Hi all. I realise that it's a constantly changing list but does anyone have a list on NZ IPs? Why: We're trying to set up a website to be accessible in NZ only. Knowing what I know then firewalling is the tool (a man with a hammer...) but I need to routinely source a more recent list. Any suggestions or hints appreciated. Cheers... Clark
I would suggest you get a BGP feed from your ISP with all the Peering + National routes, that way you will have an accurate real time list. -----Original Message----- From: nznog-bounces(a)list.waikato.ac.nz [mailto:nznog-bounces(a)list.waikato.ac.nz] On Behalf Of Clark Mills Sent: Monday, 24 March 2014 8:52 a.m. To: nznog(a)list.waikato.ac.nz Subject: [nznog] List of NZ IP addresses? Hi all. I realise that it's a constantly changing list but does anyone have a list on NZ IPs? Why: We're trying to set up a website to be accessible in NZ only. Knowing what I know then firewalling is the tool (a man with a hammer...) but I need to routinely source a more recent list. Any suggestions or hints appreciated. Cheers... Clark
I think grabbing all the ISPs BGP AS's and using that as a basis is the way most people do it. Like Telecom's main subscriber AS is AS4771 -----Original Message----- From: nznog-bounces(a)list.waikato.ac.nz [mailto:nznog-bounces(a)list.waikato.ac.nz] On Behalf Of Clark Mills Sent: Monday, 24 March 2014 8:52 a.m. To: nznog(a)list.waikato.ac.nz Subject: [nznog] List of NZ IP addresses? Hi all. I realise that it's a constantly changing list but does anyone have a list on NZ IPs? Why: We're trying to set up a website to be accessible in NZ only. Knowing what I know then firewalling is the tool (a man with a hammer...) but I need to routinely source a more recent list. Any suggestions or hints appreciated. Cheers... Clark
I see you have an Auckland AC email address, are you able to get access to a Reannz BGP feed? http://reannz.co.nz/services/tuning-bgp EXCLUDING ROUTES BASED ON AS NUMBER It can sometimes be useful to exclude routes being imported based on an AS number. This could be the AS number of a destination network such as the REANNZ network AS38299 or it could be that you want to exclude everything that has transited a particular network such as the network core AS38022. It is important to understand the outcome you are trying to achieve. For example, a REANNZ member that excluded any routes that transited AS38022 would exclude all network routes from the routing table. In a similar fashion excluding AS38018 (our network International AS) would allow domestic routes to be imported but no International routes. On 2014-03-24 06:51, Clark Mills wrote:
Hi all.
I realise that it's a constantly changing list but does anyone have a list on NZ IPs?
Why: We're trying to set up a website to be accessible in NZ only. Knowing what I know then firewalling is the tool (a man with a hammer...) but I need to routinely source a more recent list.
Any suggestions or hints appreciated.
Cheers... Clark
_______________________________________________ NZNOG mailing list NZNOG(a)list.waikato.ac.nz http://list.waikato.ac.nz/mailman/listinfo/nznog
Once upon a time we leveraged APNIC's latest delegations (http://ftp.apnic.net/stats/apnic/delegated-apnic-latest) and whittled it down to NZ entries. The biggest caveat of this method is there are quite a few people geographically in New Zealand but with an IP from Australia. - Damian On 24/03/14 08:51, Clark Mills wrote:
Hi all.
I realise that it's a constantly changing list but does anyone have a list on NZ IPs?
Why: We're trying to set up a website to be accessible in NZ only. Knowing what I know then firewalling is the tool (a man with a hammer...) but I need to routinely source a more recent list.
Any suggestions or hints appreciated.
Cheers... Clark
Just use the MaxMind and either a plug-in for your web server, or something within the web app itself. Their CityLite or CountryLite database is free, and accuracy at the country level is very good (although not always perfect, but nothing is ever going to be perfect). www.maxmind.com Scott On Sun, Mar 23, 2014 at 12:51 PM, Clark Mills <c.mills(a)auckland.ac.nz>wrote:
Hi all.
I realise that it's a constantly changing list but does anyone have a list on NZ IPs?
Why: We're trying to set up a website to be accessible in NZ only. Knowing what I know then firewalling is the tool (a man with a hammer...) but I need to routinely source a more recent list.
Any suggestions or hints appreciated.
Cheers... Clark
_______________________________________________ NZNOG mailing list NZNOG(a)list.waikato.ac.nz http://list.waikato.ac.nz/mailman/listinfo/nznog
http://dev.maxmind.com/geoip/geoip2/geolite2/ I was too slow 2 votes for maxmind. (or bgp feed with communities or something from your ISP) it depends if you are trying to firewall for cost reasons, eg: I don't want to serve my HD content to international viewers because it will bankrupt me. Or I don't want to serve my international content to international viewers because it would breach a license agreement with the rights holder. Cheers Rob *Rob McDonald | *Director Level 2 Systems Ltd *M:* +64 21 902 929 *eFax:* +64 9 974 4734 *W:* http://www.L2.co.nz <http://www.l2.co.nz/> On 24 March 2014 09:33, Scott Howard <scott(a)doc.net.au> wrote:
Just use the MaxMind and either a plug-in for your web server, or something within the web app itself. Their CityLite or CountryLite database is free, and accuracy at the country level is very good (although not always perfect, but nothing is ever going to be perfect).
www.maxmind.com
Scott
On Sun, Mar 23, 2014 at 12:51 PM, Clark Mills <c.mills(a)auckland.ac.nz>wrote:
Hi all.
I realise that it's a constantly changing list but does anyone have a list on NZ IPs?
Why: We're trying to set up a website to be accessible in NZ only. Knowing what I know then firewalling is the tool (a man with a hammer...) but I need to routinely source a more recent list.
Any suggestions or hints appreciated.
Cheers... Clark
_______________________________________________ NZNOG mailing list NZNOG(a)list.waikato.ac.nz http://list.waikato.ac.nz/mailman/listinfo/nznog
_______________________________________________ NZNOG mailing list NZNOG(a)list.waikato.ac.nz http://list.waikato.ac.nz/mailman/listinfo/nznog
We use maxmind for a similar process. We use their webserivce in conjunction with .net and find the API queries to return the country in a speed unnoticeable to users of the system. They have sample code for various languages. I don't know much about BGP but I would imagine that max minds 5 lines of code is simpler to add than managing the BGP process. However as mentioned by Rob its not allways 100% accurate but if its good enough for google (google analytics) it should hopefully be accurate enough Gareth Davies Senior Systems Administrator DD +64 9 574 0123 EXT 8465 www.fphcare.com From: nznog-bounces(a)list.waikato.ac.nz [mailto:nznog-bounces(a)list.waikato.ac.nz] On Behalf Of Scott Howard Sent: Monday, 24 March 2014 9:34 a.m. To: Clark Mills Cc: nznog Subject: Re: [nznog] List of NZ IP addresses? Just use the MaxMind and either a plug-in for your web server, or something within the web app itself. Their CityLite or CountryLite database is free, and accuracy at the country level is very good (although not always perfect, but nothing is ever going to be perfect). www.maxmind.com<http://www.maxmind.com> Scott On Sun, Mar 23, 2014 at 12:51 PM, Clark Mills <c.mills(a)auckland.ac.nz<mailto:c.mills(a)auckland.ac.nz>> wrote: Hi all. I realise that it's a constantly changing list but does anyone have a list on NZ IPs? Why: We're trying to set up a website to be accessible in NZ only. Knowing what I know then firewalling is the tool (a man with a hammer...) but I need to routinely source a more recent list. Any suggestions or hints appreciated. Cheers... Clark _______________________________________________ NZNOG mailing list NZNOG(a)list.waikato.ac.nz<mailto:NZNOG(a)list.waikato.ac.nz> http://list.waikato.ac.nz/mailman/listinfo/nznog ____________________________________________________________ This e-mail and any attachments may contain confidential information. If you are not the intended recipient (or have received this e-mail in error) please notify the sender immediately and destroy this e-mail. Any unauthorized copying, disclosure or distribution of the material in this e-mail is strictly forbidden.
Whatever you end up doing, can you please: A) Make sure it's kept up to date B) Have some other method of whitelisting addresses, and make it clear on your site how people can get in touch if they think you've incorrectly classified an NZ IP as non-NZ. (Coming from someone who's been trying to deal with getting various DBs updated to take into account a recent IPv4 block transfer) On Mon, Mar 24, 2014 at 10:02 AM, Gareth Davies <Gareth.Davies(a)fphcare.co.nz
wrote:
We use maxmind for a similar process. We use their webserivce in conjunction with .net and find the API queries to return the country in a speed unnoticeable to users of the system.
They have sample code for various languages.
I don't know much about BGP but I would imagine that max minds 5 lines of code is simpler to add than managing the BGP process. However as mentioned by Rob its not allways 100% accurate but if its good enough for google (google analytics) it should hopefully be accurate enough
*Gareth Davies*
Senior Systems Administrator
*DD* +64 9 574 0123 *EXT* 8465
*www.fphcare.com <http://www.fphcare.com>*
*From:* nznog-bounces(a)list.waikato.ac.nz [mailto: nznog-bounces(a)list.waikato.ac.nz] *On Behalf Of *Scott Howard *Sent:* Monday, 24 March 2014 9:34 a.m. *To:* Clark Mills *Cc:* nznog *Subject:* Re: [nznog] List of NZ IP addresses?
Just use the MaxMind and either a plug-in for your web server, or something within the web app itself. Their CityLite or CountryLite database is free, and accuracy at the country level is very good (although not always perfect, but nothing is ever going to be perfect).
www.maxmind.com
Scott
On Sun, Mar 23, 2014 at 12:51 PM, Clark Mills <c.mills(a)auckland.ac.nz> wrote:
Hi all.
I realise that it's a constantly changing list but does anyone have a list on NZ IPs?
Why: We're trying to set up a website to be accessible in NZ only. Knowing what I know then firewalling is the tool (a man with a hammer...) but I need to routinely source a more recent list.
Any suggestions or hints appreciated.
Cheers... Clark
_______________________________________________ NZNOG mailing list NZNOG(a)list.waikato.ac.nz http://list.waikato.ac.nz/mailman/listinfo/nznog
_______________________________________
This e-mail and any attachments may contain confidential information. If you are not the intended recipient (or have received this e-mail in error) please notify the sender immediately and destroy this e-mail. Any unauthorized copying, disclosure or distribution of the material in this e-mail is strictly forbidden.
_______________________________________________ NZNOG mailing list NZNOG(a)list.waikato.ac.nz http://list.waikato.ac.nz/mailman/listinfo/nznog
participants (9)
-
Bill Walker -
Clark Mills -
Damian Kissick -
Gareth Davies -
Lindsay Hill -
Peter Lambrechtsen -
Rob McDonald -
Scott Howard -
Tony Wicks