• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

How to block AS numbers??

Scheduled Pinned Locked Moved Firewalling
7 Posts 3 Posters 1.2k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • C
    Cool_Corona
    last edited by Oct 6, 2021, 9:11 AM

    Hi

    A lot is asking about facebook.com and the easy way is blocking AS numbers.

    https://www.peeringdb.com/net/979

    If we could extract the IP's from a DB then pfblocker could be made to do that...

    It does it allredy on geoIP level defined by countries.

    How much work would it be??

    @BBcan177

    G J 2 Replies Last reply Oct 6, 2021, 2:09 PM Reply Quote 0
    • G
      Gertjan @Cool_Corona
      last edited by Oct 6, 2021, 2:09 PM

      @cool_corona said in How to block AS numbers??:

      A lot is asking about facebook.com

      Yeah.
      Right.
      They even started to auto block themselves. It wasn't AS, most kids became BGP experts in one evening.

      No "help me" PM's please. Use the forum, the community will thank you.
      Edit : and where are the logs ??

      1 Reply Last reply Reply Quote 0
      • J
        johnpoz LAYER 8 Global Moderator @Cool_Corona
        last edited by Oct 6, 2021, 2:20 PM

        @cool_corona said in How to block AS numbers??:

        easy way is blocking AS numbers.

        You can already do that with pfblocker..

        blockas.jpg

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.11 | Lab VMs 2.8, 24.11

        C 1 Reply Last reply Oct 6, 2021, 2:22 PM Reply Quote 1
        • C
          Cool_Corona @johnpoz
          last edited by Oct 6, 2021, 2:22 PM

          @johnpoz Outbound also?

          J 1 Reply Last reply Oct 6, 2021, 2:40 PM Reply Quote 0
          • J
            johnpoz LAYER 8 Global Moderator @Cool_Corona
            last edited by Oct 6, 2021, 2:40 PM

            @cool_corona Just create an alias - use it how ever you want..

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 24.11 | Lab VMs 2.8, 24.11

            1 Reply Last reply Reply Quote 0
            • G
              Gertjan
              last edited by Gertjan Oct 6, 2021, 3:13 PM Oct 6, 2021, 3:10 PM

              Initially, this didn't work for me.
              The IP I used was 157.240.20.15, an IP from the 157.240.0.0/17 network, member of the AS32934.
              I switched from the to coffee : nothing helped.

              Then :

              41f92ebd-3958-4000-99d8-2afba7463842-image.png

              I'm using IPv6 - facebook uses IPv6. .... (slam head).

              After creating a 'AS32934' entry on the IPv6 tab, and reloaded of pfB.
              I didn't need to test ..... some one was already yelling in the building ....
              It's 17h08 : I'm off to home - I'll keep this one for the night ;)

              No "help me" PM's please. Use the forum, the community will thank you.
              Edit : and where are the logs ??

              G 1 Reply Last reply Oct 7, 2021, 8:16 AM Reply Quote 0
              • G
                Gertjan @Gertjan
                last edited by Oct 7, 2021, 8:16 AM

                This AS filtering works pretty well.
                Dono if it's perfect, but looking at the cheer number of firewall rule hits overnight, it did block a lot.
                I have to remove it now, as people start to look in my direction.

                Found this on the forum :

                whois -h whois.radb.net -- '-i origin AS32934' | grep ^route | grep -v route6 | cut -d" " -f7 > /var/www/block_lists/facebook.txt
                

                No "help me" PM's please. Use the forum, the community will thank you.
                Edit : and where are the logs ??

                1 Reply Last reply Reply Quote 0
                7 out of 7
                • First post
                  7/7
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                  This community forum collects and processes your personal information.
                  consent.not_received