I was thinking how the limit port access by CC was useful but so large it might be more dangerous than it needs to be (on systems where port knocking just doesn't seem to work)
But maxmind also has an ASN database (GeoLite ASN) that is updated monthly, so should be accurate enough
So could it be possible to duplicate all the CC_ALLOW, etc. settings and have ASN_ALLOW ?
feature idea: restrict port access by ASN not just CC
-
ForumAdmin
- Moderator
- Posts: 1524
- Joined: 01 Oct 2008, 09:24
Re: feature idea: restrict port access by ASN not just CC
This was implemented in csf v8.12 
"Additional Feature: Added support for listing ASNs in all Country Code (CC_*) options"
"Additional Feature: Added support for listing ASNs in all Country Code (CC_*) options"
Re: feature idea: restrict port access by ASN not just CC
Oh wow I completely missed that. Awesome, thanks.
The downside of simply copying a csf.conf from one install to another.
The downside of simply copying a csf.conf from one install to another.
Re: feature idea: restrict port access by ASN not just CC
actually, could you give an example of how this should be formatted?ForumAdmin wrote:This was implemented in csf v8.12
"Additional Feature: Added support for listing ASNs in all Country Code (CC_*) options"
is it simply
CC_ALLOW = "AS1234"
???
-
ForumAdmin
- Moderator
- Posts: 1524
- Joined: 01 Oct 2008, 09:24
Re: feature idea: restrict port access by ASN not just CC
That's exactly it.