Hi,

I’m discovering GitHub Action. It seems to be great. but…

are we sure the ip ranges provided by Microsoft is always up to date ?

• I’ve just downloaded from MS the current official file named ServiceTags_Public_20200112.json
• I have trigged, with a GitHub-hosted runner, a GitHub Action to build my project and deploy to my Debian server (with strict firewall rules). It’s a simple rsync command
• It failed (connection timeout)
• in /var/log/messages I see that an ip (ex: 40.70.58.112 but it is variable) has tried to access my server (at the very same time of the action so it is an ip from GitHub Action). But this ip does not belong to the json file !
• When I disable my firewall, the connection is done (I have others problems but it’s another story 😉

Thx for your help

I just checked the latest IP ranges, same filename as yours. The IP is there, as it belongs to subnet 40.70.0.0/18.

Thanks for taking the time about my issue.

I had done a mistake in my iptables rules where the order of the lines is important.

I was logging all rejected packets in the end of my main firewall script, and added allow rules for the azure ip only after. So theses azure rules were never reached.

Just an iptables noobs problem :slight_smile:

This thread is a duplicate.

The current thread is https://github.community/t5/GitHub-Actions/Whitelist-Github-Workflow/td-p/15916