Hello.

Recently, we've received messages from several mirror operators about large amount of traffic coming in from various China IP addresses. These connections appear to be DDoS-like traffic, attempting to download the large ISO's of our releases but never actually finishing them. This obviously consumes bandwidth which can affect your mirror traffic negatively.

If you find that this is happening to your mirror, we suggest putting in filters for those subnets. Even if you are not experiencing this, it may be necessary to also add them. This is, however, your call as a mirror operator to make that judgement.

Below is a list of potential subnet blocks that can be used, provided by one of our operators.

# IPv4

101.64.0.0/13
106.110.0.0/15
112.0.0.0/10
112.100.0.0/14
112.109.128.0/17
112.111.0.0/16
112.94.128.0/18
114.224.0.0/12
117.24.0.0/13
117.80.0.0/12
120.32.0.0/13
124.72.0.0/16
140.224.0.0/16
175.42.0.0/15
175.44.0.0/16
180.96.0.0/11
182.200.0.0/13
183.192.0.0/10
218.5.0.0/16
221.224.0.0/13
222.184.0.0/13
222.76.0.0/14
223.113.216.0/24
223.64.0.0/10
27.152.0.0/13
27.36.0.0/14
36.248.0.0/14
49.64.0.0/11
58.22.0.0/15
58.248.0.0/13

# IPv6

2408:8000::/20
2409:8000::/20
240e::/20

If you find there are other subnets to add, please do not hesitate to reply here or contact us at chat.rockylinux.org.

Thank you again for supporting Rocky Linux.

Louis Abel, RHCE RHCSIDM

Infrastructure, Release Engineering, IDM