Personal list not fully parsed / integrated



  • Hi all.

    I have a Freepbx that use Fail2ban / IPtables that creates entries in IPtables for banned IP.
    Using a little batch file I collect the banned IP and create a dedicated file for pfblockerNG.

    Each hours, at 58 minutes, I update the file for pfblockerNG, and 2 minutes later pfblockerNG read the file.

    When I see multiple IP comming from same network out of my country (France), I use to ban all the network manually.
    i.e : for IP 185.53.88.50, I use to manually ban 185.53.88.0/24, so I enter into the generated file the full network with a comment to remember the full range, and then I remove the IP from the file and from IPtables so the IP never comes back.

    Here is the content of my generated / modified file

    # Generation du 22-08-2019 a 09:58:01
    92.119.177.250
    89.39.106.72
    89.187.176.0/22         # CDN77-NYC US DataCamp Limited London (89.187.176.0 - 89.187.179.255)
    80.211.245.240
    77.247.110.0/24         # VITOX TELECOM Reykjavik Iceland
    77.247.109.0/24         # VITOX TELECOM Delhi 110081 India Netherlands
    77.247.108.0/24         # VITOX TELECOM NETHERLANDS ICELAND ROMANIA EUROPE
    69.162.99.102
    64.91.235.8
    64.31.33.70
    63.143.35.146
    62.210.172.134
    60.12.144.62
    5.62.40.0/23            # Privax LTD AVAST cloud London (5.62.40.0 - 5.62.41.255)
    5.62.23.0/24            # Privax LTD PRCDN-CONSUMER-AU3-20181203 PoP Sydney Australia (5.62.23.0 - 5.62.23.255)
    5.62.19.0/24            # PRCDN-CONSUMER-RU-LED-20190515 Russia (5.62.19.0 - 5.62.19.255)
    54.36.0.0/16            # OVH GmbH Deutschland (54.36.0.0 - 54.36.255.254)
    54.202.26.234
    51.83.226.3
    51.68.80.168
    5.135.250.23
    51.15.161.116
    46.166.151.23
    216.245.196.206
    216.245.195.202
    216.245.193.238
    212.83.187.125
    212.83.163.170
    212.83.150.134
    212.129.63.196
    210.73.207.47
    209.59.128.0/18         # Liquid Web, L.L.C Lansing US (209.59.128.0 - 209.59.191.255)
    209.126.80.0/21         # River City Internet Group St. Louis US (209.126.80.0 - 209.126.87.255)
    209.126.64.0/20         # River City Internet Group St. Louis US (209.126.64.0 - 209.126.79.255)
    195.154.191.98
    195.154.191.141
    195.154.107.226
    185.53.91.0/24          # ORG-CSHS2-RIPE CLOUDSTAR-MNT Iceland
    185.53.88.50
    185.53.88.0/24          # ORG-CSHS2-RIPE CLOUDSTAR-MNT Iceland
    173.247.231.58
    167.71.141.59
    165.22.94.12
    165.227.0.0/16          # DigitalOcean, LLC New York (165.227.0.0 - 165.227.255.255)
    165.22.0.0/16           # DigitalOcean, LLC New York (165.22.0.0 - 165.22.255.255)
    158.140.64.0/18         # RIPE Network Coordination Centre Amsterdam (158.140.64.0 - 158.140.127.255)
    147.135.138.220
    134.209.0.0/16          # DigitalOcean, LLC New York (134.209.0.0 - 134.209.255.255)
    116.0.0.0/6             # APNIC Asia Pacific Network Information Centre Australia (116.0.0.0 - 119.255.255.255)
    115.236.54.2
    113.136.0.0/12          # CHINANET-SN China Telecom (113.136.0.0 - 113.143.255.255)
    103.60.13.162
    
    

    And here is the content of the "Deny file" corresponding into pfblockerNG

    103.60.13.162
    113.136.0.0/12
    115.236.54.2
    116.0.0.0/6
    134.209.0.0/16
    147.135.138.220
    158.140.64.0/18
    165.22.0.0/16
    165.22.94.12
    165.227.0.0/16
    167.71.141.59
    173.247.231.58
    185.53.91.0/24
    195.154.107.226
    195.154.191.141
    195.154.191.98
    209.126.64.0/20
    209.126.80.0/21
    209.59.128.0/18
    210.73.207.47
    212.129.63.196
    212.83.150.134
    212.83.163.170
    212.83.187.125
    216.245.193.238
    216.245.195.202
    216.245.196.206
    46.166.151.23
    5.135.250.23
    5.62.19.0/24
    5.62.23.0/24
    5.62.40.0/23
    51.15.161.116
    51.68.80.168
    51.83.226.3
    54.202.26.234
    54.36.0.0/16
    60.12.144.62
    62.210.172.134
    63.143.35.146
    64.31.33.70
    64.91.235.8
    69.162.99.102
    77.247.108.0/24
    77.247.110.0/24
    80.211.245.240
    89.187.176.0/22
    89.39.106.72
    92.119.177.250
    

    My main issue is that some networks are not integrated into the pfblockerNG file.

    i.e :
    185.53.88.0/24 is in the original file, not in pfblockerNG file.
    77.247.109.0/24 is in the original file, not in pfblockerNG file.

    Any idea why pfblockerNG is missing some data ?

    Regards,
    Laurent.


Log in to reply