mzhaim
asked on
PUblic IP Address rule
HI I want to create a rule on my firewall to controll traffic that comes from pc that has public ip address. I need help on to know what ip addresses and subnet i need to include in my policy inorder to cover all possible ip addrese
you might want to allow 127.0.0.0 through 127.255.255.255 also... they're good for testing, and don't really 'go' anywhere.
If you want to allow automatic addressing of ad-hoc wireless networks, you would allow 169.254.0.0 through 169.254.255.255, but that might not be a good idea... maybe make the rule and then disable it so when you're connecting via an ad-hoc network like that you can just enable it (then disable it agaiin when done).
If you want to allow automatic addressing of ad-hoc wireless networks, you would allow 169.254.0.0 through 169.254.255.255, but that might not be a good idea... maybe make the rule and then disable it so when you're connecting via an ad-hoc network like that you can just enable it (then disable it agaiin when done).
ASKER
hi can you tell me what are the ranges of public ip addresse
Per RFC 3330 unless otherwise specified
Public IPs Private or reserved IPs
0.0.0.0 - 0.255.255.255 [reserved for 'this network' per RFC 1700]
1.0.0.0 - 9.255.255.255
10.0.0.0 - 10.255.255.255 [reserved for private IPs - RFC 1918]
11.0.0.0 - 126.255.255.255
127.0.0.0 - 127.255.255.255 [reserved for loopback - RFC 1700]
128.0.0.0 - 128.255.255.255 [currently reserved; subject to assignment when IPv4 runs out of space]
129.0.0.0 - 169.253.255.255
169.254.0.0 - 169.254.255.255 [ reserved for Link Local 'autoconfiguration' IPs
169.255.0.0 - 172.15.255.255
172.16.0.0 - 172.31.255.255 [reserved for private IPs - RFC 1918]
172.32.0.0 - 191.254.255.255
191.255.0.0 - 192.0.0.255 [currently reserved; subject to assignment when IPv4 runs out of space]
192.0.1.0 - 192.0.1.255
192.0.2.0 - 192.0.2.255 [reserved for 'TEST-NET']
192.0.3.0 - 192.88.98.255
192.88.99.0 - 192.88.99.255 [reserved for 6to4 relay anycast IPs - RFC 3068]
192.88.100.0 - 192.167.255.255
192.168.0.0 - 192.168.255.255 [reserved for private IPs - RFC 1918]
192.169.0.0 - 198.17.255.255
198.18.0.0 - 198.19.255.255 [reserved for testing network interconnect devices - RFC 2544]
198.20.0.0 - 223.255.254.255
223.255.255.0 - 233.255.255.255 [currently reserved; subject to assignment when IPv4 runs out of space]
224.0.0.0 - 239.255.255.255 [reserved for multicast - RFC 3171]
240.0.0.0 - 255.255.255.255 [reserved for future use - RFC 1700]
I presume you meant IPv4 only. Though there are many compliant devices and applications, IPv6 is probably 2 years off yet (i.e. when ICANN runs out of IPv4 addresses to allocate).
Public IPs Private or reserved IPs
0.0.0.0 - 0.255.255.255 [reserved for 'this network' per RFC 1700]
1.0.0.0 - 9.255.255.255
10.0.0.0 - 10.255.255.255 [reserved for private IPs - RFC 1918]
11.0.0.0 - 126.255.255.255
127.0.0.0 - 127.255.255.255 [reserved for loopback - RFC 1700]
128.0.0.0 - 128.255.255.255 [currently reserved; subject to assignment when IPv4 runs out of space]
129.0.0.0 - 169.253.255.255
169.254.0.0 - 169.254.255.255 [ reserved for Link Local 'autoconfiguration' IPs
169.255.0.0 - 172.15.255.255
172.16.0.0 - 172.31.255.255 [reserved for private IPs - RFC 1918]
172.32.0.0 - 191.254.255.255
191.255.0.0 - 192.0.0.255 [currently reserved; subject to assignment when IPv4 runs out of space]
192.0.1.0 - 192.0.1.255
192.0.2.0 - 192.0.2.255 [reserved for 'TEST-NET']
192.0.3.0 - 192.88.98.255
192.88.99.0 - 192.88.99.255 [reserved for 6to4 relay anycast IPs - RFC 3068]
192.88.100.0 - 192.167.255.255
192.168.0.0 - 192.168.255.255 [reserved for private IPs - RFC 1918]
192.169.0.0 - 198.17.255.255
198.18.0.0 - 198.19.255.255 [reserved for testing network interconnect devices - RFC 2544]
198.20.0.0 - 223.255.254.255
223.255.255.0 - 233.255.255.255 [currently reserved; subject to assignment when IPv4 runs out of space]
224.0.0.0 - 239.255.255.255 [reserved for multicast - RFC 3171]
240.0.0.0 - 255.255.255.255 [reserved for future use - RFC 1700]
I presume you meant IPv4 only. Though there are many compliant devices and applications, IPv6 is probably 2 years off yet (i.e. when ICANN runs out of IPv4 addresses to allocate).
The public ip address range is the opposite of mentioned above so, plus loopback addresses and multicast addresses:
1.0.0.0 - 9.255.255.255
11.0.0.0 - 126.255.255.255
128.0.0.0 - 171.31.255.255
172.32.0.0 - 192.167.255.255
192.169.0.0 - 223.255.255.255
1.0.0.0 - 9.255.255.255
11.0.0.0 - 126.255.255.255
128.0.0.0 - 171.31.255.255
172.32.0.0 - 192.167.255.255
192.169.0.0 - 223.255.255.255
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Man... there just is no such thing as formatting in this messageboard, I guess. I wish they'd enable tables in Rich Text.
0.0.0.0/0 will cover every single ipv4 IP address...
Which is;
Network 0.0.0.0
Mask: 0.0.0.0
If you are denying, make sure you have some allow rules earlier on in you firewall rules.
What exactly are you trying to configure? iptables?
Which is;
Network 0.0.0.0
Mask: 0.0.0.0
If you are denying, make sure you have some allow rules earlier on in you firewall rules.
What exactly are you trying to configure? iptables?
10.0.0.0 to 10.255.255.255
172.16.0.0 to 172.31.255.255
192.168.0.0 to 192.168.255.255
You would need to include all other ranges or explicitly exclude these ones.