Date: Sun, 12 Apr 1998 03:50:02 -0700 (PDT) From: Poul-Henning Kamp <phk@critter.freebsd.dk> To: freebsd-bugs Subject: Re: conf/6278: /etc/rc.firewall: better RFC1918 nets protection Message-ID: <199804121050.DAA18249@hub.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR conf/6278; it has been noted by GNATS. From: Poul-Henning Kamp <phk@critter.freebsd.dk> To: ru@ucb.crimea.ua Cc: FreeBSD-gnats-submit@FreeBSD.ORG Subject: Re: conf/6278: /etc/rc.firewall: better RFC1918 nets protection Date: Sun, 12 Apr 1998 12:41:07 +0200 >>Description: > > There is only one half of protection of > RFC1918 nets usage on outside interface. I think it is cheaper to add this protection with some discard routes, ie: route add -net 10.0.0.0 -netmask 255.0.0.0 -reject route add -net 172.16.0.0 -netmask 255.240.0.0 -reject route add -net 192.168.0.0 -netmask 255.255.0.0 -reject route add -net 127.0.0.0 -netmask 255.0.0.0 -reject (or use -blackhole if you prefer) -- Poul-Henning Kamp FreeBSD coreteam member phk@FreeBSD.ORG "Real hackers run -current on their laptop." "Drink MONO-tonic, it goes down but it will NEVER come back up!" To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199804121050.DAA18249>