Block bogon networks - WARNING



  • Hi all,

    I have been using this great product since its early days… I wanted to post a warning regarding "Block bogon networks" option - it basically should not be used in a production system.

    I'm running a small IT web-shop from my home connection and because of this option enabled I had disabled access for thousands of customers. I don't know how/why it did not update the new IP assignments that were given to the biggest telco in the country, but from around April 07 until Sep 07 I had a nice “quit period” in my shop :D  I checked access from my other connection and basically around 65,534 (78.84.0.0/16 range) addresses were not able to access my network. During this time I noticed that some connections showed up as blocked in the logs, but I din't pay much attention to it, assuming those were some ips what I was blocking intentionally…

    I wanted to mention that I'm not familiar with FreeBSD and those sh scripts.

    Andy



  • What version?  There was a number of fixes to this before 1.2-RC4 where the file was not downloading correctly.



  • Some version that was available at the time, I was upgrading quite frequently.

    In any case, this was a very serious impairment that I would not risk causing again. If it was only my home network, I would enable it without doubt, but it's bad for business! :))

    Even if your downloading script would be working correctly I also would have to rely on the site where you are downloading it from to update new IP assignments, etc.

    But thank you for great software – some 2 years ago I was looking for a firewall, went through a couple of available ones ipcop, etc, but settled for this one, it was version 0.9 something. I’m running it on an older Biostar iDEQ small box and have been very pleased with it!!, with one exception. ;)


Log in to reply