On Sat, Dec 11, 2010 at 11:23 AM, Gé Weijers <g...@weijers.org> wrote: > > >> [...] That means, prior to end of Q1, the bogon list will be: >> >> 0/8 >> 10/8 >> 127/8 >> 172.16/12 >> 192.168/16 >> 224/3 > > There's a number of special-use ranges that are not in this list, but which > should not occur as (source) addresses on the internet. So if you're > manually configuring a list and are sufficiently paranoid refer to RFC5735 > and use these additional ones: > > > 192.0.0/24 (future-use special purpose) > 192.0.2/24 (TEST-NET-1) > 198.18/15 (benchmark testing of interconnect devices) > 198.51.100/24 (TEST-NET-2) > 203.0.113/24 (TEST-NET-3) > > You should filter these source addresses as well: > > 169.254/16 (link-local addresses) > 192.88.99/24 (6to4 anycast, not a valid *source* address) >
The bogons list we use is from Cymru, it includes all of the above with the exception of 6to4 anycast. --------------------------------------------------------------------- To unsubscribe, e-mail: discussion-unsubscr...@pfsense.com For additional commands, e-mail: discussion-h...@pfsense.com Commercial support available - https://portal.pfsense.org
