[Firehol-support] UNROUTABLE_IPS / RESERVED_IPS outdated
James Byers
jbyers at jbyers.com
Sat Aug 26 01:18:05 BST 2006
I wanted to give everyone a head's up about UNROUTABLE_IPS, specifically
RESERVED_IPS. The IANA reserved network list that firehol 1.226 uses is
quite out of date, so if you follow the example config in the docs and
restrict traffic from UNROUTABLE_IPS, you'll be blocking a wide swath of
legitimate Internet users.
By my reading of the IANA assignment doc
(http://www.iana.org/assignments/ipv4-address-space), the following IP
ranges should be removed from the exclusion list:
041/8
073/8
074/7
076/8
089/8
090/7
121/8
122/8
123/8
124/8
125/8
126/8
189/8
190/8
This was filed a while back by someone else as a bug, but I figured it
was serious enough to send to the list as well. At least for us, this
resulted in some pretty unpleasant troubleshooting.
http://sourceforge.net/tracker/index.php?func=detail&aid=1475053&group_id=58425&atid=487692
Otherwise, firehol's great. :)
James
More information about the Firehol-support
mailing list