From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gentoo-user+bounces-144238-garchives=archives.gentoo.org@lists.gentoo.org>
Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80])
	by finch.gentoo.org (Postfix) with ESMTP id C15E513831A
	for <garchives@archives.gentoo.org>; Sun,  6 Jan 2013 21:57:15 +0000 (UTC)
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id 866E921C032;
	Sun,  6 Jan 2013 21:56:54 +0000 (UTC)
Received: from ironport2-out.teksavvy.com (ironport2-out.teksavvy.com [206.248.154.182])
	by pigeon.gentoo.org (Postfix) with ESMTP id 6F04FE0478
	for <gentoo-user@lists.gentoo.org>; Sun,  6 Jan 2013 21:55:12 +0000 (UTC)
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: ArANAG6Zu0/O+KRL/2dsb2JhbABEgXuwewOBGIEIghUBAQQBOhwoCwshExIPBSU3iAkFC6kBkH2LYoFEgjxiA4hChHyCGYVDgRCET4g6gViDBw
X-IronPort-AV: E=Sophos;i="4.75,637,1330923600"; 
   d="scan'208";a="211508556"
Received: from 206-248-164-75.dsl.teksavvy.com (HELO waltdnes.org) ([206.248.164.75])
  by ironport2-out.teksavvy.com with SMTP; 06 Jan 2013 16:55:10 -0500
Received: by waltdnes.org (sSMTP sendmail emulation); Sun, 06 Jan 2013 16:54:50 -0500
From: "Walter Dnes" <waltdnes@waltdnes.org>
Date: Sun, 6 Jan 2013 16:54:50 -0500
To: gentoo-user@lists.gentoo.org
Subject: Re: [gentoo-user] IPTABLES syntax change?
Message-ID: <20130106215450.GB21848@waltdnes.org>
References: <50DBA7D0.4060800@orlitzky.com>
 <20130105012949.GA17261@waltdnes.org>
 <CA+czFiCtRD-J9R22TxGr2ArzFUNxmPhY6-zuuR70STztEQW2XA@mail.gmail.com>
 <201301051157.21464.michaelkintzios@gmail.com>
Precedence: bulk
List-Post: <mailto:gentoo-user@lists.gentoo.org>
List-Help: <mailto:gentoo-user+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-user+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-user+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-user.gentoo.org>
X-BeenThere: gentoo-user@lists.gentoo.org
Reply-to: gentoo-user@lists.gentoo.org
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <201301051157.21464.michaelkintzios@gmail.com>
User-Agent: Mutt/1.5.21 (2010-09-15)
X-Archives-Salt: 6786594b-06a7-43ed-8b3f-6e874193abc8
X-Archives-Hash: 5fbb691a041a74109e745ed371ef2e32

On Sat, Jan 05, 2013 at 11:57:10AM +0000, Mick wrote
> 
> It will, but only partially.  It seems that the list is long and it
> is getting longer and longer!  Check this out:
> 
> whois -h whois.radb.net -- '-i origin AS32934' | grep ^route
> 
> (as advised by https://developers.facebook.com/docs/ApplicationSecurity/)

<ELVIS> Thank you, Thank you, Thank you verrry verrry much </ELVIS>

  It's not as bad as it looks, because...
a) there's a lot of duplication
b) many of the blocks are subsets with a bigger Facebook block

31.13.24.0/21
inetnum:        31.13.24.0 - 31.13.31.255
netname:        IE-FACEBOOK-20110418
descr:          Facebook Ireland Ltd
country:        IE

31.13.64.0/18
31.13.64.0/19
31.13.64.0/24
31.13.65.0/24
31.13.66.0/24
31.13.67.0/24
31.13.68.0/24
31.13.69.0/24
31.13.70.0/24
31.13.71.0/24
31.13.72.0/24
31.13.73.0/24
31.13.74.0/24
31.13.75.0/24
31.13.76.0/24
31.13.77.0/24
31.13.78.0/24
31.13.79.0/24
31.13.80.0/24
31.13.82.0/24
31.13.83.0/24
31.13.84.0/24
31.13.85.0/24
31.13.86.0/24
31.13.87.0/24
31.13.88.0/24
31.13.89.0/24
31.13.90.0/24
31.13.91.0/24
31.13.92.0/24
31.13.93.0/24
31.13.94.0/24
31.13.95.0/24
31.13.96.0/19
inetnum:        31.13.64.0 - 31.13.127.255
netname:        IE-FACEBOOK-20110418
descr:          Facebook Ireland Ltd
country:        IE

66.220.144.0/20
66.220.144.0/20
66.220.144.0/21
66.220.152.0/21
66.220.159.0/24
NetRange:       66.220.144.0 - 66.220.159.255
CIDR:           66.220.144.0/20
OrgName:        Facebook, Inc.
OrgId:          THEFA-3

69.63.176.0/20
69.63.176.0/20
69.63.176.0/20
69.63.176.0/21
69.63.176.0/21
69.63.176.0/24
69.63.178.0/24
69.63.184.0/21
69.63.184.0/21
69.63.186.0/24
NetRange:       69.63.176.0 - 69.63.191.255
CIDR:           69.63.176.0/20
OrgName:        Facebook, Inc.
OrgId:          THEFA-3

69.171.224.0/19
69.171.224.0/20
69.171.239.0/24
69.171.240.0/20
69.171.253.0/24
69.171.255.0/24
NetRange:       69.171.224.0 - 69.171.255.255
CIDR:           69.171.224.0/19
OrgName:        Facebook, Inc.
OrgId:          THEFA-3

74.119.76.0/22
NetRange:       74.119.76.0 - 74.119.79.255
CIDR:           74.119.76.0/22
OrgName:        Facebook, Inc.
OrgId:          THEFA-3

103.4.96.0/22
inetnum:        103.4.96.0 - 103.4.99.255
netname:        FACEBOOK-SG

173.252.64.0/18
173.252.64.0/19
173.252.70.0/24
173.252.96.0/19
NetRange:       173.252.64.0 - 173.252.127.255
CIDR:           173.252.64.0/18
OriginAS:       AS32934
NetName:        FACEBOOK-INC

204.15.20.0/22
204.15.20.0/22
NetRange:       204.15.20.0 - 204.15.23.255
CIDR:           204.15.20.0/22
OrgName:        Facebook, Inc.
OrgId:          THEFA-3

  A grand total of 9 IPV4 ranges, of which I already have 6.  Time for a
minor update.  Thanks again for the whois lookup command.

> BTW, websites may break if you block all these ip ranges.

<LENNART> It's their fault that they're broken, not mine </LENNART>

-- 
Walter Dnes <waltdnes@waltdnes.org>
I don't run "desktop environments"; I run useful applications