Personal list not fully parsed / integrated
-
Hi all.
I have a Freepbx that use Fail2ban / IPtables that creates entries in IPtables for banned IP.
Using a little batch file I collect the banned IP and create a dedicated file for pfblockerNG.Each hours, at 58 minutes, I update the file for pfblockerNG, and 2 minutes later pfblockerNG read the file.
When I see multiple IP comming from same network out of my country (France), I use to ban all the network manually.
i.e : for IP 185.53.88.50, I use to manually ban 185.53.88.0/24, so I enter into the generated file the full network with a comment to remember the full range, and then I remove the IP from the file and from IPtables so the IP never comes back.Here is the content of my generated / modified file
# Generation du 22-08-2019 a 09:58:01 92.119.177.250 89.39.106.72 89.187.176.0/22 # CDN77-NYC US DataCamp Limited London (89.187.176.0 - 89.187.179.255) 80.211.245.240 77.247.110.0/24 # VITOX TELECOM Reykjavik Iceland 77.247.109.0/24 # VITOX TELECOM Delhi 110081 India Netherlands 77.247.108.0/24 # VITOX TELECOM NETHERLANDS ICELAND ROMANIA EUROPE 69.162.99.102 64.91.235.8 64.31.33.70 63.143.35.146 62.210.172.134 60.12.144.62 5.62.40.0/23 # Privax LTD AVAST cloud London (5.62.40.0 - 5.62.41.255) 5.62.23.0/24 # Privax LTD PRCDN-CONSUMER-AU3-20181203 PoP Sydney Australia (5.62.23.0 - 5.62.23.255) 5.62.19.0/24 # PRCDN-CONSUMER-RU-LED-20190515 Russia (5.62.19.0 - 5.62.19.255) 54.36.0.0/16 # OVH GmbH Deutschland (54.36.0.0 - 54.36.255.254) 54.202.26.234 51.83.226.3 51.68.80.168 5.135.250.23 51.15.161.116 46.166.151.23 216.245.196.206 216.245.195.202 216.245.193.238 212.83.187.125 212.83.163.170 212.83.150.134 212.129.63.196 210.73.207.47 209.59.128.0/18 # Liquid Web, L.L.C Lansing US (209.59.128.0 - 209.59.191.255) 209.126.80.0/21 # River City Internet Group St. Louis US (209.126.80.0 - 209.126.87.255) 209.126.64.0/20 # River City Internet Group St. Louis US (209.126.64.0 - 209.126.79.255) 195.154.191.98 195.154.191.141 195.154.107.226 185.53.91.0/24 # ORG-CSHS2-RIPE CLOUDSTAR-MNT Iceland 185.53.88.50 185.53.88.0/24 # ORG-CSHS2-RIPE CLOUDSTAR-MNT Iceland 173.247.231.58 167.71.141.59 165.22.94.12 165.227.0.0/16 # DigitalOcean, LLC New York (165.227.0.0 - 165.227.255.255) 165.22.0.0/16 # DigitalOcean, LLC New York (165.22.0.0 - 165.22.255.255) 158.140.64.0/18 # RIPE Network Coordination Centre Amsterdam (158.140.64.0 - 158.140.127.255) 147.135.138.220 134.209.0.0/16 # DigitalOcean, LLC New York (134.209.0.0 - 134.209.255.255) 116.0.0.0/6 # APNIC Asia Pacific Network Information Centre Australia (116.0.0.0 - 119.255.255.255) 115.236.54.2 113.136.0.0/12 # CHINANET-SN China Telecom (113.136.0.0 - 113.143.255.255) 103.60.13.162
And here is the content of the "Deny file" corresponding into pfblockerNG
103.60.13.162 113.136.0.0/12 115.236.54.2 116.0.0.0/6 134.209.0.0/16 147.135.138.220 158.140.64.0/18 165.22.0.0/16 165.22.94.12 165.227.0.0/16 167.71.141.59 173.247.231.58 185.53.91.0/24 195.154.107.226 195.154.191.141 195.154.191.98 209.126.64.0/20 209.126.80.0/21 209.59.128.0/18 210.73.207.47 212.129.63.196 212.83.150.134 212.83.163.170 212.83.187.125 216.245.193.238 216.245.195.202 216.245.196.206 46.166.151.23 5.135.250.23 5.62.19.0/24 5.62.23.0/24 5.62.40.0/23 51.15.161.116 51.68.80.168 51.83.226.3 54.202.26.234 54.36.0.0/16 60.12.144.62 62.210.172.134 63.143.35.146 64.31.33.70 64.91.235.8 69.162.99.102 77.247.108.0/24 77.247.110.0/24 80.211.245.240 89.187.176.0/22 89.39.106.72 92.119.177.250
My main issue is that some networks are not integrated into the pfblockerNG file.
i.e :
185.53.88.0/24 is in the original file, not in pfblockerNG file.
77.247.109.0/24 is in the original file, not in pfblockerNG file.Any idea why pfblockerNG is missing some data ?
Regards,
Laurent.