Page 1 of 1
feature idea: restrict port access by ASN not just CC
Posted: 28 May 2016, 09:50
by aww+
I was thinking how the limit port access by CC was useful but so large it might be more dangerous than it needs to be (on systems where port knocking just doesn't seem to work)
But maxmind also has an ASN database (GeoLite ASN) that is updated monthly, so should be accurate enough
So could it be possible to duplicate all the CC_ALLOW, etc. settings and have ASN_ALLOW ?
Re: feature idea: restrict port access by ASN not just CC
Posted: 28 May 2016, 09:59
by ForumAdmin
This was implemented in csf v8.12
"Additional Feature: Added support for listing ASNs in all Country Code (CC_*) options"
Re: feature idea: restrict port access by ASN not just CC
Posted: 29 May 2016, 13:25
by aww+
Oh wow I completely missed that. Awesome, thanks.
The downside of simply copying a csf.conf from one install to another.
Re: feature idea: restrict port access by ASN not just CC
Posted: 17 Jun 2016, 19:00
by aww+
ForumAdmin wrote:This was implemented in csf v8.12
"Additional Feature: Added support for listing ASNs in all Country Code (CC_*) options"
actually, could you give an example of how this should be formatted?
is it simply
CC_ALLOW = "AS1234"
???
Re: feature idea: restrict port access by ASN not just CC
Posted: 17 Jun 2016, 20:42
by ForumAdmin
That's exactly it.