Blocking company ranges

anttechs

This maybe a stupid question or one that's already been asked but on cracking open one of the lists that blocklist.com gives me for apple inside all I found was a range so it got me thinking can you just block a range in pfsense or pfbloker?

example

ns3.bbc.co.uk            156.154.66.17  2610:a1:1015::17
        ns3.bbc.net.uk
        ns4.bbc.co.uk            156.154.67.17  2001:502:4612::17
        ns4.bbc.net.uk

Can I just block 156.154.66.17-156.154.67.17 instead of the hole list?

or just 156.154.66.17/16

NogBadTheBad

@anttechs:

This maybe a stupid question or one that's already been asked but on cracking open one of the lists that blocklist.com gives me for apple inside all I found was a range so it got me thinking can you just block a range in pfsense or pfbloker?

example

ns3.bbc.co.uk            156.154.66.17  2610:a1:1015::17
        ns3.bbc.net.uk
        ns4.bbc.co.uk            156.154.67.17  2001:502:4612::17
        ns4.bbc.net.uk

Can I just block 156.154.66.17-156.154.67.17 instead of the hole list?

or just 156.154.66.17/16

if you want to block by IPv4 address only use 156.154.66.17/24 &156.154.67.17/24 156.154.66.17/32 &156.154.67.17/32 AS13037 just the IP addresses.

If you want to block the range you need to see where the network starts and use a mask the included both IP addresses, the above two lie in 156.154.66.0/23.

Anyhow the addresses you've listed are the BBC name servers, not really much point blocking those.

FYI looks like the BBC use the following subnets, i'm sure there are more :-

AS2818 is used by the BBC

mac-pro:~ andy$ whois -h whois.radb.net – '-i origin AS2818' | grep ^route:
route:          132.185.0.0/16
route:          132.185.240.0/20
route:          132.185.128.0/20
route:          132.185.144.0/20
route:          212.58.224.0/19
route:          132.185.241.0/24
route:          212.58.224.0/24
route:          212.58.225.0/24
route:          212.58.226.0/24
route:          212.58.227.0/24
route:          212.58.228.0/24
route:          212.58.229.0/24
route:          212.58.230.0/24
route:          212.58.231.0/24
route:          212.58.232.0/24
route:          212.58.233.0/24
route:          212.58.234.0/24
route:          212.58.235.0/24
route:          212.58.236.0/24
route:          212.58.237.0/24
route:          212.58.238.0/24
route:          212.58.239.0/24
route:          212.58.240.0/24
route:          212.58.241.0/24
route:          212.58.242.0/24
route:          212.58.243.0/24
route:          212.58.244.0/24
route:          212.58.245.0/24
route:          212.58.246.0/24
route:          212.58.247.0/24
route:          212.58.248.0/24
route:          212.58.249.0/24
route:          212.58.250.0/24
route:          212.58.251.0/24
route:          212.58.252.0/24
route:          212.58.253.0/24
route:          212.58.254.0/24
route:          212.58.255.0/24
route:          212.58.224.0/20
route:          212.58.240.0/20
route:          132.185.240.0/24
route:          132.185.242.0/24
route:          132.185.243.0/24
route:          132.185.244.0/24
route:          132.185.245.0/24
route:          132.185.246.0/24
route:          132.185.247.0/24
route:          132.185.248.0/24
route:          132.185.249.0/24
route:          132.185.250.0/24
route:          132.185.251.0/24
route:          132.185.252.0/24
route:          132.185.253.0/24
route:          132.185.254.0/24
route:          132.185.255.0/24
route:          132.185.144.0/24
route:          132.185.145.0/24
route:          132.185.146.0/24
route:          132.185.147.0/24
route:          132.185.148.0/24
route:          132.185.149.0/24
route:          132.185.150.0/24
route:          132.185.151.0/24
route:          132.185.152.0/24
route:          132.185.153.0/24
route:          132.185.154.0/24
route:          132.185.155.0/24
route:          132.185.156.0/24
route:          132.185.157.0/24
route:          132.185.158.0/24
route:          132.185.159.0/24
route:          132.185.132.0/24

mac-pro:~ andy$ whois -h whois.radb.net -- '-i origin AS2818' | grep ^route6:
route6:          2001:41c0::/32
route6:          2001:41c0::/33
route6:          2001:41c1::/32
mac-pro:~ andy$

The IP addresses you list aren't using the BBC AS, they're using AS12008

route:      156.154.66.0/24
descr:      Neustar Ultra Services
origin:    AS12008
mnt-by:    MAINT-AS12008
changed:    lking@ultradns.com 20060926
source:    RADB

route:      156.154.67.0/24
descr:      Neustar Ultra Services
origin:    AS12008
mnt-by:    MAINT-AS12008
changed:    lking@ultradns.com 20060926
source:    RADB

anttechs

Wow excellent I bookmarked this tool for my own lists ;)

Many thanks

https://www.dan.me.uk/filtergen?filtertype=cisco&filtername=filterlist&upto=1&upto_size=24&source=RADB&args=AS2818

johnpoz

"if you want to block by IPv4 address only use 156.154.66.17**/24** &156.154.67.17**/24** or just the IP addresses."

Um if you want to block just the specific IP then the mask would be /32 not /24 or just the IP without a mask.

NogBadTheBad

@johnpoz:

"if you want to block by IPv4 address only use 156.154.66.17**/24** &156.154.67.17**/24** or just the IP addresses."

Um if you want to block just the specific IP then the mask would be /32 not /24 or just the IP without a mask.

LOL indeed, trying to do 3 things at once

johnpoz

Yeah it happens ;)  Just wanted to clarify it since users might take it as gospel vs just a typo…