On 12/8/20 8:50 PM, the...@sys-concept.com wrote:
Creating ACL based on those internet sources eg.
https://www.countryipblocks.net/acl.php is not reliable. I pulled
a list of Russian and Ukrainian IPs from the above link and checking
some of them, I found these two (and possibly more) are French IPs:
deny from 212.114.16.0/24
deny from 212.114.17.0/24
I can't say as I'm surprised.
IMHO GeoIP feeds are, and always have been, somewhat suspect. You can
get information from RIRs based on who the allocated blocks to
originally (or last update by them). Or you can get information from a
service that tries to be much more accurate. Or you can get information
from a Default Free Zone BGP feed. Or any combination of the above.
But each thing is different quality and different amounts of work.
RIPE's extended delegation list shows 212.114.16.0/21 as being delegated
to France.
I trust the RIR feeds more. Though, they might not be updated with IPv4
trading and resale market.
Personally, I'd extract prefixes of ASNs from a DFZ BGP feed and use
that to filter. It will be the most up to date of what a given provider
(ASN) is advertising.
If "geoip" database is based on similar sources the hole project is
not a reliable control method.
GeoIP is ... nebulous. You need to consider if you want to proceed with
imperfect (or completely wrong data).
--
Grant. . . .
unix || die