├── LICENSE ├── README.md └── allocs /LICENSE: -------------------------------------------------------------------------------- 1 | The MIT License (MIT) 2 | 3 | Copyright (c) 2009-2025 Tomasz Klim 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | 23 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Overview 2 | 3 | This repository contains `sf-ip-allocs` extension to [Server Farmer](https://github.com/serverfarmer/). This particular extension provides a single file, which 4 | can be used independently of Server Farmer, with any other solution as well. 5 | 6 | File [`allocs`](https://github.com/serverfarmer/sf-ip-allocs/blob/master/allocs) has a generic shell syntax, and can be directly included into most firewall configuration scripts. 7 | It defines several variables, where each variable contains a list of IP addresses (or ranges) for particular Internet Service Providers, Cloud providers, and some other services. 8 | 9 | Example variable: 10 | 11 | ``` 12 | TPNET="79.184.0.0/13 80.48.0.0/13 83.0.0.0/11" 13 | ``` 14 | 15 | If you don't have any firewalling solution, please take a look at [Server Farmer scriptable firewall](https://github.com/serverfarmer/sf-ip-fw) (for Linux). 16 | 17 | 18 | # Long Term Support declaration 19 | 20 | This public repository is actively maintained since Sep 2016. Previously, some of these variables were maintained since 2009, in private repository, as part of commercial solution. 21 | 22 | Right now, our plan regarding this repository is to maintain it as long as possible. Also, **it will stay free** and, as far as possible, without any changes breaking compatibility. 23 | 24 | 25 | # Which IP ranges are listed, and which not? 26 | 27 | 1. Most Internet Service Providers have 2 types of [IP allocations](http://www-public.int-evry.fr/~maigron/RIR_Stats/RIPE_Allocations/Allocs/PL.html): 28 | 29 | - for DHCP/NAT/etc. - from which outgoing traffic is directed to other networks (for you, it's incoming traffic) 30 | - for hosting services (web pages, mail servers etc.) and other internal uses 31 | 32 | Variables in `allocs` file are related only to the first type. 33 | 34 | 2. There are some global ISP brands in Poland (eg. T-Mobile, Orange). Variables like `ORANGE` are related only to their polish branches and polish networks. 35 | 36 | 37 | # Variables related to your incoming traffic 38 | 39 | ### Poland - Cable TV providers 40 | 41 | - `INEA` refers to the biggest ISP and CATV provider in western Poland, [INEA S.A.](https://www.inea.pl/) 42 | - `ECHOSTAR`, `MAVERICK`, `EASTWEST`, `SYSTEMIAPL` - local ISP/CATV companies located in Poznań (western Poland) 43 | - `MULTIMEDIA` - global polish CATV [Multimedia Polska](https://www.multimedia.pl/), now part of bigger CATV [Vectra](https://www.vectra.pl/) 44 | - `VECTRA` - Vectra itself 45 | - `UPC` - another global polish CATV [UPC Polska](https://www.upc.pl/) 46 | 47 | ### Poland - GSM operators 48 | 49 | In poland, there are 4 major GSM operators with their own networks - all of them are listed below. All the rest are [MVNOs](https://en.wikipedia.org/wiki/Mobile_virtual_network_operator), 50 | utilizing IP addresses provided by their operator (except for Virgin Mobile Polska, which is not listed here). 51 | 52 | - `PLAY` - Play Mobile, [P4 Sp. z. o.o.](https://www.play.pl/) 53 | - `PLUS` - Plus GSM [Polkomtel Sp. z o.o.](https://www.plus.pl/) 54 | - `TMOBILE` - [T-Mobile Polska S.A.](https://www.t-mobile.pl/) (previously Era GSM) 55 | - `ORANGE` - [Orange Polska S.A.](https://www.orange.pl/) (only GSM part of their network, see `TPNET` variable below) 56 | 57 | ### Poland - other ISPs 58 | 59 | - `TPNET` - the biggest polish ADSL/FTTH network, previously polish national ISP (Telekomunikacja Polska), now part of Orange, but still branded as Neostrada (this variable is only related to ASDL/FTTH part of their network) 60 | - `NETIA` - [Netia S.A.](https://www.netia.pl/), second biggest global ISP in Poland, their address ranges mix many types of networks (ADSL, broadband, other) - note that many Netia customers have non-Netia IP addresses: 61 | - Netia Mobile - uses IP ranges from `PLUS`, previously `PLAY` 62 | - corporate customers (Netia has many) often use their own IP allocations 63 | 64 | ### Finland 65 | 66 | - `SONERAFI` - [Telia](https://www.telia.fi/), major ISP in Helsinki and Turku 67 | - `ELISAFI` - [Elisa](https://elisa.fi/), GSM operator deployed in finnish trains 68 | 69 | ### global cloud services 70 | 71 | - `AMAZONAWS` - [Amazon Web Services](https://aws.amazon.com/) (only IP ranges, from which you can expect incoming traffic, and sometimes merged into bigger subnets - [the full list](https://ip-ranges.amazonaws.com/ip-ranges.json) includes over 6500 different subnets!) 72 | - `GCLOUD` - [Google Cloud Platform](https://cloud.google.com/) (only major IP ranges, see [this script](https://gist.github.com/n0531m/f3714f6ad6ef738a3b0a) for the full list) 73 | 74 | ### CI/CD tools 75 | 76 | - `BITBUCKET_PIPELINES` - Bitbucket Pipelines build environments, see `BITBUCKET` variable below 77 | 78 | ### monitoring services 79 | 80 | - `UPTIMEROBOT` - [UptimeRobot](https://uptimerobot.com/) cheap (at least before 2022) website monitoring, that we use since 2016 81 | 82 | ### special variables 83 | 84 | - `NONROUTABLE` - expands to all local addresses (used only within your LAN) 85 | - `DOCKERONLY` - default [Docker](https://www.docker.com/) subnet (see [example](https://github.com/serverfarmer/sf-ip-fw#example-per-host-profile-with-docker-support) how to use it) 86 | 87 | 88 | # Variables related to your outgoing traffic 89 | 90 | ### repositories with system software packages for important Linux distributions 91 | 92 | - `DEBIAN` - [Debian](https://www.debian.org/) - all global addresses + polish mirror 93 | - `CANONICAL` - [Ubuntu](https://ubuntu.com/) 94 | - `RASPBIAN` - Raspbian, currently [Raspberry Pi OS](https://www.raspberrypi.com/software/) - Debian clone for Raspberry Pi hardware 95 | - `DEVUAN` - [Devuan](https://www.devuan.org/) - Debian for without systemd 96 | - `PROXMOX` - [Proxmox VE](https://www.proxmox.com/en/proxmox-ve) - commercial hypervisor based on Debian 97 | 98 | ### major Git repositories 99 | 100 | - `GITHUB` - major Git repository, address ranges related both to web frontend and ssh endpoints 101 | - `BITBUCKET` - second most important Git repository, owned by Atlassian (creators of JIRA) - see [here](https://support.atlassian.com/bitbucket-cloud/docs/what-are-the-bitbucket-cloud-ip-addresses-i-should-use-to-configure-my-corporate-firewall/) for current list; Pipelines addresses are listed in separate `BITBUCKET_PIPELINES` variable 102 | 103 | ### monitoring services 104 | 105 | - `NEWRELIC_COLLECTOR` - [New Relic](https://newrelic.com/) - addresses required for reporting data from connected servers 106 | 107 | ### others 108 | 109 | - `SMSAPI` - [smsapi.pl](https://www.smsapi.pl/) polish commercial SMS gateway 110 | - `RARLAB` - [RAR/WinRAR](https://www.rarlab.com/) archiver download site 111 | 112 | 113 | # How to contribute 114 | 115 | We are open to add new variables, related to important ISPs or services, and to update existing ones (we have notifications about changes where possible, but still we can miss something). 116 | Just [create a new issue](https://github.com/serverfarmer/sf-ip-allocs/issues) for us. 117 | 118 | 119 | # License 120 | 121 | | | | 122 | |:---------------------|:-----------------------------------------| 123 | | **Author:** | Tomasz Klim () | 124 | | **Copyright:** | Copyright 2009-2025 Tomasz Klim | 125 | | **License:** | MIT | 126 | 127 | Permission is hereby granted, free of charge, to any person obtaining a copy 128 | of this software and associated documentation files (the "Software"), to deal 129 | in the Software without restriction, including without limitation the rights 130 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 131 | copies of the Software, and to permit persons to whom the Software is 132 | furnished to do so, subject to the following conditions: 133 | 134 | The above copyright notice and this permission notice shall be included in all 135 | copies or substantial portions of the Software. 136 | 137 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 138 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 139 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 140 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 141 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 142 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 143 | SOFTWARE. 144 | -------------------------------------------------------------------------------- /allocs: -------------------------------------------------------------------------------- 1 | # Poland - major ISP allocations 2 | # http://www-public.int-evry.fr/~maigron/RIR_Stats/RIPE_Allocations/Allocs/PL.html 3 | 4 | INEA="46.228.80.0/20 46.228.224.0/20 46.238.64.0/18 62.21.0.0/17 77.65.0.0/17 79.173.0.0/18 80.87.32.0/20 85.221.128.0/17 88.151.136.0/21 109.173.128.0/17 212.67.128.0/19 217.113.128.0/20 217.170.160.0/20" 5 | ECHOSTAR="213.156.96.0/19" 6 | MAVERICK="46.250.160.0/19 194.187.72.0/22" 7 | EASTWEST="46.187.128.0/17 78.152.0.0/19 95.108.0.0/17" 8 | 9 | MULTIMEDIA="81.190.0.0/16 176.221.96.0/19" 10 | VECTRA="88.156.0.0/16" 11 | UPC="89.64.0.0/12" 12 | SYSTEMIAPL="46.227.240.0/21" 13 | 14 | TPNET="79.184.0.0/13 80.48.0.0/13 83.0.0.0/11" 15 | NETIA="37.128.0.0/18 37.128.64.0/20 77.252.0.0/14 87.204.0.0/15 159.205.0.0/16 178.36.0.0/15 213.238.0.0/16 213.241.0.0/17 78.8.0.0/14 84.40.128.0/17 87.105.0.0/16" 16 | 17 | PLAY="109.243.0.0/16 164.126.0.0/15 185.89.184.0/22 188.33.0.0/16 31.174.0.0/15 46.112.0.0/15 5.173.0.0/16 89.108.192.0/18 94.254.128.0/17" 18 | PLUS="31.0.0.0/15 31.2.0.0/17 37.7.0.0/16 37.109.0.0/16 37.247.128.0/17 37.248.0.0/15 46.76.0.0/15 46.168.0.0/15 46.215.0.0/16 5.172.224.0/19 5.174.0.0/16 5.60.0.0/16 77.112.0.0/14 95.40.0.0/15" 19 | TMOBILE="178.180.0.0/14 188.146.0.0/15 37.30.0.0/15 46.204.0.0/15" 20 | ORANGE="5.184.0.0/15 31.60.0.0/14 37.47.0.0/16 46.134.0.0/16" 21 | 22 | 23 | # Finland - major ISP allocations 24 | # http://www-public.tem-tsp.eu/~maigron/RIR_Stats/RIPE_Allocations/Allocs/FI.html 25 | 26 | SONERAFI="84.248.0.0/14 93.106.0.0/16 109.240.0.0/16" 27 | ELISAFI="85.76.0.0/14" 28 | 29 | 30 | # System Package Repositories 31 | # 32 | 33 | # security.debian.org 34 | DEBIAN_SECURITY="212.211.132.0/24 217.196.149.224/28 195.20.242.64/26 195.20.242.128/26 151.101.2.132 151.101.66.132 151.101.130.132 151.101.194.132" 35 | 36 | # former volatile.debian.org (no longer exists, but IPs are reused) 37 | DEBIAN_VOLATILE="5.153.231.0/24 149.20.4.15 128.31.0.62" 38 | 39 | # task.gda.pl, ftp.pl.debian.org, pl.archive.ubuntu.com 40 | DEBIAN_PLMIRROR="153.19.0.0/16" 41 | 42 | DEBIAN="130.89.148.0/24 $DEBIAN_SECURITY $DEBIAN_VOLATILE $DEBIAN_PLMIRROR" 43 | CANONICAL="91.189.88.0/21 192.189.91.0/27" 44 | 45 | # download.proxmox.com 46 | PROXMOX="212.224.123.64/29" 47 | 48 | # packages.devuan.org 49 | DEVUAN="46.105.191.64/28 54.36.142.183" 50 | 51 | # *.raspbian.org 52 | RASPBIAN="93.93.128.0/24 5.153.225.231" 53 | 54 | 55 | # Other Important Services 56 | 57 | # https://ip-ranges.amazonaws.com/ip-ranges.json 58 | AMAZONAWS="3.0.0.0/9 13.0.0.0/8 18.128.0.0/9 23.20.0.0/14 34.192.0.0/10 35.128.0.0/10 46.51.0.0/16 46.137.0.0/16 50.112.0.0/16 50.16.0.0/14 52.0.0.0/8 54.64.0.0/11 54.128.0.0/9 63.32.0.0/14 99.79.0.0/16 99.80.0.0/15 100.20.0.0/14 100.24.0.0/13 107.20.0.0/14 174.129.0.0/16 184.72.0.0/15 204.236.0.0/16" 59 | 60 | # Google Cloud Platform, https://gist.github.com/n0531m/f3714f6ad6ef738a3b0a 61 | GCLOUD="34.64.0.0/10 35.192.0.0/10 104.154.0.0/15 104.196.0.0/14" 62 | 63 | # https://uptimerobot.com/locations 64 | UPTIMEROBOT="104.131.107.63 122.248.234.23 128.140.106.114 128.140.41.193 128.199.195.156 13.127.188.124 13.56.33.4 135.181.154.9 138.197.150.151 139.59.173.249 142.132.180.39 146.185.143.14 157.90.155.240 157.90.156.63 159.203.30.41 159.69.158.189 159.89.8.111 165.227.83.148 167.235.143.113 167.99.209.234 168.119.123.75 168.119.53.160 168.119.96.239 178.62.52.237 18.116.158.121 18.116.205.62 18.180.208.214 18.221.56.27 18.223.50.16 208.115.199.16/28 216.144.250.150 216.245.221.80/28 3.105.133.239 3.105.190.221 3.111.88.158 3.12.251.153 3.20.63.178 3.21.136.87 3.212.128.62 3.79.92.117 34.198.201.66 34.233.66.117 35.153.243.148 35.166.228.98 35.170.215.196 35.84.118.171 37.27.28.153 37.27.29.68 37.27.30.213 37.27.34.49 37.27.82.220 37.27.87.149 44.227.38.253 46.101.250.135 46.137.190.132 49.13.130.29 49.13.134.145 49.13.164.148 49.13.167.123 49.13.24.81 5.161.61.238 5.161.75.7 5.78.118.142 5.78.87.38 52.15.147.27 52.22.236.30 52.60.129.180 52.70.84.165 52.8.208.143 54.167.223.174 54.224.73.211 54.225.82.45 54.241.175.147 54.249.170.27 54.64.67.106 54.67.10.127 54.79.28.129 54.94.142.218 63.143.42.240/28 65.109.129.165 65.109.142.78 65.109.8.202 69.162.124.224/28 78.46.190.63 78.46.215.1 78.47.173.76 78.47.98.55 88.99.80.227 99.80.1.74 99.80.173.191" 65 | 66 | # major Git repositories 67 | GITHUB="140.82.112.0/20 192.30.252.0/22" 68 | BITBUCKET="104.192.136.0/21 18.205.93.0/25 13.52.5.0/25 185.166.140.0/22 18.234.32.128/25" 69 | BITBUCKET_PIPELINES="34.199.54.113 34.216.18.129 34.218.156.209 34.218.168.212 34.232.119.183 34.232.25.90 34.236.25.177 35.155.178.254 35.160.177.10 35.171.175.212 52.202.195.162 52.203.14.55 52.204.96.37 52.41.219.63 52.54.90.98 3.216.235.48 34.231.96.243 44.199.3.254 174.129.205.191 44.199.127.226 44.199.45.64 3.221.151.112 52.205.184.192 52.72.137.240" 70 | 71 | # smsapi.pl 72 | SMSAPI="185.36.169.250 185.36.169.251 89.174.81.0/25 91.185.184.29" 73 | 74 | # platform-api.newrelic.com, collector-pool.newrelic.com 75 | NEWRELIC_COLLECTOR="50.31.164.0/24 162.247.240.0/22 162.247.243.0/22" 76 | 77 | # rarlab.com 78 | RARLAB="5.135.104.96/27" 79 | 80 | 81 | # Local addresses 82 | 83 | NONROUTABLE="10.0.0.0/8 172.16.0.0/12 192.168.0.0/16" 84 | DOCKERONLY="172.16.0.0/12" 85 | --------------------------------------------------------------------------------