Netgate Store

Author Topic: Blocking company ranges  (Read 112 times)

0 Members and 1 Guest are viewing this topic.

Offline anttechs

  • Jr. Member
  • **
  • Posts: 37
  • Karma: +6/-3
  • I.T Specialist & PfSense & PfBlocker Fan!
    • View Profile
    • Ant-Tech.is
Blocking company ranges
« on: April 20, 2018, 06:53:27 am »
This maybe a stupid question or one that's already been asked but on cracking open one of the lists that blocklist.com gives me for apple inside all I found was a range so it got me thinking can you just block a range in pfsense or pfbloker?

example
 
        ns3.bbc.co.uk             156.154.66.17  2610:a1:1015::17
        ns3.bbc.net.uk
        ns4.bbc.co.uk             156.154.67.17  2001:502:4612::17
        ns4.bbc.net.uk

 Can I just block 156.154.66.17-156.154.67.17 instead of the hole list?

or just 156.154.66.17/16
Intel(R) Celeron(R) CPU J1900 @ 1.99GHz
Current: 1992 MHz, Max: 1993 MHz
4 CPUs: 1 package(s) x 4 core(s)
AES-NI CPU Crypto: No
8 Gig RAM
250GB SSD

https://ant-techs.is/ip-blocklists

Online NogBadTheBad

  • Hero Member
  • *****
  • Posts: 641
  • Karma: +51/-0
    • View Profile
Re: Blocking company ranges
« Reply #1 on: April 20, 2018, 07:24:30 am »
This maybe a stupid question or one that's already been asked but on cracking open one of the lists that blocklist.com gives me for apple inside all I found was a range so it got me thinking can you just block a range in pfsense or pfbloker?

example
 
        ns3.bbc.co.uk             156.154.66.17  2610:a1:1015::17
        ns3.bbc.net.uk
        ns4.bbc.co.uk             156.154.67.17  2001:502:4612::17
        ns4.bbc.net.uk

 Can I just block 156.154.66.17-156.154.67.17 instead of the hole list?

or just 156.154.66.17/16

if you want to block by IPv4 address only use 156.154.66.17/24 &156.154.67.17/24 156.154.66.17/32 &156.154.67.17/32 AS13037 just the IP addresses.

If you want to block the range you need to see where the network starts and use a mask the included both IP addresses, the above two lie in 156.154.66.0/23.

Anyhow the addresses you've listed are the BBC name servers, not really much point blocking those.

FYI looks like the BBC use the following subnets, i'm sure there are more :-

AS2818 is used by the BBC

mac-pro:~ andy$ whois -h whois.radb.net -- '-i origin AS2818' | grep ^route:
route:          132.185.0.0/16
route:          132.185.240.0/20
route:          132.185.128.0/20
route:          132.185.144.0/20
route:          212.58.224.0/19
route:          132.185.241.0/24
route:          212.58.224.0/24
route:          212.58.225.0/24
route:          212.58.226.0/24
route:          212.58.227.0/24
route:          212.58.228.0/24
route:          212.58.229.0/24
route:          212.58.230.0/24
route:          212.58.231.0/24
route:          212.58.232.0/24
route:          212.58.233.0/24
route:          212.58.234.0/24
route:          212.58.235.0/24
route:          212.58.236.0/24
route:          212.58.237.0/24
route:          212.58.238.0/24
route:          212.58.239.0/24
route:          212.58.240.0/24
route:          212.58.241.0/24
route:          212.58.242.0/24
route:          212.58.243.0/24
route:          212.58.244.0/24
route:          212.58.245.0/24
route:          212.58.246.0/24
route:          212.58.247.0/24
route:          212.58.248.0/24
route:          212.58.249.0/24
route:          212.58.250.0/24
route:          212.58.251.0/24
route:          212.58.252.0/24
route:          212.58.253.0/24
route:          212.58.254.0/24
route:          212.58.255.0/24
route:          212.58.224.0/20
route:          212.58.240.0/20
route:          132.185.240.0/24
route:          132.185.242.0/24
route:          132.185.243.0/24
route:          132.185.244.0/24
route:          132.185.245.0/24
route:          132.185.246.0/24
route:          132.185.247.0/24
route:          132.185.248.0/24
route:          132.185.249.0/24
route:          132.185.250.0/24
route:          132.185.251.0/24
route:          132.185.252.0/24
route:          132.185.253.0/24
route:          132.185.254.0/24
route:          132.185.255.0/24
route:          132.185.144.0/24
route:          132.185.145.0/24
route:          132.185.146.0/24
route:          132.185.147.0/24
route:          132.185.148.0/24
route:          132.185.149.0/24
route:          132.185.150.0/24
route:          132.185.151.0/24
route:          132.185.152.0/24
route:          132.185.153.0/24
route:          132.185.154.0/24
route:          132.185.155.0/24
route:          132.185.156.0/24
route:          132.185.157.0/24
route:          132.185.158.0/24
route:          132.185.159.0/24
route:          132.185.132.0/24

mac-pro:~ andy$ whois -h whois.radb.net -- '-i origin AS2818' | grep ^route6:
route6:          2001:41c0::/32
route6:          2001:41c0::/33
route6:          2001:41c1::/32
mac-pro:~ andy$


The IP addresses you list aren't using the BBC AS, they're using AS12008

route:      156.154.66.0/24
descr:      Neustar Ultra Services
origin:     AS12008
mnt-by:     MAINT-AS12008
changed:    lking@ultradns.com 20060926
source:     RADB

route:      156.154.67.0/24
descr:      Neustar Ultra Services
origin:     AS12008
mnt-by:     MAINT-AS12008
changed:    lking@ultradns.com 20060926
source:     RADB
« Last Edit: April 20, 2018, 07:46:51 am by NogBadTheBad »

Offline anttechs

  • Jr. Member
  • **
  • Posts: 37
  • Karma: +6/-3
  • I.T Specialist & PfSense & PfBlocker Fan!
    • View Profile
    • Ant-Tech.is
Re: Blocking company ranges
« Reply #2 on: April 20, 2018, 07:35:50 am »
Intel(R) Celeron(R) CPU J1900 @ 1.99GHz
Current: 1992 MHz, Max: 1993 MHz
4 CPUs: 1 package(s) x 4 core(s)
AES-NI CPU Crypto: No
8 Gig RAM
250GB SSD

https://ant-techs.is/ip-blocklists

Online johnpoz

  • Hero Member
  • *****
  • Posts: 16026
  • Karma: +1529/-221
  • Not a pfSense employee, they cannot fire me...
    • View Profile
Re: Blocking company ranges
« Reply #3 on: April 20, 2018, 07:41:58 am »
"if you want to block by IPv4 address only use 156.154.66.17/24 &156.154.67.17/24 or just the IP addresses."

Um if you want to block just the specific IP then the mask would be /32 not /24 or just the IP without a mask.
- An intelligent man is sometimes forced to be drunk to spend time with his fools.
- Please don't PM me for personal help
- if you want to say thanks applaud or https://www.freebsdfoundation.org/donate/
1x SG-2440 2.4.3-RELEASE (work)
1x SG-3100 2.4.3-RELEASE (work)
1x SG-4860 2.4.3-RELEASE-p1 (home)

Online NogBadTheBad

  • Hero Member
  • *****
  • Posts: 641
  • Karma: +51/-0
    • View Profile
Re: Blocking company ranges
« Reply #4 on: April 20, 2018, 07:45:40 am »
"if you want to block by IPv4 address only use 156.154.66.17/24 &156.154.67.17/24 or just the IP addresses."

Um if you want to block just the specific IP then the mask would be /32 not /24 or just the IP without a mask.

LOL indeed, trying to do 3 things at once

Online johnpoz

  • Hero Member
  • *****
  • Posts: 16026
  • Karma: +1529/-221
  • Not a pfSense employee, they cannot fire me...
    • View Profile
Re: Blocking company ranges
« Reply #5 on: April 20, 2018, 07:48:31 am »
Yeah it happens ;)  Just wanted to clarify it since users might take it as gospel vs just a typo...
- An intelligent man is sometimes forced to be drunk to spend time with his fools.
- Please don't PM me for personal help
- if you want to say thanks applaud or https://www.freebsdfoundation.org/donate/
1x SG-2440 2.4.3-RELEASE (work)
1x SG-3100 2.4.3-RELEASE (work)
1x SG-4860 2.4.3-RELEASE-p1 (home)