[Firehol-support] Firehol blocking website, I didn't set it up to block websites?
Ross Smith
fireholspam at netebb.com
Tue Dec 12 22:25:12 GMT 2006
Logan,
You're using an old (pre Jan 18 21:20:28 2006-CVS) version of firehol:
> RETURN all -- h-74-0-0-0.dllatx37.covad.net/7
> <http://h-74-0-0-0.dllatx37.covad.net/7> anywhere
Please update to the HEAD version in CVS, or change line that begins
RESERVED_IPS=
to read
RESERVED_IPS="0.0.0.0/7 2.0.0.0/8 5.0.0.0/8 7.0.0.0/8 23.0.0.0/8
27.0.0.0/8 31.0.0.0/8 36.0.0.0/7 39.0.0.0/8 42.0.0.0/8 92.0.0.0/6
100.0.0.0/6 104.0.0.0/5 112.0.0.0/5 120.0.0.0/8 127.0.0.0/8 173.0.0.0/8
174.0.0.0/7 176.0.0.0/5 184.0.0.0/6 197.0.0.0/8 223.0.0.0/8 240.0.0.0/4 "
as per
http://firehol.cvs.sourceforge.net/firehol/firehol/firehol.sh?annotate=HEAD#l324
-Ross
Logan Anteau wrote On 12/12/2006 1:28 PM -0800:
> Carlos,
> I checked what you suggested and none of that seems to be the issue. I
> don't even have any of those variables set up. I don't know if this
> would help you at all but here is my iptables -L:
>
> Chain INPUT (policy DROP)
> target prot opt source destination
> ACCEPT all -- anywhere anywhere
> in_home all -- 10.0.0.0/16 <http://10.0.0.0/16> 10.0.0.1
> <http://10.0.0.1>
> in_home all -- 10.0.0.0/16 <http://10.0.0.0/16>
> 10.0.255.255 <http://10.0.255.255>
> in_internet all -- anywhere anywhere
> ACCEPT all -- anywhere anywhere state RELATED
> LOG all -- anywhere anywhere limit: avg
> 1/sec burst 5 LOG level warning prefix `'IN-unknown:''
> DROP all -- anywhere anywhere
>
> Chain FORWARD (policy DROP)
> target prot opt source destination
> in_internet2lan all -- anywhere 10.0.0.0/16
> <http://10.0.0.0/16>
> out_internet2lan all -- 10.0.0.0/16 <http://10.0.0.0/16>
> anywhere
> ACCEPT all -- anywhere anywhere state RELATED
> LOG all -- anywhere anywhere limit: avg
> 1/sec burst 5 LOG level warning prefix `'PASS-unknown:''
> DROP all -- anywhere anywhere
>
> Chain OUTPUT (policy DROP)
> target prot opt source destination
> ACCEPT all -- anywhere anywhere
> out_home all -- 10.0.0.1 <http://10.0.0.1> 10.0.0.0/16
> <http://10.0.0.0/16>
> out_home all -- 10.0.255.255 <http://10.0.255.255>
> 10.0.0.0/16 <http://10.0.0.0/16>
> out_internet all -- anywhere anywhere
> ACCEPT all -- anywhere anywhere state RELATED
> LOG all -- anywhere anywhere limit: avg
> 1/sec burst 5 LOG level warning prefix `'OUT-unknown:''
> DROP all -- anywhere anywhere
>
> Chain in_home (2 references)
> target prot opt source destination
> in_home_all_s1 all -- anywhere anywhere
> in_home_irc_s2 all -- anywhere anywhere
> in_home_ftp_s3 all -- anywhere anywhere
> in_home_all_c4 all -- anywhere anywhere
> in_home_irc_c5 all -- anywhere anywhere
> in_home_ftp_c6 all -- anywhere anywhere
> ACCEPT all -- anywhere anywhere state RELATED
> LOG tcp -- anywhere anywhere limit: avg
> 1/sec burst 5 LOG level warning prefix `''IN-home':''
> REJECT tcp -- anywhere anywhere reject-with
> tcp-reset
> LOG all -- anywhere anywhere limit: avg
> 1/sec burst 5 LOG level warning prefix `''IN-home':''
> REJECT all -- anywhere anywhere reject-with
> icmp-port-unreachable
>
> Chain in_home_all_c4 (1 references)
> target prot opt source destination
> ACCEPT all -- anywhere anywhere state
> ESTABLISHED
>
> Chain in_home_all_s1 (1 references)
> target prot opt source destination
> ACCEPT all -- anywhere anywhere state
> NEW,ESTABLISHED
>
> Chain in_home_ftp_c6 (1 references)
> target prot opt source destination
> ACCEPT tcp -- anywhere anywhere tcp spt:ftp
> dpts:1024:4999 state ESTABLISHED
> ACCEPT tcp -- anywhere anywhere tcp
> spt:ftp-data dpts:1024:4999 state RELATED,ESTABLISHED
> ACCEPT tcp -- anywhere anywhere tcp
> spts:1024:65535 dpts:1024:4999 state ESTABLISHED
>
> Chain in_home_ftp_s3 (1 references)
> target prot opt source destination
> ACCEPT tcp -- anywhere anywhere tcp
> spts:1024:65535 dpt:ftp state NEW,ESTABLISHED
> ACCEPT tcp -- anywhere anywhere tcp
> spts:1024:65535 dpt:ftp-data state ESTABLISHED
> ACCEPT tcp -- anywhere anywhere tcp
> spts:1024:65535 dpts:1024:4999 state RELATED,ESTABLISHED
>
> Chain in_home_irc_c5 (1 references)
> target prot opt source destination
> ACCEPT tcp -- anywhere anywhere tcp
> spt:ircd dpts:1024:4999 state ESTABLISHED
>
> Chain in_home_irc_s2 (1 references)
> target prot opt source destination
> ACCEPT tcp -- anywhere anywhere tcp
> spts:1024:65535 dpt:ircd state NEW,ESTABLISHED
>
> Chain in_internet (1 references)
> target prot opt source destination
> RETURN all -- 0.0.0.0/7 <http://0.0.0.0/7>
> anywhere
> RETURN all -- 2.0.0.0/8 <http://2.0.0.0/8>
> anywhere
> RETURN all -- 5.0.0.0/8 <http://5.0.0.0/8>
> anywhere
> RETURN all -- 7.0.0.0/8 <http://7.0.0.0/8>
> anywhere
> RETURN all -- 23.0.0.0/8 <http://23.0.0.0/8>
> anywhere
> RETURN all -- 27.0.0.0/8 <http://27.0.0.0/8>
> anywhere
> RETURN all -- 31.0.0.0/8 <http://31.0.0.0/8>
> anywhere
> RETURN all -- 36.0.0.0/7 <http://36.0.0.0/7>
> anywhere
> RETURN all -- 39.0.0.0/8 <http://39.0.0.0/8>
> anywhere
> RETURN all -- 41.0.0.0/8 <http://41.0.0.0/8>
> anywhere
> RETURN all -- 42.0.0.0/8 <http://42.0.0.0/8>
> anywhere
> RETURN all -- 73.0.0.0/8 <http://73.0.0.0/8>
> anywhere
> RETURN all -- h-74-0-0-0.dllatx37.covad.net/7
> <http://h-74-0-0-0.dllatx37.covad.net/7> anywhere
> RETURN all -- mo-76-0-0-0.dhcp.embarqhsd.net/6
> <http://mo-76-0-0-0.dhcp.embarqhsd.net/6> anywhere
> RETURN all -- 89.0.0.0/8 <http://89.0.0.0/8>
> anywhere
> RETURN all -- AMontpellier-257-1-113-net.w90-0.abo.wanadoo.fr/7
> <http://AMontpellier-257-1-113-net.w90-0.abo.wanadoo.fr/7>
> anywhere
> RETURN all -- 92.0.0.0/6 <http://92.0.0.0/6>
> anywhere
> RETURN all -- 96.0.0.0/3 <http://96.0.0.0/3>
> anywhere
> RETURN all -- 173.0.0.0/8 <http://173.0.0.0/8>
> anywhere
> RETURN all -- 174.0.0.0/7 <http://174.0.0.0/7>
> anywhere
> RETURN all -- 176.0.0.0/5 <http://176.0.0.0/5>
> anywhere
> RETURN all -- 184.0.0.0/6 <http://184.0.0.0/6>
> anywhere
> RETURN all -- 189.0.0.0/8 <http://189.0.0.0/8>
> anywhere
> RETURN all -- <http://190.0.0.0/8>
More information about the Firehol-support
mailing list