Suppressing IP block in CIDRs other than /24 and /32
pfBlockerNG is currently blocking an IP that's in a CIDR /14 entry in one of the blocklists:
Note: The following IPv4 was blocked:
Blocked IP: [ 220.127.116.11 ]
Evaluated IP: [ 18.104.22.168/14 ]
IP Aliasname: [ pfB_iBlockList_v4 ]
IP Feedname: [ BadPeers_v4 ]
I need to whitelist it.
I understand that pfBlockerNG has a limitation that the suppress lists only work on /24 and /32 (I assume because of the complexity of having to rewrite the lists if, say, you wanted to whitelist an individual IP in that range).
But I can't see why I couldn't suppress the entire 22.214.171.124/14 entry. In other words, if 126.96.36.199/14 was specified in the suppress list, pfBlockerNG would just remove the entire line when it saw it when parsing the incoming feeds. Is this not possible at the moment?
I understand I can add a permit alias and an associated firewall rule, but this isn't going to work for me. Positively allowing outbound access to an IP is not the same as removing it from the blocklist. This is because, in my set up, I have half a dozen or so rules (that sit underneath the pfBlocker rules) that determine whether or not an IP address can access the internet (including time based rules etc).
If I put the whitelist alias rule above the pfBlockerNG rules, it's going to gazump all those other rules.
I am just curious - I don't have an answer to your question sorry. But I am really curious why an Amazon netblock would be listed on badpeers.. That is quite possible to break shit users want to go to ;)
Organization: Amazon Data Services NoVa (ADSN-1)
That /14 is
I don't see using such a list that block such huge swaths of the internet that could be used by huge amount of legit uses..
@johnpoz Yes quite! That's the reason I want to get rid of it. Amazon could be hosting anything. Some of it could be malicious I suppose, but then a lot of legitimate cloud based services are on there too. In my case, it's blocking some of those so I need to suppress it.
@andrew453 Not clicking to me on why you can not whitelist what you need to allow above the list if you can not remove specific item from the list with a suppression.
Are you saying that you don't want this list to block it, but you might have others that would? That is really the only thing I can think off off the top of the head why a whitelist wouldn't work.
@johnpoz In my firewall rules, I have the dozen or so pfBlockerNG auto rules corresponding to the feeds (i.e. don't want anything on my network speaking to a blocked IP), followed by half a dozen or so rules that determine what local LAN addresses can reach the internet and when.
So there'll be some circumstances where local LAN addresses shouldn't be able to access the Internet. So, making up an example, the kids' LAN IPs might only be allowed to access the internet before 7pm.
If I put a whitelist rule above the pfBlockerNG rules, it will take precedence over those rules. So the kids' IP addresses would be able to access the whitelisted IPs at any time.
Similarly, if I move the existing half dozen rules governing access of the LAN IPs to the internet before the pfBlockerNG rules, then they wouldn't benefit from the protections against malcious IPs.
Ideally, I just want to get rid of the overzealous Amazon IP range block by suppressing/removing it completely from the pfBlockerNG feed.
The only other way to deal with it is basically to create a duplicate set of the half dozen firewall rules again (but applicable only to the whitelisted IPs) and put them above the pfBlockerNG rules. That is a pain to maintain though, as I basically then have each rule twice (the original rule below the pfBlockerNG auto rules, plus the copy specific to the pfBlockerNG whitelist, above the auto rules).
RonpfS last edited by
IP Feedname: [ BadPeers_v4 ]
Was is the source of this Feed ? Is-it maintained ?
@ronpfs Looks like it's from here: https://www.iblocklist.com/list?list=cwworuawihqvocglcoss
I could just remove this list of course, but it would be useful to know the answer to my question.
RonpfS last edited by RonpfS
List of people who have been reported for bad deeds in p2p.
This list is for protecting BitTorrent clients. IMHO it could be used on the local machine BitTorrent hosts instead of the Firewall.
When Auto-Rules doesn't fit your setup, you can use Alias type with your own FW rules order.