How to block AS numbers??

Cool_Corona · Oct 6, 2021, 9:11 AM

Hi

A lot is asking about facebook.com and the easy way is blocking AS numbers.

https://www.peeringdb.com/net/979

If we could extract the IP's from a DB then pfblocker could be made to do that...

It does it allredy on geoIP level defined by countries.

How much work would it be??

@BBcan177

Gertjan · Oct 6, 2021, 2:09 PM

@cool_corona said in How to block AS numbers??:

A lot is asking about facebook.com

Yeah.
Right.
They even started to auto block themselves. It wasn't AS, most kids became BGP experts in one evening.

johnpoz · Oct 6, 2021, 2:20 PM

@cool_corona said in How to block AS numbers??:

easy way is blocking AS numbers.

You can already do that with pfblocker..

Cool_Corona · Oct 6, 2021, 2:22 PM

@johnpoz Outbound also?

johnpoz · Oct 6, 2021, 2:40 PM

@cool_corona Just create an alias - use it how ever you want..

Gertjan · Oct 6, 2021, 3:13 PM

Initially, this didn't work for me.
The IP I used was 157.240.20.15, an IP from the 157.240.0.0/17 network, member of the AS32934.
I switched from the to coffee : nothing helped.

Then :

I'm using IPv6 - facebook uses IPv6. .... (slam head).

After creating a 'AS32934' entry on the IPv6 tab, and reloaded of pfB.
I didn't need to test ..... some one was already yelling in the building ....
It's 17h08 : I'm off to home - I'll keep this one for the night ;)

Gertjan · Oct 7, 2021, 8:16 AM

This AS filtering works pretty well.
Dono if it's perfect, but looking at the cheer number of firewall rule hits overnight, it did block a lot.
I have to remove it now, as people start to look in my direction.

Found this on the forum :

whois -h whois.radb.net -- '-i origin AS32934' | grep ^route | grep -v route6 | cut -d" " -f7 > /var/www/block_lists/facebook.txt