Solved

PUblic IP Address rule

Posted on 2008-10-17
8
479 Views
Last Modified: 2012-06-27
HI I want to create a rule on my firewall to controll traffic that comes from pc that has public ip address. I need help on to know what ip addresses and subnet i need to include in my policy inorder to cover all possible ip addrese
0
Comment
Question by:mzhaim
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
8 Comments
 
LVL 2

Expert Comment

by:devlex
ID: 22744940
Is this a firewall to the Internet or an internal firewall? If the traffic is coming in from the Internet, it should always have a public IP address. That being said, this is the range of private IP addresses:

10.0.0.0 to 10.255.255.255
172.16.0.0 to 172.31.255.255
192.168.0.0 to 192.168.255.255

You would need to include all other ranges or explicitly exclude these ones.
0
 
LVL 44

Expert Comment

by:Darr247
ID: 22746665
you might want to allow 127.0.0.0 through 127.255.255.255 also... they're good for testing, and don't really 'go' anywhere.

If you want to allow automatic addressing of ad-hoc wireless networks, you would allow 169.254.0.0 through 169.254.255.255, but that might not be a good idea... maybe make the rule and then disable it so when you're connecting via an ad-hoc network like that you can just enable it (then disable it agaiin when done).
0
 

Author Comment

by:mzhaim
ID: 22747217
hi can you tell me what are the ranges of  public  ip addresse

 
0
What, When and Where - Security Threats from Q1

Join Corey Nachreiner, CTO, and Marc Laliberte, Information Security Threat Analyst, on July 26th as they explore their key findings from the first quarter of 2017.

 
LVL 44

Expert Comment

by:Darr247
ID: 22748194
Per RFC 3330 unless otherwise specified

Public IPs                                  Private or reserved IPs
                                                 0.0.0.0 - 0.255.255.255 [reserved for 'this network' per RFC 1700]

1.0.0.0 - 9.255.255.255

                                                 10.0.0.0 - 10.255.255.255 [reserved for private IPs - RFC 1918]

11.0.0.0 - 126.255.255.255

                                                 127.0.0.0 - 127.255.255.255 [reserved for loopback - RFC 1700]
                                                 128.0.0.0 - 128.255.255.255 [currently reserved; subject to assignment when IPv4 runs out of space]

129.0.0.0 - 169.253.255.255

                                                 169.254.0.0 - 169.254.255.255 [ reserved for Link Local 'autoconfiguration' IPs

169.255.0.0 - 172.15.255.255

                                                 172.16.0.0 - 172.31.255.255 [reserved for private IPs - RFC 1918]

172.32.0.0 - 191.254.255.255

                                                 191.255.0.0 - 192.0.0.255 [currently reserved; subject to assignment when IPv4 runs out of space]

192.0.1.0 - 192.0.1.255

                                                 192.0.2.0 - 192.0.2.255 [reserved for 'TEST-NET']

192.0.3.0 - 192.88.98.255

                                                 192.88.99.0 - 192.88.99.255 [reserved for 6to4 relay anycast IPs - RFC 3068]

192.88.100.0 - 192.167.255.255

                                                 192.168.0.0 - 192.168.255.255 [reserved for private IPs - RFC 1918]

192.169.0.0 - 198.17.255.255

                                                 198.18.0.0 - 198.19.255.255 [reserved for testing network interconnect devices - RFC 2544]

198.20.0.0 - 223.255.254.255

                                                 223.255.255.0 - 233.255.255.255 [currently reserved; subject to assignment when IPv4 runs out of space]
                                                 224.0.0.0 - 239.255.255.255 [reserved for multicast - RFC 3171]
                                                 240.0.0.0 - 255.255.255.255 [reserved for future use - RFC 1700]

I presume you meant IPv4 only.  Though there are many compliant devices and applications, IPv6 is probably 2 years off yet (i.e. when ICANN runs out of IPv4 addresses to allocate).
0
 
LVL 5

Expert Comment

by:rexxus
ID: 22748202
The public ip address range is the opposite of mentioned above so, plus loopback addresses and multicast addresses:

1.0.0.0 - 9.255.255.255
11.0.0.0 - 126.255.255.255
128.0.0.0 - 171.31.255.255
172.32.0.0 - 192.167.255.255
192.169.0.0 - 223.255.255.255
0
 
LVL 44

Accepted Solution

by:
Darr247 earned 500 total points
ID: 22748253
Reformatted for 'Premium' skin.
Per RFC 3330 unless otherwise specified

Public IPs                                  Private or reserved IPs
                                                 0.0.0.0 - 0.255.255.255 [reserved for 'this network' per RFC 1700]

1.0.0.0 - 9.255.255.255

                                                 10.0.0.0 - 10.255.255.255 [reserved for private IPs - RFC 1918]

11.0.0.0 - 126.255.255.255

                                                 127.0.0.0 - 127.255.255.255 [reserved for loopback - RFC 1700]
                                                 128.0.0.0 - 128.255.255.255 [currently reserved; subject to assignment                                                                               when IPv4 runs out of space]

129.0.0.0 - 169.253.255.255

                                                 169.254.0.0 - 169.254.255.255 [reserved for Link Local 'autoconfiguration'                                                              IPs]

169.255.0.0 - 172.15.255.255

                                                 172.16.0.0 - 172.31.255.255 [reserved for private IPs - RFC 1918]

172.32.0.0 - 191.254.255.255

                                                 191.255.0.0 - 192.0.0.255 [currently reserved; subject to assignment when                                                                                    IPv4 runs out of space]

192.0.1.0 - 192.0.1.255

                                                 192.0.2.0 - 192.0.2.255 [reserved for 'TEST-NET']

192.0.3.0 - 192.88.98.255

                                                 192.88.99.0 - 192.88.99.255 [reserved for 6to4 relay anycast IPs - RFC                                                                                          3068]

192.88.100.0 - 192.167.255.255

                                                 192.168.0.0 - 192.168.255.255 [reserved for private IPs - RFC 1918]

192.169.0.0 - 198.17.255.255

                                                 198.18.0.0 - 198.19.255.255 [reserved for testing network interconnect                                                                             devices - RFC 2544]

198.20.0.0 - 223.255.254.255

                                                 223.255.255.0 - 233.255.255.255 [currently reserved; subject to                                                                                                      assignment when IPv4 runs out of space]
                                                 224.0.0.0 - 239.255.255.255 [reserved for multicast - RFC 3171]
                                                 240.0.0.0 - 255.255.255.255 [reserved for future use - RFC 1700]

I presume you meant IPv4 only.  Though there are many compliant devices and applications, IPv6 is probably 2 years off yet (i.e. when ICANN runs out of IPv4 addresses to allocate).
0
 
LVL 44

Expert Comment

by:Darr247
ID: 22748277
Man... there just is no such thing as formatting in this messageboard, I guess. I wish they'd enable tables in Rich Text.
0
 
LVL 8

Expert Comment

by:MrJemson
ID: 22753919
0.0.0.0/0 will cover every single ipv4 IP address...

Which is;
Network 0.0.0.0
Mask: 0.0.0.0

If you are denying, make sure you have some allow rules earlier on in you firewall rules.
What exactly are you trying to configure? iptables?
0

Featured Post

Ready to trade in that old firewall?

Whether you need to trade-up to a shiny new Firebox or just ready to upgrade from whatever appliance you're using now, WatchGuard has the right appliance for you! Find your perfect Firebox today with appliance sizing tool!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Creating an OSPF network that automatically (dynamically) reroutes network traffic over other connections to prevent network downtime.
A 2007 NCSA Cyber Security survey revealed that a mere 4% of the population has a full understanding of firewalls. As business owner, you should be part of that 4% that has a full understanding.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Suggested Courses

622 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question