Mailinglist Archive: opensuse-security (511 mails)
| < Previous | Next > |
Re: [suse-security] SuSEfirewall2: are these IPs private or not?
- From: Anders Johansson <andjoh@xxxxxxxxxxxxxxxxxxxxx>
- Date: Tue, 28 Aug 2001 22:39:02 +0200
- Message-id: <200108282039.f7SKd2t27924@xxxxxxxxxxxxxxxxxxxxxxxxxxx>
On Tuesday 28 August 2001 21.30, Steffen Dettmer wrote:
> * Thomas Nowak wrote on Tue, Aug 28, 2001 at 09:47 +0200:
> > Dieter Huerten wrote:
> > > > 10.0.0.0 - 10.255.255.255 (10/8 prefix)
> > > > 172.16.0.0 - 172.31.255.255 (172.16/12 prefix)
> > > > 192.168.0.0 - 192.168.255.255 (192.168/16 prefix)
> >
> > echo "$PART1" | $GREP -Eq '^10\.|^172\.1|^192\.168\.' || {
> > echo "Warning: The network $DEV_IP you want to masquerade is not from a
> > private network"
> > echo ' e.g. 10.0.0.0/8, 172.16.0.0/11 or 192.168.0.0/16 - change
> > this!' }
> > So he looks only if the address begin with 172.1*
> > not very RFC konform :-)
>
> should be changed. Well, I have no nice idea about a real cool
> regex, but:
>
> echo "$PART1" | $GREP -Eq \
> '^10\.|^172\.(16|17|18|19|2.|30|31)\.|^192\.168\.' ....
>
> should work. Improvements?
>
> oki,
>
> Steffen
Shouldn't Microsoft's 169.254.0.0/16 range be there as well? It's very common
for ms machines to use addresses in that range, and they are 'reserved' for
that purpose, even if they're not in an rfc
Anders
> * Thomas Nowak wrote on Tue, Aug 28, 2001 at 09:47 +0200:
> > Dieter Huerten wrote:
> > > > 10.0.0.0 - 10.255.255.255 (10/8 prefix)
> > > > 172.16.0.0 - 172.31.255.255 (172.16/12 prefix)
> > > > 192.168.0.0 - 192.168.255.255 (192.168/16 prefix)
> >
> > echo "$PART1" | $GREP -Eq '^10\.|^172\.1|^192\.168\.' || {
> > echo "Warning: The network $DEV_IP you want to masquerade is not from a
> > private network"
> > echo ' e.g. 10.0.0.0/8, 172.16.0.0/11 or 192.168.0.0/16 - change
> > this!' }
> > So he looks only if the address begin with 172.1*
> > not very RFC konform :-)
>
> should be changed. Well, I have no nice idea about a real cool
> regex, but:
>
> echo "$PART1" | $GREP -Eq \
> '^10\.|^172\.(16|17|18|19|2.|30|31)\.|^192\.168\.' ....
>
> should work. Improvements?
>
> oki,
>
> Steffen
Shouldn't Microsoft's 169.254.0.0/16 range be there as well? It's very common
for ms machines to use addresses in that range, and they are 'reserved' for
that purpose, even if they're not in an rfc
Anders
| < Previous | Next > |