alex wrote:
I am very obliged to you Tom. I understand that you make very BIG work
and very busy. But i really think that RFC1918 theme useful for many
people and want to help to make it clear and easy in Shorewall (and bugfree
of course).
You are welcome, Alex.Using iptables for RFC1918 filtration really isn't the best approach in many cases. It's generally better to null-route the RFC 1918 ranges:
ip route add unreachable 10.0.0.0/8
ip route add unreachable 172.16.0.0/8
ip route add unreachable 192.168.0.0/16
and enable route filtering on your external interface(s).
This approach is not without its hazards though. Consider if you were a
customer of an ISP who uses RFC 1918 addresses for its DHCP servers.
-Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED] PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------- Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
