How to block 200K ip addresses?
Aminuddin
amin.scg at gmail.com
Sat Aug 25 16:49:55 PDT 2007
I intend to create a ruleset file consisting of this statement:
Ruleset------------------------
add 2300 skipto 2301 ip from 0.0.0.0/6 to any
add 2400 skipto 2401 ip from any to 0.0.0.0/6
add 2300 skipto 2302 ip from 4.0.0.0/6 to any
add 2400 skipto 2402 ip from any to 4.0.0.0/6
add 2300 skipto 2303 ip from 8.0.0.0/6 to any
add 2400 skipto 2403 ip from any to 8.0.0.0/6
add 2300 skipto 2304 ip from 12.0.0.0/6 to any
add 2400 skipto 2404 ip from any to 12.0.0.0/6
add 2300 skipto 2305 ip from 16.0.0.0/6 to any
add 2400 skipto 2405 ip from any to 16.0.0.0/6
add 2300 skipto 2306 ip from 20.0.0.0/6 to any
add 2400 skipto 2406 ip from any to 20.0.0.0/6
add 2300 skipto 2307 ip from 24.0.0.0/6 to any
add 2400 skipto 2407 ip from any to 24.0.0.0/6
add 2300 skipto 2308 ip from 28.0.0.0/6 to any
add 2400 skipto 2408 ip from any to 28.0.0.0/6
add 2300 skipto 2309 ip from 32.0.0.0/6 to any
add 2400 skipto 2409 ip from any to 32.0.0.0/6
add 2300 skipto 2310 ip from 36.0.0.0/6 to any
add 2400 skipto 2410 ip from any to 36.0.0.0/6
add 2300 skipto 2311 ip from 40.0.0.0/6 to any
add 2400 skipto 2411 ip from any to 40.0.0.0/6
add 2300 skipto 2312 ip from 44.0.0.0/6 to any
add 2400 skipto 2412 ip from any to 44.0.0.0/6
add 2300 skipto 2313 ip from 48.0.0.0/6 to any
add 2400 skipto 2413 ip from any to 48.0.0.0/6
add 2300 skipto 2314 ip from 52.0.0.0/6 to any
add 2400 skipto 2414 ip from any to 52.0.0.0/6
add 2300 skipto 2315 ip from 56.0.0.0/6 to any
add 2400 skipto 2415 ip from any to 56.0.0.0/6
add 2300 skipto 2316 ip from 60.0.0.0/6 to any
add 2400 skipto 2416 ip from any to 60.0.0.0/6
add 2300 skipto 2317 ip from 64.0.0.0/6 to any
add 2400 skipto 2417 ip from any to 64.0.0.0/6
add 2300 skipto 2318 ip from 68.0.0.0/6 to any
add 2400 skipto 2418 ip from any to 68.0.0.0/6
add 2300 skipto 2319 ip from 72.0.0.0/6 to any
add 2400 skipto 2419 ip from any to 72.0.0.0/6
add 2300 skipto 2320 ip from 76.0.0.0/6 to any
add 2400 skipto 2420 ip from any to 76.0.0.0/6
add 2300 skipto 2321 ip from 80.0.0.0/6 to any
add 2400 skipto 2421 ip from any to 80.0.0.0/6
add 2300 skipto 2322 ip from 84.0.0.0/6 to any
add 2400 skipto 2422 ip from any to 84.0.0.0/6
add 2300 skipto 2323 ip from 88.0.0.0/6 to any
add 2400 skipto 2423 ip from any to 88.0.0.0/6
add 2300 skipto 2324 ip from 92.0.0.0/6 to any
add 2400 skipto 2424 ip from any to 92.0.0.0/6
add 2300 skipto 2325 ip from 96.0.0.0/6 to any
add 2400 skipto 2425 ip from any to 96.0.0.0/6
add 2300 skipto 2326 ip from 100.0.0.0/6 to any
add 2400 skipto 2426 ip from any to 100.0.0.0/6
add 2300 skipto 2327 ip from 104.0.0.0/6 to any
add 2400 skipto 2427 ip from any to 104.0.0.0/6
add 2300 skipto 2328 ip from 108.0.0.0/6 to any
add 2400 skipto 2428 ip from any to 108.0.0.0/6
add 2300 skipto 2329 ip from 112.0.0.0/6 to any
add 2400 skipto 2429 ip from any to 112.0.0.0/6
add 2300 skipto 2330 ip from 116.0.0.0/6 to any
add 2400 skipto 2430 ip from any to 116.0.0.0/6
add 2300 skipto 2331 ip from 120.0.0.0/6 to any
add 2400 skipto 2431 ip from any to 120.0.0.0/6
add 2300 skipto 2332 ip from 124.0.0.0/6 to any
add 2400 skipto 2432 ip from any to 124.0.0.0/6
add 2300 skipto 2333 ip from 128.0.0.0/6 to any
add 2400 skipto 2433 ip from any to 128.0.0.0/6
add 2300 skipto 2334 ip from 132.0.0.0/6 to any
add 2400 skipto 2434 ip from any to 132.0.0.0/6
add 2300 skipto 2335 ip from 136.0.0.0/6 to any
add 2400 skipto 2435 ip from any to 136.0.0.0/6
add 2300 skipto 2336 ip from 140.0.0.0/6 to any
add 2400 skipto 2436 ip from any to 140.0.0.0/6
add 2300 skipto 2337 ip from 144.0.0.0/6 to any
add 2400 skipto 2437 ip from any to 144.0.0.0/6
add 2300 skipto 2338 ip from 148.0.0.0/6 to any
add 2400 skipto 2438 ip from any to 148.0.0.0/6
add 2300 skipto 2339 ip from 152.0.0.0/6 to any
add 2400 skipto 2439 ip from any to 152.0.0.0/6
add 2300 skipto 2340 ip from 156.0.0.0/6 to any
add 2400 skipto 2440 ip from any to 156.0.0.0/6
add 2300 skipto 2341 ip from 160.0.0.0/6 to any
add 2400 skipto 2441 ip from any to 160.0.0.0/6
add 2300 skipto 2342 ip from 164.0.0.0/6 to any
add 2400 skipto 2442 ip from any to 164.0.0.0/6
add 2300 skipto 2343 ip from 168.0.0.0/6 to any
add 2400 skipto 2443 ip from any to 168.0.0.0/6
add 2300 skipto 2344 ip from 172.0.0.0/6 to any
add 2400 skipto 2444 ip from any to 172.0.0.0/6
add 2300 skipto 2345 ip from 176.0.0.0/6 to any
add 2400 skipto 2445 ip from any to 176.0.0.0/6
add 2300 skipto 2346 ip from 180.0.0.0/6 to any
add 2400 skipto 2446 ip from any to 180.0.0.0/6
add 2300 skipto 2347 ip from 184.0.0.0/6 to any
add 2400 skipto 2447 ip from any to 184.0.0.0/6
add 2300 skipto 2348 ip from 188.0.0.0/6 to any
add 2400 skipto 2448 ip from any to 188.0.0.0/6
add 2300 skipto 2349 ip from 192.0.0.0/6 to any
add 2400 skipto 2449 ip from any to 192.0.0.0/6
add 2300 skipto 2350 ip from 196.0.0.0/6 to any
add 2400 skipto 2450 ip from any to 196.0.0.0/6
add 2300 skipto 2351 ip from 200.0.0.0/6 to any
add 2400 skipto 2451 ip from any to 200.0.0.0/6
add 2300 skipto 2352 ip from 204.0.0.0/6 to any
add 2400 skipto 2452 ip from any to 204.0.0.0/6
add 2300 skipto 2353 ip from 208.0.0.0/6 to any
add 2400 skipto 2453 ip from any to 208.0.0.0/6
add 2300 skipto 2354 ip from 212.0.0.0/6 to any
add 2400 skipto 2454 ip from any to 212.0.0.0/6
add 2300 skipto 2355 ip from 216.0.0.0/6 to any
add 2400 skipto 2455 ip from any to 216.0.0.0/6
add 2300 skipto 2356 ip from 220.0.0.0/6 to any
add 2400 skipto 2456 ip from any to 220.0.0.0/6
add 2300 skipto 2357 ip from 224.0.0.0/6 to any
add 2400 skipto 2457 ip from any to 224.0.0.0/6
add 2300 skipto 2358 ip from 228.0.0.0/6 to any
add 2400 skipto 2458 ip from any to 228.0.0.0/6
add 2300 skipto 2359 ip from 232.0.0.0/6 to any
add 2400 skipto 2459 ip from any to 232.0.0.0/6
add 2300 skipto 2360 ip from 236.0.0.0/6 to any
add 2400 skipto 2460 ip from any to 236.0.0.0/6
add 2300 skipto 2361 ip from 240.0.0.0/6 to any
add 2400 skipto 2461 ip from any to 240.0.0.0/6
add 2300 skipto 2362 ip from 244.0.0.0/6 to any
add 2400 skipto 2462 ip from any to 244.0.0.0/6
add 2300 skipto 2363 ip from 248.0.0.0/6 to any
add 2400 skipto 2463 ip from any to 248.0.0.0/6
add 2300 skipto 2364 ip from 252.0.0.0/6 to any
add 2400 skipto 2464 ip from any to 252.0.0.0/6
add 2301 deny ip from 3.0.0.0/8 to any
add 2401 reject ip from any to 3.0.0.0/8
add 2302 deny ip from 4.0.25.146/31 to any
add 2402 reject ip from any to 4.0.25.146/31
add 2302 deny ip from 4.0.25.148/32 to any
add 2402 reject ip from any to 4.0.25.148/32
add 2302 deny ip from 4.0.26.14/31 to any
add 2402 reject ip from any to 4.0.26.14/31
add 2302 deny ip from 4.0.26.16/28 to any
add 2402 reject ip from any to 4.0.26.16/28
add 2302 deny ip from 4.0.26.32/27 to any
add 2402 reject ip from any to 4.0.26.32/27
add 2302 deny ip from 4.0.26.64/26 to any
add 2402 reject ip from any to 4.0.26.64/26
add 2302 deny ip from 4.0.26.128/25 to any
add 2402 reject ip from any to 4.0.26.128/25
add 2302 deny ip from 4.0.27.0/24 to any
add 2402 reject ip from any to 4.0.27.0/24
add 2302 deny ip from 4.0.28.0/24 to any
add 2402 reject ip from any to 4.0.28.0/24
add 2302 deny ip from 4.0.29.0/28 to any
add 2402 reject ip from any to 4.0.29.0/28
add 2302 deny ip from 4.0.29.16/29 to any
add 2402 reject ip from any to 4.0.29.16/29
add 2302 deny ip from 4.0.29.24/32 to any
add 2402 reject ip from any to 4.0.29.24/32
add 2302 deny ip from 4.2.144.64/27 to any
add 2402 reject ip from any to 4.2.144.64/27
add 2302 deny ip from 4.2.144.224/29 to any
add 2402 reject ip from any to 4.2.144.224/29
add 2302 deny ip from 4.2.144.248/29 to any
add 2402 reject ip from any to 4.2.144.248/29
add 2302 deny ip from 4.2.145.224/28 to any
add 2402 reject ip from any to 4.2.145.224/28
add 2302 deny ip from 4.2.153.0/29 to any
add 2402 reject ip from any to 4.2.153.0/29
add 2302 deny ip from 4.2.153.32/27 to any
add 2402 reject ip from any to 4.2.153.32/27
add 2302 deny ip from 4.2.160.64/28 to any
add 2402 reject ip from any to 4.2.160.64/28
add 2302 deny ip from 4.2.161.0/29 to any
add 2402 reject ip from any to 4.2.161.0/29
add 2302 deny ip from 4.2.161.64/29 to any
add 2402 reject ip from any to 4.2.161.64/29
add 2302 deny ip from 4.2.162.128/29 to any
add 2402 reject ip from any to 4.2.162.128/29
add 2302 deny ip from 4.2.162.144/29 to any
add 2402 reject ip from any to 4.2.162.144/29
add 2302 deny ip from 4.2.162.160/27 to any
add 2402 reject ip from any to 4.2.162.160/27
add 2302 deny ip from 4.2.163.96/27 to any
add 2402 reject ip from any to 4.2.163.96/27
add 2302 deny ip from 4.2.169.0/26 to any
add 2402 reject ip from any to 4.2.169.0/26
add 2302 deny ip from 4.2.169.64/27 to any
add 2402 reject ip from any to 4.2.169.64/27
add 2302 deny ip from 4.2.169.112/29 to any
add 2402 reject ip from any to 4.2.169.112/29
add 2302 deny ip from 4.2.169.128/25 to any
add 2402 reject ip from any to 4.2.169.128/25
add 2302 deny ip from 4.2.170.32/27 to any
add 2402 reject ip from any to 4.2.170.32/27
add 2302 deny ip from 4.2.170.144/29 to any
add 2402 reject ip from any to 4.2.170.144/29
add 2302 deny ip from 4.2.172.0/24 to any
add 2402 reject ip from any to 4.2.172.0/24
add 2302 deny ip from 4.2.173.32/27 to any
add 2402 reject ip from any to 4.2.173.32/27
add 2302 deny ip from 4.2.176.32/27 to any
add 2402 reject ip from any to 4.2.176.32/27
add 2302 deny ip from 4.2.176.64/29 to any
add 2402 reject ip from any to 4.2.176.64/29
add 2302 deny ip from 4.2.176.88/29 to any
add 2402 reject ip from any to 4.2.176.88/29
add 2302 deny ip from 4.2.176.96/27 to any
add 2402 reject ip from any to 4.2.176.96/27
add 2302 deny ip from 4.2.179.32/28 to any
add 2402 reject ip from any to 4.2.179.32/28
add 2302 deny ip from 4.2.179.192/27 to any
add 2402 reject ip from any to 4.2.179.192/27
add 2302 deny ip from 4.2.179.232/29 to any
add 2402 reject ip from any to 4.2.179.232/29
add 2302 deny ip from 4.2.184.0/23 to any
add 2402 reject ip from any to 4.2.184.0/23
add 2302 deny ip from 4.2.186.0/24 to any
add 2402 reject ip from any to 4.2.186.0/24
add 2302 deny ip from 4.2.188.96/29 to any
add 2402 reject ip from any to 4.2.188.96/29
add 2302 deny ip from 4.2.188.128/25 to any
add 2402 reject ip from any to 4.2.188.128/25
add 2302 deny ip from 4.2.189.0/24 to any
add 2402 reject ip from any to 4.2.189.0/24
add 2302 deny ip from 4.2.192.0/28 to any
add 2402 reject ip from any to 4.2.192.0/28
add 2302 deny ip from 4.2.192.64/28 to any
add 2402 reject ip from any to 4.2.192.64/28
add 2302 deny ip from 4.2.192.96/27 to any
add 2402 reject ip from any to 4.2.192.96/27
add 2302 deny ip from 4.2.192.192/27 to any
add 2402 reject ip from any to 4.2.192.192/27
add 2302 deny ip from 4.2.193.0/25 to any
add 2402 reject ip from any to 4.2.193.0/25
add 2302 deny ip from 4.2.224.0/29 to any
add 2402 reject ip from any to 4.2.224.0/29
add 2302 deny ip from 4.2.224.32/27 to any
add 2402 reject ip from any to 4.2.224.32/27
add 2302 deny ip from 4.2.224.64/26 to any
add 2402 reject ip from any to 4.2.224.64/26
add 2302 deny ip from 4.2.225.80/29 to any
add 2402 reject ip from any to 4.2.225.80/29
add 2302 deny ip from 4.2.225.248/29 to any
add 2402 reject ip from any to 4.2.225.248/29
add 2302 deny ip from 4.2.226.152/29 to any
add 2402 reject ip from any to 4.2.226.152/29
add 2302 deny ip from 4.2.227.0/26 to any
add 2402 reject ip from any to 4.2.227.0/26
add 2302 deny ip from 4.2.227.72/29 to any
add 2402 reject ip from any to 4.2.227.72/29
add 2302 deny ip from 4.2.227.80/29 to any
add 2402 reject ip from any to 4.2.227.80/29
add 2302 deny ip from 4.2.227.128/29 to any
add 2402 reject ip from any to 4.2.227.128/29
add 2302 deny ip from 4.17.1.64/27 to any
add 2402 reject ip from any to 4.17.1.64/27
add 2302 deny ip from 4.17.2.0/25 to any
add 2402 reject ip from any to 4.17.2.0/25
add 2302 deny ip from 4.17.2.240/28 to any
add 2402 reject ip from any to 4.17.2.240/28
add 2302 deny ip from 4.17.3.128/26 to any
add 2402 reject ip from any to 4.17.3.128/26
add 2302 deny ip from 4.17.24.0/22 to any
add 2402 reject ip from any to 4.17.24.0/22
add 2302 deny ip from 4.17.28.0/24 to any
add 2402 reject ip from any to 4.17.28.0/24
add 2302 deny ip from 4.17.71.200/29 to any
add 2402 reject ip from any to 4.17.71.200/29
add 2302 deny ip from 4.17.130.32/27 to any
add 2402 reject ip from any to 4.17.130.32/27
add 2302 deny ip from 4.17.130.88/29 to any
add 2402 reject ip from any to 4.17.130.88/29
add 2302 deny ip from 4.17.137.224/27 to any
add 2402 reject ip from any to 4.17.137.224/27
add 2302 deny ip from 4.17.140.48/28 to any
add 2402 reject ip from any to 4.17.140.48/28
add 2302 deny ip from 4.17.150.112/28 to any
add 2402 reject ip from any to 4.17.150.112/28
add 2302 deny ip from 4.17.157.0/24 to any
add 2402 reject ip from any to 4.17.157.0/24
add 2302 deny ip from 4.17.159.64/26 to any
add 2402 reject ip from any to 4.17.159.64/26
add 2302 deny ip from 4.17.160.160/28 to any
add 2402 reject ip from any to 4.17.160.160/28
add 2302 deny ip from 4.17.160.240/29 to any
add 2402 reject ip from any to 4.17.160.240/29
add 2302 deny ip from 4.17.168.192/26 to any
add 2402 reject ip from any to 4.17.168.192/26
add 2302 deny ip from 4.17.172.64/27 to any
add 2402 reject ip from any to 4.17.172.64/27
add 2302 deny ip from 4.17.175.32/27 to any
add 2402 reject ip from any to 4.17.175.32/27
add 2302 deny ip from 4.17.180.0/23 to any
add 2402 reject ip from any to 4.17.180.0/23
add 2302 deny ip from 4.17.183.128/25 to any
add 2402 reject ip from any to 4.17.183.128/25
add 2302 deny ip from 4.17.192.0/27 to any
add 2402 reject ip from any to 4.17.192.0/27
add 2302 deny ip from 4.17.192.64/28 to any
add 2402 reject ip from any to 4.17.192.64/28
add 2302 deny ip from 4.17.192.128/25 to any
add 2402 reject ip from any to 4.17.192.128/25
add 2302 deny ip from 4.17.193.112/28 to any
add 2402 reject ip from any to 4.17.193.112/28
add 2302 deny ip from 4.17.193.128/25 to any
add 2402 reject ip from any to 4.17.193.128/25
add 2302 deny ip from 4.17.222.96/27 to any
add 2402 reject ip from any to 4.17.222.96/27
add 2302 deny ip from 4.17.229.0/27 to any
add 2402 reject ip from any to 4.17.229.0/27
add 2302 deny ip from 4.17.232.0/24 to any
add 2402 reject ip from any to 4.17.232.0/24
add 2302 deny ip from 4.18.0.0/24 to any
add 2402 reject ip from any to 4.18.0.0/24
add 2302 deny ip from 4.18.5.128/26 to any
add 2402 reject ip from any to 4.18.5.128/26
add 2302 deny ip from 4.18.6.32/27 to any
add 2402 reject ip from any to 4.18.6.32/27
add 2302 deny ip from 4.18.26.0/25 to any
add 2402 reject ip from any to 4.18.26.0/25
add 2302 deny ip from 4.18.26.128/29 to any
add 2402 reject ip from any to 4.18.26.128/29
add 2302 deny ip from 4.18.32.16/28 to any
add 2402 reject ip from any to 4.18.32.16/28
add 2302 deny ip from 4.18.32.80/28 to any
add 2402 reject ip from any to 4.18.32.80/28
add 2302 deny ip from 4.18.32.96/27 to any
add 2402 reject ip from any to 4.18.32.96/27
add 2302 deny ip from 4.18.32.128/27 to any
add 2402 reject ip from any to 4.18.32.128/27
add 2302 deny ip from 4.18.32.208/29 to any
add 2402 reject ip from any to 4.18.32.208/29
add 2302 deny ip from 4.18.32.224/28 to any
add 2402 reject ip from any to 4.18.32.224/28
add 2302 deny ip from 4.18.34.0/27 to any
add 2402 reject ip from any to 4.18.34.0/27
add 2302 deny ip from 4.18.34.136/29 to any
add 2402 reject ip from any to 4.18.34.136/29
add 2302 deny ip from 4.18.34.224/29 to any
add 2402 reject ip from any to 4.18.34.224/29
add 2302 deny ip from 4.18.35.16/29 to any
add 2402 reject ip from any to 4.18.35.16/29
add 2302 deny ip from 4.18.35.48/28 to any
add 2402 reject ip from any to 4.18.35.48/28
add 2302 deny ip from 4.18.35.200/29 to any
add 2402 reject ip from any to 4.18.35.200/29
add 2302 deny ip from 4.18.35.224/27 to any
add 2402 reject ip from any to 4.18.35.224/27
add 2302 deny ip from 4.18.36.0/26 to any
add 2402 reject ip from any to 4.18.36.0/26
add 2302 deny ip from 4.18.37.16/28 to any
add 2402 reject ip from any to 4.18.37.16/28
add 2302 deny ip from 4.18.37.128/25 to any
add 2402 reject ip from any to 4.18.37.128/25
add 2302 deny ip from 4.18.38.0/24 to any
------------------------------------end ruleset
Will the above rules block me from ssh into my remote server if the ip
addresses of my local pc (dynamic ip) not within any of the above rules ip
range as well as block my snmpd services?
-----Original Message-----
From: Dan Nelson [mailto:dnelson at allantgroup.com]
Sent: Sunday, August 26, 2007 5:14 AM
To: Aminuddin
Cc: freebsd-questions at freebsd.org
Subject: Re: How to block 200K ip addresses?
In the last episode (Aug 26), Aminuddin said:
> How do you block this large range of ip addresses from different
> subnet? IPFW only allows 65536 rules while this will probably use up
> a few hundred thousands of lines.
>
> I'm also trying to add this into my proxy configuration file, ss5.conf but
> it doesn't allow me to add this large number.
>
> IS this the limitation of IPF or FreeBSD? How do I work around this?
Even though there are 65536 rule numbers, each number can actually have
any amount of rules assigned to it. What you're probably looking for,
though, is ipfw's table keyword, which uses the same radix tree lookup
format as the kernel's routing tables, so it scales well to large
amounts of sparse addresses. man ipfw, search for "lookup tables".
--
Dan Nelson
dnelson at allantgroup.com
More information about the freebsd-questions
mailing list