Order of blacklist and whitelist in skynet

[johnsmallberries]

I have skynet 8.0.7 and I also run fail2ban on the hosts. I've noticed recently that a lot of IPs in the gitlab CDN (using the skynet default whitelists) are coming through and getting blocked by fail2ban, even though I have the specific IP already banned in skynet from the abuseipdb list. Am I correct in that the order of precedence for skynet is whitelist takes priority over blacklist? Would there be any strategy to reverse that order?
Thanks.

 

[Adamm]

Whitelists by nature are supposed to prioritise a blacklist, this is by design. CDN whitelisting can be turned off at your own discretion.

 

[johnsmallberries]

That is interesting I had the following and the IP was passed through and eventually hit my fail2ban:

ipset list | egrep '20.102.0.0|20.102.40.205'
20.102.0.0/17 comment "CDN-Whitelist: Github"
20.102.40.205 comment "Imported: AbuseIPDB"

20.102.40.205 is in the Skynet-Blacklist.
Maybe something with the router. I rebooted and will monitor further and mention if the blacklisted ips are not getting trapped even thought there is a whitelist that covers the range.

 

[dave14305]

That is interesting I had the following and the IP was passed through and eventually hit my fail2ban:


20.102.40.205 is in the Skynet-Blacklist.
Maybe something with the router. I rebooted and will monitor further and mention if the blacklisted ips are not getting trapped even thought there is a whitelist that covers the range.

The whitelist always negates a blacklist entry. That’s what Adamm likely intended when he said “prioritise a blacklist”. It takes precedence over a blacklist.

 

[johnsmallberries]

Oh sorry yeah I interpreted his comments in the reverse. So everything works normally. I guess I'll try getting rid of some of the github CDN ranges or just deal with it through fail2ban. I guess the github CDN infrastructure is popular for attacks these days.