Allow ONLY whitelisted IP’s to attempt login…

Hi,

Yes you could totally lock out every country and only work with whitelisted IP address.

If you know the IP ranges of Xfinity you can allow complete ranges (that is if you’re comfortable with that)

How would I do that? Block out the whole planet but myself? Remove the US as well from the blocked country list? Wont that block me out regardless of the white list?

https://www.dropbox.com/s/lldwyt374kf46wx/Screenshot%202018-11-21%2021.47.19.png?dl=0

Any suggestions where I would look for the Xfinity IP Range?

Thanks again!

Hi,

Yes you can block all countries and whitelist your own IP address. Ofcourse this is only useful if you have a static IP address.

Whitelist always has precedence over blacklisting. You could even blacklist your own IP address but if it is on the whitelist you will get in.

From Google:

What are Comcast’s Dynamic IP Ranges?

Dynamic IP Ranges

Below is a list of our dynamic IP space. These are published to several DNSBLs that track dynamic IP space.
IPv4
24.0.0.0/12
24.16.0.0/13
24.30.0.0/17
24.34.0.0/16
24.60.0.0/14
24.91.0.0/16
24.98.0.0/15
24.118.0.0/16
24.125.0.0/16
24.126.0.0/15
24.128.0.0/16
24.129.0.0/17
24.130.0.0/15
24.147.0.0/16
24.218.0.0/16
24.245.0.0/18
50.128.0.0/10
65.34.128.0/17
65.96.0.0/16
66.30.0.0/15
66.41.0.0/16
66.56.0.0/18
66.176.0.0/15
66.229.0.0/16
67.160.0.0/12
67.176.0.0/15
67.180.0.0/14
67.184.0.0/13
68.32.0.0/11
68.80.0.0/14
68.84.0.0/16
69.136.0.0/15
69.138.0.0/16
69.139.0.0/17
69.140.0.0/14
69.180.0.0/15
69.242.0.0/15
69.244.0.0/14
69.248.0.0/14
69.253.0.0/16
69.254.0.0/15
71.56.0.0/13
71.192.0.0/12
71.224.0.0/12
73.0.0.0/8
75.64.0.0/13
75.72.0.0/15
75.74.0.0/16
75.75.0.0/17
75.75.128.0/18
76.16.0.0/12
76.97.0.0/16
76.98.0.0/15
76.100.0.0/14
76.104.0.0/13
76.112.0.0/12
98.192.0.0/13
98.200.0.0/14
98.204.0.0/16
98.206.0.0/15
98.208.0.0/12
98.224.0.0/12
98.240.0.0/16
98.242.0.0/15
98.244.0.0/14
98.248.0.0/13
107.2.0.0/15
107.4.0.0/15
174.48.0.0/12

IPv6
2001:558:6000::/36

This is however a rather extensive list. I am not sure how xfinity works but usually ip ranges are dedicated to certain regions or cities even so you might be able to narrow it down if you get the IP addresses from the people who need access.

Pascal, thanks a lot for following up on this with me… I think you are right that maybe allowing xfinity is impractical… Hrmmm. This is getting a little more complicated than i want it to be… I think i will block the whole planet including the US from accessing the backend and see if my whitelisted ip still lets me in there… If it changes from Xfinity i can ftp in and delete the plugin so allow myself access. How is that for clever!

SIMPLY PUT, the bottom line is that no one should be able to have their login attempts be ALLOWED except those IP’s i say. AS IN the end result should be BOTH that they have been prevented from trying AND that i dont get an alert that someone tried to log in.

Why do I want this pair of result? Again simply put, so my customer who keeps getting alerts that someone tried to log in will shut the hell up.

I dont mind the daily failure notices but my customer cannot get over it and WONT let me just remove his address from the alerts setup… Grrr…

Thanks again!