Ceptor - Get a Free Trial

Config - IP Ranges

Owned by Kim Rasmussen
Last updated: Mar 18, 2020 by Kim Rasmussen (Unlicensed)
3 min read

JSON Configuration for IP Ranges

Below, is an example of how a JSON configuration for IP Ranges looks like:

IP Range JSON Example
"ipranges": [
  {
    "name": "local",
    "description": "Local IP addresses",
    "include": [
      "127.0.0.1",
      "192.168.1.0/30",
      "10.0.0.0/255.0.0.0",
      "172.16.0.0/255.255.0.0"
    ]
  },
  {
    "name": "Firehol level 1",
    "description": "All cybercrime IP feeds - see http://iplists.firehol.org/\n\nLocal IP addresses are excluded from the range",
    "include": ["https://raw.githubusercontent.com/ktsaou/blocklist-ipsets/master/firehol_level1.netset"],
    "exclude": [
      "10.0.0.0/255.0.0.0",
      "172.16.0.0/12",
      "192.168.1.0/30",
      "127.0.0.1"
    ],
    "refresh.interval": 15
  }
]

Configuration within Ceptor Console

Configuration of IP ranges happen within Ceptor Console, in the Gateway Settings.

Here, you can add or remove ranges.

Press "Add" to add a new range, type in the name, and select the range to continue configuring its details:


An IP range's configuration is stored within a JSON Object inside the ranges array.

IP Range

Name:

This is the name of the IP range - you can refer to this name in e.g. a Condition on a Location when matching a remote IP address against the range.

Default: none
JSON key: name

Description:

This is a short description of the IP Range, here you can describe its purpose and what to use it for.

Default: empty
JSON key: description

Refresh Interval

Here, you can specify the interval in minutes between updating - every x minutes, the configuration will be read again - this is especially useful if you reference any files on disk or load IP Reputation Databases from remote locations.

Default: 5
JSON key: refresh.interval

Include IPs

Here, you can add an IP address or pattern that will in included in the IP Range list.

You can specify:

  • Single IP address
  • IP Range - e.g. 192.168.1.1-192.168.1.16
  • CIDR bits notation - e.g. 192.168.1.0/30
  • CIDR netmask notation - e.g. 192.168.1.0/255.255.255.0
  • Filename - prefixed with {file} to load the file from
  • URL starting with https:// or http:// to load an IP Reputation Database from

When ranges are loaded from a file or remote URL, any lines starting with # are ignored.

Default: empty
JSON key: include

Exclude IPs

Here, you can add an IP address or pattern that will be excluded from the list. If an IP matches an entry here, it will not be checked against the include list.

You can specify:

  • Single IP address
  • IP Range - e.g. 192.168.1.1-192.168.1.16
  • CIDR bits notation - e.g. 192.168.1.0/30
  • CIDR netmask notation - e.g. 192.168.1.0/255.255.255.0
  • Filename - prefixed with {file} to load the file from

  • URL starting with https:// or http:// to load an IP Reputation Database from

When ranges are loaded from a file or remote URL, any lines starting with # are ignored.

Default: empty
JSON key: exclude

As of Ceptor v6.3.4, you can also specify IPv6 adresses, both in CIDR and range notation, and you can also specify IPv4 wildcard format ending with .* , e.g. 192.168.* 
This is possible for both included and excluded IPs


© Ceptor ApS. All Rights Reserved.