Curufir
April 20th, 2005, 06:25 PM
Firestarter is a nice gnome GUI for the iptables firewall.
Haloscan is used by a lot of blogs around the web to provide the ability to make comments.
Problem:
Firestarter blocks the entire 72.x.x.x range BEFORE it allows individual IP addresses.
www.haloscan.com has an ip of 72.9.234.77.
Symptoms:
Any page with a haloscan comment box will time out because haloscan won't load.
Solution:
Edit /etc/firestarer/user-post and add the following text.
/sbin/iptables -I NR -p tcp -s 72.9.234.77 -j RETURN
Stop/Start your firewall.
Explanation:
72.x.x.x didn't use to be valid addresses, so anything coming from here would be spam. By inserting this rule into the firewall we can treat 72.9.234.77 (And ONLY 72.9.234.77) the same as every other IP address. An alternative would be to remove the line "72.0.0.0/8" from /etc/firestarter/non-routables, but that unblocks the entire range.
Haloscan is used by a lot of blogs around the web to provide the ability to make comments.
Problem:
Firestarter blocks the entire 72.x.x.x range BEFORE it allows individual IP addresses.
www.haloscan.com has an ip of 72.9.234.77.
Symptoms:
Any page with a haloscan comment box will time out because haloscan won't load.
Solution:
Edit /etc/firestarer/user-post and add the following text.
/sbin/iptables -I NR -p tcp -s 72.9.234.77 -j RETURN
Stop/Start your firewall.
Explanation:
72.x.x.x didn't use to be valid addresses, so anything coming from here would be spam. By inserting this rule into the firewall we can treat 72.9.234.77 (And ONLY 72.9.234.77) the same as every other IP address. An alternative would be to remove the line "72.0.0.0/8" from /etc/firestarter/non-routables, but that unblocks the entire range.