How to add overlapping CIDR blocks in a set and have a way delete them ?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



For context, we are detecting nefarious IP ranges/CIDR blocks by
parsing the live logs of various services (eg nginx, apache etc) using
the crowdsec agent. After the agent detects a nefarious IP range, we
want to block the range using nftables. To do this we tried adding IP
range to a nftables set, with appropriate rules in place.

The problem we are facing is when the agent detects IP ranges which
overlap. In such cases, nftables rejects the newer overlapping range.
Even if the previous range is smaller.

We tried using the "auto-merge" flag for the set but it doesn't solve
the problem because only ranges present in the same
transaction/command are auto-merged. Also we want to provide users an
option to delete a range. But this won't be possible if this range was
merged to some other range by nftables.

So how do we add IP ranges in a nftables set which are potentially
overlapping and have a way to delete the originally provided ranges ?



[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux