API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Apr 22nd, 2020
34
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.55 KB | None | 0 0
raw download clone embed print report
  1. ::::Hello again,
  2. ::::I think that thanks to [[:en:Classless Inter-Domain Routing|CIDR notation]], it should be easy to block the rest of the range only with a few rules.
  3. ::::Consider that CIDR prefixes allow you to block a prefix of bits contained in an address. There are 6 bits of difference between the two prefixes. Hence, you should be able to block only six prefixes to block all addresses except the ones from OVH Telecom.
  4. ::::For illustration, here are how both prefixes convert to binary:
  5. ::::<syntaxhighlight>Large prefix:
  6. XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX (32 digits)
  7. 00100000000000010100000111010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
  8. = 2001:41d0::
  9.  
  10. Narrow prefix:
  11. XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX (38 digits)
  12. 00100000000000010100000111010000111111000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
  13. = 2001:41d0:fc00::
  14. </syntaxhighlight>
  15. ::::You should just have to truncate the narrow prefix at different points, then flip the last bit that comes just before the end of the prefix to block a range that pertains to the large but NOT the narrow concerned range.
  16. ::::I have written a small Python script that does this automatically for the example.
  17. ::::<syntaxhighlight lang="Python">#!/usr/bin/python3
  18. #-*- encoding: Utf-8 -*-
  19. from ipaddress import IPv6Network, IPv6Address
  20. from argparse import ArgumentParser
  21.  
  22. args = ArgumentParser(description = 'Find how to block a large IPv6 range excluding a narrow IPv6 range only while blacklisting a few prefixes.')
  23.  
  24. args.add_argument('narrow_prefix')
  25. args.add_argument('narrow_prefix_size')
  26. args.add_argument('large_prefix_size')
  27.  
  28. args = args.parse_args()
  29.  
  30. narrow = IPv6Address(args.narrow_prefix)
  31.  
  32. IPV6_BIT_SIZE = 128
  33.  
  34. for intermediary_size in range(int(args.narrow_prefix_size) + 1, int(args.large_prefix_size) + 1):
  35.  
  36. mask = ((1 << intermediary_size) - 1) << (IPV6_BIT_SIZE - intermediary_size)
  37.  
  38. bit_to_invert = (1 << (IPV6_BIT_SIZE - intermediary_size))
  39.  
  40. print(str(IPv6Address((int(narrow) & mask) ^ bit_to_invert)) + '/' + str(intermediary_size))
  41.  
  42. </syntaxhighlight>
  43. ::::You can execute it with :
  44. ::::<syntaxhighlight>./generate_addresses.py 2001:41d0:fc00:: 32 38</syntaxhighlight>
  45. ::::Here is what the concerned script outputs:
  46. ::::<syntaxhighlight>2001:41d0::/33
  47. 2001:41d0:8000::/34
  48. 2001:41d0:c000::/35
  49. 2001:41d0:e000::/36
  50. 2001:41d0:f000::/37
  51. 2001:41d0:f800::/38
  52. </syntaxhighlight>
  53. ::::Do you think that it is okay to block these only six ranges?
  54. ::::Regards, --~~~~
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!