Subnet limitations for CC block list
Posted: 14 Mar 2012, 11:28
Hello,
I'm just configuring a CSF instance for a client and he required that certain countries should not be able to access his website. We're talking China, Ukraine and Russia due to their famous botnets. The problem is that the firewall is loaded with thousands of rules representing the subnets allocated to those countries.
I have no intention however to load the firewall rule set with a huge number of /30 /29 subnets and so on. The abusers are always member of larger IP allocation blocks.
As such it would be nice to improve the CC block list by allowing me to select a threshold for the subnets. For instance I would like to ignore any subnet smaller than /24 as it's likely that these small subnets will not have bots and if they have, they will be so few that their attack impact will be insignifiant.
Please let me know if that's possible.
Thank you.
I'm just configuring a CSF instance for a client and he required that certain countries should not be able to access his website. We're talking China, Ukraine and Russia due to their famous botnets. The problem is that the firewall is loaded with thousands of rules representing the subnets allocated to those countries.
I have no intention however to load the firewall rule set with a huge number of /30 /29 subnets and so on. The abusers are always member of larger IP allocation blocks.
As such it would be nice to improve the CC block list by allowing me to select a threshold for the subnets. For instance I would like to ignore any subnet smaller than /24 as it's likely that these small subnets will not have bots and if they have, they will be so few that their attack impact will be insignifiant.
Please let me know if that's possible.
Thank you.