CIDR range not being blocked

jimlongo · Post by **jimlongo** » 04 Sep 2018, 16:15

Hi, I've added 54.36.0.0/15 to the Deny file
I still get all kinds of hits to my pages from IPs in these ranges.
Is there some setting I'm missing?

Code: Select all

root@vps [~]# csf --grep 54.36.148.69

Table  Chain            num   pkts bytes target     prot opt in     out     source               destination

filter DENYIN           167      0     0 DROP       all  --  !lo    *       54.36.0.0/15         0.0.0.0/0

filter DENYOUT          164      0     0 REJECT     all  --  *      !lo     0.0.0.0/0            54.36.0.0/15         reject-with icmp-port-unreachable

Permanent Blocks (csf.deny): 54.36.0.0/15  # OVH-DEDICATED-FO manually added 09-04-18

I also tried replacing that CIDR range with 54.36.0.0/16 and 54.37.0.0/16, makes no difference.
All the offending IPs seem to be in the 54.36.x.x range, but that could just be today.

Thanks if you have any ideas.

sawbuck · Post by **sawbuck** » 04 Sep 2018, 19:27

I'd try adding both 54.36.0.0/15, and 54.38.0.0/16

jimlongo · Post by **jimlongo** » 04 Sep 2018, 19:30

Thanks, that is what I currently have. (54.36.0.0/15, and 54.38.0.0/16)

A whois check returns that

NetRange: 54.36.0.0 - 54.38.255.255
CIDR: 54.38.0.0/16, 54.36.0.0/15

But 600 hits from 54.36.148.n and 54.36.149.n in the last 2 hours.

I don't know if this helps, but when I restart CSF, it spits out the following . . .

Code: Select all

csf: FASTSTART loading csf.deny (IPv4)
...
DROP  tcp opt -- in !lo out *  125.212.219.42  -> 0.0.0.0/0   tcp dpt:20
DROP  tcp opt -- in !lo out *  125.212.219.42  -> 0.0.0.0/0   tcp dpt:21
DROP  tcp opt -- in !lo out *  185.153.230.71  -> 0.0.0.0/0   tcp dpt:20
DROP  tcp opt -- in !lo out *  185.153.230.71  -> 0.0.0.0/0   tcp dpt:21
DROP  tcp opt -- in !lo out *  177.36.46.178  -> 0.0.0.0/0   tcp dpt:20
DROP  tcp opt -- in !lo out *  177.36.46.178  -> 0.0.0.0/0   tcp dpt:21
DROP  tcp opt -- in !lo out *  51.255.121.90  -> 0.0.0.0/0   tcp dpt:20
DROP  tcp opt -- in !lo out *  51.255.121.90  -> 0.0.0.0/0   tcp dpt:21
DROP  tcp opt -- in !lo out *  47.88.216.10  -> 0.0.0.0/0   tcp dpt:20
DROP  tcp opt -- in !lo out *  47.88.216.10  -> 0.0.0.0/0   tcp dpt:21
DROP  tcp opt -- in !lo out *  223.205.245.221  -> 0.0.0.0/0   tcp dpt:25
DROP  tcp opt -- in !lo out *  223.205.245.221  -> 0.0.0.0/0   tcp dpt:465
DROP  tcp opt -- in !lo out *  223.205.245.221  -> 0.0.0.0/0   tcp dpt:587
DROP  tcp opt -- in !lo out *  112.213.89.101  -> 0.0.0.0/0   tcp dpt:20
DROP  tcp opt -- in !lo out *  112.213.89.101  -> 0.0.0.0/0   tcp dpt:21
DROP  tcp opt -- in !lo out *  50.62.176.37  -> 0.0.0.0/0   tcp dpt:20
DROP  tcp opt -- in !lo out *  50.62.176.37  -> 0.0.0.0/0   tcp dpt:21
DROP  tcp opt -- in !lo out *  198.71.227.47  -> 0.0.0.0/0   tcp dpt:20
DROP  tcp opt -- in !lo out *  198.71.227.47  -> 0.0.0.0/0   tcp dpt:21
DROP  tcp opt -- in !lo out *  24.249.185.247  -> 0.0.0.0/0   tcp dpt:20
DROP  tcp opt -- in !lo out *  24.249.185.247  -> 0.0.0.0/0   tcp dpt:21
DROP  tcp opt -- in !lo out *  187.111.220.2  -> 0.0.0.0/0   tcp dpt:25
DROP  tcp opt -- in !lo out *  187.111.220.2  -> 0.0.0.0/0   tcp dpt:465
DROP  tcp opt -- in !lo out *  187.111.220.2  -> 0.0.0.0/0   tcp dpt:587
DROP  tcp opt -- in !lo out *  186.233.220.214  -> 0.0.0.0/0   tcp dpt:25
DROP  tcp opt -- in !lo out *  186.233.220.214  -> 0.0.0.0/0   tcp dpt:465
DROP  tcp opt -- in !lo out *  186.233.220.214  -> 0.0.0.0/0   tcp dpt:587
DROP  tcp opt -- in !lo out *  186.237.129.90  -> 0.0.0.0/0   tcp dpt:25
DROP  tcp opt -- in !lo out *  186.237.129.90  -> 0.0.0.0/0   tcp dpt:465
DROP  tcp opt -- in !lo out *  186.237.129.90  -> 0.0.0.0/0   tcp dpt:587
csf: FASTSTART loading csf.allow (IPv4)
...

These are the temporary IP denys.

I see no mention of the 198 Permanent Deny IPs.

ConfigServer Community Forum

CIDR range not being blocked

CIDR range not being blocked

Re: CIDR range not being blocked

Re: CIDR range not being blocked