~mdw
/
firewall
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
classify.m4: Forbid the v4-mapped and v4-compatible ranges.
[firewall]
/
classify.m4
diff --git
a/classify.m4
b/classify.m4
index
bd7ab59
..
7c60407
100644
(file)
--- a/
classify.m4
+++ b/
classify.m4
@@
-320,7
+320,8
@@
for entry in $ifmap; do
done
## Fill in the black holes in the network. Some of these might actually be
done
## Fill in the black holes in the network. Some of these might actually be
-## known networks, so don't fill those in again.
+## known networks, so don't fill those in again. See RFC5735 and RFC4291,
+## and their successors.
for addr in \
10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 \
127.0.0.0/8 \
for addr in \
10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 \
127.0.0.0/8 \
@@
-331,6
+332,7
@@
do
done
for addr in \
fc00::/7 \
done
for addr in \
fc00::/7 \
+ ::0:0/96 ::ffff:0:0/96 \
2001:db8::/32
do
case $alladdrs in *!$addr!*) continue ;; esac
2001:db8::/32
do
case $alladdrs in *!$addr!*) continue ;; esac