summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorclaudio <claudio@openbsd.org>2013-08-14 21:25:43 +0000
committerclaudio <claudio@openbsd.org>2013-08-14 21:25:43 +0000
commit5f970ba4458db2e08705344b7e1938b709c836d8 (patch)
treef77d890b6acc7d66e4af4383934cd0c7f77f77f3
parentRewrite the internals of the RDE reload logic. (diff)
downloadwireguard-openbsd-5f970ba4458db2e08705344b7e1938b709c836d8.tar.xz
wireguard-openbsd-5f970ba4458db2e08705344b7e1938b709c836d8.zip
Filter the IPv6 Discard-Only Prefix because it should not be globally
routable. See RFC6666. Diff by Gleydson Soares.
Diffstat
-rw-r--r--etc/bgpd.conf3
1 files changed, 2 insertions, 1 deletions
diff --git a/etc/bgpd.conf b/etc/bgpd.conf
index 977cbb0c52b..b5804fde098 100644
--- a/etc/bgpd.conf
+++ b/etc/bgpd.conf
@@ -1,4 +1,4 @@
-# $OpenBSD: bgpd.conf,v 1.14 2013/06/02 14:11:38 florian Exp $
+# $OpenBSD: bgpd.conf,v 1.15 2013/08/14 21:25:43 claudio Exp $
# sample bgpd configuration file
# see bgpd.conf(5)
@@ -103,6 +103,7 @@ deny from any prefix 240.0.0.0/4 prefixlen >= 4 # reserved
# filter bogus IPv6 networks according to IANA
deny from any prefix ::/8 prefixlen >= 8
+deny from any prefix 0100::/64 prefixlen >= 64 # Discard-Only [RFC6666]
deny from any prefix 2001:2::/48 prefixlen >= 48 # BMWG [RFC5180]
deny from any prefix 2001:10::/28 prefixlen >= 28 # ORCHID [RFC4843]
deny from any prefix 2001:db8::/32 prefixlen >= 32 # docu range [RFC3849]
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.