Blocking whole netblocks

Spenser

Active member
Hi!

Is there a way to block netblocks that don't have /8, /16 or /24 masks?

Example: there is a lot of SPAM vom PEG from the network 142.4.96.0/19. I would like to block the whole netblock. Any way to do this?


Thanks!
 
That mask you refer to is called CIDR and is exactly what you're looking for. You can add that CIDR to iptables and the entire address range associated with 142.4.96.0/19 will be blocked.
 
No, I can't.
In front of the server I run cloudflare to prevent ddos and hacking attacks and thus I can't block traffic using iptables as there is no direct connection to the client.
 
Have you tried adding any of them to your /admin.php?banning/ips

Haven't tried it myself but I would guess it should help you.

Code:
142.4.96.*
 
142.4.97.*
 
142.4.98.*
 
142.4.99.*
 
142.4.101.*
 
142.4.102.*
 
142.4.103.*
 
142.4.104.*
 
142.4.105.*
 
142.4.106.*
 
142.4.107.*
 
142.4.108.*
 
142.4.109.*
 
142.4.110.*
 
142.4.111.*
 
142.4.112.*
 
142.4.113.*
 
142.4.114.*
 
142.4.115.*
 
142.4.116.*
 
142.4.117.*
 
142.4.118.*
 
142.4.119.*
 
142.4.120.*
 
142.4.121.*
 
142.4.122.*
 
142.4.123.*
 
142.4.124.*
 
142.4.125.*
 
142.4.126.*
 
142.4.127.*
 
Blocking via admin panel only support /8, /16 and /24. I want to add "odd" numbers like /19 oder /20.
Have you tried adding any of them to your /admin.php?banning/ips

Haven't tried it myself but I would guess it should help you.

Code:
142.4.96.*
 
142.4.97.*
 
142.4.98.*
 
142.4.99.*
 
142.4.101.*
 
142.4.102.*
 
142.4.103.*
 
142.4.104.*
 
142.4.105.*
 
142.4.106.*
 
142.4.107.*
 
142.4.108.*
 
142.4.109.*
 
142.4.110.*
 
142.4.111.*
 
142.4.112.*
 
142.4.113.*
 
142.4.114.*
 
142.4.115.*
 
142.4.116.*
 
142.4.117.*
 
142.4.118.*
 
142.4.119.*
 
142.4.120.*
 
142.4.121.*
 
142.4.122.*
 
142.4.123.*
 
142.4.124.*
 
142.4.125.*
 
142.4.126.*
 
142.4.127.*
the above covers this ->142.4.96.0/19

and if I am not mistaken 142.4.127.* is = 142.4.127.0/24
 
Enable Client IP in Header in your httpd daemon. You'll now have the users real IP traffic the server not the CF masking, allowing you to block them in CSF or iptables.
 
iptables is too low level, so you're right - you won't be able to use that. I'm not sure if you can do any config like this in CloudFlare itself.
 
iptables is too low level, so you're right - you won't be able to use that. I'm not sure if you can do any config like this in CloudFlare itself.
Cloudflare isn't helpful in this as it seems that the captchas are circumvented manually. Right now most captcha-based spam prevention systems don't work.

Right now I have made up a way to add the ranges to a .htaccess.
I'd rather have it covered at Xenforo.
 
Top Bottom