#
# Shorewall version 3.2 - Rfc1918 File
#
# /etc/shorewall/rfc1918
#
#	Lists the subnetworks that are blocked by the 'norfc1918' interface
#	option.
#
#	The default list includes those IP addresses listed in RFC 1918.
#
#	DO NOT MODIFY THIS FILE. IF YOU NEED TO MAKE CHANGES, COPY THE FILE
#	TO /etc/shorewall AND MODIFY THE COPY.
#
# Columns are:
#
#	SUBNETS		A comma-separated list of subnet addresses
#			(host addresses also allowed as are IP
#			address ranges provided that your kernel and iptables
#			have iprange match support).
#	TARGET		Where to send packets to/from this subnet
#			RETURN	- let the packet be processed normally
#			DROP	- silently drop the packet
#			logdrop - log then drop
#
#	By default, the RETURN target causes 'norfc1918' processing to cease
#	for a packet if the packet's source IP address matches the rule. Thus,
#	if you have:
#
#		SUBNETS			TARGET
#		192.168.1.0/24		RETURN
#
#	then traffic from 192.168.1.4 to 10.0.3.9 will be accepted even though
#	you also have:
#
#		SUBNETS			TARGET
#		10.0.0.0/8		logdrop
#
#	Setting RFC1918_STRICT=Yes in shorewall.conf will cause such traffic
#	to be logged and dropped since while the packet's source matches the
#	RETURN rule, the packet's destination matches the 'logdrop' rule.
#
###############################################################################
#SUBNETS		TARGET
172.16.0.0/12		logdrop		# RFC 1918
192.168.0.0/16		logdrop		# RFC 1918
10.0.0.0/8		logdrop		# RFC 1918
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE