[Firehol-support] Re: 96.0.0.0/3 as unroutable

Thomas Arendsen Hein thomas at intevation.de
Wed Dec 7 10:48:44 GMT 2005


* Sim <simvirus at gmail.com> [20051207 09:27]:
> > Nice FAQ, but the important link in it is somewhat hidden:
> > http://www.iana.org/assignments/ipv4-address-space
> >
> > This page lists 125/8 as being assigned to APNIC in January 2005, so
> > it is no longer reserved.
> >
> > You can either use get-iana.sh to create a new version of the
> > RESERVED_IPS variable, or use the entry of firehol >= 1.234 from CVS.
> > Just add it at the top of your filehol.conf
> 
>   i thinks that is not true.
> 
> /etc/init.d/firehol override:
> 
> /etc/firehol/firehol.conf variabiles.
> 
> ------------
> iptables -L -n   ( with new RESERVED_IPS to the top of
> /etc/firehol/firehol.conf )
> 
> [..]
> RETURN     all  --  0.0.0.0/0            74.0.0.0/7
> RETURN     all  --  0.0.0.0/0            76.0.0.0/6
> RETURN     all  --  0.0.0.0/0            89.0.0.0/8
> RETURN     all  --  0.0.0.0/0            90.0.0.0/7
> RETURN     all  --  0.0.0.0/0            92.0.0.0/6
> RETURN     all  --  0.0.0.0/0            96.0.0.0/3

Ok, it is only half the truth. After looking at my firehol.conf I found the
following:

RESERVED_IPS="0.0.0.0/7 2.0.0.0/8 5.0.0.0/8 7.0.0.0/8 23.0.0.0/8 27.0.0.0/8 31.0.0.0/8 36.0.0.0/7 39.0.0.0/8 42.0.0.0/8 74.0.0.0/7 76.0.0.0/6 89.0.0.0/8 90.0.0.0/7 92.0.0.0/6 96.0.0.0/4 112.0.0.0/5 120.0.0.0/6 127.0.0.0/8 173.0.0.0/8 174.0.0.0/7 176.0.0.0/5 184.0.0.0/6 189.0.0.0/8 190.0.0.0/8 197.0.0.0/8 223.0.0.0/8 240.0.0.0/4 "
UNROUTABLE_IPS="${RESERVED_IPS} ${PRIVATE_IPS}"

(i.e. create a corrected version of UNROUTABLE_IPS, too)

To check if this really works:
# iptables -L -n|fgrep 96.0.0.0
RETURN     all  --  96.0.0.0/4           0.0.0.0/0
RETURN     all  --  0.0.0.0/0            96.0.0.0/4
RETURN     all  --  0.0.0.0/0            96.0.0.0/4
RETURN     all  --  0.0.0.0/0            96.0.0.0/4
RETURN     all  --  96.0.0.0/4           0.0.0.0/0
RETURN     all  --  96.0.0.0/4           0.0.0.0/0

(And my firehol.sh still contains the old RESERVED_IPS with 96.0.0.0/3)

Thomas

-- 
Email: thomas at intevation.de
http://intevation.de/~thomas/




More information about the Firehol-support mailing list