LogSat Software

Message Topic Search Topic Options Post Reply Create New Topic Printable Version Translate Topic

Is it possible to enter IP ranges in the IP blacklist? For example, if I want to block 218.237.0.0-218.239.255.255 how would it be entered?
Thanx - Cire

Author	Message Topic Search Topic Options Post Reply Create New Topic Printable Version Translate Topic
Cire Members Profile Send Private Message Find Members Posts Add to Buddy List Newbie Joined: 24 February 2005 Status: Offline Points: 8	Post Options Post Reply Quote Cire Report Post Thanks(0) Quote Reply Topic: Format of the IP blacklist Posted: 24 February 2005 at 4:34pm
	Is it possible to enter IP ranges in the IP blacklist? For example, if I want to block 218.237.0.0-218.239.255.255 how would it be entered? Thanx - Cire

LogSat Members Profile Send Private Message Find Members Posts Add to Buddy List Admin Group Joined: 25 January 2005 Location: United States Status: Offline Points: 4104	Post Options Post Reply Quote LogSat Report Post Thanks(0) Quote Reply Posted: 24 February 2005 at 6:20pm
	Cire, Ranges cannot be entered as the blacklist are expecting strings and string wildcards. In your example you will need to enter 3 entries: 218.237.0.0 218.238.0.0 218.239.0.0 to block all 3 subnets.
	Roberto Franceschetti LogSat Software Spam Filter ISP

Cire Members Profile Send Private Message Find Members Posts Add to Buddy List Newbie Joined: 24 February 2005 Status: Offline Points: 8	Post Options Post Reply Quote Cire Report Post Thanks(0) Quote Reply Posted: 25 February 2005 at 9:33am
	So, just to make sure I understand this completely. A 0 is a wildcard? So, 218.237.0.0 means to block 218.237.0.0/16, correct? This method seems to me to have some problems. What if you wanted to block was 218.237.0.0/24? Thanx - Cire

LogSat Members Profile Send Private Message Find Members Posts Add to Buddy List Admin Group Joined: 25 January 2005 Location: United States Status: Offline Points: 4104	Post Options Post Reply Quote LogSat Report Post Thanks(0) Quote Reply Posted: 25 February 2005 at 3:35pm
	You are right, that would be a problem, as the whole 218.237.xx.xx network would be blocked by entering 218.237.0.0. We won't be able to change this behavior as doing so would "break" all the IP lists being used by users. An option may be to just limit the wildcard to a class C pool of addresses, thus considering only the last zero as a wildcard. We'll be thinking this over and maybe run a poll for our users to see what the preference would be.
	Roberto Franceschetti LogSat Software Spam Filter ISP

pcmatt Members Profile Send Private Message Find Members Posts Add to Buddy List Senior Member Joined: 15 February 2005 Location: United States Status: Offline Points: 116	Post Options Post Reply Quote pcmatt Report Post Thanks(0) Quote Reply Posted: 27 February 2005 at 11:34pm
	There are problems with any one method of blocking or whitelisting, that's why SpamFilter gives us the variety of blocking and whitelisting capabilities. The answer to how do you block 218.237.0.0/24 is that you list 254 IP's. Rarely a necessity. It's more likely that you would want to block 218.237.0.0 and whitelist 218.237.0.* which the program handles just fine as is. So, my vote is that it's useful to be able to block using two wildcards. My vote is to leave it as is having a global available for the last two bytes until SpamFilter can calculate the IP's in memory and we can list subnets in simpliest format using IP/Mask in the blocklist like 82.154.0.0/15 for the range 82.155.0.0 - 82.155.127.255
	-Matt R

Desperado Members Profile Send Private Message Find Members Posts Add to Buddy List Senior Member Joined: 27 January 2005 Location: United States Status: Offline Points: 1143	Post Options Post Reply Quote Desperado Report Post Thanks(0) Quote Reply Posted: 28 February 2005 at 12:58am
	For what it is worth, my vote is to run your own dnsbl list as we do. That gives you the ability to block what and only what you want to block. Dan S.
	The Desperado Dan Seligmann. Work: http://www.mags.net Personal: http://www.desperado.com

Cire Members Profile Send Private Message Find Members Posts Add to Buddy List Newbie Joined: 24 February 2005 Status: Offline Points: 8	Post Options Post Reply Quote Cire Report Post Thanks(0) Quote Reply Posted: 28 February 2005 at 9:12am
	Dan, How did you implement your own dnsbl? Thanx - Cire

Desperado Members Profile Send Private Message Find Members Posts Add to Buddy List Senior Member Joined: 27 January 2005 Location: United States Status: Offline Points: 1143	Post Options Post Reply Quote Desperado Report Post Thanks(0) Quote Reply Posted: 28 February 2005 at 4:32pm
	Cire, First of all, it really depends on what OS you are using for DNS BUT ... The first thing you will want to do is create a "Delegation" to the DNS Server that will be hosting the DNSBL zones. So, in my setup, the dnsbl is hosted on "resolver.mags.net" and mags.net is hosted on several dns servers but the Primary DNS is on "ns1.mags.net". In the "mags.net" zone file on that server I have: ; Delegated sub-zone: dnsbl.mags.net. ; dnsbl NS resolver.mags.net. ; End delegation On the server "resolver.mags.net, I have a Forward zone file "dnsbl.mags.net" If I want to block 100.50.25.10 I have an entry in the zone file of: 10.25.50.100 A 127.0.0.2 If I want to block 100.50.25.0/24 I have: *.25.50.100 A 127.0.0.2 Does this help? Regards, Dan S. Edited by Desperado
	The Desperado Dan Seligmann. Work: http://www.mags.net Personal: http://www.desperado.com

LogSat Software

Site Navigation[Skip]

Spam Filter ISP Support Forum

Format of the IP blacklist