Spam Filter ISP Support Forum

  New Posts New Posts RSS Feed - Format of the IP blacklist
  FAQ FAQ  Forum Search   Register Register  Login Login

Format of the IP blacklist

 Post Reply Post Reply
Author
Cire View Drop Down
Newbie
Newbie


Joined: 24 February 2005
Status: Offline
Points: 8
Post Options Post Options   Thanks (0) Thanks(0)   Quote Cire Quote  Post ReplyReply Direct Link To This Post Topic: Format of the IP blacklist
    Posted: 24 February 2005 at 4:34pm

 

Is it possible to enter IP ranges in the IP blacklist? For example, if I want to block 218.237.0.0-218.239.255.255 how would it be entered?

Thanx - Cire

Back to Top
LogSat View Drop Down
Admin Group
Admin Group
Avatar

Joined: 25 January 2005
Location: United States
Status: Offline
Points: 4104
Post Options Post Options   Thanks (0) Thanks(0)   Quote LogSat Quote  Post ReplyReply Direct Link To This Post Posted: 24 February 2005 at 6:20pm
Cire,

Ranges cannot be entered as the blacklist are expecting strings and string wildcards. In your example you will need to enter 3 entries:

218.237.0.0
218.238.0.0
218.239.0.0

to block all 3 subnets.
Roberto Franceschetti

LogSat Software

Spam Filter ISP
Back to Top
Cire View Drop Down
Newbie
Newbie


Joined: 24 February 2005
Status: Offline
Points: 8
Post Options Post Options   Thanks (0) Thanks(0)   Quote Cire Quote  Post ReplyReply Direct Link To This Post Posted: 25 February 2005 at 9:33am

So, just to make sure I understand this completely. A 0 is a wildcard? So, 218.237.0.0 means to block 218.237.0.0/16, correct? This method seems to me to have some problems. What if you wanted to block was 218.237.0.0/24?

Thanx - Cire

Back to Top
LogSat View Drop Down
Admin Group
Admin Group
Avatar

Joined: 25 January 2005
Location: United States
Status: Offline
Points: 4104
Post Options Post Options   Thanks (0) Thanks(0)   Quote LogSat Quote  Post ReplyReply Direct Link To This Post Posted: 25 February 2005 at 3:35pm
You are right, that would be a problem, as the whole 218.237.xx.xx network would be blocked by entering 218.237.0.0.

We won't be able to change this behavior as doing so would "break" all the IP lists being used by users. An option may be to just limit the wildcard to a class C pool of addresses, thus considering only the last zero as a wildcard.

We'll be thinking this over and maybe run a poll for our users to see what the preference would be.
Roberto Franceschetti

LogSat Software

Spam Filter ISP
Back to Top
pcmatt View Drop Down
Senior Member
Senior Member
Avatar

Joined: 15 February 2005
Location: United States
Status: Offline
Points: 116
Post Options Post Options   Thanks (0) Thanks(0)   Quote pcmatt Quote  Post ReplyReply Direct Link To This Post Posted: 27 February 2005 at 11:34pm

There are problems with any one method of blocking or whitelisting, that's why SpamFilter gives us the variety of blocking and whitelisting capabilities.

The answer to how do you block 218.237.0.0/24 is that you list 254 IP's.  Rarely a necessity.  It's more likely that you would want to block 218.237.0.0 and whitelist 218.237.0.* which the program handles just fine as is.

So, my vote is that it's useful to be able to block using two wildcards. 

My vote is to leave it as is having a global available for the last two bytes until SpamFilter can calculate the IP's in memory and we can list subnets in simpliest format using IP/Mask in the blocklist like 82.154.0.0/15  for the range 82.155.0.0 - 82.155.127.255

-Matt R
Back to Top
Desperado View Drop Down
Senior Member
Senior Member
Avatar

Joined: 27 January 2005
Location: United States
Status: Offline
Points: 1143
Post Options Post Options   Thanks (0) Thanks(0)   Quote Desperado Quote  Post ReplyReply Direct Link To This Post Posted: 28 February 2005 at 12:58am

For what it is worth, my vote is to run your own dnsbl list as we do. That gives you the ability to block what and only what you want to block.

Dan S.

The Desperado
Dan Seligmann.
Work: http://www.mags.net
Personal: http://www.desperado.com

Back to Top
Cire View Drop Down
Newbie
Newbie


Joined: 24 February 2005
Status: Offline
Points: 8
Post Options Post Options   Thanks (0) Thanks(0)   Quote Cire Quote  Post ReplyReply Direct Link To This Post Posted: 28 February 2005 at 9:12am

Dan,

How did you implement your own dnsbl?

Thanx - Cire

Back to Top
Desperado View Drop Down
Senior Member
Senior Member
Avatar

Joined: 27 January 2005
Location: United States
Status: Offline
Points: 1143
Post Options Post Options   Thanks (0) Thanks(0)   Quote Desperado Quote  Post ReplyReply Direct Link To This Post Posted: 28 February 2005 at 4:32pm
Cire,

First of all, it really depends on what OS you are using for DNS BUT ...

The first thing you will want to do is create a "Delegation" to the DNS Server that will be hosting the DNSBL zones.   So, in my setup, the dnsbl is hosted on "resolver.mags.net" and mags.net is hosted on several dns servers but the Primary DNS is on "ns1.mags.net".   In the "mags.net" zone file on that server I have:

;  Delegated sub-zone:  dnsbl.mags.net.
;
dnsbl    NS    resolver.mags.net.
;  End delegation

On the server "resolver.mags.net, I have a Forward zone file "dnsbl.mags.net"

If I want to block 100.50.25.10 I have an entry in the zone file of:
10.25.50.100    A    127.0.0.2

If I want to block 100.50.25.0/24 I have:
*.25.50.100    A    127.0.0.2

Does this help?

Regards,
Dan S.


Edited by Desperado
The Desperado
Dan Seligmann.
Work: http://www.mags.net
Personal: http://www.desperado.com

Back to Top
 Post Reply Post Reply
  Share Topic   

Forum Jump Forum Permissions View Drop Down



This page was generated in 0.281 seconds.