eggle.m4, local.m4, local.mk: Add new VPS `eggle'.

[firewall] / classify.m4

diff --git a/classify.m4 b/classify.m4
index 6254993..98b9795 100644 (file)
--- a/classify.m4
+++ b/classify.m4
@@ -131,7 +131,7 @@ run iptables -t mangle -A in-classify -g bad-source-address \
 run iptables -t mangle -A in-classify -g bad-source-address \
        -m addrtype --src-type BROADCAST \
 
-## Special IPv6 addresses.  Format multicast sources, and mark zero and
+## Special IPv6 addresses.  Forbid multicast sources, and mark zero and
 ## link local addresses.
 for i in :: fe80::/10; do
   run ip6tables -t mangle -A in-classify -g mark-from-link -s $i
@@ -146,6 +146,7 @@ for i in 0.0.0.0 240.0.0.0/4; do
   run iptables -t mangle -A out-classify -g bad-destination-address -d $i
 done
 run iptables -t mangle -A out-classify -g mark-to-link -d 169.254.0.0/16
+run iptables -t mangle -A out-classify -g mark-to-link -d 255.255.255.255
 run iptables -t mangle -A out-classify -g mark-to-link \
        -m addrtype --dst-type BROADCAST
 
@@ -332,7 +333,7 @@ do
   run iptables -t mangle -A in-default -s $addr -g bad-source-address
 done
 for addr in \
-       fc00::/7 \
+       fc00::/7 fec0::/10 \
        ::0:0/96 ::ffff:0:0/96 \
        2001:db8::/32
 do