apf vs. newly assigned IP address

If you try to ping/traceroute and got this message, there are several places to look. First, disable the firewall and if it works again then you know it’s the firewall. In this case, APF. An call to “iptables -L -n” might be able to narrow down the root cause.

PING 173.x.x.x 56(84) bytes of data.
ping: sendmsg: Operation not permitted
ping: sendmsg: Operation not permitted
ping: sendmsg: Operation not permitted

Edit conf.apf

Switch this off (from 1 to 0) and “service apf restart”.

# Block all ipv4 address space marked reserved for future use (unassigned),
# such networks have no business talking on the Internet. However they may at
# some point become live address space. The USE_RD option further in this file
# allows for dynamic updating of this list on every full restart of APF. Refer
# to the 'internals/reserved.networks' file for listing of address space.
BLK_RESNET="0"

Posted

in

by

Tags:

Comments

One response to “apf vs. newly assigned IP address”

  1. Anonymous Avatar
    Anonymous

    Thank you so much. I was dumbfounded as to why apf was blocking this range.

Leave a Reply

Your email address will not be published. Required fields are marked *