New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow subnet notation (i.e xxx.xxx.xxx.xxx/24) in permanent ban strings #65

Open

ravetroll opened this issue May 2, 2021 · 12 comments

Assignees

Labels

ravetroll commented May 2, 2021

I noticed a lot of bans on individual ip address coming from a /24 subnet. I would like to be able to enter a wildcard ban on a subnet to permanent bans but it is not currently possible as the wildcard is not a valid ip address

devnulli added the feature request label

devnulli self-assigned this

Owner

devnulli commented Aug 27, 2021

we must stick to what the windows advanced firewall can do. wildcards, it cannot. but i will add support for ip ranges like 192.168.0.0/24 to the ban list

devnulli added enhancement and removed feature request labels

JReming85 commented Aug 27, 2021 •

edited

Off topic but would love to see dynamic/fqdn whitelists. Been using a script + cron to parse some of my ACL lists to read a fqdn and convert it to ip while updating it if it changes every so often.

Just not sure how much of an extra load that would introduce

Owner

devnulli commented Aug 28, 2021 •

edited

heres an interesting thing:

https://social.msdn.microsoft.com/Forums/ie/en-US/32614b57-f3a3-437f-a659-4777f5e6bd68/windows-firewall-limits?forum=wfp

they ARE talking about performance degradation when you significantly boost the numbers up, for example, when you roll out a * into ips

they DONT say where that number lies though

JReming85 commented Aug 28, 2021

Yea depending on version can be anywhere between 500-1000 per rule

Author

ravetroll commented Aug 28, 2021

Does this mean that EvlWatcher cannot push more than 1000 addresses into its block list? Mine currently has 1543 permanent bans?

JReming85 commented Aug 28, 2021

Thats per rule, there is no limit to what EvlWatcher an block just how fast your system can read all the rules it creates.

Author

ravetroll commented Aug 28, 2021

There is only 1 EvlWatcher rule in my system. Its in Inbound Rules and called EvlWatcher.

Owner

devnulli commented Aug 28, 2021 •

edited

it can push UNIT32 filters per rule (the banned ips) and UINT64 rules (1 rule called Evlwatcher).

to practically, theres no real limit. ill make a load test because im curious though haha

devnulli removed their assignment

devnulli self-assigned this

devnulli changed the title ~~Allow Wildcard permanent ban strings~~ Allow subnet notation (i.e xxx.xxx.xxx.xxx/24) in permanent ban strings

devnulli linked a pull request

that will close this issue

upcoming version 2.1.4 #80

Merged

devnulli removed a link to a pull request

upcoming version 2.1.4 #80

Merged

foxontherock commented Mar 22, 2022

I think an option to always add ban to subnet .0/24 by default, instead of a specific IP, can be interesting.
Lots of my permanently banned IPs are from the same subnet.

gavin2812 commented Jan 13, 2023

Hi there, I think this would be a great addition, i keep on seeing various IP addresses all part of a /24 (or greater).

I have 2.1.5 installed and cannot see how to do this, did it get implemented in 2.1.4?

If not, would be great to see this feature.

Thank you.

Portiella commented Jun 8, 2023 •

edited

news?

MsternSC commented Jan 30, 2024

Doesn't look like it was added here #80.
The windows firewall does seem to support IP ranges.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment