forked from extern/shorewall_code
Remove last vestiges of 'nobogons'
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2445 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
parent
3f748212d6
commit
21a7315717
@ -1,67 +0,0 @@
|
||||
#
|
||||
# Shorewall 2.4 -- Bogons File
|
||||
#
|
||||
# /etc/shorewall/bogons
|
||||
#
|
||||
# Lists the subnetworks that are blocked by the 'nobogons' interface option.
|
||||
#
|
||||
# The default list includes those those ip ADDRESSES listed
|
||||
# as 'reserved' by the IANA, the DHCP Autoconfig class B, and the class C
|
||||
# reserved for use in documentation and examples.
|
||||
#
|
||||
# DO NOT MODIFY THIS FILE. IF YOU NEED TO MAKE CHANGES, COPY THE FILE
|
||||
# TO /etc/shorewall AND MODIFY THE COPY.
|
||||
#
|
||||
# Columns are:
|
||||
#
|
||||
# SUBNET The subnet (host addresses also allowed as are IP
|
||||
# address ranges provided that your kernel and iptables
|
||||
# include iprange match support).
|
||||
# TARGET Where to send packets to/from this subnet
|
||||
# RETURN - let the packet be processed normally
|
||||
# DROP - silently drop the packet
|
||||
# logdrop - log then drop
|
||||
#
|
||||
###############################################################################
|
||||
#SUBNET TARGET
|
||||
0.0.0.0 RETURN # Stop the DHCP whining
|
||||
255.255.255.255 RETURN # We need to allow limited broadcast
|
||||
169.254.0.0/16 DROP # DHCP autoconfig
|
||||
192.0.2.0/24 logdrop # Example addresses (RFC 3330)
|
||||
#
|
||||
# The following are generated with the help of the Python program found at:
|
||||
#
|
||||
# http://www.shorewall.net/pub/shorewall/contrib/iana_reserved/
|
||||
#
|
||||
# The program was contributed by Andy Wiggin
|
||||
#
|
||||
|
||||
0.0.0.0/7 logdrop # Reserved
|
||||
2.0.0.0/8 logdrop # Reserved
|
||||
5.0.0.0/8 logdrop # Reserved
|
||||
7.0.0.0/8 logdrop # Reserved
|
||||
23.0.0.0/8 logdrop # Reserved
|
||||
27.0.0.0/8 logdrop # Reserved
|
||||
31.0.0.0/8 logdrop # Reserved
|
||||
36.0.0.0/7 logdrop # Reserved
|
||||
39.0.0.0/8 logdrop # Reserved
|
||||
42.0.0.0/8 logdrop # Reserved
|
||||
77.0.0.0/8 logdrop # Reserved
|
||||
78.0.0.0/7 logdrop # Reserved
|
||||
92.0.0.0/6 logdrop # Reserved
|
||||
96.0.0.0/4 logdrop # Reserved
|
||||
112.0.0.0/5 logdrop # Reserved
|
||||
120.0.0.0/6 logdrop # Reserved
|
||||
127.0.0.0/8 logdrop # Reserved
|
||||
173.0.0.0/8 logdrop # Reserved
|
||||
174.0.0.0/7 logdrop # Reserved
|
||||
176.0.0.0/5 logdrop # Reserved
|
||||
184.0.0.0/6 logdrop # Reserved
|
||||
197.0.0.0/8 logdrop # Reserved
|
||||
223.0.0.0/8 logdrop # Reserved
|
||||
240.0.0.0/4 logdrop # Reserved
|
||||
|
||||
#
|
||||
# End of generated entries
|
||||
#
|
||||
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
|
@ -82,16 +82,6 @@
|
||||
# addresses are reserved by RFC 1918 are
|
||||
# also rejected.
|
||||
#
|
||||
# nobogons - This option only makes sense for ports
|
||||
# on a bridge.
|
||||
#
|
||||
# This port should not accept
|
||||
# any packets whose source is in one
|
||||
# of the ranges reserved by IANA (this
|
||||
# option does not cover those ranges
|
||||
# reserved by RFC 1918 -- see
|
||||
# 'norfc1918' above).
|
||||
#
|
||||
# blacklist - This option only makes sense for ports
|
||||
# on a bridge.
|
||||
#
|
||||
|
@ -69,15 +69,6 @@
|
||||
# addresses are reserved by RFC 1918 are
|
||||
# also rejected.
|
||||
#
|
||||
# nobogons - This interface should not receive
|
||||
# any packets whose source is in one
|
||||
# of the ranges reserved by IANA (this
|
||||
# option does not cover those ranges
|
||||
# reserved by RFC 1918 -- see above).
|
||||
#
|
||||
# I PERSONALLY RECOMMEND AGAINST USING
|
||||
# THE 'nobogons' OPTION.
|
||||
#
|
||||
# routefilter - turn on kernel route filtering for this
|
||||
# interface (anti-spoofing measure). This
|
||||
# option can also be enabled globally in
|
||||
|
Loading…
Reference in New Issue
Block a user