Subnet limitations for CC block list

Post Reply
Junior Member
Posts: 1
Joined: 14 Mar 2012, 11:20

Subnet limitations for CC block list

Post by newhost »


I'm just configuring a CSF instance for a client and he required that certain countries should not be able to access his website. We're talking China, Ukraine and Russia due to their famous botnets. The problem is that the firewall is loaded with thousands of rules representing the subnets allocated to those countries.
I have no intention however to load the firewall rule set with a huge number of /30 /29 subnets and so on. The abusers are always member of larger IP allocation blocks.
As such it would be nice to improve the CC block list by allowing me to select a threshold for the subnets. For instance I would like to ignore any subnet smaller than /24 as it's likely that these small subnets will not have bots and if they have, they will be so few that their attack impact will be insignifiant.

Please let me know if that's possible.

Thank you.
Posts: 3537
Joined: 09 Dec 2006, 18:13

Re: Subnet limitations for CC block list

Post by chirpy »

I'll put this on the dev list for future consideration.
Post Reply