[Discuss] 108.0.0.0/8

[david at thekramers.net (David Kramer)]

On 07/15/2011 05:46 PM, Chuck Anderson wrote:
> There are no more IPv4 "bogons".  All IPv4 addresses have been
> allocated to the regional registries who will soon allocate them to
> organizations.  The era of filtering unallocated IPv4 addresses
> ("bogons") is over.  All that should be in there are RFC1918 and other
> special use blocks (unless you are using these locally), e.g.:
> 
> /* RFC5735/RFC1122 source hosts on this network */
> 0.0.0.0/8;
> /* RFC5735/RFC1918 private networks */
> 10.0.0.0/8;
> /* RFC5735/RFC1122 loopback */
> 127.0.0.0/8;
> /* RFC5735/RFC3927 link local */
> 169.254.0.0/16;
> /* RFC5735/RFC1918 private networks */
> 172.16.0.0/12;
> /* RFC5735/RFC5736 IETF protocol assignments */
> 192.0.0.0/24;
> /* RFC5735/RFC1166 TEST-NET-1 documentation and examples */
> 192.0.2.0/24;
> /* RFC5735/RFC1918 private networks */
> 192.168.0.0/16;
> /* RFC5735/RFC2544 benchmark tests */
> 198.18.0.0/15;
> /* RFC5735/RFC5737 TEST-NET-2 documentation and examples */
> 198.51.100.0/24;
> /* RFC5735/RFC5737 TEST-NET-3 documentation and examples */
> 203.0.113.0/24;
> /* RFC5735/RFC3171 Class-D multicast */
> 224.0.0.0/4;
> /* RFC5735/RFC1112 Class-E reserved */
> 240.0.0.0/4;

Nice.  It's too bad Firestarter doesn't permit comments in that file, or
I would just paste that in.  (Changing the script to do that would be
trivial but I would lose it in the next upgrade).

The non-routables file had 42 lines of /8's and a few of the ones above.
 I cleared them all out.

Thanks!

While I'm on this winning streak, let me ask one question I've never
been able to get an answer on: I *HATE* the fact that all these iptables
log messages take over /var/log/messages.  I've seen ways of writing
them elsewhere in addition to /var/log/messages, and I've seen ways of
writing all kernel warnings to another file, but never a way of writing
just iptables output (and all of iptables output) to just
/var/log/iptables.log (or whatever).   Is there a way?