Carlos, <br> I checked what you suggested and none of that seems to be the issue. I don't even have any of those variables set up. I don't know if this would help you at all but here is my iptables -L:<br><br>Chain INPUT (policy DROP)
<br>target prot opt source destination <br>ACCEPT all -- anywhere anywhere <br>in_home all -- <a href="http://10.0.0.0/16">10.0.0.0/16</a> <a href="http://10.0.0.1">
10.0.0.1</a> <br>in_home all -- <a href="http://10.0.0.0/16">10.0.0.0/16</a> <a href="http://10.0.255.255">10.0.255.255</a> <br>in_internet all -- anywhere anywhere
<br>ACCEPT all -- anywhere anywhere state RELATED <br>LOG all -- anywhere anywhere limit: avg 1/sec burst 5 LOG level warning prefix `'IN-unknown:'' <br>DROP all -- anywhere anywhere
<br><br>Chain FORWARD (policy DROP)<br>target prot opt source destination <br>in_internet2lan all -- anywhere <a href="http://10.0.0.0/16">10.0.0.0/16</a> <br>out_internet2lan all --
<a href="http://10.0.0.0/16">10.0.0.0/16</a> anywhere <br>ACCEPT all -- anywhere anywhere state RELATED <br>LOG all -- anywhere anywhere limit: avg 1/sec burst 5 LOG level warning prefix `'PASS-unknown:''
<br>DROP all -- anywhere anywhere <br><br>Chain OUTPUT (policy DROP)<br>target prot opt source destination <br>ACCEPT all -- anywhere anywhere
<br>out_home all -- <a href="http://10.0.0.1">10.0.0.1</a> <a href="http://10.0.0.0/16">10.0.0.0/16</a> <br>out_home all -- <a href="http://10.0.255.255">10.0.255.255</a> <a href="http://10.0.0.0/16">
10.0.0.0/16</a> <br>out_internet all -- anywhere anywhere <br>ACCEPT all -- anywhere anywhere state RELATED <br>LOG all -- anywhere anywhere limit: avg 1/sec burst 5 LOG level warning prefix `'OUT-unknown:''
<br>DROP all -- anywhere anywhere <br><br>Chain in_home (2 references)<br>target prot opt source destination <br>in_home_all_s1 all -- anywhere anywhere
<br>in_home_irc_s2 all -- anywhere anywhere <br>in_home_ftp_s3 all -- anywhere anywhere <br>in_home_all_c4 all -- anywhere anywhere <br>in_home_irc_c5 all -- anywhere anywhere
<br>in_home_ftp_c6 all -- anywhere anywhere <br>ACCEPT all -- anywhere anywhere state RELATED <br>LOG tcp -- anywhere anywhere limit: avg 1/sec burst 5 LOG level warning prefix `''IN-home':''
<br>REJECT tcp -- anywhere anywhere reject-with tcp-reset <br>LOG all -- anywhere anywhere limit: avg 1/sec burst 5 LOG level warning prefix `''IN-home':'' <br>
REJECT all -- anywhere anywhere reject-with icmp-port-unreachable <br><br>Chain in_home_all_c4 (1 references)<br>target prot opt source destination <br>ACCEPT all -- anywhere anywhere state ESTABLISHED
<br><br>Chain in_home_all_s1 (1 references)<br>target prot opt source destination <br>ACCEPT all -- anywhere anywhere state NEW,ESTABLISHED <br><br>Chain in_home_ftp_c6 (1 references)
<br>target prot opt source destination <br>ACCEPT tcp -- anywhere anywhere tcp spt:ftp dpts:1024:4999 state ESTABLISHED <br>ACCEPT tcp -- anywhere anywhere tcp spt:ftp-data dpts:1024:4999 state RELATED,ESTABLISHED
<br>ACCEPT tcp -- anywhere anywhere tcp spts:1024:65535 dpts:1024:4999 state ESTABLISHED <br><br>Chain in_home_ftp_s3 (1 references)<br>target prot opt source destination
<br>ACCEPT tcp -- anywhere anywhere tcp spts:1024:65535 dpt:ftp state NEW,ESTABLISHED <br>ACCEPT tcp -- anywhere anywhere tcp spts:1024:65535 dpt:ftp-data state ESTABLISHED
<br>ACCEPT tcp -- anywhere anywhere tcp spts:1024:65535 dpts:1024:4999 state RELATED,ESTABLISHED <br><br>Chain in_home_irc_c5 (1 references)<br>target prot opt source destination
<br>ACCEPT tcp -- anywhere anywhere tcp spt:ircd dpts:1024:4999 state ESTABLISHED <br><br>Chain in_home_irc_s2 (1 references)<br>target prot opt source destination <br>
ACCEPT tcp -- anywhere anywhere tcp spts:1024:65535 dpt:ircd state NEW,ESTABLISHED <br><br>Chain in_internet (1 references)<br>target prot opt source destination <br>
RETURN all -- <a href="http://0.0.0.0/7">0.0.0.0/7</a> anywhere <br>RETURN all -- <a href="http://2.0.0.0/8">2.0.0.0/8</a> anywhere <br>RETURN all -- <a href="http://5.0.0.0/8">
5.0.0.0/8</a> anywhere <br>RETURN all -- <a href="http://7.0.0.0/8">7.0.0.0/8</a> anywhere <br>RETURN all -- <a href="http://23.0.0.0/8">23.0.0.0/8</a> anywhere
<br>RETURN all -- <a href="http://27.0.0.0/8">27.0.0.0/8</a> anywhere <br>RETURN all -- <a href="http://31.0.0.0/8">31.0.0.0/8</a> anywhere <br>RETURN all -- <a href="http://36.0.0.0/7">
36.0.0.0/7</a> anywhere <br>RETURN all -- <a href="http://39.0.0.0/8">39.0.0.0/8</a> anywhere <br>RETURN all -- <a href="http://41.0.0.0/8">41.0.0.0/8</a> anywhere
<br>RETURN all -- <a href="http://42.0.0.0/8">42.0.0.0/8</a> anywhere <br>RETURN all -- <a href="http://73.0.0.0/8">73.0.0.0/8</a> anywhere <br>RETURN all -- <a href="http://h-74-0-0-0.dllatx37.covad.net/7">
h-74-0-0-0.dllatx37.covad.net/7</a> anywhere <br>RETURN all -- <a href="http://mo-76-0-0-0.dhcp.embarqhsd.net/6">mo-76-0-0-0.dhcp.embarqhsd.net/6</a> anywhere <br>RETURN all -- <a href="http://89.0.0.0/8">
89.0.0.0/8</a> anywhere <br>RETURN all -- <a href="http://AMontpellier-257-1-113-net.w90-0.abo.wanadoo.fr/7">AMontpellier-257-1-113-net.w90-0.abo.wanadoo.fr/7</a> anywhere <br>RETURN all --
<a href="http://92.0.0.0/6">92.0.0.0/6</a> anywhere <br>RETURN all -- <a href="http://96.0.0.0/3">96.0.0.0/3</a> anywhere <br>RETURN all -- <a href="http://173.0.0.0/8">
173.0.0.0/8</a> anywhere <br>RETURN all -- <a href="http://174.0.0.0/7">174.0.0.0/7</a> anywhere <br>RETURN all -- <a href="http://176.0.0.0/5">176.0.0.0/5</a> anywhere
<br>RETURN all -- <a href="http://184.0.0.0/6">184.0.0.0/6</a> anywhere <br>RETURN all -- <a href="http://189.0.0.0/8">189.0.0.0/8</a> anywhere <br>RETURN all -- <a href="http://190.0.0.0/8">
190.0.0.0/8</a> anywhere <br>RETURN all -- <a href="http://197.0.0.0/8">197.0.0.0/8</a> anywhere <br>RETURN all -- <a href="http://223.0.0.0/8">223.0.0.0/8</a> anywhere
<br>RETURN all -- <a href="http://240.0.0.0/4">240.0.0.0/4</a> anywhere <br>RETURN all -- <a href="http://10.0.0.0/8">10.0.0.0/8</a> anywhere <br>RETURN all -- <a href="http://169.254.0.0/16">
169.254.0.0/16</a> anywhere <br>RETURN all -- <a href="http://172.16.0.0/12">172.16.0.0/12</a> anywhere <br>RETURN all -- <a href="http://192.0.2.0/24">192.0.2.0/24</a> anywhere
<br>RETURN all -- <a href="http://192.88.99.0/24">192.88.99.0/24</a> anywhere <br>RETURN all -- <a href="http://192.168.0.0/16">192.168.0.0/16</a> anywhere <br>DROP all -- anywhere anywhere state INVALID
<br>pr_internet_fragments all -f anywhere anywhere <br>pr_internet_nosyn tcp -- anywhere anywhere state NEW tcp flags:!FIN,SYN,RST,ACK/SYN <br>pr_internet_icmpflood icmp -- anywhere anywhere icmp echo-request
<br>pr_internet_synflood tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,ACK/SYN <br>pr_internet_malxmas tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,SYN,RST,PSH,ACK,URG
<br>pr_internet_malnull tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/NONE <br>pr_internet_malbad tcp -- anywhere anywhere tcp flags:FIN,SYN/FIN,SYN <br>pr_internet_malbad tcp -- anywhere anywhere tcp flags:SYN,RST/SYN,RST
<br>pr_internet_malbad tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,SYN,RST,ACK,URG <br>pr_internet_malbad tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,PSH,URG
<br>in_internet_http_s1 all -- anywhere anywhere <br>in_internet_ssh_s2 all -- anywhere anywhere <br>in_internet_ftp_s3 all -- anywhere anywhere
<br>in_internet_ident_s4 all -- anywhere anywhere <br>in_internet_forwards_s5 all -- anywhere anywhere <br>in_internet_customports_s6 all -- anywhere anywhere
<br>in_internet_all_c7 all -- anywhere<br><br><br><div><span class="gmail_quote">On 12/12/06, <b class="gmail_sendername">Carlos Rodrigues</b> <<a href="mailto:carlos.efr@mail.telepac.pt">carlos.efr@mail.telepac.pt</a>
> wrote:</span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">On 12/12/06, Logan Anteau <<a href="mailto:lanteau@gmail.com">lanteau@gmail.com
</a>> wrote:<br>> I have firehol, and suddenly Ive found it blocking a website, I never set it<br>> to do this and I wonder if it was from an upgrade. Ive noticed it blocking<br>> <a href="http://www.twit.tv">
www.twit.tv</a>, which is a technology podcast network. It could be blocking<br>> more sites, I don't know. Can someone advise me how to make firehol stop<br>> blocking websites all together? Tahnks<br><br>Is that site new? Maybe its address falls within a previously reserved
<br>address range. If your are using the "RESERVED_IPS" or<br>"UNROUTABLE_IPS" variables anywhere on your configuration, try<br>removing them.<br><br>Or, you can check the RESERVED_IPS variable on the firehol executable
<br>script to see if that site's address matches any of the networks<br>listed there.<br><br>--<br>Carlos Rodrigues<br><br>-------------------------------------------------------------------------<br>Take Surveys. Earn Cash. Influence the Future of IT
<br>Join SourceForge.net's Techsay panel and you'll get the chance to share your<br>opinions on IT & business topics through brief surveys - and earn cash<br><a href="http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV">
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV</a><br>_______________________________________________<br>Firehol-support mailing list<br><a href="mailto:Firehol-support@lists.sourceforge.net">
Firehol-support@lists.sourceforge.net</a><br><a href="https://lists.sourceforge.net/lists/listinfo/firehol-support">https://lists.sourceforge.net/lists/listinfo/firehol-support</a><br></blockquote></div><br><br clear="all">
<br>-- <br>Logan