LinuxQuestions.org - Does anyone have a list of A blocks used in the US? (or A block used outside the US)

- Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)

- - Does anyone have a list of A blocks used in the US? (or A block used outside the US) (https://www.linuxquestions.org/questions/linux-security-4/does-anyone-have-a-list-of-a-blocks-used-in-the-us-or-a-block-used-outside-the-us-929142/)

Does anyone have a list of A blocks used in the US? (or A block used outside the US)

Does anyone have a list of A blocks used in the US? (or A block used outside the US)

I found listing by country but the list is really long, and summarizing into A block would be a lot shorter.

I understand there may be some overlap.

I have a server in particular I want to restrict to US only IPs (I know someone can still use a proxy).

TIA

To ask a potentially stupid question, what do you mean by A block? Do you mean Autonomous System Numbers?

You are correct that the ipV4 address space is an absolute mess. The best I have found are some country code lists, like you mention, but these change frequently. For your application, you might be able to make use of the GEOIP, which from a quick search seems to have some API's available for it.

Quote:

I have a server in particular I want to restrict to US only IPs (I know someone can still use a proxy).

You could use iptables
http://www.linksysinfo.org/index.php...ptables.35548/

Kind regards

Hi, no, I mean Class A

I came up with the following, which I know is not accurate:

Code:

23.0.0.0/8

142.0.0.0/8

171.0.0.0/8

196.0.0.0/8

99.0.0.0/8

107.0.0.0/8

200.0.0.0/8

100.0.0.0/8

97.0.0.0/8

154.0.0.0/8

163.0.0.0/8

153.0.0.0/8

75.0.0.0/8

166.0.0.0/8

169.0.0.0/8

71.0.0.0/8

174.0.0.0/8

160.0.0.0/8

151.0.0.0/8

98.0.0.0/8

136.0.0.0/8

141.0.0.0/8

108.0.0.0/8

139.0.0.0/8

150.0.0.0/8

50.0.0.0/8

184.0.0.0/8

157.0.0.0/8

164.0.0.0/8

148.0.0.0/8

156.0.0.0/8

70.0.0.0/8

76.0.0.0/8

152.0.0.0/8

63.0.0.0/8

135.0.0.0/8

162.0.0.0/8

96.0.0.0/8

168.0.0.0/8

146.0.0.0/8

132.0.0.0/8

147.0.0.0/8

130.0.0.0/8

161.0.0.0/8

143.0.0.0/8

158.0.0.0/8

134.0.0.0/8

138.0.0.0/8

159.0.0.0/8

165.0.0.0/8

149.0.0.0/8

137.0.0.0/8

140.0.0.0/8

129.0.0.0/8

155.0.0.0/8

144.0.0.0/8

167.0.0.0/8

65.0.0.0/8

128.0.0.0/8

131.0.0.0/8

170.0.0.0/8

68.0.0.0/8

173.0.0.0/8

24.0.0.0/8

72.0.0.0/8

67.0.0.0/8

207.0.0.0/8

69.0.0.0/8

74.0.0.0/8

209.0.0.0/8

64.0.0.0/8

66.0.0.0/8

206.0.0.0/8

216.0.0.0/8

205.0.0.0/8

208.0.0.0/8

204.0.0.0/8

199.0.0.0/8

198.0.0.0/8

192.0.0.0/8

Hi,

so is this country IP blocks too long?

I selected United states and got a list with 41000 lines (attachment - rename pdf to ZIP)
which I think it may be really too much for a firewall / or maybe not, I don't know about limits in IPTABLEs.

good luck

Quote:

Originally Posted by lithos (Post 4601501)

Yes, Iptables was giving an error with that many lines, plus it took 7+ minutes to restart before I stopped it.

Quote:

Originally Posted by abefroman (Post 4601526)

Yes, Iptables was giving an error with that many lines, plus it took 7+ minutes to restart before I stopped it.

Unnecessary if you use ipset (iphash) or the iptables recent module.

Quote:

Originally Posted by unSpawn (Post 4601543)

Unnecessary if you use ipset (iphash) or the iptables recent module.

Actually I use APF http://rfxnetworks.com, so the list length might be OK for iptables but not APF. So meant to restart apf takes that long.