[Firehol-support] Firehol blocking website, I didn't set it up to block websites?

Logan Anteau lanteau at gmail.com
Tue Dec 12 21:28:43 GMT 2006


Carlos,
 I checked what you suggested and none of that seems to be the issue. I
don't even have any of those variables set up. I don't know if this would
help you at all but here is my iptables -L:

Chain INPUT (policy DROP)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere
in_home    all  --  10.0.0.0/16          10.0.0.1
in_home    all  --  10.0.0.0/16          10.0.255.255
in_internet  all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere            state RELATED
LOG        all  --  anywhere             anywhere            limit: avg
1/sec burst 5 LOG level warning prefix `'IN-unknown:''
DROP       all  --  anywhere             anywhere

Chain FORWARD (policy DROP)
target     prot opt source               destination
in_internet2lan  all  --  anywhere             10.0.0.0/16
out_internet2lan  all  --  10.0.0.0/16          anywhere
ACCEPT     all  --  anywhere             anywhere            state RELATED
LOG        all  --  anywhere             anywhere            limit: avg
1/sec burst 5 LOG level warning prefix `'PASS-unknown:''
DROP       all  --  anywhere             anywhere

Chain OUTPUT (policy DROP)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere
out_home   all  --  10.0.0.1             10.0.0.0/16
out_home   all  --  10.0.255.255         10.0.0.0/16
out_internet  all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere            state RELATED
LOG        all  --  anywhere             anywhere            limit: avg
1/sec burst 5 LOG level warning prefix `'OUT-unknown:''
DROP       all  --  anywhere             anywhere

Chain in_home (2 references)
target     prot opt source               destination
in_home_all_s1  all  --  anywhere             anywhere
in_home_irc_s2  all  --  anywhere             anywhere
in_home_ftp_s3  all  --  anywhere             anywhere
in_home_all_c4  all  --  anywhere             anywhere
in_home_irc_c5  all  --  anywhere             anywhere
in_home_ftp_c6  all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere            state RELATED
LOG        tcp  --  anywhere             anywhere            limit: avg
1/sec burst 5 LOG level warning prefix `''IN-home':''
REJECT     tcp  --  anywhere             anywhere            reject-with
tcp-reset
LOG        all  --  anywhere             anywhere            limit: avg
1/sec burst 5 LOG level warning prefix `''IN-home':''
REJECT     all  --  anywhere             anywhere            reject-with
icmp-port-unreachable

Chain in_home_all_c4 (1 references)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere            state
ESTABLISHED

Chain in_home_all_s1 (1 references)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere            state
NEW,ESTABLISHED

Chain in_home_ftp_c6 (1 references)
target     prot opt source               destination
ACCEPT     tcp  --  anywhere             anywhere            tcp spt:ftp
dpts:1024:4999 state ESTABLISHED
ACCEPT     tcp  --  anywhere             anywhere            tcp
spt:ftp-data dpts:1024:4999 state RELATED,ESTABLISHED
ACCEPT     tcp  --  anywhere             anywhere            tcp
spts:1024:65535 dpts:1024:4999 state ESTABLISHED

Chain in_home_ftp_s3 (1 references)
target     prot opt source               destination
ACCEPT     tcp  --  anywhere             anywhere            tcp
spts:1024:65535 dpt:ftp state NEW,ESTABLISHED
ACCEPT     tcp  --  anywhere             anywhere            tcp
spts:1024:65535 dpt:ftp-data state ESTABLISHED
ACCEPT     tcp  --  anywhere             anywhere            tcp
spts:1024:65535 dpts:1024:4999 state RELATED,ESTABLISHED

Chain in_home_irc_c5 (1 references)
target     prot opt source               destination
ACCEPT     tcp  --  anywhere             anywhere            tcp spt:ircd
dpts:1024:4999 state ESTABLISHED

Chain in_home_irc_s2 (1 references)
target     prot opt source               destination
ACCEPT     tcp  --  anywhere             anywhere            tcp
spts:1024:65535 dpt:ircd state NEW,ESTABLISHED

Chain in_internet (1 references)
target     prot opt source               destination
RETURN     all  --  0.0.0.0/7            anywhere
RETURN     all  --  2.0.0.0/8            anywhere
RETURN     all  --  5.0.0.0/8            anywhere
RETURN     all  --  7.0.0.0/8            anywhere
RETURN     all  --  23.0.0.0/8           anywhere
RETURN     all  --  27.0.0.0/8           anywhere
RETURN     all  --  31.0.0.0/8           anywhere
RETURN     all  --  36.0.0.0/7           anywhere
RETURN     all  --  39.0.0.0/8           anywhere
RETURN     all  --  41.0.0.0/8           anywhere
RETURN     all  --  42.0.0.0/8           anywhere
RETURN     all  --  73.0.0.0/8           anywhere
RETURN     all  --  h-74-0-0-0.dllatx37.covad.net/7  anywhere
RETURN     all  --  mo-76-0-0-0.dhcp.embarqhsd.net/6  anywhere
RETURN     all  --  89.0.0.0/8           anywhere
RETURN     all  --  AMontpellier-257-1-113-net.w90-0.abo.wanadoo.fr/7
anywhere
RETURN     all  --  92.0.0.0/6           anywhere
RETURN     all  --  96.0.0.0/3           anywhere
RETURN     all  --  173.0.0.0/8          anywhere
RETURN     all  --  174.0.0.0/7          anywhere
RETURN     all  --  176.0.0.0/5          anywhere
RETURN     all  --  184.0.0.0/6          anywhere
RETURN     all  --  189.0.0.0/8          anywhere
RETURN     all  --  190.0.0.0/8          anywhere
RETURN     all  --  197.0.0.0/8          anywhere
RETURN     all  --  223.0.0.0/8          anywhere
RETURN     all  --  240.0.0.0/4          anywhere
RETURN     all  --  10.0.0.0/8           anywhere
RETURN     all  --  169.254.0.0/16       anywhere
RETURN     all  --  172.16.0.0/12        anywhere
RETURN     all  --  192.0.2.0/24         anywhere
RETURN     all  --  192.88.99.0/24       anywhere
RETURN     all  --  192.168.0.0/16       anywhere
DROP       all  --  anywhere             anywhere            state INVALID
pr_internet_fragments  all  -f  anywhere             anywhere
pr_internet_nosyn  tcp  --  anywhere             anywhere            state
NEW tcp flags:!FIN,SYN,RST,ACK/SYN
pr_internet_icmpflood  icmp --  anywhere             anywhere
icmp echo-request
pr_internet_synflood  tcp  --  anywhere             anywhere            tcp
flags:FIN,SYN,RST,ACK/SYN
pr_internet_malxmas  tcp  --  anywhere             anywhere            tcp
flags:FIN,SYN,RST,PSH,ACK,URG/FIN,SYN,RST,PSH,ACK,URG
pr_internet_malnull  tcp  --  anywhere             anywhere            tcp
flags:FIN,SYN,RST,PSH,ACK,URG/NONE
pr_internet_malbad  tcp  --  anywhere             anywhere            tcp
flags:FIN,SYN/FIN,SYN
pr_internet_malbad  tcp  --  anywhere             anywhere            tcp
flags:SYN,RST/SYN,RST
pr_internet_malbad  tcp  --  anywhere             anywhere            tcp
flags:FIN,SYN,RST,PSH,ACK,URG/FIN,SYN,RST,ACK,URG
pr_internet_malbad  tcp  --  anywhere             anywhere            tcp
flags:FIN,SYN,RST,PSH,ACK,URG/FIN,PSH,URG
in_internet_http_s1  all  --  anywhere             anywhere
in_internet_ssh_s2  all  --  anywhere             anywhere
in_internet_ftp_s3  all  --  anywhere             anywhere
in_internet_ident_s4  all  --  anywhere             anywhere
in_internet_forwards_s5  all  --  anywhere             anywhere
in_internet_customports_s6  all  --  anywhere
anywhere
in_internet_all_c7  all  --  anywhere


On 12/12/06, Carlos Rodrigues <carlos.efr at mail.telepac.pt> wrote:
>
> On 12/12/06, Logan Anteau <lanteau at gmail.com> wrote:
> > I have firehol, and suddenly Ive found it blocking a website, I never
> set it
> > to do this and I wonder if it was from an upgrade. Ive noticed it
> blocking
> > www.twit.tv, which is a technology podcast network. It could be blocking
> > more sites, I don't know. Can someone advise me how to make firehol stop
> > blocking websites all together? Tahnks
>
> Is that site new? Maybe its address falls within a previously reserved
> address range. If your are using the "RESERVED_IPS" or
> "UNROUTABLE_IPS" variables anywhere on your configuration, try
> removing them.
>
> Or, you can check the RESERVED_IPS variable on the firehol executable
> script to see if that site's address matches any of the networks
> listed there.
>
> --
> Carlos Rodrigues
>
> -------------------------------------------------------------------------
> Take Surveys. Earn Cash. Influence the Future of IT
> Join SourceForge.net's Techsay panel and you'll get the chance to share
> your
> opinions on IT & business topics through brief surveys - and earn cash
> http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
> _______________________________________________
> Firehol-support mailing list
> Firehol-support at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/firehol-support
>



-- 
Logan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.firehol.org/pipermail/firehol-support/attachments/20061212/0e171e9c/attachment-0003.html>


More information about the Firehol-support mailing list