-
-
Notifications
You must be signed in to change notification settings - Fork 2.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Should 0.0.0.0 be replaced with an explicitly invalid IP address? #72
Comments
@nerai you make an interesting point. The way I'm currently understanding RFC 5737, it's hard to see how it applies in this case, though I still feel you make a valid point. The What I'd love to see is and RFC that specifies an IP address equivalent of |
@StevenBlack My understanding is that I've since learned that it seems RFC 2644 makes directed broadcasts (i.e. to a foreign network address) invalid.
So unless you're running a (very) nonstandard configuration, |
Just out of interest, which OS's timed out on There is an argument for using So arguments of timeouts aside (happy to be proven wrong here), the question of From an academic perspective, the safest way to proceed here would be to assign a virtual IP and have firewall rules that refuse any connection to it. However that's obviously completely outside the remit of this project. But in terms of what you have done already, it looks pretty good :) |
+1 For this whole conversation. To my (limited) knowledge, this issue has never been properly resolved by any of the many attempts at discussing it. It's really kind of amazing giving it's importance and prevalence. Over the years, I have read many "conclusive" answers, all coming to different conclusions. Unless there is an accurate source of an answer that has actually been implemented by hardware and software vendors, it seems like the most prudent approach is to determine what actually works reliably and has the lowest latency. This may vary across operating systems, and perhaps even versions of operating systems. In some cases, hardware variables may play a role as well. Maybe we can start a crowd-sourced fund to finally answer this mystery of the internet. |
One thing I haven't seen discussed (apologies if it has and I've missed it) is what personal firewalls / anti-malware packages people are running. These can obviously directly impact how a connection request to localhost / For example, sometimes administrators / developers will configure their firewalls to drop traffic[1], and other engineers might configure them to refuse traffic[2]. There's arguments for and against each solution but it often just boils down to personal preference. [1] dropping traffic will cause timeouts since you're just dropping the packets without sending a response. [2] refusing traffic will cause an instant fail (connection refused) as it returns connection attempts (syn packets) with a reset packet (rst). This is how TCP/IP stacks typically work by default; ie if no firewall present and no listening process on that IP + port. |
To clarify, the calls to Just as an example, On OSX when I |
I think we can close this now. |
I run a dev webserver on 127.0.0.1. How can I keep the blocked hosts domains from clogging up my local web logs, which are critical for debugging? |
@hopeseekr Why do you run it on 127.0.0.1? |
@hopeseekrJust change the IP. You could try If you're running Linux or OS X then you can just
If you're running Windows then just do a find and replace in your favourite text editor. @Gitoffthelawn:It's pretty common to run dev servers on |
To my knowledge, 0.0.0.0 is not intended to be used as an invalid address.
RFC 3330 from 2002 specifies explicitly invalid IP addresses, which could be used instead:
This is confirmed in RFC 5737 from 2010:
I don't know if 3330 is the first RFC to mention Test-Net-1, or if it was known/implemented earlier. Then again, you probably would not surf the web with a pre-2002 machine.
The text was updated successfully, but these errors were encountered: