[Firehol-support] what comes after firehol?

Rick Marshall rjm at zenucom.com
Mon Jun 13 00:58:40 BST 2011


There's a second reason for not bothering with the script.

By far the most problems are now coming from spambots and other viral 'bots'.

These are often initiated from the IP blocks used by wireless and/or non-static allocated adsl services which of course are valid IP addresses.

While it may be practical to block these addresses when they connect to mail servers, blocking them in general is not reasonable (vpns etc).

An ongoing 'arms' race :(

Regards
Rick

On 13/06/2011, at 8:35 AM, Phil Whineray wrote:

> On 12 June 2011 23:19, Paul Fox <pgf at foxharp.boston.ma.us> wrote:
>> rick wrote:
>>  >
>>  > On 13/06/2011, at 1:03 AM, Paul Fox wrote:
>>  >
>>  > >
>>  > > oh -- as for the get-iana.sh thing -- i also have changes (based on
>>  > > an XML extractor script written in shell) which update get-iana.sh to
>>  > > use the new IANA file.  the output, after run through "aggregate",
>>  > > is:
>>  > >    RESERVED_IPS="0.0.0.0/8 10.0.0.0/8 127.0.0.0/8 224.0.0.0/3"
>>  >
>>  > you have left out 192.168.0.0/16 and 172.16.0.0/12
>>  >
>>  > http://en.wikipedia.org/wiki/Private_network
>>  >
>>  > there's also some in 169.254
>> 
>> i left them out because firehol handles the private blocks separately:
>>        RESERVED_IPS="0.0.0.0/8 10.0.0.0/8 127.0.0.0/8 224.0.0.0/3"
>>    ....
>>        PRIVATE_IPS="10.0.0.0/8 169.254.0.0/16 \
>>                     172.16.0.0/12 192.0.2.0/24 \
>>                     192.88.99.0/24 192.168.0.0/16"
>>     ....
>>        UNROUTABLE_IPS="${RESERVED_IPS} ${PRIVATE_IPS}"
>> 
>> 
>> i'm not sure why the 10.x.x.x range shows up in the IANA reserved
>> list, and the others don't.
> 
> It's listed in the iana file as private (as well as reserved). Only the first
> octet is ever listed so 192.168 et. al. happen to not show up in the output
> of get-iana.sh.
> 
> I regard the fact that 10.0.0.0/8 comes out of get-iana.sh as a bug, so I
> changed it in my git repo. Having said which, as people have noted,
> there's hardly likely to be much point in maintaining the script any longer.
> 
> Phil
> 
> ------------------------------------------------------------------------------
> EditLive Enterprise is the world's most technically advanced content
> authoring tool. Experience the power of Track Changes, Inline Image
> Editing and ensure content is compliant with Accessibility Checking.
> http://p.sf.net/sfu/ephox-dev2dev
> _______________________________________________
> Firehol-support mailing list
> Firehol-support at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/firehol-support





More information about the Firehol-support mailing list