Block All Salesforce IPs

I finally got so sick of receiving spam from Salesforce that I decided to make an IPTables rule list to block all of Salesforce’s address space from my mail server.

########################
## Block ALL Salesforce IPs ##
## Last Update: 05/12/2024 ##
##############################
#
# ARIN
-A INPUT -s 3.146.43.224/28 -j REJECT –reject-with icmp-port-unreachable
-A INPUT -s 13.56.32.176/28 -j REJECT –reject-with icmp-port-unreachable
-A INPUT -s 13.58.135.64/28 -j REJECT –reject-with icmp-port-unreachable
-A INPUT -s 13.108.0.0/14 -j REJECT –reject-with icmp-port-unreachable
-A INPUT -s 34.211.108.32/28 -j REJECT –reject-with icmp-port-unreachable
-A INPUT -s 34.226.36.48/28 -j REJECT –reject-with icmp-port-unreachable
-A INPUT -s 35.182.14.32/28 -j REJECT –reject-with icmp-port-unreachable
-A INPUT -s 66.231.80.0/20 -j REJECT –reject-with icmp-port-unreachable
-A INPUT -s 68.232.192.0/20 -j REJECT –reject-with icmp-port-unreachable
-A INPUT -s 96.43.144.0/20 -j REJECT –reject-with icmp-port-unreachable
-A INPUT -s 128.17.0.0/16 -j REJECT –reject-with icmp-port-unreachable
-A INPUT -s 128.245.0.0/16 -j REJECT –reject-with icmp-port-unreachable
-A INPUT -s 136.146.0.0/15 -j REJECT –reject-with icmp-port-unreachable
-A INPUT -s 198.245.80.0/20 -j REJECT –reject-with icmp-port-unreachable
-A INPUT -s 199.122.120.0/21 -j REJECT –reject-with icmp-port-unreachable
-A INPUT -s 204.14.232.0/21 -j REJECT –reject-with icmp-port-unreachable
# RIPE
-A INPUT -s 13.36.84.96/28 -j REJECT –reject-with icmp-port-unreachable
-A INPUT -s 13.37.59.29/32 -j REJECT –reject-with icmp-port-unreachable
-A INPUT -s 13.50.12.176/28 -j REJECT –reject-with icmp-port-unreachable
-A INPUT -s 15.236.110.244/32 -j REJECT –reject-with icmp-port-unreachable
-A INPUT -s 15.236.160.173/32 -j REJECT –reject-with icmp-port-unreachable
-A INPUT -s 16.63.106.240/28 -j REJECT –reject-with icmp-port-unreachable
-A INPUT -s 18.102.214.64/28 -j REJECT –reject-with icmp-port-unreachable
-A INPUT -s 34.253.190.64/28 -j REJECT –reject-with icmp-port-unreachable
-A INPUT -s 35.158.127.48/28 -j REJECT –reject-with icmp-port-unreachable
-A INPUT -s 35.176.92.16/28 -j REJECT –reject-with icmp-port-unreachable
-A INPUT -s 51.17.195.96/28 -j REJECT –reject-with icmp-port-unreachable
-A INPUT -s 51.112.11.192/28 -j REJECT –reject-with icmp-port-unreachable
-A INPUT -s 85.222.128.0/19 -j REJECT –reject-with icmp-port-unreachable
-A INPUT -s 159.92.128.0/17 -j REJECT –reject-with icmp-port-unreachable
-A INPUT -s 160.8.0.0/16 -j REJECT –reject-with icmp-port-unreachable
-A INPUT -s 161.71.0.0/17 -j REJECT –reject-with icmp-port-unreachable
-A INPUT -s 163.76.128.0/17 -j REJECT –reject-with icmp-port-unreachable
-A INPUT -s 163.79.128.0/17 -j REJECT –reject-with icmp-port-unreachable
-A INPUT -s 185.79.140.0/22 -j REJECT –reject-with icmp-port-unreachable
# APNIC
-A INPUT -s 13.113.196.48/28 -j REJECT –reject-with icmp-port-unreachable
-A INPUT -s 13.124.145.0/28 -j REJECT –reject-with icmp-port-unreachable
-A INPUT -s 13.126.23.64/28 -j REJECT –reject-with icmp-port-unreachable
-A INPUT -s 13.210.3.208/28 -j REJECT –reject-with icmp-port-unreachable
-A INPUT -s 13.215.171.240/28 -j REJECT –reject-with icmp-port-unreachable
-A INPUT -s 13.228.64.80/28 -j REJECT –reject-with icmp-port-unreachable
-A INPUT -s 13.250.175.171/32 -j REJECT –reject-with icmp-port-unreachable
-A INPUT -s 13.251.9.241/32 -j REJECT –reject-with icmp-port-unreachable
-A INPUT -s 16.78.19.16/28 -j REJECT –reject-with icmp-port-unreachable
-A INPUT -s 18.181.43.11/32 -j REJECT –reject-with icmp-port-unreachable
-A INPUT -s 35.73.89.117/32 -j REJECT –reject-with icmp-port-unreachable
-A INPUT -s 43.201.151.176/28 -j REJECT –reject-with icmp-port-unreachable
-A INPUT -s 54.95.206.252/32 -j REJECT –reject-with icmp-port-unreachable
-A INPUT -s 54.254.118.123/32 -j REJECT –reject-with icmp-port-unreachable
-A INPUT -s 101.53.160.0/19 -j REJECT –reject-with icmp-port-unreachable
-A INPUT -s 104.161.128.0/17 -j REJECT –reject-with icmp-port-unreachable
-A INPUT -s 161.32.64.0/18 -j REJECT –reject-with icmp-port-unreachable
-A INPUT -s 161.32.128.0/17 -j REJECT –reject-with icmp-port-unreachable
-A INPUT -s 161.71.128.0/17 -j REJECT –reject-with icmp-port-unreachable
-A INPUT -s 182.50.76.0/22 -j REJECT –reject-with icmp-port-unreachable
-A INPUT -s 202.129.242.0/23 -j REJECT –reject-with icmp-port-unreachable
# LACNIC
-A INPUT -s 18.228.66.156/32 -j REJECT –reject-with icmp-port-unreachable
-A INPUT -s 18.228.207.180/32 -j REJECT –reject-with icmp-port-unreachable
-A INPUT -s 54.233.205.0/28 -j REJECT –reject-with icmp-port-unreachable
-A INPUT -s 177.71.229.247/32 -j REJECT –reject-with icmp-port-unreachable

Published here in case anyone else wants to use it.

Ubuntu 10.10 GDM, Nvidia and TPM Issue

I recently did a clean install of Ubuntu 10.10 64 bit on my Vaio SZ7, using the standard driver module for X everything worked fine. GDM (Gnome’s graphic login), Plymouth (the red dots progress boot screen) and X were all working well.

I wanted to install the Nvidia accelerated driver for the effects in X and also to help with video performace. I used Ubuntu’s installer to add in the propriatory driver it recommended and rebooted. This is where the problems began. I started to notice a TPM send error on the console right at the end of the boot (usually on tty1 right after the login prompt) and then GDM wouldnt appear, leaving me with just the the text console.

I tried different versions of the driver, including from Nvidia’s site, I tried the fixplymouth script (which fixed plymouth but didnt solve my GDM issue) I even tried removing various packages and drivers as suggested on various Nvidia and ubuntu forums, ie nouveau and the nv modules. I also tried removing GDM and reinstalling it. GDM2 wasnt an option as the repository gave me 404’s when i tried to update apt.

However, during my googleing, I had left the laptop to boot. It got to the usual place, and I just left it there while reading. Then something caught my eye, the flash of the Nvidia logo, and then X and GDM started. Long story short, GDM starts up, but it takes 2 minutes from when the text console appears. From reading various configs in /etc/init/ I found out GDM waits for other things, ie drivers to load up first… This got me thinking and also that TPM error was annoying me. I knew TPM was disabled in the BIOS so I had been ignoring it.

I decided to try killing the TPM error. I did a lsmod to see what was loaded, and then did an rmmod on anything with TPM in the name. The moment the last one was killed, the Nvidia logo popuped up and I was in GDM.

I went back to the console, edited /etc/modprobe.d/blacklist.conf and added the following lines on the end of the file:

blacklist tpm_infineon
blacklist tpm_tis
blacklist tpm

Saved the file and rebooted. GDM came up right after plymouth.

Obviously, I don’t suggest you use this method if you actually use TPM and have it enabled in your BIOS etc, but as I don’t use it I had no problem killing it.