R-fx Networks

BOGON Filtering, Update It

by on Apr.17, 2009, under Development, HowTo

One of the features used by APF to prevent address spoofing is that it filters reserved IP address space, also known as BOGON filtering. This is an otherwise very reliable method to keep out random unallocated spoofed addresses from injecting traffic towards your server, assuming of course the list is updated regularly.

We decided a few months ago that we would disable by default all remote features in APF, including the auto updating of the reserved networks file (BOGON filter list), however this was done with one ill-fated consequence… That if you do not turn on the update feature yourself you may inadvertently start filtering newly allocated address space. This was a change that in hind sight was probably not the best of ideas and as such has now been turned back on by default in the current APF release.

That is then the purpose of this post, every feature even in its best intentions has the capacity when it goes unmanaged to cause more harm than good and that is exactly what the BOGON filtering will do over time if left enabled and it goes unmanaged. The quick fix to this issue is that you enable the reserved network update feature or disable the use of the reserved network filtering in conf.apf all together; below are details on conducting either task:

1) This change will make APF download and update to the latest reserved network file daily at 4am (recommended):
edit /etc/apf/conf.apf and set the option DLIST_RESERVED=”1″
restart APF with /etc/init.d/apf restart

OR

2) This change will disable the use of reserved network filtering from APF all together (not recommended!):
edit /etc/apf/conf.apf and set the option BLK_RESNET=”0″
restart APF with /etc/init.d/apf restart

I hope this assists anyone who is experiencing random connection issues from clients or to better decide if this feature is right for you. The BOGON list APF uses is maintained at http://www.rfxn.com/downloads/reserved.networks , which is updated twice daily with the latest data from ARIN.

:, ,

Comments are closed.

Looking for something?

Use the form below to search the site:

Site Links

A few links to navigate our site quicker...