Posted by db on 09/26/05 16:36

"old age pensioner" <me@noaddress.com> wrote in message
news:9SUZe.254$wg7.135@fe06.lga...
> Hi all, reading the various messages of the need to block RIAA IPs from
> entering the system as secondaries leeching onto my now renewed primary
> connection. Using this range to be blocked (on
> systems:38.113.214.0-38.113.214.255) as an example, how would I do that
> using my Kerio 2.15 firewall. Thanks

Hi, hope this helps:

KPF 2.1.5 has "Custom Address Group" blocking feature which I find most
useful for blocking many different addresses in a single filter rule.

01. Right-click the Kerio icon in the system tray, select 'Administration'.
02. Select 'Advanced' on the window that pops open.
03. On the 'Filter Rules' tab, click 'Add' to create a new rule.
04. Create the rule using the following details:
Description: Custom Address Group
Protocol: Any
Direction: Both Directions
Remote Endpoint Address Type: Custom Address Group
Rule Valid: Always
Action: Deny
Log when this rule matches: (tick if you want to see kerio actively
blocking)
05. O.K. it.
06. The new rule you just created should appear at the very bottom of the
filter rules list. Highlight that rule then press the 'up arrow' on the
right-side of the Filter Rules window until the rule is at the very top of
the list. This gives that rule dominance over all other application rules.
07. Click 'Apply'
08. Click the 'Miscellaneous' tab at the top of the 'Firewall Configuration'
window.
09. Firewall logging, 'log into file', tick on.
10. In the 'Custom Address Group' area, click 'Add' to add a new rule.
11. Create rules using something like the following:
Address Type: You can block using 'Single Address' for IP addresses like
123.123.123.123, or 'Network Mask' to block like 123.123.0.0 255.255.0.0 to
block everything in the 123.123.+ range, or choose 'Network Range' to block
like 123.123.0.0 to 123.123.255.255 which would also block everything in the
123.123.+ range.
12. Give the rule a 'Description' if you want.

So, as an example, if ya wanted to block the following:

BadIP_1=72.35.224.*

^ ...you could add a rule using 'Network Mask' 72.35.224.0 / 255.255.255.0,
or, use 'Network Range' like 72.35.224.0 to 72.35.224.255

BadIP_2=204.193.136.* (use 'Network Mask' or 'Network Range')
BadIP_3=209.195.58.* (use 'Network Mask' or 'Network Range')
BadIP_4=209.11.134.* (use 'Network Mask' or 'Network Range')
BadIP_5=213.219.9.* (use 'Network Mask' or 'Network Range')
BadIP_6=213.219.191.* (use 'Network Mask' or 'Network Range')
BadIP_7=212.71.252.* (use 'Network Mask' or 'Network Range')
BadIP_8=216.151.155.* (use 'Network Mask' or 'Network Range')
BadIP_9=206.161.141.* (use 'Network Mask' or 'Network Range')

BadIP_10=67.101.77.191

^ This is different as it's only a single address. It'd probably be a bad
idea to block ranges here so add a rule using 'Single Address' instead.

BadIP_11=66.166.198.203 (use 'Single Address')
BadIP_12=68.165.91.118 (use 'Single Address')
BadIP_13=64.248.57.132 (use 'Single Address')
BadIP_14=70.51.124.42 (use 'Single Address')
BadIP_15=81.151.195.148 (use 'Single Address')
BadIP_16=81.156.180.20 (use 'Single Address')
BadIP_17=81.158.253.172 (use 'Single Address')
BadIP_18=86.134.204.87 (use 'Single Address')
BadIP_19=88.109.80.133 (use 'Single Address')
BadIP_20=81.158.250.176 (use 'Single Address')

That's everything I think. I didn't say it was going to be easy, did I? ;-P

You don't necessarily have to use the 'Custom Address Group' function to do
this, you could, if you wanted, just create the individual rules in the main
'Filter Rules' area instead (Pro's and con's to using each).

I wouldn't recommend blocking using this method for most people really.

[Back to original message]