blocklist-ipsets icon indicating copy to clipboard operation
blocklist-ipsets copied to clipboard

Published 20 hours ago verified publisher icon firehol

Pushing Inertia list - whole netblocks of Linode, Digital Ocean, etc

Open troubleshooter opened this issue 6 years ago • 1 comments

Hi,

As a point of information, whole netblocks from providers such as Linode and Digital Ocean covering many legitimate IPs are being blocked. Attempting to have them removed from the Pushing Inertia list has been unsuccessful. Perhaps some type of warning on the list page is in order. This is more than the occasional false positive.

Terry

troubleshooter avatar Jun 26 '18 18:06 troubleshooter

I would propose to have Pushing Inertia removed from firehol_webserver, at least. It's very CIDR greedy, doesn't appear to be updated (or at least it hasn't been for months), reported issues in their GitHub seem to be ignored, and it's prone to false positives.

As just one example, it blocks 64.41.128.0/17 (marked as "savvis"), a massive block which includes (among many other things I'm sure) the /24 used by Qualys (of ssllabs.com fame) (64.41.200.0/24). This makes it impossible to have your site SSL tested (over IPv4, anyway).

I'd deem it not safe as something to apply for a webserver, which obviously is the stated purpose of firehol_webserver.

yitzhaq avatar Mar 31 '20 14:03 yitzhaq