search

firehol / blocklist-ipsets

ipsets dynamically updated with firehol's update-ipsets.sh script
https://iplists.firehol.org
3.14k stars 382 forks source link

Private IP in firehol_level2.netset #24

Open giannidaprile opened 7 years ago

giannidaprile commented 7 years ago

192.168.1.30 should not be present/allowed in firehol_level2. Issue was seen on 12/29/2016.

ktsaou commented 7 years ago

thanks!

Well, this what the lists included in firehol_level2 do. I don't filter anything...

Let's see who added it:

# iprange --header bogons.netset --compare-next blocklist_de.ipset dshield_1d.netset greensnow.ipset openbl_1d.ipset virbl.ipset | grep -v ",0$"name1,name2,entries1,entries2,ips1,ips2,combined_ips,common_ips
bogons.netset,greensnow.ipset,13,1353,592708608,1353,592709960,1

It is greensnow.

keep in mind that firehol_level2 is to be used exclusively on the internet facing interface. If you apply it right, you should want private IPs to be filtered out (you should have filtered them already).

If however you need to remove private IPs from firehol_level2, I suggest to run this command:

iprange firehol_level2.netset --except bogons.netset

I am sorry, but I cannot fix that myself. The rule I follow is very simple: never alter what the list maintainers do.