Hello,

I have an issue with my hosting customers who have been assinged IP addresses in the 70.0.0.0/8 range by their ISP's

It seems that APNIC allocates these but by default, my APF firewall seems to block IP's in this range. I have been through all the docs with APF and I can't see any settings that would cause this.

I can do this to remove this range from the block:

iptables -D INPUT 21

and this will remove the range from the block, but if whenever the firewall is restarted, it goes back to blocking this range.

Has anyone else seen this or is it just me?

Any suggestions?

The reason it goes away after iptables restarts is because it isn't saved in /etc/sysconfig/iptables

you can issue your commands then use iptables-save to get the new tables and save it to /etc/sysconfig/iptables and restart iptables

for anyone else who has the same problem, here is what I did to fix it.


pico /etc/apf/internals/reserved.networks

and delete this line:

70.0.0.0/8

Restart APF.

Get ready to open up a few more! ARIN started allocating space out of 72.0.0.0/8 on September 10th, and they plan on using 71.0.0.0/8 in the very near future. I remember the mess when 80.0.0.0/8 was first used .. half of the commercial firewall products on the Internet had it blocked by default because it had been years since ARIN/RIPE/APNIC allocated a new /8 block.

-knightfoo