CIDR range not being blocked

3 posts Page 1 of 1
jimlongo
Junior Member
Posts: 18
Joined: 19 Oct 2013, 00:33


Hi, I've added 54.36.0.0/15 to the Deny file
I still get all kinds of hits to my pages from IPs in these ranges.
Is there some setting I'm missing?


Code: Select all
root@vps [~]# csf --grep 54.36.148.69

Table  Chain            num   pkts bytes target     prot opt in     out     source               destination

filter DENYIN           167      0     0 DROP       all  --  !lo    *       54.36.0.0/15         0.0.0.0/0

filter DENYOUT          164      0     0 REJECT     all  --  *      !lo     0.0.0.0/0            54.36.0.0/15         reject-with icmp-port-unreachable

Permanent Blocks (csf.deny): 54.36.0.0/15  # OVH-DEDICATED-FO manually added 09-04-18
I also tried replacing that CIDR range with 54.36.0.0/16 and 54.37.0.0/16, makes no difference.
All the offending IPs seem to be in the 54.36.x.x range, but that could just be today.

Thanks if you have any ideas.
sawbuck
Junior Member
Posts: 358
Joined: 10 Dec 2006, 16:20


I'd try adding both 54.36.0.0/15, and 54.38.0.0/16
jimlongo
Junior Member
Posts: 18
Joined: 19 Oct 2013, 00:33


Thanks, that is what I currently have. (54.36.0.0/15, and 54.38.0.0/16)

A whois check returns that

NetRange: 54.36.0.0 - 54.38.255.255
CIDR: 54.38.0.0/16, 54.36.0.0/15

But 600 hits from 54.36.148.n and 54.36.149.n in the last 2 hours.





I don't know if this helps, but when I restart CSF, it spits out the following . . .
Code: Select all
csf: FASTSTART loading csf.deny (IPv4)
...
DROP  tcp opt -- in !lo out *  125.212.219.42  -> 0.0.0.0/0   tcp dpt:20
DROP  tcp opt -- in !lo out *  125.212.219.42  -> 0.0.0.0/0   tcp dpt:21
DROP  tcp opt -- in !lo out *  185.153.230.71  -> 0.0.0.0/0   tcp dpt:20
DROP  tcp opt -- in !lo out *  185.153.230.71  -> 0.0.0.0/0   tcp dpt:21
DROP  tcp opt -- in !lo out *  177.36.46.178  -> 0.0.0.0/0   tcp dpt:20
DROP  tcp opt -- in !lo out *  177.36.46.178  -> 0.0.0.0/0   tcp dpt:21
DROP  tcp opt -- in !lo out *  51.255.121.90  -> 0.0.0.0/0   tcp dpt:20
DROP  tcp opt -- in !lo out *  51.255.121.90  -> 0.0.0.0/0   tcp dpt:21
DROP  tcp opt -- in !lo out *  47.88.216.10  -> 0.0.0.0/0   tcp dpt:20
DROP  tcp opt -- in !lo out *  47.88.216.10  -> 0.0.0.0/0   tcp dpt:21
DROP  tcp opt -- in !lo out *  223.205.245.221  -> 0.0.0.0/0   tcp dpt:25
DROP  tcp opt -- in !lo out *  223.205.245.221  -> 0.0.0.0/0   tcp dpt:465
DROP  tcp opt -- in !lo out *  223.205.245.221  -> 0.0.0.0/0   tcp dpt:587
DROP  tcp opt -- in !lo out *  112.213.89.101  -> 0.0.0.0/0   tcp dpt:20
DROP  tcp opt -- in !lo out *  112.213.89.101  -> 0.0.0.0/0   tcp dpt:21
DROP  tcp opt -- in !lo out *  50.62.176.37  -> 0.0.0.0/0   tcp dpt:20
DROP  tcp opt -- in !lo out *  50.62.176.37  -> 0.0.0.0/0   tcp dpt:21
DROP  tcp opt -- in !lo out *  198.71.227.47  -> 0.0.0.0/0   tcp dpt:20
DROP  tcp opt -- in !lo out *  198.71.227.47  -> 0.0.0.0/0   tcp dpt:21
DROP  tcp opt -- in !lo out *  24.249.185.247  -> 0.0.0.0/0   tcp dpt:20
DROP  tcp opt -- in !lo out *  24.249.185.247  -> 0.0.0.0/0   tcp dpt:21
DROP  tcp opt -- in !lo out *  187.111.220.2  -> 0.0.0.0/0   tcp dpt:25
DROP  tcp opt -- in !lo out *  187.111.220.2  -> 0.0.0.0/0   tcp dpt:465
DROP  tcp opt -- in !lo out *  187.111.220.2  -> 0.0.0.0/0   tcp dpt:587
DROP  tcp opt -- in !lo out *  186.233.220.214  -> 0.0.0.0/0   tcp dpt:25
DROP  tcp opt -- in !lo out *  186.233.220.214  -> 0.0.0.0/0   tcp dpt:465
DROP  tcp opt -- in !lo out *  186.233.220.214  -> 0.0.0.0/0   tcp dpt:587
DROP  tcp opt -- in !lo out *  186.237.129.90  -> 0.0.0.0/0   tcp dpt:25
DROP  tcp opt -- in !lo out *  186.237.129.90  -> 0.0.0.0/0   tcp dpt:465
DROP  tcp opt -- in !lo out *  186.237.129.90  -> 0.0.0.0/0   tcp dpt:587
csf: FASTSTART loading csf.allow (IPv4)
...
These are the temporary IP denys.

I see no mention of the 198 Permanent Deny IPs.
3 posts Page 1 of 1