[Firehol-support] what comes after firehol?

Phil Whineray phil.whineray at gmail.com
Sun Jun 12 23:35:17 BST 2011


On 12 June 2011 23:19, Paul Fox <pgf at foxharp.boston.ma.us> wrote:
> rick wrote:
>  >
>  > On 13/06/2011, at 1:03 AM, Paul Fox wrote:
>  >
>  > >
>  > > oh -- as for the get-iana.sh thing -- i also have changes (based on
>  > > an XML extractor script written in shell) which update get-iana.sh to
>  > > use the new IANA file.  the output, after run through "aggregate",
>  > > is:
>  > >    RESERVED_IPS="0.0.0.0/8 10.0.0.0/8 127.0.0.0/8 224.0.0.0/3"
>  >
>  > you have left out 192.168.0.0/16 and 172.16.0.0/12
>  >
>  > http://en.wikipedia.org/wiki/Private_network
>  >
>  > there's also some in 169.254
>
> i left them out because firehol handles the private blocks separately:
>        RESERVED_IPS="0.0.0.0/8 10.0.0.0/8 127.0.0.0/8 224.0.0.0/3"
>    ....
>        PRIVATE_IPS="10.0.0.0/8 169.254.0.0/16 \
>                     172.16.0.0/12 192.0.2.0/24 \
>                     192.88.99.0/24 192.168.0.0/16"
>     ....
>        UNROUTABLE_IPS="${RESERVED_IPS} ${PRIVATE_IPS}"
>
>
> i'm not sure why the 10.x.x.x range shows up in the IANA reserved
> list, and the others don't.

It's listed in the iana file as private (as well as reserved). Only the first
octet is ever listed so 192.168 et. al. happen to not show up in the output
of get-iana.sh.

I regard the fact that 10.0.0.0/8 comes out of get-iana.sh as a bug, so I
changed it in my git repo. Having said which, as people have noted,
there's hardly likely to be much point in maintaining the script any longer.

Phil




More information about the Firehol-support mailing list