Jump to content

Feature request : Import white-list prefix list


Recommended Posts

Hi,

 

I would like to be able to import as an additional personal whitelist a file of the format :

 

#cat AMAZON-EC2.iplist 

 

 

 
 
this would then be used in the geofilter as a selectable active whitelist (in addition to the generic ones)
 
I'm pretty sure that adding all the Amazon EC2/Azure/DemonWare ip subnet derived from their ASN could help in some situation to make strict mode more stable.
Link to comment
Share on other sites

  • Administrators

Hey Adel, sorry about removing them, I have saved them so they aren't lost. I just don't want to have them viewable on the public forum :) That is a good idea, but I imagine that would be a nightmare for support of people adding loads that do more harm than good. I know we do have quite a few of them already but I'll see if we can add any we haven't so far, thanks very much :)

Link to comment
Share on other sites

These IP are public information, I provided to Iain via private msg tools to derivate all those IP prefix from ASN or ASN Macro.

This way we are guaranteed to get all the IP adresses from EC2/Azure/Sony/DemonWare or any cloud provider (Oracle Cloud/Rackspace too).

 

this is the kind of tools i use  to create automated prefix-list on BGP peering at work. 

 

one way to integrate them here is to create dummy countries on iptables geoip module to complement maxmind database, say PSN,AMZ, AZR,DMW and just use them on the iptables chains used to block or mark traffic for tc.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...