Estou vendo uma forma de facilitar a extração de endereços de rede ( IPv4/IPv6 ) apartir dos lgs e criar os aliases.
Na boa, da um trabalho do caralho cadastrar todos apartir da interface Web. Att. Em 2 de junho de 2013 20:20, Jeimerson Chaves <[email protected]>escreveu: > Muito Obrigado. > > > > Em 2 de junho de 2013 20:19, Paulo Henrique <[email protected] > >escreveu: > > > Jeimerson, > > > > Abra um backup de aliases seus, e cola no final. > > Depois reimporta para o pfsense. > > > > Começa em <alias> e termina em </alias> > > > > > > <alias> > > <name>Akamai</name> > > <address>23.64.0.0/14 96.7.0.0/15 96.6.0.0/15 > > 96.17.0.0/16 96.16.0.0/16 95.101.0.0/16 95.100.0.0/16 2.16.68.0/23 > > 23.46.112.0/20 82.96.58.0/24 88.221.36.0/22 88.221.96. > > 0/22 92.122.64.0/22 92.123.204.0/22 93.158.110.0/23 92.123.0.0/16 > > 92.122.0.0/15 90.84.49.0/20 89.149.151.0/24 88.221.0.0/16 84.53.128.0/18 > > 82.96.58.0/24 81.52.251.0/24 81.52.201.0/24 81.52.17 > > 0.0/24 81.52.133.0/24 80.67.64.0/19 80.150.193.0/24 80.150.133.0/24 > > 80.15.234.0/24 80.149.211.0/24 80.146.174.0/24 80.12.98.0/24 > > 80.12.192.0/23 > > 72.247.0.0/16 72.246.0.0/15 70.39.178.0/23 69.3 > > 1.16.0/17 69.27.164.0/20 69.22.137.0/19 69.192.0.0/16 66.171.224.0/19 > > 65.222.174.0/24 65.216.161.0/24 65.200.11.0/24 65.199.63.0/24 > > 65.197.244.0/24 65.197.197.0/24 65.163.176.0/24 65.121.210. > > 0/23 64.145.87.0/20 63.97.94.0/24 63.97.123.0/22 63.85.36.0/24 > > 63.84.95.0/24 > > 63.84.59.0/24 63.80.4.0/24 63.80.242.0/24 63.80.138.0/24 63.69.72.0/23 > > 63.243.206.0/23 63.215.136.0/21 63.208.195. > > 0/24 63.150.131.0/24 63.141.192.0/21 63.118.252.0/23 63.116.243.0/22 > > 63.116.166.0/24 63.110.246.0/24 62.41.63.0/24 62.41.10.0/24 > 62.159.74.0/24 > > 62.156.209.0/24 62.154.232.0/24 60.254.128.0/18 > > 59.151.128.0/18 59.144.52.0/22 59.144.115.0/24 58.27.86.0/23 > > 46.33.73.0/24 > > 2.23.0.0/16 2.22.0.0/16 2.21.0.0/16 2.20.0.0/16 2.19.0.0/16 2.18.0.0/16 > > 2.17.0.0/16 2.16.0.0/13 198.47.108.0/24 198 > > .144.96.0/19 195.95.192.0/22 195.57.81.0/24 195.57.152.0/23 > > 195.245.124.0/22 > > 195.175.69.0/24 194.224.66.0/24 194.209.253.0/24 193.247.166.0/24 > > 193.108.88.0/21 193.108.154.0/22 190.90.221.0/23 > > 190.210.32.0/24 184.87.0.0/16 184.86.0.0/16 184.85.0.0/16 184.84.0.0/16 > > 184.51.0.0/16 184.50.0.0/15 184.31.0.0/16 184.30.0.0/16 184.29.0.0/16 > > 184.28.0.0/16 184.27.0.0 184.26.0.0/16 184.25.0. > > 0/16 184.24.0.0/23 173.243.192.0/21 173.223.0.0/16 173.222.0.0/15 > > 172.224.0.0/12 158.255.97.0/24 125.56.128.0/17 125.252.0.0/16 > > 118.215.0.0/16 > > 118.214.0.0/15 115.124.93.0/24 111.92.162.0/24</ > > address> > > <descr><![CDATA[Akamai]]></descr> > > <type>network</type> > > <detail><![CDATA[PetroNet||Akamai Technologies, > > Inc.||Akamai Technologies, Inc.||Akamai Technologies, Inc.||Akamai > > Technologies, Inc.||Akamai Technologies, Inc.||Akama > > i Technologies, Inc.||Entry added Tue, 28 May 2013 08:47:10 -0300||Entry > > added Tue, 28 May 2013 08:47:10 -0300||Entry added Tue, 28 May 2013 > > 08:47:10 -0300||Entry added Tue, 28 May 2013 08:47 > > :10 -0300||Entry added Tue, 28 May 2013 08:47:10 -0300||Entry added Tue, > 28 > > May 2013 08:47:10 -0300||Entry added Tue, 28 May 2013 08:47:10 > -0300||Entry > > added Tue, 28 May 2013 08:47:10 -0300|| > > Akamai Technologies, Inc.||Akamai Technologies, Inc.||Akamai > Technologies, > > Inc.||Akamai Technologies, Inc.||Akamai Technologies, Inc.||Akamai > > Technologies, Inc.||Entry added Tue, 28 May 2013 > > <name>AcessoRemotoRDP</name> > > <address>3389</address> > > <descr><![CDATA[AcessoRemotoRDP]]></descr> > > <type>port</type> > > > <detail><![CDATA[RemoteDesktopProtocol]]></detail> > > </alias> > > <alias> > > <name>Akamai</name> > > <address>23.64.0.0/14 96.7.0.0/15 96.6.0.0/15 > > 96.17.0.0/16 96.16.0.0/16 95.101.0.0/16 95.100.0.0/16 2.16.68.0/23 > > 23.46.112.0/20 82.96.58.0/24 88.221.36.0/22 88.221.96. > > 0/22 92.122.64.0/22 92.123.204.0/22 93.158.110.0/23 92.123.0.0/16 > > 92.122.0.0/15 90.84.49.0/20 89.149.151.0/24 88.221.0.0/16 84.53.128.0/18 > > 82.96.58.0/24 81.52.251.0/24 81.52.201.0/24 81.52.17 > > 0.0/24 81.52.133.0/24 80.67.64.0/19 80.150.193.0/24 80.150.133.0/24 > > 80.15.234.0/24 80.149.211.0/24 80.146.174.0/24 80.12.98.0/24 > > 80.12.192.0/23 > > 72.247.0.0/16 72.246.0.0/15 70.39.178.0/23 69.3 > > 1.16.0/17 69.27.164.0/20 69.22.137.0/19 69.192.0.0/16 66.171.224.0/19 > > 65.222.174.0/24 65.216.161.0/24 65.200.11.0/24 65.199.63.0/24 > > 65.197.244.0/24 65.197.197.0/24 65.163.176.0/24 65.121.210. > > 0/23 64.145.87.0/20 63.97.94.0/24 63.97.123.0/22 63.85.36.0/24 > > 63.84.95.0/24 > > 63.84.59.0/24 63.80.4.0/24 63.80.242.0/24 63.80.138.0/24 63.69.72.0/23 > > 63.243.206.0/23 63.215.136.0/21 63.208.195. > > 0/24 63.150.131.0/24 63.141.192.0/21 63.118.252.0/23 63.116.243.0/22 > > 63.116.166.0/24 63.110.246.0/24 62.41.63.0/24 62.41.10.0/24 > 62.159.74.0/24 > > 62.156.209.0/24 62.154.232.0/24 60.254.128.0/18 > > 59.151.128.0/18 59.144.52.0/22 59.144.115.0/24 58.27.86.0/23 > > 46.33.73.0/24 > > 2.23.0.0/16 2.22.0.0/16 2.21.0.0/16 2.20.0.0/16 2.19.0.0/16 2.18.0.0/16 > > 2.17.0.0/16 2.16.0.0/13 198.47.108.0/24 198 > > .144.96.0/19 195.95.192.0/22 195.57.81.0/24 195.57.152.0/23 > > 195.245.124.0/22 > > 195.175.69.0/24 194.224.66.0/24 194.209.253.0/24 193.247.166.0/24 > > 193.108.88.0/21 193.108.154.0/22 190.90.221.0/23 > > 190.210.32.0/24 184.87.0.0/16 184.86.0.0/16 184.85.0.0/16 184.84.0.0/16 > > 184.51.0.0/16 184.50.0.0/15 184.31.0.0/16 184.30.0.0/16 184.29.0.0/16 > > 184.28.0.0/16 184.27.0.0 184.26.0.0/16 184.25.0. > > 0/16 184.24.0.0/23 173.243.192.0/21 173.223.0.0/16 173.222.0.0/15 > > 172.224.0.0/12 158.255.97.0/24 125.56.128.0/17 125.252.0.0/16 > > 118.215.0.0/16 > > 118.214.0.0/15 115.124.93.0/24 111.92.162.0/24</ > > address> > > <descr><![CDATA[Akamai]]></descr> > > <type>network</type> > > <detail><![CDATA[PetroNet||Akamai Technologies, > > Inc.||Akamai Technologies, Inc.||Akamai Technologies, Inc.||Akamai > > Technologies, Inc.||Akamai Technologies, Inc.||Akama > > i Technologies, Inc.||Entry added Tue, 28 May 2013 08:47:10 -0300||Entry > > added Tue, 28 May 2013 08:47:10 -0300||Entry added Tue, 28 May 2013 > > 08:47:10 -0300||Entry added Tue, 28 May 2013 08:47 > > :10 -0300||Entry added Tue, 28 May 2013 08:47:10 -0300||Entry added Tue, > 28 > > May 2013 08:47:10 -0300||Entry added Tue, 28 May 2013 08:47:10 > -0300||Entry > > added Tue, 28 May 2013 08:47:10 -0300|| > > Akamai Technologies, Inc.||Akamai Technologies, Inc.||Akamai > Technologies, > > Inc.||Akamai Technologies, Inc.||Akamai Technologies, Inc.||Akamai > > Technologies, Inc.||Entry added Tue, 28 May 2013 > > 11:44:15 -0300||Entry added Tue, 28 May 2013 11:44:15 -0300||Entry added > > Tue, 28 May 2013 11:44:15 -0300||Entry added Tue, 28 May 2013 11:44:15 > > -0300||Entry added Tue, 28 May 2013 11:44:15 -0300||Akamai Technologies, > > Inc.||Entry added Tue, 28 May 2013 11:44:15 -0300||Entry added Tue, 28 > May > > 2013 11:44:15 -0300||Entry added Tue, 28 May 2013 11:44:15 -0300||Entry > > added Tue, 28 May 2013 11:44:15 -0300||Entry added Tue, 28 May 2013 > > 11:44:15 -0300||Entry added Tue, 28 May 2013 11:44:15 -0300||Entry added > > Tue, 28 May 2013 11:44:15 -0300||Akamai Technologies, Inc.||Akamai > > Technologies, Inc.||Entry added Tue, 28 May 2013 11:44:15 -0300||Akamai > > Technologies, Inc.||Akamai Technologies, Inc.||Akamai Technologies, > > Inc.||Akamai Technologies, Inc.||Akamai Technologies, Inc.||Entry added > > Tue, 28 May 2013 11:44:15 -0300||Entry added Tue, 28 May 2013 11:48:20 > > -0300||Entry added Tue, 28 May 2013 11:48:20 -0300||Entry added Tue, 28 > May > > 2013 11:48:20 -0300||Entry added Tue, 28 May 2013 11:48:20 -0300||Entry > > added Tue, 28 May 2013 11:48:20 -0300||Entry added Tue, 28 May 2013 > > 11:48:20 -0300||Entry added Tue, 28 May 2013 11:48:20 -0300||Entry added > > Tue, 28 May 2013 11:48:20 -0300||Entry added Tue, 28 May 2013 11:48:20 > > -0300||Akamai Technologies, Inc.||Entry added Tue, 28 May 2013 11:48:20 > > -0300||Entry added Tue, 28 May 2013 11:48:20 -0300||Entry added Tue, 28 > May > > 2013 11:48:20 -0300||Entry added Tue, 28 May 2013 11:48:20 -0300||Entry > > added Tue, 28 May 2013 11:48:20 -0300||Entry added Tue, 28 May 2013 > > 11:48:20 -0300||Entry added Tue, 28 May 2013 11:48:20 -0300||Entry added > > Tue, 28 May 2013 11:48:20 -0300||Entry added Tue, 28 May 2013 11:48:20 > > -0300||Entry added Tue, 28 May 2013 11:48:20 -0300||Entry added Tue, 28 > May > > 2013 11:48:20 -0300||Akamai Technologies, Inc.||Entry added Tue, 28 May > > 2013 11:48:20 -0300||Akamai Technologies, Inc.||Entry added Tue, 28 May > > 2013 11:48:20 -0300||Entry added Tue, 28 May 2013 11:48:20 -0300||Entry > > added Tue, 28 May 2013 11:48:20 -0300||Entry added Tue, 28 May 2013 > > 11:48:20 -0300||Entry added Tue, 28 May 2013 11:48:20 -0300||Entry added > > Tue, 28 May 2013 11:48:20 -0300||Entry added Tue, 28 May 2013 11:48:20 > > -0300||Akamai Technologies, Inc.||Akamai Technologies, Inc.||Akamai > > Technologies, Inc.||Entry added Tue, 28 May 2013 11:48:20 -0300||Akamai > > Technologies, Inc.||Entry added Tue, 28 May 2013 11:48:54 -0300||Akamai > > Technologies, Inc.||Akamai Technologies||Akamai Technologies||Akamai > > Technologies||Akamai Technologies||Akamai Technologies||Akamai > > Technologies||Akamai Technologies||Entry added Wed, 29 May 2013 15:04:20 > > -0300||Akamai Technologies||Akamai Technologies||Entry added Wed, 29 May > > 2013 15:11:59 -0300||Entry added Wed, 29 May 2013 15:11:59 -0300||Entry > > added Wed, 29 May 2013 15:11:59 -0300||Entry added Wed, 29 May 2013 > > 15:11:59 -0300||Entry added Wed, 29 May 2013 15:11:59 -0300||Entry added > > Wed, 29 May 2013 15:11:59 -0300||Entry added Wed, 29 May 2013 15:11:59 > > -0300||Akamai Technologies||Akamai Technologies||Akamai > Technologies||Entry > > added Wed, 29 May 2013 15:38:52 -0300||Akamai Technologies||Akamai > > Technologies||Akamai Technologies||Akamai Technologies||Akamai > > Technologies||Akamai Technologies||Akamai Technologies||Akamai > > Technologies||Akamai Technologies||Akamai Technologies||Akamai > > Technologies||Akamai Technologies||Akamai Technologies||Akamai > > Technologies||Akamai Technologies||Akamai Technologies||Akamai > > Technologies||Akamai Technologies||Akamai Technologies||Akamai > > Technologies||Akamai Technologies||Akamai Technologies||Akamai > > Technologies||Entry added Wed, 29 May 2013 15:38:52 -0300||Entry added > Wed, > > 29 May 2013 15:38:52 -0300]]></detail> > > </alias> > > > > > > > > Em 2 de junho de 2013 19:30, Jeimerson Chaves <[email protected] > > >escreveu: > > > > > Caro Paulo, > > > > > > Amigo teria como vc me passar o alias da akamai. > > > Precisei bloquear a Akamai alguns dias, e não consegui bloquear tudo. > > > > > > Abs. > > > > > > > > > > > > Em 2 de junho de 2013 19:26, Paulo Henrique <[email protected] > > > >escreveu: > > > > > > > Em 2 de junho de 2013 19:13, Corsini . <[email protected]> > > escreveu: > > > > > > > > > Samuel, realmente foi a ordem das regras, agora está funcionando > > 100%, > > > > > aproveitei > > > > > e criei também no Wizard uma priorização de alguns serviços como > > SMTP e > > > > > POP3, voz também, > > > > > Você está utilizando o layer 7, é um dos itens que pretendo também > > > > > implementar em minha rede. > > > > > ainda não testei, mas vi que é repleto de itens para bloquear, só > não > > > vi > > > > > lá o UltraSurf, mas o tor tem. rs > > > > > > > > > > Abraços ..@@@@ > > > > > > > > > > Att. > > > > > > > > > > João B. Corsini > > > > > > > > > > Analista de Suporte > > > > > > > > > > > > > > > > Date: Sun, 2 Jun 2013 00:29:03 -0300 > > > > > > From: [email protected] > > > > > > To: [email protected] > > > > > > Subject: Re: [Pfsense-pt] Limiter Pfsense > > > > > > > > > > > > On 01/06/2013 22:25, Corsini . wrote: > > > > > > > Olá Pessoal, > > > > > > > > > > > > > > Pessoal já conseguiram limitar host com o limiter, fiz conforme > > > > mostra > > > > > alguns tutoriais, mas de forma alguma meu limiter funciona, > > > > > > > alguém para compartilhar ajuda. > > > > > > > preciso limitar a banda de alguns ips em uma lan. > > > > > > > > > > > > > > > > > > > > > Att. > > > > > > > > > > > > > > > > > > > > > João B. Corsini > > > > > > > > > > > > > > Analista de Suporte > > > > > > > > > > > > > > _______________________________________________ > > > > > > > Pfsense-pt mailing list > > > > > > > [email protected] > > > > > > > http://lists.pfsense.org/mailman/listinfo/pfsense-pt > > > > > > Olá João, > > > > > > > > > > > > Aqui funciona legal. Você pode fazer o seguinte: > > > > > > > > > > > > 1- Cria um alias (Firewall -> Aliases) com um nome de sua > > preferência > > > > > > (por exemplo "hostslan"). Nesse cara você adiciona os IPs que > > > desejar; > > > > > > 2- Em Firewall -> Traffic Shaper -> Limiter você cria 2 > limiters, 1 > > > > para > > > > > > download e outro para upload; > > > > > > 3- Em Firewall -> Rules -> Lan você aplica esse limiter para a > > Alias > > > > > > criado no primeiro passo. O limiter fica em Advanced features - > > > In/Out > > > > > > > > > > > > Você precisa ficar atento quanto a ordem das regras. Se você > tiver > > > por > > > > > > exemplo 2 regras, onde a primeira libera toda a subnet da Lan e a > > > > > > segunda usa o limiter criado, não vai funcionar. A regra do > limiter > > > > > > precisa vir antes nesse caso. > > > > > > > > > > > > Samuel Peres > > > > > > _______________________________________________ > > > > > > Pfsense-pt mailing list > > > > > > [email protected] > > > > > > http://lists.pfsense.org/mailman/listinfo/pfsense-pt > > > > > > > > > > _______________________________________________ > > > > > Pfsense-pt mailing list > > > > > [email protected] > > > > > http://lists.pfsense.org/mailman/listinfo/pfsense-pt > > > > > > > > > > > > > É dificil e complicado, mais se quer manter uma rede realmente > > restrita, > > > a > > > > unica forma é liberando instituições uma a uma. > > > > Eu mesmo tenho dezenas de aliases onde determinado serviço é > permitido. > > > > Por exemplo, os bancos Bradesco e Santander possui seus serviços > > > > disponibilizados hoje sobre a Akamai, a rede da Akamai ( que não é > > > pequena > > > > ) possui uma aliases, depois disso libero o acesso a HTTPS/HTTP para > > esse > > > > aliases. > > > > Voce pode criar o aliases contendo as redes especificas apartir de > > > > consultas a LGs tipo o bgp.he.net > > > > Segue uma consulta para a rede da akamai, yahoo, google. > > > > > > > > Akamai = > http://bgp.he.net/search?search[search]=Akamai&commit=Search > > > > Yahoo = http://bgp.he.net/search?search[search]=Yahoo&commit=Search > > > > Google = > http://bgp.he.net/search?search[search]=Google&commit=Search > > > > > > > > Crie as regras liberando essas redes, alem das redes do governo, > depois > > > > disso bloqueia geral, usa o squidguard+squid para barrar outras > > porcarias > > > > que usuário gosta de usar e pronto, acabou a alegria. > > > > > > > > A unica forma de barrar eficiente o facebook é através desse esquema, > > > > depois que a conexão entra em HTTPS não é possivel mais gerir o > acesso > > ao > > > > facebook a não ser com base no host de origem. > > > > > > > > Se o interesse de dar um fim no ultrasurf/tor é para essa finalidade > > está > > > > ai a dica. > > > > > > > > Att. > > > > > > > > -- > > > > :=)><(=: > > > > Rip NoRm4nD. > > > > Flamers > /dev/null !!! > > > > _______________________________________________ > > > > Pfsense-pt mailing list > > > > [email protected] > > > > http://lists.pfsense.org/mailman/listinfo/pfsense-pt > > > > > > > _______________________________________________ > > > Pfsense-pt mailing list > > > [email protected] > > > http://lists.pfsense.org/mailman/listinfo/pfsense-pt > > > > > > > > > > > -- > > :=)><(=: > > Rip NoRm4nD. > > Flamers > /dev/null !!! > > _______________________________________________ > > Pfsense-pt mailing list > > [email protected] > > http://lists.pfsense.org/mailman/listinfo/pfsense-pt > > > _______________________________________________ > Pfsense-pt mailing list > [email protected] > http://lists.pfsense.org/mailman/listinfo/pfsense-pt > -- :=)><(=: Rip NoRm4nD. Flamers > /dev/null !!! _______________________________________________ Pfsense-pt mailing list [email protected] http://lists.pfsense.org/mailman/listinfo/pfsense-pt
