I have search and found old threads that haven’t been active since 2017. I’m hoping to use my CCR1009 to block inbound ASN’s to my server. Currently I’m using Cloudflare to do this but when people are downloading and Cloudflare is on, there seams to be a 20MBs download rate from the server. With cloudflare off there is a 95MBs. So I have a list of ASNs belonging to VPN, VPS, cloud hosting that I block from the sites. It has dramatically reduced the number of bruteforce attempts into the server.
So I’ve tried everything I’ve found but when testing using my mobile carrier ASN, I can still connect when Cloudflare is off which tells me those ways aren’t working. Does anyone please have a working method to block ASNs from accessing through the firewall? Whether it’s a firewall rule and list or routing with a list.
I have compiled a list of 500 +/- ASNs belonging to VPS/VPN servers. Trying to create a list to query each one would be exhaustive I would think. I want to use ASNs because then I don’t need a 50k lines of IP subsets to block.
No I don’t. Didn’t realize how ASN info was passed on either. Unless I can build one or buy one cheap, I may just have to leave Cloudflare on. Just was hoping to remove them to improve speeds to server.
So I saw someone mention they used a MikroTik router as a border router but can’t find anything on how they did that. Is this actually possible? I have 2 other MikroTik routers laying about.
Of course it’s possible. You just need to get an ASN, and IP Blocks. IPv6 is cheap, a /24 IPv4 block can be leased starting at 100$/Month or bought around 10k$.