From owner-freebsd-isp@FreeBSD.ORG Sun May 4 10:59:39 2003 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2C6FD37B401 for ; Sun, 4 May 2003 10:59:39 -0700 (PDT) Received: from misery.sdf.com (misery.sdf.com [207.200.153.226]) by mx1.FreeBSD.org (Postfix) with ESMTP id C161043F75 for ; Sun, 4 May 2003 10:59:37 -0700 (PDT) (envelope-from tom@sdf.com) Received: from tom (helo=localhost) by misery.sdf.com with local-esmtp (Exim 2.12 #1) id 19CMBb-0004lx-00; Sun, 4 May 2003 09:17:59 -0700 Date: Sun, 4 May 2003 09:17:57 -0700 (PDT) From: Tom Samplonius To: Chuck Swiger In-Reply-To: <3EB53C74.40500@codefab.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: freebsd-isp@FreeBSD.ORG Subject: Re: Netblocks to filter, was: Re: [fw-wiz] Protecting a datacentre with a firewall X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 04 May 2003 17:59:39 -0000 On Sun, 4 May 2003, Chuck Swiger wrote: > I'd dug up some information about invalid IP network blocks to filter > from a discussion on the firewall-wizards mailing list, and converted it > to a set of IPFW(2) rules: ... Be careful with this stuff though. While some blocks like 10/8 are obviously dedicated for internal use, some blocks are merely "reserved". The reserved blocks will be assigned to regional registries at some point. For instance, 173/8 will be used some day, probably by end of next year. Just recently a new block was assinged to a regional registry, which began assigning networks to ISPs. The problem is that many sites have filters blocking this IP block. That means the ISPs are faced with lots of strange connectivity problems when using those IPs. Tom