classify.m4: Forbid the v4-mapped and v4-compatible ranges.

[firewall] / classify.m4

diff --git a/classify.m4 b/classify.m4
index bd7ab59..7c60407 100644 (file)
--- a/classify.m4
+++ b/classify.m4
@@ -320,7 +320,8 @@ for entry in $ifmap; do
 done
 
 ## Fill in the black holes in the network.  Some of these might actually be
-## known networks, so don't fill those in again.
+## known networks, so don't fill those in again.  See RFC5735 and RFC4291,
+## and their successors.
 for addr in \
        10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 \
        127.0.0.0/8 \
@@ -331,6 +332,7 @@ do
 done
 for addr in \
        fc00::/7 \
+       ::0:0/96 ::ffff:0:0/96 \
        2001:db8::/32
 do
   case $alladdrs in *!$addr!*) continue ;; esac