To varnish sysadmin: Blocked IPv4 Space 50.0.0.0/8

Chris Cook crcook at gmail.com
Wed Nov 17 18:06:21 CET 2010


Correct - I was mostly referring to the unallocated yet public space (the 11 remaining /8s that are currently "bogon") that will most likely be allocated and then not bogon within the next 12 months (probably much sooner).  If you're manually updating your bogon filters, most likely you'll run into problems like this (I have when we were still blocking 2.0.0.0/8).

If you want to get really fancy you can just use this list instead - http://www.team-cymru.org/Services/Bogons/fullbogons-ipv4.txt (though I would only use such a list if I was automatically updating my bogon filters)

On Nov 17, 2010, at 12:02 PM, Richard Chiswell wrote:

> Well, it's worth blocking
> 0.0.0.0/8, 10.0.0.0/8, 127.0.0.0/8, 169.254.0.0/16, 172.16.0.0/12, 192.168.0.0/16
> as those ranges shouldn't appear on the public intertubes. [ http://www.rfc-editor.org/rfc/rfc3330.txt ]
> 
> Rich
> 
> On 17/11/2010 16:56, Chris Cook wrote:
>> Just as a friendly FYI - your bogon filter should probably match this: http://www.team-cymru.org/Services/Bogons/bogon-bn-nonagg.txt (and realistically you might as well not block most of that since it will all be allocated within the next 12 months).
>> 
>> On Nov 17, 2010, at 9:04 AM, Tollef Fog Heen wrote:
>> 
>>> ]] Ivan Dario Diaz
>>> 
>>> | I have tested several IP's of Redpill Linpro AS (it seems like your
>>> | Hosting Provider) and mostly of them works, but varnish related (deb
>>> | trac planet www) IP's doesn't work. As you know there are a huge of
>>> | users in amazon EC2 using Varnish. It will be a problem to all of them.
>>> |
>>> | I'm not saying that the blocking is in your servers. But all my tests
>>> | appoint to that. Please help us with that.
>>> 
>>> Indeed, our firewall had the «block bogon networks» turned on, and it
>>> seems like the list hadn't been updated in a while.  I've fixed this
>>> now.
>>> 
>>> -- 
>>> Tollef Fog Heen
>>> Varnish Software
>>> t: +47 21 98 62 64
>>> 
>>> _______________________________________________
>>> varnish-misc mailing list
>>> varnish-misc at varnish-cache.org
>>> http://lists.varnish-cache.org/mailman/listinfo/varnish-misc
>> 
>> _______________________________________________
>> varnish-misc mailing list
>> varnish-misc at varnish-cache.org
>> http://lists.varnish-cache.org/mailman/listinfo/varnish-misc
> 
> 
> _______________________________________________
> varnish-misc mailing list
> varnish-misc at varnish-cache.org
> http://lists.varnish-cache.org/mailman/listinfo/varnish-misc

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.varnish-cache.org/pipermail/varnish-misc/attachments/20101117/fe978a0e/attachment-0001.html>


More information about the varnish-misc mailing list