[Firehol-support] Firehol blocking website, I didn't set it up to block websites?

Logan Anteau lanteau at gmail.com
Tue Dec 12 23:41:53 CET 2006 

Ross,
Thanks a lot, changing the RESERVED_IPS in /usr/sbin/firehol fixed it.
Upgrading is a lot more work because I'm on a Gentoo system and it
automatically takes care of that with portage and emerge. So I'd rather not
go that route. But Thanks again, now it works great!

On 12/12/06, Ross Smith <fireholspam at netebb.com> wrote:
>
> Logan,
>
> You're using an old (pre Jan 18 21:20:28 2006-CVS) version of firehol:
>
> > RETURN     all  --  h-74-0-0-0.dllatx37.covad.net/7
> > <http://h-74-0-0-0.dllatx37.covad.net/7>  anywhere
>
> Please update to the HEAD version in CVS, or change line that begins
>
> RESERVED_IPS=
>
> to read
>
> RESERVED_IPS="0.0.0.0/7 2.0.0.0/8 5.0.0.0/8 7.0.0.0/8 23.0.0.0/8
> 27.0.0.0/8 31.0.0.0/8 36.0.0.0/7 39.0.0.0/8 42.0.0.0/8 92.0.0.0/6
> 100.0.0.0/6 104.0.0.0/5 112.0.0.0/5 120.0.0.0/8 127.0.0.0/8 173.0.0.0/8
> 174.0.0.0/7 176.0.0.0/5 184.0.0.0/6 197.0.0.0/8 223.0.0.0/8 240.0.0.0/4 "
>
> as per
>
>
> http://firehol.cvs.sourceforge.net/firehol/firehol/firehol.sh?annotate=HEAD#l324
>
> -Ross
>
> Logan Anteau wrote On 12/12/2006 1:28 PM -0800:
> > Carlos,
> >  I checked what you suggested and none of that seems to be the issue. I
> > don't even have any of those variables set up. I don't know if this
> > would help you at all but here is my iptables -L:
> >
> > Chain INPUT (policy DROP)
> > target     prot opt source               destination
> > ACCEPT     all  --  anywhere             anywhere
> > in_home    all  --  10.0.0.0/16 <http://10.0.0.0/16>          10.0.0.1
> > <http://10.0.0.1>
> > in_home    all  --  10.0.0.0/16 <http://10.0.0.0/16>
> > 10.0.255.255 <http://10.0.255.255>
> > in_internet  all  --  anywhere             anywhere
> > ACCEPT     all  --  anywhere             anywhere            state
> RELATED
> > LOG        all  --  anywhere             anywhere            limit: avg
> > 1/sec burst 5 LOG level warning prefix `'IN-unknown:''
> > DROP       all  --  anywhere             anywhere
> >
> > Chain FORWARD (policy DROP)
> > target     prot opt source               destination
> > in_internet2lan  all  --  anywhere             10.0.0.0/16
> > <http://10.0.0.0/16>
> > out_internet2lan  all  --  10.0.0.0/16 <http://10.0.0.0/16>
> > anywhere
> > ACCEPT     all  --  anywhere             anywhere            state
> RELATED
> > LOG        all  --  anywhere             anywhere            limit: avg
> > 1/sec burst 5 LOG level warning prefix `'PASS-unknown:''
> > DROP       all  --  anywhere             anywhere
> >
> > Chain OUTPUT (policy DROP)
> > target     prot opt source               destination
> > ACCEPT     all  --  anywhere             anywhere
> > out_home   all  --  10.0.0.1 <http://10.0.0.1>             10.0.0.0/16
> > <http://10.0.0.0/16>
> > out_home   all  --  10.0.255.255 <http://10.0.255.255>
> > 10.0.0.0/16 <http://10.0.0.0/16>
> > out_internet  all  --  anywhere             anywhere
> > ACCEPT     all  --  anywhere             anywhere            state
> RELATED
> > LOG        all  --  anywhere             anywhere            limit: avg
> > 1/sec burst 5 LOG level warning prefix `'OUT-unknown:''
> > DROP       all  --  anywhere             anywhere
> >
> > Chain in_home (2 references)
> > target     prot opt source               destination
> > in_home_all_s1  all  --  anywhere             anywhere
> > in_home_irc_s2  all  --  anywhere             anywhere
> > in_home_ftp_s3  all  --  anywhere             anywhere
> > in_home_all_c4  all  --  anywhere             anywhere
> > in_home_irc_c5  all  --  anywhere             anywhere
> > in_home_ftp_c6  all  --  anywhere             anywhere
> > ACCEPT     all  --  anywhere             anywhere            state
> RELATED
> > LOG        tcp  --  anywhere             anywhere            limit: avg
> > 1/sec burst 5 LOG level warning prefix `''IN-home':''
> > REJECT     tcp  --  anywhere             anywhere            reject-with
> > tcp-reset
> > LOG        all  --  anywhere             anywhere            limit: avg
> > 1/sec burst 5 LOG level warning prefix `''IN-home':''
> > REJECT     all  --  anywhere             anywhere            reject-with
> > icmp-port-unreachable
> >
> > Chain in_home_all_c4 (1 references)
> > target     prot opt source               destination
> > ACCEPT     all  --  anywhere             anywhere            state
> > ESTABLISHED
> >
> > Chain in_home_all_s1 (1 references)
> > target     prot opt source               destination
> > ACCEPT     all  --  anywhere             anywhere            state
> > NEW,ESTABLISHED
> >
> > Chain in_home_ftp_c6 (1 references)
> > target     prot opt source               destination
> > ACCEPT     tcp  --  anywhere             anywhere            tcp spt:ftp
> > dpts:1024:4999 state ESTABLISHED
> > ACCEPT     tcp  --  anywhere             anywhere            tcp
> > spt:ftp-data dpts:1024:4999 state RELATED,ESTABLISHED
> > ACCEPT     tcp  --  anywhere             anywhere            tcp
> > spts:1024:65535 dpts:1024:4999 state ESTABLISHED
> >
> > Chain in_home_ftp_s3 (1 references)
> > target     prot opt source               destination
> > ACCEPT     tcp  --  anywhere             anywhere            tcp
> > spts:1024:65535 dpt:ftp state NEW,ESTABLISHED
> > ACCEPT     tcp  --  anywhere             anywhere            tcp
> > spts:1024:65535 dpt:ftp-data state ESTABLISHED
> > ACCEPT     tcp  --  anywhere             anywhere            tcp
> > spts:1024:65535 dpts:1024:4999 state RELATED,ESTABLISHED
> >
> > Chain in_home_irc_c5 (1 references)
> > target     prot opt source               destination
> > ACCEPT     tcp  --  anywhere             anywhere            tcp
> > spt:ircd dpts:1024:4999 state ESTABLISHED
> >
> > Chain in_home_irc_s2 (1 references)
> > target     prot opt source               destination
> > ACCEPT     tcp  --  anywhere             anywhere            tcp
> > spts:1024:65535 dpt:ircd state NEW,ESTABLISHED
> >
> > Chain in_internet (1 references)
> > target     prot opt source               destination
> > RETURN     all  --  0.0.0.0/7 <http://0.0.0.0/7>
> > anywhere
> > RETURN     all  --  2.0.0.0/8 <http://2.0.0.0/8>
> > anywhere
> > RETURN     all  --  5.0.0.0/8 <http://5.0.0.0/8>
> > anywhere
> > RETURN     all  --  7.0.0.0/8 <http://7.0.0.0/8>
> > anywhere
> > RETURN     all  --  23.0.0.0/8 <http://23.0.0.0/8>
> > anywhere
> > RETURN     all  --  27.0.0.0/8 <http://27.0.0.0/8>
> > anywhere
> > RETURN     all  --  31.0.0.0/8 <http://31.0.0.0/8>
> > anywhere
> > RETURN     all  --  36.0.0.0/7 <http://36.0.0.0/7>
> > anywhere
> > RETURN     all  --  39.0.0.0/8 <http://39.0.0.0/8>
> > anywhere
> > RETURN     all  --  41.0.0.0/8 <http://41.0.0.0/8>
> > anywhere
> > RETURN     all  --  42.0.0.0/8 <http://42.0.0.0/8>
> > anywhere
> > RETURN     all  --  73.0.0.0/8 <http://73.0.0.0/8>
> > anywhere
> > RETURN     all  --  h-74-0-0-0.dllatx37.covad.net/7
> > <http://h-74-0-0-0.dllatx37.covad.net/7>  anywhere
> > RETURN     all  --  mo-76-0-0-0.dhcp.embarqhsd.net/6
> > <http://mo-76-0-0-0.dhcp.embarqhsd.net/6>  anywhere
> > RETURN     all  --  89.0.0.0/8 <http://89.0.0.0/8>
> > anywhere
> > RETURN     all  --  AMontpellier-257-1-113-net.w90-0.abo.wanadoo.fr/7
> > <http://AMontpellier-257-1-113-net.w90-0.abo.wanadoo.fr/7>
> > anywhere
> > RETURN     all  --  92.0.0.0/6 <http://92.0.0.0/6>
> > anywhere
> > RETURN     all  --  96.0.0.0/3 <http://96.0.0.0/3>
> > anywhere
> > RETURN     all  --  173.0.0.0/8 <http://173.0.0.0/8>
> > anywhere
> > RETURN     all  --  174.0.0.0/7 <http://174.0.0.0/7>
> > anywhere
> > RETURN     all  --  176.0.0.0/5 <http://176.0.0.0/5>
> > anywhere
> > RETURN     all  --  184.0.0.0/6 <http://184.0.0.0/6>
> > anywhere
> > RETURN     all  --  189.0.0.0/8 <http://189.0.0.0/8>
> > anywhere
> > RETURN     all  --  <http://190.0.0.0/8>
>



-- 
Logan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.firehol.org/pipermail/firehol-support/attachments/20061212/4785668c/attachment-0001.html>

More information about the Firehol-support mailing list