Well, it's a weird one. For a month or so I haven't been able to access any funtoo.org ip's, either from browser or ping, whatever. I was busy with other things and worked out pretty quickly that it was localized on my everyday user laptop and discovered it was related to iptables, by stopping them I could access funtoo.org just fine, so I just lived with that for awhile.
Today I got serious about it and started removing lines from iptables one by one to find it. Luckily it was line 2 in INPUT, deleted that and funtoo.org is accessible. here is what it says:
Chain INPUT (policy ACCEPT 0 packets, 0 bytes) num pkts bytes target prot opt in out source destination 2 195M 201G IP4BOGONS all -- !lo * 0.0.0.0/0 0.0.0.0/0
Which goes to:
Chain IP4BOGONS (1 references) pkts bytes target prot opt in out source destination 883K 102M RETURN all -- * * 10.0.0.0/8 0.0.0.0/0 18 1008 RETURN all -- * * 172.16.0.0/12 0.0.0.0/0 55910 25M RETURN all -- * * 192.168.0.0/16 0.0.0.0/0 109K 25M DROP all -- * * 0.0.0.0/0 0.0.0.0/0 match-set fullbogons-ipv4 src
I have a cronjob that downloads a list several times a day from http://www.team-cymr...bogons-ipv4.txt and adds them to an ipset list. It's a list of known "bogons", bogus ip addresses that are being used for...who knows, nothing good for me. As you can see anything that matches that list doesn't get in the door.
So my next step was:
ipset list fullbogons-ipv4|grep "22.214.171.124"
Nope, no match. Then I went to http://www.team-cymr...bogons-ipv4.txt and looked for 126.96.36.199 there. Nope, ain't there either. But still, for some reason it's apparently matching something somewhere on that list. I can't explain it, but there it is. Zero problems with any other ip's. I've solved this for now by putting in a RETURN above the drop for 188.8.131.52, but I wanted to make the devs aware of it. I've been using this iptables setup for a couple of years, this is the 1st time anything like this has happened. I see on the front page of the wiki that Drobbins has been migrating containers to that address, the timing matches this problem.