What's new

Skynet Skynet - blacklist bulk ip ranges

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

fredmc

Occasional Visitor
Hi,

Long time lurker but this is actually my first post.

Thank you for all the hard work creating and maintaining skynet - and the same to merlin and all the other add-ons creators and maintainers. Asuswrt-merlin is the sole reason I keep investing in these equipments.

I have the habit of blocking the ip range for all ips detected by the Two-Way Intrusion Prevention System. This is usually fine as I get a couple attacks per week and I can easily update using the readme method. Last week I had an attack coming from many different ip addresses - mostly from Verizon Business, Charter Communications, Frontier Communications and Optimum Online. These ip's belong to over 30 different ip ranges.

Also, last time I did a full reset to the router I had to spend some time manually adding all the ranges I had previously blocked.

I was wondering if there is a way to import a bulk range of ip ranges, or a file I can edit, to add ip ranges in bulk (each one with it's own comment). As per the read me, I think I can only import a blacklist file.txt but I think it only works for individual ip's and it adds them all with the same comment?

Thank you in advance for your help.
 
Hi,

Long time lurker but this is actually my first post.

Thank you for all the hard work creating and maintaining skynet - and the same to merlin and all the other add-ons creators and maintainers. Asuswrt-merlin is the sole reason I keep investing in these equipments.

I have the habit of blocking the ip range for all ips detected by the Two-Way Intrusion Prevention System. This is usually fine as I get a couple attacks per week and I can easily update using the readme method. Last week I had an attack coming from many different ip addresses - mostly from Verizon Business, Charter Communications, Frontier Communications and Optimum Online. These ip's belong to over 30 different ip ranges.

Also, last time I did a full reset to the router I had to spend some time manually adding all the ranges I had previously blocked.

I was wondering if there is a way to import a bulk range of ip ranges, or a file I can edit, to add ip ranges in bulk (each one with it's own comment). As per the read me, I think I can only import a blacklist file.txt but I think it only works for individual ip's and it adds them all with the same comment?

Thank you in advance for your help.
Welcome, @fredmc! You aren't able to import ranges, but like you said, you could import a bulk list of IPs that are expanded out. If you want to go through that trouble, you could maintain your own blacklist... and add it to your own custom filter list that you would then use to feed your skynet malware blacklist. I'm using my own custom filter list of blacklists that I have compiled which seems to block some of the worst out there... I can add/delete from it, and Skynet will import this on a regular basis to update its IP block lists...


But anyways, you could theoretically go down a similar path, but would need to find some nifty online tool that expands out ip ranges into a list of IPs... like this: http://magic-cookie.co.uk/iplist.html
 
Last edited:
You can import CIDR ranges, e.g. 8.8.0.0/16.
You talking about this, @dave14305?

Code:
firewall ban range 8.8.8.8/24 "Apples" ) This Bans the CIDR Block Specified With The Comment Apples
 
Code:
firewall import blacklist file.txt "Apples" ) This Bans All IPs From URL/Local File With The Comment Apples
file.txt can include CIDR ranges.
Cool! Never tried that... ;)
 
ou could import a bulk list of IPs that are expanded out.
Hi Viktor,
Thank you for your prompt reply and help.
Unfortunately that is not feasible as I have several /12 blocks and even a couple of /11 blocks - that would be a huge list! The tool you recommended doesn't go higher than /16 blocks and even so it comes with a warning :)


file.txt can include CIDR ranges.
I was also not aware of this! That is most helpful and It may work out for what I need but I guess I would have to add all ip ranges with the same comment. I usually comment each range with it's owner just to keep track. Is there a special format for the ip's in the file.txt? Should the ranges/ip's be separated by comma or each on it's own line?

Thank you both for your help!
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top