[Firehol-support] UNROUTABLE_IPS / RESERVED_IPS outdated
Ross Smith
fireholspam at netebb.com
Sat Aug 26 02:00:57 BST 2006
James,
It's properly updated in CVS:
<http://firehol.cvs.sourceforge.net/firehol/firehol/firehol.sh?view=diff&r1=1.242&r2=1.243>
I just manually add the following to my firehol.sh script:
RESERVED_IPS="0.0.0.0/7 2.0.0.0/8 5.0.0.0/8 7.0.0.0/8 23.0.0.0/8 27.0.0.0/8 31.0.0.0/8 36.0.0.0/7 39.0.0.0/8 42.0.0.0/8 77.0.0.0/8 78.0.0.0/7 92.0.0.0/6 96.0.0.0/4 112.0.0.0/5 120.0.0.0/8 127.0.0.0/8 173.0.0.0/8 174.0.0.0/7 176.0.0.0/5 184.0.0.0/6
197.0.0.0/8 223.0.0.0/8 240.0.0.0/4"
-Ross
James Byers wrote On 8/25/2006 5:18 PM -0800:
> I wanted to give everyone a head's up about UNROUTABLE_IPS, specifically
> RESERVED_IPS. The IANA reserved network list that firehol 1.226 uses is
> quite out of date, so if you follow the example config in the docs and
> restrict traffic from UNROUTABLE_IPS, you'll be blocking a wide swath of
> legitimate Internet users.
>
> By my reading of the IANA assignment doc
> (http://www.iana.org/assignments/ipv4-address-space), the following IP
> ranges should be removed from the exclusion list:
>
> 041/8
> 073/8
> 074/7
> 076/8
> 089/8
> 090/7
> 121/8
> 122/8
> 123/8
> 124/8
> 125/8
> 126/8
> 189/8
> 190/8
>
> This was filed a while back by someone else as a bug, but I figured it
> was serious enough to send to the list as well. At least for us, this
> resulted in some pretty unpleasant troubleshooting.
>
> http://sourceforge.net/tracker/index.php?func=detail&aid=1475053&group_id=58425&atid=487692
>
> Otherwise, firehol's great. :)
>
> James
>
> -------------------------------------------------------------------------
> Using Tomcat but need to do more? Need to support web services, security?
> Get stuff done quickly with pre-integrated technology to make your job easier
> Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
> http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
> _______________________________________________
> Firehol-support mailing list
> Firehol-support at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/firehol-support
>
More information about the Firehol-support
mailing list