PUblic IP Address rule

HI I want to create a rule on my firewall to controll traffic that comes from pc that has public ip address. I need help on to know what ip addresses and subnet i need to include in my policy inorder to cover all possible ip addrese
mzhaimAsked:
Who is Participating?
 
Darr247Connect With a Mentor Commented:
Reformatted for 'Premium' skin.
Per RFC 3330 unless otherwise specified

Public IPs                                  Private or reserved IPs
                                                 0.0.0.0 - 0.255.255.255 [reserved for 'this network' per RFC 1700]

1.0.0.0 - 9.255.255.255

                                                 10.0.0.0 - 10.255.255.255 [reserved for private IPs - RFC 1918]

11.0.0.0 - 126.255.255.255

                                                 127.0.0.0 - 127.255.255.255 [reserved for loopback - RFC 1700]
                                                 128.0.0.0 - 128.255.255.255 [currently reserved; subject to assignment                                                                               when IPv4 runs out of space]

129.0.0.0 - 169.253.255.255

                                                 169.254.0.0 - 169.254.255.255 [reserved for Link Local 'autoconfiguration'                                                              IPs]

169.255.0.0 - 172.15.255.255

                                                 172.16.0.0 - 172.31.255.255 [reserved for private IPs - RFC 1918]

172.32.0.0 - 191.254.255.255

                                                 191.255.0.0 - 192.0.0.255 [currently reserved; subject to assignment when                                                                                    IPv4 runs out of space]

192.0.1.0 - 192.0.1.255

                                                 192.0.2.0 - 192.0.2.255 [reserved for 'TEST-NET']

192.0.3.0 - 192.88.98.255

                                                 192.88.99.0 - 192.88.99.255 [reserved for 6to4 relay anycast IPs - RFC                                                                                          3068]

192.88.100.0 - 192.167.255.255

                                                 192.168.0.0 - 192.168.255.255 [reserved for private IPs - RFC 1918]

192.169.0.0 - 198.17.255.255

                                                 198.18.0.0 - 198.19.255.255 [reserved for testing network interconnect                                                                             devices - RFC 2544]

198.20.0.0 - 223.255.254.255

                                                 223.255.255.0 - 233.255.255.255 [currently reserved; subject to                                                                                                      assignment when IPv4 runs out of space]
                                                 224.0.0.0 - 239.255.255.255 [reserved for multicast - RFC 3171]
                                                 240.0.0.0 - 255.255.255.255 [reserved for future use - RFC 1700]

I presume you meant IPv4 only.  Though there are many compliant devices and applications, IPv6 is probably 2 years off yet (i.e. when ICANN runs out of IPv4 addresses to allocate).
0
 
devlexCommented:
Is this a firewall to the Internet or an internal firewall? If the traffic is coming in from the Internet, it should always have a public IP address. That being said, this is the range of private IP addresses:

10.0.0.0 to 10.255.255.255
172.16.0.0 to 172.31.255.255
192.168.0.0 to 192.168.255.255

You would need to include all other ranges or explicitly exclude these ones.
0
 
Darr247Commented:
you might want to allow 127.0.0.0 through 127.255.255.255 also... they're good for testing, and don't really 'go' anywhere.

If you want to allow automatic addressing of ad-hoc wireless networks, you would allow 169.254.0.0 through 169.254.255.255, but that might not be a good idea... maybe make the rule and then disable it so when you're connecting via an ad-hoc network like that you can just enable it (then disable it agaiin when done).
0
Simple Misconfiguration =Network Vulnerability

In this technical webinar, AlgoSec will present several examples of common misconfigurations; including a basic device change, business application connectivity changes, and data center migrations. Learn best practices to protect your business from attack.

 
mzhaimAuthor Commented:
hi can you tell me what are the ranges of  public  ip addresse

 
0
 
Darr247Commented:
Per RFC 3330 unless otherwise specified

Public IPs                                  Private or reserved IPs
                                                 0.0.0.0 - 0.255.255.255 [reserved for 'this network' per RFC 1700]

1.0.0.0 - 9.255.255.255

                                                 10.0.0.0 - 10.255.255.255 [reserved for private IPs - RFC 1918]

11.0.0.0 - 126.255.255.255

                                                 127.0.0.0 - 127.255.255.255 [reserved for loopback - RFC 1700]
                                                 128.0.0.0 - 128.255.255.255 [currently reserved; subject to assignment when IPv4 runs out of space]

129.0.0.0 - 169.253.255.255

                                                 169.254.0.0 - 169.254.255.255 [ reserved for Link Local 'autoconfiguration' IPs

169.255.0.0 - 172.15.255.255

                                                 172.16.0.0 - 172.31.255.255 [reserved for private IPs - RFC 1918]

172.32.0.0 - 191.254.255.255

                                                 191.255.0.0 - 192.0.0.255 [currently reserved; subject to assignment when IPv4 runs out of space]

192.0.1.0 - 192.0.1.255

                                                 192.0.2.0 - 192.0.2.255 [reserved for 'TEST-NET']

192.0.3.0 - 192.88.98.255

                                                 192.88.99.0 - 192.88.99.255 [reserved for 6to4 relay anycast IPs - RFC 3068]

192.88.100.0 - 192.167.255.255

                                                 192.168.0.0 - 192.168.255.255 [reserved for private IPs - RFC 1918]

192.169.0.0 - 198.17.255.255

                                                 198.18.0.0 - 198.19.255.255 [reserved for testing network interconnect devices - RFC 2544]

198.20.0.0 - 223.255.254.255

                                                 223.255.255.0 - 233.255.255.255 [currently reserved; subject to assignment when IPv4 runs out of space]
                                                 224.0.0.0 - 239.255.255.255 [reserved for multicast - RFC 3171]
                                                 240.0.0.0 - 255.255.255.255 [reserved for future use - RFC 1700]

I presume you meant IPv4 only.  Though there are many compliant devices and applications, IPv6 is probably 2 years off yet (i.e. when ICANN runs out of IPv4 addresses to allocate).
0
 
rexxusCommented:
The public ip address range is the opposite of mentioned above so, plus loopback addresses and multicast addresses:

1.0.0.0 - 9.255.255.255
11.0.0.0 - 126.255.255.255
128.0.0.0 - 171.31.255.255
172.32.0.0 - 192.167.255.255
192.169.0.0 - 223.255.255.255
0
 
Darr247Commented:
Man... there just is no such thing as formatting in this messageboard, I guess. I wish they'd enable tables in Rich Text.
0
 
MrJemsonCommented:
0.0.0.0/0 will cover every single ipv4 IP address...

Which is;
Network 0.0.0.0
Mask: 0.0.0.0

If you are denying, make sure you have some allow rules earlier on in you firewall rules.
What exactly are you trying to configure? iptables?
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.