# # Shorewall 2.4 -- RFC1918 File # # /etc/shorewall/rfc1918 # # Lists the subnetworks that are blocked by the 'norfc1918' interface option. # # The default list includes those IP addresses listed in RFC 1918. # # DO NOT MODIFY THIS FILE. IF YOU NEED TO MAKE CHANGES, COPY THE FILE # TO /etc/shorewall AND MODIFY THE COPY. # # Columns are: # # SUBNETS A comma-separated list of subnet addresses # (host addresses also allowed as are IP # address ranges provided that your kernel and iptables # have iprange match support). # TARGET Where to send packets to/from this subnet # RETURN - let the packet be processed normally # DROP - silently drop the packet # logdrop - log then drop # # By default, the RETURN target causes 'norfc1918' processing to cease for a # packet if the packet's source IP address matches the rule. Thus, if you have: # # SUBNETS TARGET # 192.168.1.0/24 RETURN # # then traffic from 192.168.1.4 to 10.0.3.9 will be accepted even though you # also have: # # SUBNETS TARGET # 10.0.0.0/8 logdrop # # Setting RFC1918_STRICT=Yes in shorewall.conf will cause such traffic to be # logged and dropped since while the packet's source matches the RETURN rule, # the packet's destination matches the 'logdrop' rule. # ################################################################################ #SUBNETS TARGET 172.16.0.0/12 logdrop # RFC 1918 192.168.0.0/16 logdrop # RFC 1918 10.0.0.0/8 logdrop # RFC 1918 #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE