shorewall_code/Shorewall2/rfc1918

#
# Shorewall 2.2 -- RFC1918 File
#
# /etc/shorewall/rfc1918
#
# Lists the subnetworks that are blocked by the 'norfc1918' interface option.
#
# The default list includes those IP addresses listed in RFC 1918.
#
#	DO NOT MODIFY THIS FILE. IF YOU NEED TO MAKE CHANGES, COPY THE FILE
#	TO /etc/shorewall AND MODIFY THE COPY.
#
# Columns are:
#
# 	SUBNETS		A comma-separated list of subnet addresses
#			(host addresses also allowed as are IP
#			address ranges provided that your kernel and iptables
#			have iprange match support). 
#	TARGET		Where to send packets to/from this subnet
#			RETURN	- let the packet be processed normally
#			DROP	- silently drop the packet
#			logdrop - log then drop
#
# By default, the RETURN target causes 'norfc1918' processing to cease for a
# packet if the packet's source IP address matches the rule. Thus, if you have:
#
#	SUBNETS			TARGET
#	192.168.1.0/24		RETURN
#
# then traffic from 192.168.1.4 to 10.0.3.9 will be accepted even though you 
# also have:
#
#	SUBNETS			TARGET
#	10.0.0.0/8		logdrop
#
# Setting RFC1918_STRICT=Yes in shorewall.conf will cause such traffic to be
# logged and dropped since while the packet's source matches the RETURN rule,
# the packet's destination matches the 'logdrop' rule.
#
################################################################################
#SUBNETS		TARGET
172.16.0.0/12		logdrop		# RFC 1918
192.168.0.0/16		logdrop		# RFC 1918
10.0.0.0/8		logdrop		# RFC 1918
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
Initial revision git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1103 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb 2004-01-31 17:11:22 +01:00			`#`
Allow list in the SUBNET column of the rfc1918 file git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1728 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb 2004-10-26 17:26:13 +02:00			`# Shorewall 2.2 -- RFC1918 File`
Initial revision git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1103 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb 2004-01-31 17:11:22 +01:00			`#`
			`# /etc/shorewall/rfc1918`
			`#`
			`# Lists the subnetworks that are blocked by the 'norfc1918' interface option.`
			`#`
Add nobogons interface option git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1197 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb 2004-03-17 20:06:54 +01:00			`# The default list includes those IP addresses listed in RFC 1918.`
Initial revision git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1103 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb 2004-01-31 17:11:22 +01:00			`#`
Config files cleanup git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1210 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb 2004-03-19 16:27:54 +01:00			`# DO NOT MODIFY THIS FILE. IF YOU NEED TO MAKE CHANGES, COPY THE FILE`
			`# TO /etc/shorewall AND MODIFY THE COPY.`
			`#`
Initial revision git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1103 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb 2004-01-31 17:11:22 +01:00			`# Columns are:`
			`#`
Allow list in the SUBNET column of the rfc1918 file git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1728 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb 2004-10-26 17:26:13 +02:00			`# SUBNETS A comma-separated list of subnet addresses`
Restore missing '#' in rfc1918 git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1737 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb 2004-11-02 22:13:52 +01:00			`# (host addresses also allowed as are IP`
Add iprange support git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1609 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb 2004-09-08 20:46:57 +02:00			`# address ranges provided that your kernel and iptables`
Allow list in the SUBNET column of the rfc1918 file git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1728 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb 2004-10-26 17:26:13 +02:00			`# have iprange match support).`
Initial revision git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1103 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb 2004-01-31 17:11:22 +01:00			`# TARGET Where to send packets to/from this subnet`
			`# RETURN - let the packet be processed normally`
			`# DROP - silently drop the packet`
			`# logdrop - log then drop`
			`#`
Verify DEST interface in /etc/shorewall/tcrules git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1997 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb 2005-03-11 17:37:29 +01:00			`# By default, the RETURN target causes 'norfc1918' processing to cease for a`
			`# packet if the packet's source IP address matches the rule. Thus, if you have:`
Add RFC1918_STRICT Option git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1993 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb 2005-03-10 23:27:33 +01:00			`#`
			`# SUBNETS TARGET`
			`# 192.168.1.0/24 RETURN`
			`#`
			`# then traffic from 192.168.1.4 to 10.0.3.9 will be accepted even though you`
			`# also have:`
			`#`
			`# SUBNETS TARGET`
			`# 10.0.0.0/8 logdrop`
			`#`
			`# Setting RFC1918_STRICT=Yes in shorewall.conf will cause such traffic to be`
			`# logged and dropped since while the packet's source matches the RETURN rule,`
			`# the packet's destination matches the 'logdrop' rule.`
			`#`
			`################################################################################`
Allow list in the SUBNET column of the rfc1918 file git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1728 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb 2004-10-26 17:26:13 +02:00			`#SUBNETS TARGET`
Initial revision git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1103 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb 2004-01-31 17:11:22 +01:00			`172.16.0.0/12 logdrop # RFC 1918`
			`192.168.0.0/16 logdrop # RFC 1918`
Add nobogons interface option git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1197 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb 2004-03-17 20:06:54 +01:00			`10.0.0.0/8 logdrop # RFC 1918`
Initial revision git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@1103 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb 2004-01-31 17:11:22 +01:00			`#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE`