Adding Multiple IPs to a Firewall Rule

Security Firewall Rules
1

Hello all. I’m monitoring some services using Site24x7 (Zoho). I’m also trying to rate limit traffic/limit concurrent connections to these services, specifically a web site, to help ease up some load on the database servers. My issue right now is when I rate limit, I end up with false positives from Site24x7 as they are temporarily unable to connect.

I am familiar with setting up firewall rules and ordering them (currently have two rules for https traffic, one that has no restrictions and is limited to our public IPs, and one that is rate limited for the public). I would like to know how to add a third rule to allow the Site24x7 IPs with no restriction (Global Monitoring Network | Location and IPs: Site24x7). They have all of their IPs mapped to a single domain ( site24x7.enduserexp.com) but I can’t seem to figure out a way to use this with a firewall rule. Thanks for your help!

2

Have you tried making a network group. .
If it has known ips.

3

Thank you for the reply. I did look at it, but the list of IPs is massive and updated frequently. Was crossing my fingers that there would be an easier way.

4

In this post Jon used AS ASN ipsets.
You would have to do this from iptables

5

Here is a Wiki that might minimally help:

Keep in mind ALL of the iptables commands need to be re-created for your use. But the “idea” is the same.

Read through the location command. And the ipset command. (there will be a test!)

I looked through some of the IP addresses on the above 24x7 site but there appears to be no common AS (Autonomous System) number:

[root@ipfireRPi4B9 ~]# location lookup 178.62.238.39
178.62.238.39:
  Network                 : 178.62.192.0/18
  Country                 : Netherlands
  Autonomous System       : AS14061 - DIGITALOCEAN-ASN

[root@ipfireRPi4B9 ~]# location lookup 81.171.24.8
81.171.24.8:
  Network                 : 81.171.0.0/19
  Country                 : Netherlands
  Autonomous System       : AS60781 - LeaseWeb Netherlands B.V.

[root@ipfireRPi4B9 ~]# location lookup 103.77.234.74
103.77.234.74:
  Network                 : 103.77.234.0/24
  Country                 : Australia
  Autonomous System       : AS133480 - Intergrid Group Pty Ltd

[root@ipfireRPi4B9 ~]# location lookup 104.207.130.121
104.207.130.121:
  Network                 : 104.207.130.0/23
  Country                 : United States of America
  Autonomous System       : AS20473 - AS-CHOOPA

[root@ipfireRPi4B9 ~]# location lookup 162.213.36.11
162.213.36.11:
  Network                 : 162.213.36.0/24
  Country                 : United States of America
  Autonomous System       : AS50837 - CLOUDSIGMA AG

You’ll probably need to place all of the IP address on the Site24x7’s global website monitoring network web page into an ipset [set name] to make your firewall rule work.

ipset restore < "/etc/ipset/Site24x7_List.ipset"
3 Likes
6

I will look into this for sure. Thank you.