[Firehol-support] Re: 96.0.0.0/3 as unroutable
Thomas Arendsen Hein
thomas at intevation.de
Wed Dec 7 10:48:44 GMT 2005
* Sim <simvirus at gmail.com> [20051207 09:27]:
> > Nice FAQ, but the important link in it is somewhat hidden:
> > http://www.iana.org/assignments/ipv4-address-space
> >
> > This page lists 125/8 as being assigned to APNIC in January 2005, so
> > it is no longer reserved.
> >
> > You can either use get-iana.sh to create a new version of the
> > RESERVED_IPS variable, or use the entry of firehol >= 1.234 from CVS.
> > Just add it at the top of your filehol.conf
>
> i thinks that is not true.
>
> /etc/init.d/firehol override:
>
> /etc/firehol/firehol.conf variabiles.
>
> ------------
> iptables -L -n ( with new RESERVED_IPS to the top of
> /etc/firehol/firehol.conf )
>
> [..]
> RETURN all -- 0.0.0.0/0 74.0.0.0/7
> RETURN all -- 0.0.0.0/0 76.0.0.0/6
> RETURN all -- 0.0.0.0/0 89.0.0.0/8
> RETURN all -- 0.0.0.0/0 90.0.0.0/7
> RETURN all -- 0.0.0.0/0 92.0.0.0/6
> RETURN all -- 0.0.0.0/0 96.0.0.0/3
Ok, it is only half the truth. After looking at my firehol.conf I found the
following:
RESERVED_IPS="0.0.0.0/7 2.0.0.0/8 5.0.0.0/8 7.0.0.0/8 23.0.0.0/8 27.0.0.0/8 31.0.0.0/8 36.0.0.0/7 39.0.0.0/8 42.0.0.0/8 74.0.0.0/7 76.0.0.0/6 89.0.0.0/8 90.0.0.0/7 92.0.0.0/6 96.0.0.0/4 112.0.0.0/5 120.0.0.0/6 127.0.0.0/8 173.0.0.0/8 174.0.0.0/7 176.0.0.0/5 184.0.0.0/6 189.0.0.0/8 190.0.0.0/8 197.0.0.0/8 223.0.0.0/8 240.0.0.0/4 "
UNROUTABLE_IPS="${RESERVED_IPS} ${PRIVATE_IPS}"
(i.e. create a corrected version of UNROUTABLE_IPS, too)
To check if this really works:
# iptables -L -n|fgrep 96.0.0.0
RETURN all -- 96.0.0.0/4 0.0.0.0/0
RETURN all -- 0.0.0.0/0 96.0.0.0/4
RETURN all -- 0.0.0.0/0 96.0.0.0/4
RETURN all -- 0.0.0.0/0 96.0.0.0/4
RETURN all -- 96.0.0.0/4 0.0.0.0/0
RETURN all -- 96.0.0.0/4 0.0.0.0/0
(And my firehol.sh still contains the old RESERVED_IPS with 96.0.0.0/3)
Thomas
--
Email: thomas at intevation.de
http://intevation.de/~thomas/
More information about the Firehol-support
mailing list