Example:
forbidden="{ 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16, \
0.0.0.0/32, 255.255.255.255/32 }"
block in log quick on $ext_if from $forbidden to $homenetTIA
DS
I see a lot of sample rulesets making a point to block RFC 1918 address
ranges - but I have to ask, is it really feasible that packets with
these source addresses would really reach anyone's interface? Unless the
firewall is connected to a network addressed as such, doesn't simple
routing by definition prevent such a possibility? Would these packets
even feasibly be routed to the network you are trying to protect?
Example:
TIA
DS
Example:
TIA
DS
- Re: blocking private address ranges Sancho2k.net Lists
- Re: blocking private address ranges Chris Reining
