Feature request : Import white-list prefix list

[adel75]

Hi,

 

I would like to be able to import as an additional personal whitelist a file of the format :

 

#cat AMAZON-EC2.iplist 

 

 

 

 

this would then be used in the geofilter as a selectable active whitelist (in addition to the generic ones)

 

I'm pretty sure that adding all the Amazon EC2/Azure/DemonWare ip subnet derived from their ASN could help in some situation to make strict mode more stable.

[Netduma Fraser]

Hey Adel, sorry about removing them, I have saved them so they aren't lost. I just don't want to have them viewable on the public forum That is a good idea, but I imagine that would be a nightmare for support of people adding loads that do more harm than good. I know we do have quite a few of them already but I'll see if we can add any we haven't so far, thanks very much

[adel75]

These IP are public information, I provided to Iain via private msg tools to derivate all those IP prefix from ASN or ASN Macro.

This way we are guaranteed to get all the IP adresses from EC2/Azure/Sony/DemonWare or any cloud provider (Oracle Cloud/Rackspace too).

 

this is the kind of tools i use  to create automated prefix-list on BGP peering at work. 

 

one way to integrate them here is to create dummy countries on iptables geoip module to complement maxmind database, say PSN,AMZ, AZR,DMW and just use them on the iptables chains used to block or mark traffic for tc.

[Netduma Fraser]

I'll get Iain to look into it once he's back from his break

[Netduma Fraser]

Hey adel, I think Iain may have responded to you already but we'll be updating the cloud sometime next week, probably Tuesday so will include all of those servers  

[adel75]

Hey adel, I think Iain may have responded to you already but we'll be updating the cloud sometime next week, probably Tuesday so will include all of those servers

 

nice