Hello.
Recently, we've received messages from several mirror operators about large
amount of traffic coming in from various China IP addresses. These
connections appear to be DDoS-like traffic, attempting to download the
large ISO's of our releases but never actually finishing them. This
obviously consumes bandwidth which can affect your mirror traffic
negatively.
If you find that this is happening to your mirror, we suggest putting in
filters for those subnets. Even if you are not experiencing this, it may be
necessary to also add them. This is, however, your call as a mirror
operator to make that judgement.
Below is a list of potential subnet blocks that can be used, provided by
one of our operators.
# IPv4
101.64.0.0/13
106.110.0.0/15
112.0.0.0/10
112.100.0.0/14
112.109.128.0/17
112.111.0.0/16
112.94.128.0/18
114.224.0.0/12
117.24.0.0/13
117.80.0.0/12
120.32.0.0/13
124.72.0.0/16
140.224.0.0/16
175.42.0.0/15
175.44.0.0/16
180.96.0.0/11
182.200.0.0/13
183.192.0.0/10
218.5.0.0/16
221.224.0.0/13
222.184.0.0/13
222.76.0.0/14
223.113.216.0/24
223.64.0.0/10
27.152.0.0/13
27.36.0.0/14
36.248.0.0/14
49.64.0.0/11
58.22.0.0/15
58.248.0.0/13
# IPv6
2408:8000::/20
2409:8000::/20
240e::/20
If you find there are other subnets to add, please do not hesitate to reply
here or contact us at chat.rockylinux.org.
Thank you again for supporting Rocky Linux.
--
Louis Abel, RHCE RHCSIDM
Infrastructure, Release Engineering, IDM