[Dshield] Re:Help Request

Glenn Jarvis gaj at uppergroove.ca
Mon May 16 13:38:32 GMT 2005


Hi Ted,

>> From my _very_ limited knowledge on this, you need a local order 
>> statement in
>
> that context, and your opposite rules. Because you are doing limited 
> deny's,
> you should also be doing an allow somewhere.
> PS 218.0.0.0/8 is from Australia as well!! I'm in 218.214.0.0/15 
> (hence why
> I'm sending this through the list - I'm assuming you are blocking me 
> at your
> mail gateway if using the same list)
>  
>
My apologies. Australia is not included, but there could be an IP or two 
in there as our log showed the 218 block
accessing a pirate site in China somewhere. I'll review that block again 
this morning.

> order deny,allow
> deny from 61.0.0.0/255  <- error in format 61.0.0.0/24
> ..
> deny from 58.16.0.0/14
> allow from all
>
> The 505 will be coming from the missing allow directive or the scope 
> you are
> using not having an order statement. I think.  ;) Oops, found another 
> issue. If you are going to use 218.0.0.0/255 sort of
> format, you need to use the full mask. ie 218.0.0.0/255.0.0.0 OR just 
> move
> over the to the CIDR format of 218.0.0.0/24. Again, I'm in that range :P
> If you just want to block an address starting with 61.0.0.0/24 you can 
> specify
> "deny from 61". Hmm lots more stuff - can you tell I found the manual 
> about
> half way through?
>
Hmmm, actually, the manual wasn't much help when I ran through it. The 
/  character was the problem. Once
I changed everything to
218.
it worked perfectly. I know this sounds strange, but my logs show it's 
working.
Thanks for your help and I will look into the Australia block range. :-)

Glenn

-- 
Confidentiality Notice:  This e-mail message, including any attachments,
is for the sole use of the intended recipient(s) and may contain
confidential and privileged information. Any unauthorized review, use,
disclosure or distribution is prohibited. If you are not the intended
recipient, please contact the sender by reply e-mail and destroy all
copies of the original message.




More information about the list mailing list