[Firestarter-user] Nonroutable IP blocks not up to date?
Brought to you by:
majix
From: Mark W. <ma...@kl...> - 2001-12-25 12:35:02
|
Hi, Thanks for Firestarter! It was really easy to setup a firewall+NAT router with it under Debian GNU/Linux. The only thing that I had to do by hand was change the IMAP port (143) to the imaps port (993). It would be nice to add that as a standard option. Please note that the ip blocks blocked under #Block nonroutable IPs is not completely up to date according to http://www.iana.org/assignments/ipv4-address-space a couple of previously reserved blocks have been assigned in 2001. According to that page the following rules are wrong: $IPT -t filter -A INPUT -s 45.0.0.0/8 -d $NET -i $IF -j $STOP $IPT -t filter -A INPUT -s 68.0.0.0/8 -d $NET -i $IF -j $STOP $IPT -t filter -A INPUT -s 220.0.0.0/8 -d $NET -i $IF -j $STOP But maybe I am reading the above document wrongly since it also seems to indicate that there are a lot of ip blocks missing from the nonroutable list in firestarter. Where does the list in firestarter come from? (I am using 0.8.0) I noticed this when I was going to www.uklinux.org and www.debianplanet.org. My nameserver was unable to resolve those hosts with a standard firestarter firewall.sh script since bgresponses from the nameservers (80.84.64.20 or 80.84.72.20) were blocked. Cheers, Mark |