mirror of
https://git.openwrt.org/feed/packages.git
synced 2024-06-26 09:37:44 +02:00
e5910b9834
It is increasingly likely 240/4 and 0/8 netblocks will be allocated as unicast globally rout-able and reachable address space 240/4 is already enabled throughout linux and openwrt. Permit these address blocks under bcp38 address validation, ie. remove those ranges from the block list: list match '0.0.0.0/8' # RFC 1700 list match '240.0.0.0/4' # RFC 5745 Signed-off-by: Dave Taht <dave.taht@gmail.com> [bump package - minor tweaks to commit message - remove commented lines] Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
25 lines
897 B
Plaintext
25 lines
897 B
Plaintext
config bcp38
|
|
option enabled 0
|
|
option interface 'eth1'
|
|
option detect_upstream 1
|
|
list match '127.0.0.0/8'
|
|
list match '192.0.2.0/24' # RFC 5737
|
|
list match '198.51.100.0/24' # RFC 5737
|
|
list match '203.0.113.0/24' # RFC 5737
|
|
list match '192.168.0.0/16' # RFC 1918
|
|
list match '10.0.0.0/8' # RFC 1918
|
|
list match '172.16.0.0/12' # RFC 1918
|
|
list match '169.254.0.0/16' # RFC 3927
|
|
|
|
# list nomatch '172.26.0.0/21' # Example of something not to match
|
|
# There is a dhcp trigger to do this for the netmask of a
|
|
# double natted connection needed
|
|
|
|
# You can only specify IPv4 addresses here - for IPv6, only source
|
|
# specific default routes will be installed, which achieves the same
|
|
# without needing any firewall routes.
|
|
|
|
# I will argue that this level of indirection doesn't scale
|
|
# very well - see how to block china as an example
|
|
# http://www.okean.com/china.txt
|