Hi Tom, list members, Shorewall has NULL_ROUTE_RFC1918. I'd like to propose another one: NULL_ROUTE_RFC5737. This RFC describes the address ranges that are reserved for documentation.
Quoting from https://tools.ietf.org/html/rfc5737: "The blocks 192.0.2.0/24 (TEST-NET-1), 198.51.100.0/24 (TEST-NET-2), and 203.0.113.0/24 (TEST-NET-3) are provided for use in documentation." I'm currently blocking these by simply adding these ranges to /etc/shorewall/routes. But it would be nice to set it in shorewall.conf because this will give (blocking) these particular subnets a bit more attention. And while on the topic; perhaps for IPv6/shorewall6 there can be a NULL_ROUTE_RFC4193 and NULL_ROUTE_RFC3849 that would null-route respectively the fc00::/7 range which is reserved for Unique Local IPv6 Unicast Addresses, and the 2001:DB8::/32 range which is reserved for documentation. https://tools.ietf.org/html/rfc4193 https://tools.ietf.org/html/rfc3849 This would be convenient and someone who would use these ranges either with IPv4 and/or with IPv6 could set ROUTE_FILTER=Yes. What do you think? :) Thanks, Mark ------------------------------------------------------------------------------ October Webinars: Code for Performance Free Intel webinars can help you accelerate application performance. Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from the latest Intel processors and coprocessors. See abstracts and register > http://pubads.g.doubleclick.net/gampad/clk?id=60134791&iu=/4140/ostg.clktrk _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
