2
I have a challenge where I need to accept only traffic from Wikipedia.org
I am familiar with iptables and understand network basics.
For Facebook traffic, I could use
whois -h whois.radb.net -- '-i origin AS32934' | grep ^route
to get list of Facebook IP addresses.
Is there a similar way for Wikipedia.org?
M Rusedski
Posted 2016-09-11T09:38:31.470
Reputation: 23
1
$ dig +short www.wikipedia.org. a
91.198.174.192
$ whois -h whois.radb.net 91.198.174.192 |grep ^origin
origin: AS43821
$ whois -h whois.radb.net \!gAS43821
A31
185.15.56.0/22 91.198.174.0/24
C
So your answer would be: 185.15.56.0/22 91.198.174.0/24
Some credits go to this question (seems the "!g" query gives an easier result that the "-i origin" one. Beware ! often needs a \ if shell is interactive, quotes won't do it): https://serverfault.com/questions/802142/dont-work-scipt-with-output-drop-policy-in-iptables
A.B
Posted 2016-09-11T09:38:31.470
Reputation: 2 008
Good answer. Thanks to both question and answer (both upvoted), I now know that the
– Anthony Geoghegan – 2016-09-11T15:19:13.040whoiscommand has more useful features than I had previously realised. The man page and https://en.wikipedia.org/wiki/WHOIS are well worth reading.neat answer. I am getting different set of results dig +short www.wikipedia.org. a 208.80.154.224 whois -h whois.radb.net 208.80.154.224 |grep ^origin origin: AS14907 whois -h whois.radb.net !gAS14907 208.80.152.0/22 198.35.26.0/23 208.80.152.0/23 208.80.154.0/23 – M Rusedski – 2016-09-12T08:36:43.583
Perhaps the DNS server uses geolocalisation? Might be hard to know all their networks then, but if it's stable at the place of usage... – A.B – 2016-09-12T16:24:17.760
that's it: my net was actually named: route: 91.198.174.0/24 descr: Wikimedia Europe network (and i'm in Europe) – A.B – 2016-09-12T16:33:12.023