Split the ranges? It might be a bit of a mess but it could work. There are also other MSFT bingbot ranges.

Regards..jmcc

I tried splitting but it's tedious and if one does not fill in all the gaps then azure comes through. :(

I think I'll have to go that way, though. In the past few days I've changed Recent to INPUT but although the bots get through, so do the azures. I suspect it has to be an exact match without the options, but I can't do that because of possible letsencrypt usage.

I know about the other ranges and am treating them all the same; this was just an example.

Looks as if I've found the solution...

-A INPUT -s 40.77.167.0/24 -j ACCEPT
...
-A Recent -s 40.76.0.0/14 -p tcp -m tcp --dport 443 -j DROP

does not work, as noted above, so I tried changing INPUT to Recent. Still no. Then I tried changing both INPUT and Recent to Ranges (another table I use).

-A Ranges -s 40.77.167.0/24 -j ACCEPT
...
-A Ranges -s 40.76.0.0/14 -p tcp -m tcp --dport 443 -j DROP

That works!

No idea why changing INPUT to Recent didn't work. Maybe I made a typo...

I added a comment to make sure I knew in future what the ranges were...

-A Ranges -s 40.77.167.0/24 -j ACCEPT -m comment --comment "bing"
...
-A Ranges -s 40.76.0.0/14 -p tcp -m tcp --dport 443 -j DROP -m comment --comment "ms"