[SOLVED]GeoIP pinhole - allow some IP addresses from a GeoIP blocked country

General questions.
Post Reply
User avatar
H&M
Posts: 465
Joined: May 29th, 2014, 9:38 pm
Location: Europe

[SOLVED]GeoIP pinhole - allow some IP addresses from a GeoIP blocked country

Post by H&M » July 23rd, 2019, 7:13 pm

Hello,

Besides /etc/sysconfig/firewall.local what do suggest to use in order to allow just a few IP addresses as source for input traffic in IpFire while rest of the country IP addresses are blocked?

Ex: France is blocked in GeoIP. But, I have a friend that needs to connect to my IPFire and I want to allow his IP Addres ranges.

The only solution I can think off is to manually write FW rules in /etc/sysconfig/firewall.local, using CUSTOMINPUT chain which is seeing the packet before GEOIPBLOCK chain.

Something like this: (I am not sure will work!)

Code: Select all

iptables -t filter -A CUSTOMINPUT -s a.b.c.d/28 -j ACCEPT
I tried quite a few scenarios with GUI/Web UI but all failed - as soon as I block France in GeoIP country list the traffic stops.

Any other ideas on how to have such pinholes?
Thanks,
H&M

Late Edit: CUSTOMINPUT + /etc/sysconfig/firewall.local chain worked.
Now I am trying to put some rate limits to this, which I am not sure how these are constructed -> I need to allow maximum 2 connection per minute, NEW + Existing ones...
Last edited by H&M on August 4th, 2019, 10:20 am, edited 5 times in total.

User avatar
H&M
Posts: 465
Joined: May 29th, 2014, 9:38 pm
Location: Europe

Re: GeoIP pinhole - allow some IP addresses from a blocked country

Post by H&M » July 29th, 2019, 5:07 pm

Hello,

This becomes a bit more complicated - can someoane help me?
Because I blocked some countries with custom GeoIP groups, I see some failures to login to Microsoft AD Federates services (AD FS).
From some reason I can't explain, my request to authenticate to Microsoft is randomly send toward servers all arround the world.

Data: here is the full list of ALL MSFT IP addresses, AS Numbers, etc.
Because I blocked Brasil in GeoIP, my authentication fails because I am sent (randomly) also to this
Microsoft Brazil server


Or to this Microsoft server from Japan.

Ex:

Code: Select all

Jul 29 19:35:06 ipfire1 kernel: FORWARDFW IN=green0 OUT=ppp0 MAC=************************* SRC=************** DST=52.114.32.7 LEN=52 TOS=0x00 PREC=0x00 TTL=127 ID=30779 DF PROTO=TCP SPT=50936 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0
That was an failed SAML2 authentication request toward https://login.microsoftonline.com/<my_c ... ere>/saml2

Bottom line: I have no reason why a simple DNS query for login.microsoftonline.com returns IP addresses from such countries, but I see that GeoIP custom groups blocks them.

GUI dooes not provide an easy way to create such GeoIP pin holes (assumin that I will manage to parse the RDAP file as described in this RDAP howto article).

How could I easily create GeoIP pin holes for countries I blocked?
MSFT RDAP data is ...daunting ...to say at least!

Thanks!
H&M

User avatar
H&M
Posts: 465
Joined: May 29th, 2014, 9:38 pm
Location: Europe

[SOLVED]GeoIP pinhole - allow some IP addresses from a GeoIP blocked country

Post by H&M » August 4th, 2019, 10:19 am

Hello,
[SOLVED]



Details:
1. I found a way to get from ARIN RDAP *all* CIDR used by Mircorosft, put them in one string, coma separated value

Code: Select all

msft=`curl -k https://rdap.arin.net/registry/entity/MSFT 2>/dev/null |grep v4prefix -A1 |tr -d '",: \n-' |sed -e 's/v4prefix/,/g' |sed -e 's/length/\//g' |sed -e 's/^,//g'`
2. Then I added them to CUSTOMFORWARD chain with this command: you need at lest 2 spaces befpre "-j", the string I've build earlier somehow requires that

Code: Select all

iptables --wait -t filter -D CUSTOMFORWARD -d $msft   –j ACCEPT
iptables --wait -t filter -D CUSTOMFORWARD -d $msft -m hashlimit --hashlimit-above 10/sec --hashlimit-burst 20 --hashlimit-mode dstip --hashlimit-name conn_rate_limit -m state --state NEW -j LOG --log-prefix '** MSFT-RDAP **'
Result:

Code: Select all

Chain CUSTOMFORWARD (1 references)
target     prot opt source               destination
ACCEPT     all  --  0.0.0.0/0            104.208.0.0/13
ACCEPT     all  --  0.0.0.0/0            104.40.0.0/13
ACCEPT     all  --  0.0.0.0/0            12.28.108.0/25
ACCEPT     all  --  0.0.0.0/0            13.64.0.0/11
ACCEPT     all  --  0.0.0.0/0            13.96.0.0/13
ACCEPT     all  --  0.0.0.0/0            13.104.0.0/14
ACCEPT     all  --  0.0.0.0/0            131.107.0.0/16
ACCEPT     all  --  0.0.0.0/0            138.196.0.0/16
ACCEPT     all  --  0.0.0.0/0            146.147.0.0/16
ACCEPT     all  --  0.0.0.0/0            150.171.0.0/16
ACCEPT     all  --  0.0.0.0/0            157.54.0.0/15
ACCEPT     all  --  0.0.0.0/0            157.56.0.0/14
ACCEPT     all  --  0.0.0.0/0            157.60.0.0/16
ACCEPT     all  --  0.0.0.0/0            165.121.253.232/29
ACCEPT     all  --  0.0.0.0/0            167.220.0.0/17
ACCEPT     all  --  0.0.0.0/0            167.220.128.0/18
ACCEPT     all  --  0.0.0.0/0            167.220.192.0/19
ACCEPT     all  --  0.0.0.0/0            192.197.157.0/24
ACCEPT     all  --  0.0.0.0/0            192.237.67.0/24
ACCEPT     all  --  0.0.0.0/0            192.92.90.0/24
ACCEPT     all  --  0.0.0.0/0            198.105.232.0/22
ACCEPT     all  --  0.0.0.0/0            198.137.97.0/24
ACCEPT     all  --  0.0.0.0/0            198.180.74.0/23
ACCEPT     all  --  0.0.0.0/0            198.180.95.0/24
ACCEPT     all  --  0.0.0.0/0            198.180.96.0/23
ACCEPT     all  --  0.0.0.0/0            199.103.122.0/24
ACCEPT     all  --  0.0.0.0/0            199.103.90.0/23
ACCEPT     all  --  0.0.0.0/0            199.2.137.0/24
ACCEPT     all  --  0.0.0.0/0            199.6.92.0/23
ACCEPT     all  --  0.0.0.0/0            199.6.94.0/24
ACCEPT     all  --  0.0.0.0/0            199.60.28.0/24
ACCEPT     all  --  0.0.0.0/0            20.0.0.0/11
ACCEPT     all  --  0.0.0.0/0            20.130.0.0/16
ACCEPT     all  --  0.0.0.0/0            20.135.0.0/16
ACCEPT     all  --  0.0.0.0/0            20.136.0.0/16
ACCEPT     all  --  0.0.0.0/0            20.140.0.0/15
ACCEPT     all  --  0.0.0.0/0            20.143.0.0/16
ACCEPT     all  --  0.0.0.0/0            20.144.0.0/14
ACCEPT     all  --  0.0.0.0/0            20.150.0.0/15
ACCEPT     all  --  0.0.0.0/0            20.152.0.0/15
ACCEPT     all  --  0.0.0.0/0            20.157.0.0/16
ACCEPT     all  --  0.0.0.0/0            20.158.0.0/15
ACCEPT     all  --  0.0.0.0/0            20.160.0.0/12
ACCEPT     all  --  0.0.0.0/0            20.176.0.0/14
ACCEPT     all  --  0.0.0.0/0            20.180.0.0/14
ACCEPT     all  --  0.0.0.0/0            20.184.0.0/13
ACCEPT     all  --  0.0.0.0/0            20.192.0.0/10
ACCEPT     all  --  0.0.0.0/0            20.33.0.0/16
ACCEPT     all  --  0.0.0.0/0            20.34.0.0/15
ACCEPT     all  --  0.0.0.0/0            20.36.0.0/14
ACCEPT     all  --  0.0.0.0/0            20.40.0.0/13
ACCEPT     all  --  0.0.0.0/0            20.48.0.0/12
ACCEPT     all  --  0.0.0.0/0            20.64.0.0/10
ACCEPT     all  --  0.0.0.0/0            20.128.0.0/16
ACCEPT     all  --  0.0.0.0/0            204.13.120.0/21
ACCEPT     all  --  0.0.0.0/0            204.133.231.0/24
ACCEPT     all  --  0.0.0.0/0            204.14.180.0/22
ACCEPT     all  --  0.0.0.0/0            204.140.77.0/24
ACCEPT     all  --  0.0.0.0/0            204.140.80.0/22
ACCEPT     all  --  0.0.0.0/0            204.152.18.0/23
ACCEPT     all  --  0.0.0.0/0            204.182.144.0/20
ACCEPT     all  --  0.0.0.0/0            204.231.192.0/24
ACCEPT     all  --  0.0.0.0/0            204.231.194.0/23
ACCEPT     all  --  0.0.0.0/0            204.231.197.0/24
ACCEPT     all  --  0.0.0.0/0            204.231.198.0/23
ACCEPT     all  --  0.0.0.0/0            204.231.200.0/21
ACCEPT     all  --  0.0.0.0/0            204.231.208.0/20
ACCEPT     all  --  0.0.0.0/0            204.231.236.0/24
ACCEPT     all  --  0.0.0.0/0            204.231.58.0/24
ACCEPT     all  --  0.0.0.0/0            204.231.76.0/24
ACCEPT     all  --  0.0.0.0/0            204.79.101.0/24
ACCEPT     all  --  0.0.0.0/0            204.79.135.0/24
ACCEPT     all  --  0.0.0.0/0            204.79.179.0/24
ACCEPT     all  --  0.0.0.0/0            204.79.181.0/24
ACCEPT     all  --  0.0.0.0/0            204.79.188.0/24
ACCEPT     all  --  0.0.0.0/0            204.79.195.0/24
ACCEPT     all  --  0.0.0.0/0            204.79.196.0/23
ACCEPT     all  --  0.0.0.0/0            204.79.252.0/24
ACCEPT     all  --  0.0.0.0/0            204.79.27.0/24
ACCEPT     all  --  0.0.0.0/0            204.79.7.0/24
ACCEPT     all  --  0.0.0.0/0            204.95.149.0/24
ACCEPT     all  --  0.0.0.0/0            204.95.96.0/20
ACCEPT     all  --  0.0.0.0/0            205.163.144.0/20
ACCEPT     all  --  0.0.0.0/0            205.163.62.0/24
ACCEPT     all  --  0.0.0.0/0            205.163.63.0/24
ACCEPT     all  --  0.0.0.0/0            205.240.158.0/23
ACCEPT     all  --  0.0.0.0/0            205.248.10.0/23
ACCEPT     all  --  0.0.0.0/0            205.248.12.0/22
ACCEPT     all  --  0.0.0.0/0            205.248.212.0/22
ACCEPT     all  --  0.0.0.0/0            205.248.228.0/24
ACCEPT     all  --  0.0.0.0/0            205.248.235.0/24
ACCEPT     all  --  0.0.0.0/0            205.248.243.0/24
ACCEPT     all  --  0.0.0.0/0            205.248.244.0/24
ACCEPT     all  --  0.0.0.0/0            205.248.41.0/24
ACCEPT     all  --  0.0.0.0/0            205.248.42.0/23
ACCEPT     all  --  0.0.0.0/0            205.248.50.0/23
ACCEPT     all  --  0.0.0.0/0            205.248.61.0/24
ACCEPT     all  --  0.0.0.0/0            205.248.62.0/23
ACCEPT     all  --  0.0.0.0/0            205.248.72.0/24
ACCEPT     all  --  0.0.0.0/0            206.107.34.0/24
ACCEPT     all  --  0.0.0.0/0            206.182.236.0/24
ACCEPT     all  --  0.0.0.0/0            206.182.240.0/24
ACCEPT     all  --  0.0.0.0/0            206.182.241.0/24
ACCEPT     all  --  0.0.0.0/0            206.182.247.0/24
ACCEPT     all  --  0.0.0.0/0            206.182.251.0/24
ACCEPT     all  --  0.0.0.0/0            206.182.69.0/24
ACCEPT     all  --  0.0.0.0/0            206.191.224.0/19
ACCEPT     all  --  0.0.0.0/0            206.73.118.0/24
ACCEPT     all  --  0.0.0.0/0            206.73.203.0/24
ACCEPT     all  --  0.0.0.0/0            206.73.31.0/24
ACCEPT     all  --  0.0.0.0/0            206.73.67.0/24
ACCEPT     all  --  0.0.0.0/0            206.79.74.32/28
ACCEPT     all  --  0.0.0.0/0            207.117.3.0/24
ACCEPT     all  --  0.0.0.0/0            207.18.117.0/24
ACCEPT     all  --  0.0.0.0/0            207.209.68.0/24
ACCEPT     all  --  0.0.0.0/0            207.240.123.192/27
ACCEPT     all  --  0.0.0.0/0            207.240.8.224/28
ACCEPT     all  --  0.0.0.0/0            207.46.0.0/16
ACCEPT     all  --  0.0.0.0/0            207.68.128.0/18
ACCEPT     all  --  0.0.0.0/0            207.78.80.0/24
ACCEPT     all  --  0.0.0.0/0            207.78.81.0/24
ACCEPT     all  --  0.0.0.0/0            207.78.82.0/24
ACCEPT     all  --  0.0.0.0/0            208.139.27.0/24
ACCEPT     all  --  0.0.0.0/0            208.26.205.0/24
ACCEPT     all  --  0.0.0.0/0            208.45.54.16/29
ACCEPT     all  --  0.0.0.0/0            208.45.54.8/29
ACCEPT     all  --  0.0.0.0/0            208.45.89.248/29
ACCEPT     all  --  0.0.0.0/0            208.48.28.192/26
ACCEPT     all  --  0.0.0.0/0            208.49.29.0/28
ACCEPT     all  --  0.0.0.0/0            208.68.136.0/21
ACCEPT     all  --  0.0.0.0/0            208.76.44.0/22
ACCEPT     all  --  0.0.0.0/0            208.84.0.0/21
ACCEPT     all  --  0.0.0.0/0            209.1.112.0/24
ACCEPT     all  --  0.0.0.0/0            209.1.113.0/24
ACCEPT     all  --  0.0.0.0/0            209.143.238.0/24
ACCEPT     all  --  0.0.0.0/0            209.185.128.0/22
ACCEPT     all  --  0.0.0.0/0            209.240.192.0/19
ACCEPT     all  --  0.0.0.0/0            209.28.213.0/24
ACCEPT     all  --  0.0.0.0/0            216.220.208.0/20
ACCEPT     all  --  0.0.0.0/0            216.222.104.224/28
ACCEPT     all  --  0.0.0.0/0            216.32.168.224/27
ACCEPT     all  --  0.0.0.0/0            216.32.175.224/27
ACCEPT     all  --  0.0.0.0/0            216.32.180.0/22
ACCEPT     all  --  0.0.0.0/0            216.32.240.0/22
ACCEPT     all  --  0.0.0.0/0            216.33.148.0/22
ACCEPT     all  --  0.0.0.0/0            216.33.229.224/27
ACCEPT     all  --  0.0.0.0/0            216.33.236.0/22
ACCEPT     all  --  0.0.0.0/0            216.33.240.0/22
ACCEPT     all  --  0.0.0.0/0            216.72.96.0/22
ACCEPT     all  --  0.0.0.0/0            23.96.0.0/13
ACCEPT     all  --  0.0.0.0/0            4.128.0.0/12
ACCEPT     all  --  0.0.0.0/0            4.16.39.176/28
ACCEPT     all  --  0.0.0.0/0            40.126.0.0/18
ACCEPT     all  --  0.0.0.0/0            40.126.128.0/17
ACCEPT     all  --  0.0.0.0/0            40.127.0.0/16
ACCEPT     all  --  0.0.0.0/0            40.64.0.0/13
ACCEPT     all  --  0.0.0.0/0            40.74.0.0/15
ACCEPT     all  --  0.0.0.0/0            40.76.0.0/14
ACCEPT     all  --  0.0.0.0/0            40.80.0.0/12
ACCEPT     all  --  0.0.0.0/0            40.96.0.0/12
ACCEPT     all  --  0.0.0.0/0            40.112.0.0/13
ACCEPT     all  --  0.0.0.0/0            40.120.0.0/14
ACCEPT     all  --  0.0.0.0/0            40.124.0.0/16
ACCEPT     all  --  0.0.0.0/0            40.125.0.0/17
ACCEPT     all  --  0.0.0.0/0            52.120.0.0/14
ACCEPT     all  --  0.0.0.0/0            52.125.0.0/16
ACCEPT     all  --  0.0.0.0/0            52.126.0.0/15
ACCEPT     all  --  0.0.0.0/0            52.132.0.0/14
ACCEPT     all  --  0.0.0.0/0            52.136.0.0/13
ACCEPT     all  --  0.0.0.0/0            52.145.0.0/16
ACCEPT     all  --  0.0.0.0/0            52.146.0.0/15
ACCEPT     all  --  0.0.0.0/0            52.148.0.0/14
ACCEPT     all  --  0.0.0.0/0            52.152.0.0/13
ACCEPT     all  --  0.0.0.0/0            52.160.0.0/11
ACCEPT     all  --  0.0.0.0/0            52.224.0.0/11
ACCEPT     all  --  0.0.0.0/0            52.96.0.0/12
ACCEPT     all  --  0.0.0.0/0            52.112.0.0/14
ACCEPT     all  --  0.0.0.0/0            63.161.50.0/25
ACCEPT     all  --  0.0.0.0/0            63.173.42.128/25
ACCEPT     all  --  0.0.0.0/0            63.236.170.64/29
ACCEPT     all  --  0.0.0.0/0            63.236.186.64/29
ACCEPT     all  --  0.0.0.0/0            63.236.187.104/29
ACCEPT     all  --  0.0.0.0/0            63.236.187.128/29
ACCEPT     all  --  0.0.0.0/0            63.236.187.160/29
ACCEPT     all  --  0.0.0.0/0            63.236.198.152/29
ACCEPT     all  --  0.0.0.0/0            63.236.198.64/29
ACCEPT     all  --  0.0.0.0/0            63.239.52.48/29
ACCEPT     all  --  0.0.0.0/0            64.15.170.192/29
ACCEPT     all  --  0.0.0.0/0            64.15.177.0/24
ACCEPT     all  --  0.0.0.0/0            64.15.178.0/24
ACCEPT     all  --  0.0.0.0/0            64.15.229.96/27
ACCEPT     all  --  0.0.0.0/0            64.200.211.16/28
ACCEPT     all  --  0.0.0.0/0            64.4.0.0/18
ACCEPT     all  --  0.0.0.0/0            64.77.82.96/29
ACCEPT     all  --  0.0.0.0/0            64.77.93.80/28
ACCEPT     all  --  0.0.0.0/0            64.85.70.32/28
ACCEPT     all  --  0.0.0.0/0            64.85.81.104/29
ACCEPT     all  --  0.0.0.0/0            64.85.81.96/29
ACCEPT     all  --  0.0.0.0/0            65.126.142.240/29
ACCEPT     all  --  0.0.0.0/0            65.170.29.0/29
ACCEPT     all  --  0.0.0.0/0            65.52.0.0/14
ACCEPT     all  --  0.0.0.0/0            66.119.144.0/20
ACCEPT     all  --  0.0.0.0/0            66.35.208.48/28
ACCEPT     all  --  0.0.0.0/0            66.35.209.120/29
ACCEPT     all  --  0.0.0.0/0            66.35.211.128/26
ACCEPT     all  --  0.0.0.0/0            67.132.133.96/29
ACCEPT     all  --  0.0.0.0/0            67.74.34.32/27
ACCEPT     all  --  0.0.0.0/0            67.75.2.160/27
ACCEPT     all  --  0.0.0.0/0            69.44.126.80/28
ACCEPT     all  --  0.0.0.0/0            70.37.0.0/17
ACCEPT     all  --  0.0.0.0/0            70.37.128.0/18
ACCEPT     all  --  0.0.0.0/0            72.165.43.168/29
ACCEPT     all  --  0.0.0.0/0            8.6.176.0/24
LOG        all  --  0.0.0.0/0            104.208.0.0/13       limit: above 10/sec burst 20 mode dstip state NEW LOG flags 0 level 4 prefix "** MSFT-RDAP **"
LOG        all  --  0.0.0.0/0            104.40.0.0/13        limit: above 10/sec burst 20 mode dstip state NEW LOG flags 0 level 4 prefix "** MSFT-RDAP **"
LOG        all  --  0.0.0.0/0            12.28.108.0/25       limit: above 10/sec burst 20 mode dstip state NEW LOG flags 0 level 4 prefix "** MSFT-RDAP **"
LOG        all  --  0.0.0.0/0            13.64.0.0/11         limit: above 10/sec burst 20 mode dstip state NEW LOG flags 0 level 4 prefix "** MSFT-RDAP **"
LOG        all  --  0.0.0.0/0            13.96.0.0/13         limit: above 10/sec burst 20 mode dstip state NEW LOG flags 0 level 4 prefix "** MSFT-RDAP **"
LOG        all  --  0.0.0.0/0            13.104.0.0/14        limit: above 10/sec burst 20 mode dstip state NEW LOG flags 0 level 4 prefix "** MSFT-RDAP **"
LOG        all  --  0.0.0.0/0            131.107.0.0/16       limit: above 10/sec burst 20 mode dstip state NEW LOG flags 0 level 4 prefix "** MSFT-RDAP **"
LOG        all  --  0.0.0.0/0            138.196.0.0/16       limit: above 10/sec burst 20 mode dstip state NEW LOG flags 0 level 4 prefix "** MSFT-RDAP **"
LOG        all  --  0.0.0.0/0            146.147.0.0/16       limit: above 10/sec burst 20 mode dstip state NEW LOG flags 0 level 4 prefix "** MSFT-RDAP **"
LOG        all  --  0.0.0.0/0            150.171.0.0/16       limit: above 10/sec burst 20 mode dstip state NEW LOG flags 0 level 4 prefix "** MSFT-RDAP **"
LOG        all  --  0.0.0.0/0            157.54.0.0/15        limit: above 10/sec burst 20 mode dstip state NEW LOG flags 0 level 4 prefix "** MSFT-RDAP **"
LOG        all  --  0.0.0.0/0            157.56.0.0/14        limit: above 10/sec burst 20 mode dstip state NEW LOG flags 0 level 4 prefix "** MSFT-RDAP **"
LOG        all  --  0.0.0.0/0            157.60.0.0/16        limit: above 10/sec burst 20 mode dstip state NEW LOG flags 0 level 4 prefix "** MSFT-RDAP **"
LOG        all  --  0.0.0.0/0            165.121.253.232/29   limit: above 10/sec burst 20 mode dstip state NEW LOG flags 0 level 4 prefix "** MSFT-RDAP **"
LOG        all  --  0.0.0.0/0            167.220.0.0/17       limit: above 10/sec burst 20 mode dstip state NEW LOG flags 0 level 4 prefix "** MSFT-RDAP **"
LOG        all  --  0.0.0.0/0            167.220.128.0/18     limit: above 10/sec burst 20 mode dstip state NEW LOG flags 0 level 4 prefix "** MSFT-RDAP **"
LOG        all  --  0.0.0.0/0            167.220.192.0/19     limit: above 10/sec burst 20 mode dstip state NEW LOG flags 0 level 4 prefix "** MSFT-RDAP **"
LOG        all  --  0.0.0.0/0            192.197.157.0/24     limit: above 10/sec burst 20 mode dstip state NEW LOG flags 0 level 4 prefix "** MSFT-RDAP **"
LOG        all  --  0.0.0.0/0            192.237.67.0/24      limit: above 10/sec burst 20 mode dstip state NEW LOG flags 0 level 4 prefix "** MSFT-RDAP **"
LOG        all  --  0.0.0.0/0            192.92.90.0/24       limit: above 10/sec burst 20 mode dstip state NEW LOG flags 0 level 4 prefix "** MSFT-RDAP **"
LOG        all  --  0.0.0.0/0            198.105.232.0/22     limit: above 10/sec burst 20 mode dstip state NEW LOG flags 0 level 4 prefix "** MSFT-RDAP **"
LOG        all  --  0.0.0.0/0            198.137.97.0/24      limit: above 10/sec burst 20 mode dstip state NEW LOG flags 0 level 4 prefix "** MSFT-RDAP **"
LOG        all  --  0.0.0.0/0            198.180.74.0/23      limit: above 10/sec burst 20 mode dstip state NEW LOG flags 0 level 4 prefix "** MSFT-RDAP **"
LOG        all  --  0.0.0.0/0            198.180.95.0/24      limit: above 10/sec burst 20 mode dstip state NEW LOG flags 0 level 4 prefix "** MSFT-RDAP **"
LOG        all  --  0.0.0.0/0            198.180.96.0/23      limit: above 10/sec burst 20 mode dstip state NEW LOG flags 0 level 4 prefix "** MSFT-RDAP **"
LOG        all  --  0.0.0.0/0            199.103.122.0/24     limit: above 10/sec burst 20 mode dstip state NEW LOG flags 0 level 4 prefix "** MSFT-RDAP **"
LOG        all  --  0.0.0.0/0            199.103.90.0/23      limit: above 10/sec burst 20 mode dstip state NEW LOG flags 0 level 4 prefix "** MSFT-RDAP **"
LOG        all  --  0.0.0.0/0            199.2.137.0/24       limit: above 10/sec burst 20 mode dstip state NEW LOG flags 0 level 4 prefix "** MSFT-RDAP **"
LOG        all  --  0.0.0.0/0            199.6.92.0/23        limit: above 10/sec burst 20 mode dstip state NEW LOG flags 0 level 4 prefix "** MSFT-RDAP **"
LOG        all  --  0.0.0.0/0            199.6.94.0/24        limit: above 10/sec burst 20 mode dstip state NEW LOG flags 0 level 4 prefix "** MSFT-RDAP **"
LOG        all  --  0.0.0.0/0            199.60.28.0/24       limit: above 10/sec burst 20 mode dstip state NEW LOG flags 0 level 4 prefix "** MSFT-RDAP **"
LOG        all  --  0.0.0.0/0            20.0.0.0/11          limit: above 10/sec burst 20 mode dstip state NEW LOG flags 0 level 4 prefix "** MSFT-RDAP **"
LOG        all  --  0.0.0.0/0            20.130.0.0/16        limit: above 10/sec burst 20 mode dstip state NEW LOG flags 0 level 4 prefix "** MSFT-RDAP **"
LOG        all  --  0.0.0.0/0            20.135.0.0/16        limit: above 10/sec burst 20 mode dstip state NEW LOG flags 0 level 4 prefix "** MSFT-RDAP **"
LOG        all  --  0.0.0.0/0            20.136.0.0/16        limit: above 10/sec burst 20 mode dstip state NEW LOG flags 0 level 4 prefix "** MSFT-RDAP **"
LOG        all  --  0.0.0.0/0            20.140.0.0/15        limit: above 10/sec burst 20 mode dstip state NEW LOG flags 0 level 4 prefix "** MSFT-RDAP **"
LOG        all  --  0.0.0.0/0            20.143.0.0/16        limit: above 10/sec burst 20 mode dstip state NEW LOG flags 0 level 4 prefix "** MSFT-RDAP **"
LOG        all  --  0.0.0.0/0            20.144.0.0/14        limit: above 10/sec burst 20 mode dstip state NEW LOG flags 0 level 4 prefix "** MSFT-RDAP **"
LOG        all  --  0.0.0.0/0            20.150.0.0/15        limit: above 10/sec burst 20 mode dstip state NEW LOG flags 0 level 4 prefix "** MSFT-RDAP **"
LOG        all  --  0.0.0.0/0            20.152.0.0/15        limit: above 10/sec burst 20 mode dstip state NEW LOG flags 0 level 4 prefix "** MSFT-RDAP **"
LOG        all  --  0.0.0.0/0            20.157.0.0/16        limit: above 10/sec burst 20 mode dstip state NEW LOG flags 0 level 4 prefix "** MSFT-RDAP **"
LOG        all  --  0.0.0.0/0            20.158.0.0/15        limit: above 10/sec burst 20 mode dstip state NEW LOG flags 0 level 4 prefix "** MSFT-RDAP **"
LOG        all  --  0.0.0.0/0            20.160.0.0/12        limit: above 10/sec burst 20 mode dstip state NEW LOG flags 0 level 4 prefix "** MSFT-RDAP **"
LOG        all  --  0.0.0.0/0            20.176.0.0/14        limit: above 10/sec burst 20 mode dstip state NEW LOG flags 0 level 4 prefix "** MSFT-RDAP **"
LOG        all  --  0.0.0.0/0            20.180.0.0/14        limit: above 10/sec burst 20 mode dstip state NEW LOG flags 0 level 4 prefix "** MSFT-RDAP **"
LOG        all  --  0.0.0.0/0            20.184.0.0/13        limit: above 10/sec burst 20 mode dstip state NEW LOG flags 0 level 4 prefix "** MSFT-RDAP **"
LOG        all  --  0.0.0.0/0            20.192.0.0/10        limit: above 10/sec burst 20 mode dstip state NEW LOG flags 0 level 4 prefix "** MSFT-RDAP **"
LOG        all  --  0.0.0.0/0            20.33.0.0/16         limit: above 10/sec burst 20 mode dstip state NEW LOG flags 0 level 4 prefix "** MSFT-RDAP **"
LOG        all  --  0.0.0.0/0            20.34.0.0/15         limit: above 10/sec burst 20 mode dstip state NEW LOG flags 0 level 4 prefix "** MSFT-RDAP **"
LOG        all  --  0.0.0.0/0            20.36.0.0/14         limit: above 10/sec burst 20 mode dstip state NEW LOG flags 0 level 4 prefix "** MSFT-RDAP **"
LOG        all  --  0.0.0.0/0            20.40.0.0/13         limit: above 10/sec burst 20 mode dstip state NEW LOG flags 0 level 4 prefix "** MSFT-RDAP **"
LOG        all  --  0.0.0.0/0            20.48.0.0/12         limit: above 10/sec burst 20 mode dstip state NEW LOG flags 0 level 4 prefix "** MSFT-RDAP **"
LOG        all  --  0.0.0.0/0            20.64.0.0/10         limit: above 10/sec burst 20 mode dstip state NEW LOG flags 0 level 4 prefix "** MSFT-RDAP **"
LOG        all  --  0.0.0.0/0            20.128.0.0/16        limit: above 10/sec burst 20 mode dstip state NEW LOG flags 0 level 4 prefix "** MSFT-RDAP **"
LOG        all  --  0.0.0.0/0            204.13.120.0/21      limit: above 10/sec burst 20 mode dstip state NEW LOG flags 0 level 4 prefix "** MSFT-RDAP **"
LOG        all  --  0.0.0.0/0            204.133.231.0/24     limit: above 10/sec burst 20 mode dstip state NEW LOG flags 0 level 4 prefix "** MSFT-RDAP **"
LOG        all  --  0.0.0.0/0            204.14.180.0/22      limit: above 10/sec burst 20 mode dstip state NEW LOG flags 0 level 4 prefix "** MSFT-RDAP **"
LOG        all  --  0.0.0.0/0            204.140.77.0/24      limit: above 10/sec burst 20 mode dstip state NEW LOG flags 0 level 4 prefix "** MSFT-RDAP **"
LOG        all  --  0.0.0.0/0            204.140.80.0/22      limit: above 10/sec burst 20 mode dstip state NEW LOG flags 0 level 4 prefix "** MSFT-RDAP **"
LOG        all  --  0.0.0.0/0            204.152.18.0/23      limit: above 10/sec burst 20 mode dstip state NEW LOG flags 0 level 4 prefix "** MSFT-RDAP **"
LOG        all  --  0.0.0.0/0            204.182.144.0/20     limit: above 10/sec burst 20 mode dstip state NEW LOG flags 0 level 4 prefix "** MSFT-RDAP **"
LOG        all  --  0.0.0.0/0            204.231.192.0/24     limit: above 10/sec burst 20 mode dstip state NEW LOG flags 0 level 4 prefix "** MSFT-RDAP **"
LOG        all  --  0.0.0.0/0            204.231.194.0/23     limit: above 10/sec burst 20 mode dstip state NEW LOG flags 0 level 4 prefix "** MSFT-RDAP **"
LOG        all  --  0.0.0.0/0            204.231.197.0/24     limit: above 10/sec burst 20 mode dstip state NEW LOG flags 0 level 4 prefix "** MSFT-RDAP **"
LOG        all  --  0.0.0.0/0            204.231.198.0/23     limit: above 10/sec burst 20 mode dstip state NEW LOG flags 0 level 4 prefix "** MSFT-RDAP **"
LOG        all  --  0.0.0.0/0            204.231.200.0/21     limit: above 10/sec burst 20 mode dstip state NEW LOG flags 0 level 4 prefix "** MSFT-RDAP **"
LOG        all  --  0.0.0.0/0            204.231.208.0/20     limit: above 10/sec burst 20 mode dstip state NEW LOG flags 0 level 4 prefix "** MSFT-RDAP **"
LOG        all  --  0.0.0.0/0            204.231.236.0/24     limit: above 10/sec burst 20 mode dstip state NEW LOG flags 0 level 4 prefix "** MSFT-RDAP **"
LOG        all  --  0.0.0.0/0            204.231.58.0/24      limit: above 10/sec burst 20 mode dstip state NEW LOG flags 0 level 4 prefix "** MSFT-RDAP **"
LOG        all  --  0.0.0.0/0            204.231.76.0/24      limit: above 10/sec burst 20 mode dstip state NEW LOG flags 0 level 4 prefix "** MSFT-RDAP **"
LOG        all  --  0.0.0.0/0            204.79.101.0/24      limit: above 10/sec burst 20 mode dstip state NEW LOG flags 0 level 4 prefix "** MSFT-RDAP **"
LOG        all  --  0.0.0.0/0            204.79.135.0/24      limit: above 10/sec burst 20 mode dstip state NEW LOG flags 0 level 4 prefix "** MSFT-RDAP **"
LOG        all  --  0.0.0.0/0            204.79.179.0/24      limit: above 10/sec burst 20 mode dstip state NEW LOG flags 0 level 4 prefix "** MSFT-RDAP **"
LOG        all  --  0.0.0.0/0            204.79.181.0/24      limit: above 10/sec burst 20 mode dstip state NEW LOG flags 0 level 4 prefix "** MSFT-RDAP **"
LOG        all  --  0.0.0.0/0            204.79.188.0/24      limit: above 10/sec burst 20 mode dstip state NEW LOG flags 0 level 4 prefix "** MSFT-RDAP **"
LOG        all  --  0.0.0.0/0            204.79.195.0/24      limit: above 10/sec burst 20 mode dstip state NEW LOG flags 0 level 4 prefix "** MSFT-RDAP **"
LOG        all  --  0.0.0.0/0            204.79.196.0/23      limit: above 10/sec burst 20 mode dstip state NEW LOG flags 0 level 4 prefix "** MSFT-RDAP **"
LOG        all  --  0.0.0.0/0            204.79.252.0/24      limit: above 10/sec burst 20 mode dstip state NEW LOG flags 0 level 4 prefix "** MSFT-RDAP **"
LOG        all  --  0.0.0.0/0            204.79.27.0/24       limit: above 10/sec burst 20 mode dstip state NEW LOG flags 0 level 4 prefix "** MSFT-RDAP **"
LOG        all  --  0.0.0.0/0            204.79.7.0/24        limit: above 10/sec burst 20 mode dstip state NEW LOG flags 0 level 4 prefix "** MSFT-RDAP **"
LOG        all  --  0.0.0.0/0            204.95.149.0/24      limit: above 10/sec burst 20 mode dstip state NEW LOG flags 0 level 4 prefix "** MSFT-RDAP **"
LOG        all  --  0.0.0.0/0            204.95.96.0/20       limit: above 10/sec burst 20 mode dstip state NEW LOG flags 0 level 4 prefix "** MSFT-RDAP **"
LOG        all  --  0.0.0.0/0            205.163.144.0/20     limit: above 10/sec burst 20 mode dstip state NEW LOG flags 0 level 4 prefix "** MSFT-RDAP **"
LOG        all  --  0.0.0.0/0            205.163.62.0/24      limit: above 10/sec burst 20 mode dstip state NEW LOG flags 0 level 4 prefix "** MSFT-RDAP **"
LOG        all  --  0.0.0.0/0            205.163.63.0/24      limit: above 10/sec burst 20 mode dstip state NEW LOG flags 0 level 4 prefix "** MSFT-RDAP **"
LOG        all  --  0.0.0.0/0            205.240.158.0/23     limit: above 10/sec burst 20 mode dstip state NEW LOG flags 0 level 4 prefix "** MSFT-RDAP **"
LOG        all  --  0.0.0.0/0            205.248.10.0/23      limit: above 10/sec burst 20 mode dstip state NEW LOG flags 0 level 4 prefix "** MSFT-RDAP **"
LOG        all  --  0.0.0.0/0            205.248.12.0/22      limit: above 10/sec burst 20 mode dstip state NEW LOG flags 0 level 4 prefix "** MSFT-RDAP **"
LOG        all  --  0.0.0.0/0            205.248.212.0/22     limit: above 10/sec burst 20 mode dstip state NEW LOG flags 0 level 4 prefix "** MSFT-RDAP **"
LOG        all  --  0.0.0.0/0            205.248.228.0/24     limit: above 10/sec burst 20 mode dstip state NEW LOG flags 0 level 4 prefix "** MSFT-RDAP **"
LOG        all  --  0.0.0.0/0            205.248.235.0/24     limit: above 10/sec burst 20 mode dstip state NEW LOG flags 0 level 4 prefix "** MSFT-RDAP **"
LOG        all  --  0.0.0.0/0            205.248.243.0/24     limit: above 10/sec burst 20 mode dstip state NEW LOG flags 0 level 4 prefix "** MSFT-RDAP **"
LOG        all  --  0.0.0.0/0            205.248.244.0/24     limit: above 10/sec burst 20 mode dstip state NEW LOG flags 0 level 4 prefix "** MSFT-RDAP **"
LOG        all  --  0.0.0.0/0            205.248.41.0/24      limit: above 10/sec burst 20 mode dstip state NEW LOG flags 0 level 4 prefix "** MSFT-RDAP **"
LOG        all  --  0.0.0.0/0            205.248.42.0/23      limit: above 10/sec burst 20 mode dstip state NEW LOG flags 0 level 4 prefix "** MSFT-RDAP **"
LOG        all  --  0.0.0.0/0            205.248.50.0/23      limit: above 10/sec burst 20 mode dstip state NEW LOG flags 0 level 4 prefix "** MSFT-RDAP **"
LOG        all  --  0.0.0.0/0            205.248.61.0/24      limit: above 10/sec burst 20 mode dstip state NEW LOG flags 0 level 4 prefix "** MSFT-RDAP **"
LOG        all  --  0.0.0.0/0            205.248.62.0/23      limit: above 10/sec burst 20 mode dstip state NEW LOG flags 0 level 4 prefix "** MSFT-RDAP **"
LOG        all  --  0.0.0.0/0            205.248.72.0/24      limit: above 10/sec burst 20 mode dstip state NEW LOG flags 0 level 4 prefix "** MSFT-RDAP **"
LOG        all  --  0.0.0.0/0            206.107.34.0/24      limit: above 10/sec burst 20 mode dstip state NEW LOG flags 0 level 4 prefix "** MSFT-RDAP **"
LOG        all  --  0.0.0.0/0            206.182.236.0/24     limit: above 10/sec burst 20 mode dstip state NEW LOG flags 0 level 4 prefix "** MSFT-RDAP **"
LOG        all  --  0.0.0.0/0            206.182.240.0/24     limit: above 10/sec burst 20 mode dstip state NEW LOG flags 0 level 4 prefix "** MSFT-RDAP **"
LOG        all  --  0.0.0.0/0            206.182.241.0/24     limit: above 10/sec burst 20 mode dstip state NEW LOG flags 0 level 4 prefix "** MSFT-RDAP **"
LOG        all  --  0.0.0.0/0            206.182.247.0/24     limit: above 10/sec burst 20 mode dstip state NEW LOG flags 0 level 4 prefix "** MSFT-RDAP **"
LOG        all  --  0.0.0.0/0            206.182.251.0/24     limit: above 10/sec burst 20 mode dstip state NEW LOG flags 0 level 4 prefix "** MSFT-RDAP **"
LOG        all  --  0.0.0.0/0            206.182.69.0/24      limit: above 10/sec burst 20 mode dstip state NEW LOG flags 0 level 4 prefix "** MSFT-RDAP **"
LOG        all  --  0.0.0.0/0            206.191.224.0/19     limit: above 10/sec burst 20 mode dstip state NEW LOG flags 0 level 4 prefix "** MSFT-RDAP **"
LOG        all  --  0.0.0.0/0            206.73.118.0/24      limit: above 10/sec burst 20 mode dstip state NEW LOG flags 0 level 4 prefix "** MSFT-RDAP **"
LOG        all  --  0.0.0.0/0            206.73.203.0/24      limit: above 10/sec burst 20 mode dstip state NEW LOG flags 0 level 4 prefix "** MSFT-RDAP **"
LOG        all  --  0.0.0.0/0            206.73.31.0/24       limit: above 10/sec burst 20 mode dstip state NEW LOG flags 0 level 4 prefix "** MSFT-RDAP **"
LOG        all  --  0.0.0.0/0            206.73.67.0/24       limit: above 10/sec burst 20 mode dstip state NEW LOG flags 0 level 4 prefix "** MSFT-RDAP **"
LOG        all  --  0.0.0.0/0            206.79.74.32/28      limit: above 10/sec burst 20 mode dstip state NEW LOG flags 0 level 4 prefix "** MSFT-RDAP **"
LOG        all  --  0.0.0.0/0            207.117.3.0/24       limit: above 10/sec burst 20 mode dstip state NEW LOG flags 0 level 4 prefix "** MSFT-RDAP **"
LOG        all  --  0.0.0.0/0            207.18.117.0/24      limit: above 10/sec burst 20 mode dstip state NEW LOG flags 0 level 4 prefix "** MSFT-RDAP **"
LOG        all  --  0.0.0.0/0            207.209.68.0/24      limit: above 10/sec burst 20 mode dstip state NEW LOG flags 0 level 4 prefix "** MSFT-RDAP **"
LOG        all  --  0.0.0.0/0            207.240.123.192/27   limit: above 10/sec burst 20 mode dstip state NEW LOG flags 0 level 4 prefix "** MSFT-RDAP **"
LOG        all  --  0.0.0.0/0            207.240.8.224/28     limit: above 10/sec burst 20 mode dstip state NEW LOG flags 0 level 4 prefix "** MSFT-RDAP **"
LOG        all  --  0.0.0.0/0            207.46.0.0/16        limit: above 10/sec burst 20 mode dstip state NEW LOG flags 0 level 4 prefix "** MSFT-RDAP **"
LOG        all  --  0.0.0.0/0            207.68.128.0/18      limit: above 10/sec burst 20 mode dstip state NEW LOG flags 0 level 4 prefix "** MSFT-RDAP **"
LOG        all  --  0.0.0.0/0            207.78.80.0/24       limit: above 10/sec burst 20 mode dstip state NEW LOG flags 0 level 4 prefix "** MSFT-RDAP **"
LOG        all  --  0.0.0.0/0            207.78.81.0/24       limit: above 10/sec burst 20 mode dstip state NEW LOG flags 0 level 4 prefix "** MSFT-RDAP **"
LOG        all  --  0.0.0.0/0            207.78.82.0/24       limit: above 10/sec burst 20 mode dstip state NEW LOG flags 0 level 4 prefix "** MSFT-RDAP **"
LOG        all  --  0.0.0.0/0            208.139.27.0/24      limit: above 10/sec burst 20 mode dstip state NEW LOG flags 0 level 4 prefix "** MSFT-RDAP **"
LOG        all  --  0.0.0.0/0            208.26.205.0/24      limit: above 10/sec burst 20 mode dstip state NEW LOG flags 0 level 4 prefix "** MSFT-RDAP **"
LOG        all  --  0.0.0.0/0            208.45.54.16/29      limit: above 10/sec burst 20 mode dstip state NEW LOG flags 0 level 4 prefix "** MSFT-RDAP **"
LOG        all  --  0.0.0.0/0            208.45.54.8/29       limit: above 10/sec burst 20 mode dstip state NEW LOG flags 0 level 4 prefix "** MSFT-RDAP **"
LOG        all  --  0.0.0.0/0            208.45.89.248/29     limit: above 10/sec burst 20 mode dstip state NEW LOG flags 0 level 4 prefix "** MSFT-RDAP **"
LOG        all  --  0.0.0.0/0            208.48.28.192/26     limit: above 10/sec burst 20 mode dstip state NEW LOG flags 0 level 4 prefix "** MSFT-RDAP **"
LOG        all  --  0.0.0.0/0            208.49.29.0/28       limit: above 10/sec burst 20 mode dstip state NEW LOG flags 0 level 4 prefix "** MSFT-RDAP **"
LOG        all  --  0.0.0.0/0            208.68.136.0/21      limit: above 10/sec burst 20 mode dstip state NEW LOG flags 0 level 4 prefix "** MSFT-RDAP **"
LOG        all  --  0.0.0.0/0            208.76.44.0/22       limit: above 10/sec burst 20 mode dstip state NEW LOG flags 0 level 4 prefix "** MSFT-RDAP **"
LOG        all  --  0.0.0.0/0            208.84.0.0/21        limit: above 10/sec burst 20 mode dstip state NEW LOG flags 0 level 4 prefix "** MSFT-RDAP **"
LOG        all  --  0.0.0.0/0            209.1.112.0/24       limit: above 10/sec burst 20 mode dstip state NEW LOG flags 0 level 4 prefix "** MSFT-RDAP **"
LOG        all  --  0.0.0.0/0            209.1.113.0/24       limit: above 10/sec burst 20 mode dstip state NEW LOG flags 0 level 4 prefix "** MSFT-RDAP **"
LOG        all  --  0.0.0.0/0            209.143.238.0/24     limit: above 10/sec burst 20 mode dstip state NEW LOG flags 0 level 4 prefix "** MSFT-RDAP **"
LOG        all  --  0.0.0.0/0            209.185.128.0/22     limit: above 10/sec burst 20 mode dstip state NEW LOG flags 0 level 4 prefix "** MSFT-RDAP **"
LOG        all  --  0.0.0.0/0            209.240.192.0/19     limit: above 10/sec burst 20 mode dstip state NEW LOG flags 0 level 4 prefix "** MSFT-RDAP **"
LOG        all  --  0.0.0.0/0            209.28.213.0/24      limit: above 10/sec burst 20 mode dstip state NEW LOG flags 0 level 4 prefix "** MSFT-RDAP **"
LOG        all  --  0.0.0.0/0            216.220.208.0/20     limit: above 10/sec burst 20 mode dstip state NEW LOG flags 0 level 4 prefix "** MSFT-RDAP **"
LOG        all  --  0.0.0.0/0            216.222.104.224/28   limit: above 10/sec burst 20 mode dstip state NEW LOG flags 0 level 4 prefix "** MSFT-RDAP **"
LOG        all  --  0.0.0.0/0            216.32.168.224/27    limit: above 10/sec burst 20 mode dstip state NEW LOG flags 0 level 4 prefix "** MSFT-RDAP **"
LOG        all  --  0.0.0.0/0            216.32.175.224/27    limit: above 10/sec burst 20 mode dstip state NEW LOG flags 0 level 4 prefix "** MSFT-RDAP **"
LOG        all  --  0.0.0.0/0            216.32.180.0/22      limit: above 10/sec burst 20 mode dstip state NEW LOG flags 0 level 4 prefix "** MSFT-RDAP **"
LOG        all  --  0.0.0.0/0            216.32.240.0/22      limit: above 10/sec burst 20 mode dstip state NEW LOG flags 0 level 4 prefix "** MSFT-RDAP **"
LOG        all  --  0.0.0.0/0            216.33.148.0/22      limit: above 10/sec burst 20 mode dstip state NEW LOG flags 0 level 4 prefix "** MSFT-RDAP **"
LOG        all  --  0.0.0.0/0            216.33.229.224/27    limit: above 10/sec burst 20 mode dstip state NEW LOG flags 0 level 4 prefix "** MSFT-RDAP **"
LOG        all  --  0.0.0.0/0            216.33.236.0/22      limit: above 10/sec burst 20 mode dstip state NEW LOG flags 0 level 4 prefix "** MSFT-RDAP **"
LOG        all  --  0.0.0.0/0            216.33.240.0/22      limit: above 10/sec burst 20 mode dstip state NEW LOG flags 0 level 4 prefix "** MSFT-RDAP **"
LOG        all  --  0.0.0.0/0            216.72.96.0/22       limit: above 10/sec burst 20 mode dstip state NEW LOG flags 0 level 4 prefix "** MSFT-RDAP **"
LOG        all  --  0.0.0.0/0            23.96.0.0/13         limit: above 10/sec burst 20 mode dstip state NEW LOG flags 0 level 4 prefix "** MSFT-RDAP **"
LOG        all  --  0.0.0.0/0            4.128.0.0/12         limit: above 10/sec burst 20 mode dstip state NEW LOG flags 0 level 4 prefix "** MSFT-RDAP **"
LOG        all  --  0.0.0.0/0            4.16.39.176/28       limit: above 10/sec burst 20 mode dstip state NEW LOG flags 0 level 4 prefix "** MSFT-RDAP **"
LOG        all  --  0.0.0.0/0            40.126.0.0/18        limit: above 10/sec burst 20 mode dstip state NEW LOG flags 0 level 4 prefix "** MSFT-RDAP **"
LOG        all  --  0.0.0.0/0            40.126.128.0/17      limit: above 10/sec burst 20 mode dstip state NEW LOG flags 0 level 4 prefix "** MSFT-RDAP **"
LOG        all  --  0.0.0.0/0            40.127.0.0/16        limit: above 10/sec burst 20 mode dstip state NEW LOG flags 0 level 4 prefix "** MSFT-RDAP **"
LOG        all  --  0.0.0.0/0            40.64.0.0/13         limit: above 10/sec burst 20 mode dstip state NEW LOG flags 0 level 4 prefix "** MSFT-RDAP **"
LOG        all  --  0.0.0.0/0            40.74.0.0/15         limit: above 10/sec burst 20 mode dstip state NEW LOG flags 0 level 4 prefix "** MSFT-RDAP **"
LOG        all  --  0.0.0.0/0            40.76.0.0/14         limit: above 10/sec burst 20 mode dstip state NEW LOG flags 0 level 4 prefix "** MSFT-RDAP **"
LOG        all  --  0.0.0.0/0            40.80.0.0/12         limit: above 10/sec burst 20 mode dstip state NEW LOG flags 0 level 4 prefix "** MSFT-RDAP **"
LOG        all  --  0.0.0.0/0            40.96.0.0/12         limit: above 10/sec burst 20 mode dstip state NEW LOG flags 0 level 4 prefix "** MSFT-RDAP **"
LOG        all  --  0.0.0.0/0            40.112.0.0/13        limit: above 10/sec burst 20 mode dstip state NEW LOG flags 0 level 4 prefix "** MSFT-RDAP **"
LOG        all  --  0.0.0.0/0            40.120.0.0/14        limit: above 10/sec burst 20 mode dstip state NEW LOG flags 0 level 4 prefix "** MSFT-RDAP **"
LOG        all  --  0.0.0.0/0            40.124.0.0/16        limit: above 10/sec burst 20 mode dstip state NEW LOG flags 0 level 4 prefix "** MSFT-RDAP **"
LOG        all  --  0.0.0.0/0            40.125.0.0/17        limit: above 10/sec burst 20 mode dstip state NEW LOG flags 0 level 4 prefix "** MSFT-RDAP **"
LOG        all  --  0.0.0.0/0            52.120.0.0/14        limit: above 10/sec burst 20 mode dstip state NEW LOG flags 0 level 4 prefix "** MSFT-RDAP **"
LOG        all  --  0.0.0.0/0            52.125.0.0/16        limit: above 10/sec burst 20 mode dstip state NEW LOG flags 0 level 4 prefix "** MSFT-RDAP **"
LOG        all  --  0.0.0.0/0            52.126.0.0/15        limit: above 10/sec burst 20 mode dstip state NEW LOG flags 0 level 4 prefix "** MSFT-RDAP **"
LOG        all  --  0.0.0.0/0            52.132.0.0/14        limit: above 10/sec burst 20 mode dstip state NEW LOG flags 0 level 4 prefix "** MSFT-RDAP **"
LOG        all  --  0.0.0.0/0            52.145.0.0/16        limit: above 10/sec burst 20 mode dstip state NEW LOG flags 0 level 4 prefix "** MSFT-RDAP **"
LOG        all  --  0.0.0.0/0            52.146.0.0/15        limit: above 10/sec burst 20 mode dstip state NEW LOG flags 0 level 4 prefix "** MSFT-RDAP **"
LOG        all  --  0.0.0.0/0            52.148.0.0/14        limit: above 10/sec burst 20 mode dstip state NEW LOG flags 0 level 4 prefix "** MSFT-RDAP **"
LOG        all  --  0.0.0.0/0            52.152.0.0/13        limit: above 10/sec burst 20 mode dstip state NEW LOG flags 0 level 4 prefix "** MSFT-RDAP **"
LOG        all  --  0.0.0.0/0            52.160.0.0/11        limit: above 10/sec burst 20 mode dstip state NEW LOG flags 0 level 4 prefix "** MSFT-RDAP **"
LOG        all  --  0.0.0.0/0            52.224.0.0/11        limit: above 10/sec burst 20 mode dstip state NEW LOG flags 0 level 4 prefix "** MSFT-RDAP **"
LOG        all  --  0.0.0.0/0            52.96.0.0/12         limit: above 10/sec burst 20 mode dstip state NEW LOG flags 0 level 4 prefix "** MSFT-RDAP **"
LOG        all  --  0.0.0.0/0            52.112.0.0/14        limit: above 10/sec burst 20 mode dstip state NEW LOG flags 0 level 4 prefix "** MSFT-RDAP **"
LOG        all  --  0.0.0.0/0            63.161.50.0/25       limit: above 10/sec burst 20 mode dstip state NEW LOG flags 0 level 4 prefix "** MSFT-RDAP **"
LOG        all  --  0.0.0.0/0            63.173.42.128/25     limit: above 10/sec burst 20 mode dstip state NEW LOG flags 0 level 4 prefix "** MSFT-RDAP **"
LOG        all  --  0.0.0.0/0            63.236.170.64/29     limit: above 10/sec burst 20 mode dstip state NEW LOG flags 0 level 4 prefix "** MSFT-RDAP **"
LOG        all  --  0.0.0.0/0            63.236.186.64/29     limit: above 10/sec burst 20 mode dstip state NEW LOG flags 0 level 4 prefix "** MSFT-RDAP **"
LOG        all  --  0.0.0.0/0            63.236.187.104/29    limit: above 10/sec burst 20 mode dstip state NEW LOG flags 0 level 4 prefix "** MSFT-RDAP **"
LOG        all  --  0.0.0.0/0            63.236.187.128/29    limit: above 10/sec burst 20 mode dstip state NEW LOG flags 0 level 4 prefix "** MSFT-RDAP **"
LOG        all  --  0.0.0.0/0            63.236.187.160/29    limit: above 10/sec burst 20 mode dstip state NEW LOG flags 0 level 4 prefix "** MSFT-RDAP **"
LOG        all  --  0.0.0.0/0            63.236.198.152/29    limit: above 10/sec burst 20 mode dstip state NEW LOG flags 0 level 4 prefix "** MSFT-RDAP **"
LOG        all  --  0.0.0.0/0            63.236.198.64/29     limit: above 10/sec burst 20 mode dstip state NEW LOG flags 0 level 4 prefix "** MSFT-RDAP **"
LOG        all  --  0.0.0.0/0            63.239.52.48/29      limit: above 10/sec burst 20 mode dstip state NEW LOG flags 0 level 4 prefix "** MSFT-RDAP **"
LOG        all  --  0.0.0.0/0            64.15.170.192/29     limit: above 10/sec burst 20 mode dstip state NEW LOG flags 0 level 4 prefix "** MSFT-RDAP **"
LOG        all  --  0.0.0.0/0            64.15.177.0/24       limit: above 10/sec burst 20 mode dstip state NEW LOG flags 0 level 4 prefix "** MSFT-RDAP **"
LOG        all  --  0.0.0.0/0            64.15.178.0/24       limit: above 10/sec burst 20 mode dstip state NEW LOG flags 0 level 4 prefix "** MSFT-RDAP **"
LOG        all  --  0.0.0.0/0            64.15.229.96/27      limit: above 10/sec burst 20 mode dstip state NEW LOG flags 0 level 4 prefix "** MSFT-RDAP **"
LOG        all  --  0.0.0.0/0            64.200.211.16/28     limit: above 10/sec burst 20 mode dstip state NEW LOG flags 0 level 4 prefix "** MSFT-RDAP **"
LOG        all  --  0.0.0.0/0            64.4.0.0/18          limit: above 10/sec burst 20 mode dstip state NEW LOG flags 0 level 4 prefix "** MSFT-RDAP **"
LOG        all  --  0.0.0.0/0            64.77.82.96/29       limit: above 10/sec burst 20 mode dstip state NEW LOG flags 0 level 4 prefix "** MSFT-RDAP **"
LOG        all  --  0.0.0.0/0            64.77.93.80/28       limit: above 10/sec burst 20 mode dstip state NEW LOG flags 0 level 4 prefix "** MSFT-RDAP **"
LOG        all  --  0.0.0.0/0            64.85.70.32/28       limit: above 10/sec burst 20 mode dstip state NEW LOG flags 0 level 4 prefix "** MSFT-RDAP **"
LOG        all  --  0.0.0.0/0            64.85.81.104/29      limit: above 10/sec burst 20 mode dstip state NEW LOG flags 0 level 4 prefix "** MSFT-RDAP **"
LOG        all  --  0.0.0.0/0            64.85.81.96/29       limit: above 10/sec burst 20 mode dstip state NEW LOG flags 0 level 4 prefix "** MSFT-RDAP **"
LOG        all  --  0.0.0.0/0            65.126.142.240/29    limit: above 10/sec burst 20 mode dstip state NEW LOG flags 0 level 4 prefix "** MSFT-RDAP **"
LOG        all  --  0.0.0.0/0            65.170.29.0/29       limit: above 10/sec burst 20 mode dstip state NEW LOG flags 0 level 4 prefix "** MSFT-RDAP **"
LOG        all  --  0.0.0.0/0            65.52.0.0/14         limit: above 10/sec burst 20 mode dstip state NEW LOG flags 0 level 4 prefix "** MSFT-RDAP **"
LOG        all  --  0.0.0.0/0            66.119.144.0/20      limit: above 10/sec burst 20 mode dstip state NEW LOG flags 0 level 4 prefix "** MSFT-RDAP **"
LOG        all  --  0.0.0.0/0            66.35.208.48/28      limit: above 10/sec burst 20 mode dstip state NEW LOG flags 0 level 4 prefix "** MSFT-RDAP **"
LOG        all  --  0.0.0.0/0            66.35.209.120/29     limit: above 10/sec burst 20 mode dstip state NEW LOG flags 0 level 4 prefix "** MSFT-RDAP **"
LOG        all  --  0.0.0.0/0            66.35.211.128/26     limit: above 10/sec burst 20 mode dstip state NEW LOG flags 0 level 4 prefix "** MSFT-RDAP **"
LOG        all  --  0.0.0.0/0            67.132.133.96/29     limit: above 10/sec burst 20 mode dstip state NEW LOG flags 0 level 4 prefix "** MSFT-RDAP **"
LOG        all  --  0.0.0.0/0            67.74.34.32/27       limit: above 10/sec burst 20 mode dstip state NEW LOG flags 0 level 4 prefix "** MSFT-RDAP **"
LOG        all  --  0.0.0.0/0            67.75.2.160/27       limit: above 10/sec burst 20 mode dstip state NEW LOG flags 0 level 4 prefix "** MSFT-RDAP **"
LOG        all  --  0.0.0.0/0            69.44.126.80/28      limit: above 10/sec burst 20 mode dstip state NEW LOG flags 0 level 4 prefix "** MSFT-RDAP **"
LOG        all  --  0.0.0.0/0            70.37.0.0/17         limit: above 10/sec burst 20 mode dstip state NEW LOG flags 0 level 4 prefix "** MSFT-RDAP **"
LOG        all  --  0.0.0.0/0            70.37.128.0/18       limit: above 10/sec burst 20 mode dstip state NEW LOG flags 0 level 4 prefix "** MSFT-RDAP **"
LOG        all  --  0.0.0.0/0            72.165.43.168/29     limit: above 10/sec burst 20 mode dstip state NEW LOG flags 0 level 4 prefix "** MSFT-RDAP **"
LOG        all  --  0.0.0.0/0            8.6.176.0/24         limit: above 10/sec burst 20 mode dstip state NEW LOG flags 0 level 4 prefix "** MSFT-RDAP **"


Same logic I applied for my friend ISP range in France: whole France (GeoIP source) is blocked except the IP addresses that his ISP allocate to him.
But for this, I used CUSTOMINPUT chain because he needs to access my OpenVPN

Hope it helps!
H&M

Post Reply