.8, 24.11

            1 Reply Last reply Reply Quote 0
            • NogBadTheBadN
              NogBadTheBad
              last edited by

              @johnpoz:

              "if you want to block by IPv4 address only use 156.154.66.17**/24** &156.154.67.17**/24** or just the IP addresses."

              Um if you want to block just the specific IP then the mask would be /32 not /24 or just the IP without a mask.

              LOL indeed, trying to do 3 things at once

              Andy

              1 x Netgate SG-4860 - 3 x Linksys LGS308P - 1 x Aruba InstantOn AP22

              1 Reply Last reply Reply Quote 0
              • johnpozJ
                johnpoz LAYER 8 Global Moderator
                last edited by

                Yeah it happens ;)  Just wanted to clarify it since users might take it as gospel vs just a typo…

                An intelligent man is sometimes forced to be drunk to spend time with his fools
                If you get confused: Listen to the Music Play
                Please don't Chat/PM me for help, unless mod related
                SG-4860 24.11 | Lab VMs 2.8, 24.11

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.