[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Can't access www.kde.org

* nate (debian-user@aphroland.org) [030426 21:31]:
> >
> > You mentioned my firewall... I've done an iptables -F, then -X, then -Z
> > and guess what ?? I can see kde.org's website !
> 
> woah. so it was the firewall :) intersting.
> 
> >
> > I created this firewall script with the help of "firestarter" and then
> > modified it slightly. I wouldn't have a clue what to look for that's
> > causing KDE's website to be blocked though. :-(

I'd posted my firewall elsewhere and someone caught this line:

$IPT -t filter -A INPUT -s 80.0.0.0/8 -d $NET -i $IF -j $STOP

It's in a section that "firestarter" labeled "Block nonroutable IPs". I
know that 172.x.x.x, 127.x.x.x, 192.x.x.x, and maybe others are
nonroutable, but it's got this:

$IPT -t filter -A INPUT -s 1.0.0.0/8 -d $NET -i $IF -j $STOP
$IPT -t filter -A INPUT -s 2.0.0.0/8 -d $NET -i $IF -j $STOP
$IPT -t filter -A INPUT -s 7.0.0.0/8 -d $NET -i $IF -j $STOP
$IPT -t filter -A INPUT -s 23.0.0.0/8 -d $NET -i $IF -j $STOP
$IPT -t filter -A INPUT -s 27.0.0.0/8 -d $NET -i $IF -j $STOP
$IPT -t filter -A INPUT -s 31.0.0.0/8 -d $NET -i $IF -j $STOP
$IPT -t filter -A INPUT -s 41.0.0.0/8 -d $NET -i $IF -j $STOP
$IPT -t filter -A INPUT -s 45.0.0.0/8 -d $NET -i $IF -j $STOP
$IPT -t filter -A INPUT -s 60.0.0.0/8 -d $NET -i $IF -j $STOP
$IPT -t filter -A INPUT -s 68.0.0.0/8 -d $NET -i $IF -j $STOP
$IPT -t filter -A INPUT -s 69.0.0.0/8 -d $NET -i $IF -j $STOP
$IPT -t filter -A INPUT -s 70.0.0.0/8 -d $NET -i $IF -j $STOP
$IPT -t filter -A INPUT -s 71.0.0.0/8 -d $NET -i $IF -j $STOP
$IPT -t filter -A INPUT -s 80.0.0.0/8 -d $NET -i $IF -j $STOP
$IPT -t filter -A INPUT -s 88.0.0.0/8 -d $NET -i $IF -j $STOP
$IPT -t filter -A INPUT -s 88.0.0.0/8 -d $NET -i $IF -j $STOP
$IPT -t filter -A INPUT -s 90.0.0.0/8 -d $NET -i $IF -j $STOP
$IPT -t filter -A INPUT -s 91.0.0.0/8 -d $NET -i $IF -j $STOP
$IPT -t filter -A INPUT -s 92.0.0.0/8 -d $NET -i $IF -j $STOP
$IPT -t filter -A INPUT -s 100.0.0.0/8 -d $NET -i $IF -j $STOP
$IPT -t filter -A INPUT -s 111.0.0.0/8 -d $NET -i $IF -j $STOP
$IPT -t filter -A INPUT -s 112.0.0.0/8 -d $NET -i $IF -j $STOP
$IPT -t filter -A INPUT -s 127.0.0.0/8 -d $NET -i $IF -j $STOP
$IPT -t filter -A INPUT -s 127.0.0.0/8 -d $NET -i $IF -j $STOP
$IPT -t filter -A INPUT -s 128.66.0.0/16 -d $NET -i $IF -j $STOP
$IPT -t filter -A INPUT -s 172.16.0.0/12 -d $NET -i $IF -j $STOP
$IPT -t filter -A INPUT -s 192.168.0.0/16 -d $NET -i $IF -j $STOP
$IPT -t filter -A INPUT -s 197.0.0.0/16 -d $NET -i $IF -j $STOP
$IPT -t filter -A INPUT -s 201.0.0.0/8 -d $NET -i $IF -j $STOP
$IPT -t filter -A INPUT -s 220.0.0.0/8 -d $NET -i $IF -j $STOP
$IPT -t filter -A INPUT -s 222.0.0.0/8 -d $NET -i $IF -j $STOP
$IPT -t filter -A INPUT -s 240.0.0.0/8 -d $NET -i $IF -j $STOP
$IPT -t filter -A INPUT -s 242.0.0.0/8 -d $NET -i $IF -j $STOP
$IPT -t filter -A INPUT -s 244.0.0.0/8 -d $NET -i $IF -j $STOP
$IPT -t filter -A INPUT -s 251.0.0.0/8 -d $NET -i $IF -j $STOP
$IPT -t filter -A INPUT -s 254.0.0.0/8 -d $NET -i $IF -j $STOP

Are all of those valid ?? I'd have to believe not !

Hall
Reply to: