Add 6to4 anycast prefixes to bogon filter

Globally anycasted 6to4 has outlived its usefulness.
Operational discussion: http://seclists.org/nanog/2018/Jun/268

OK deraadt@

1 files changed, 3 insertions, 1 deletions

diff --git a/etc/examples/bgpd.conf b/etc/examples/bgpd.conf
index a5fa7234a3c..2289db5e957 100644
--- a/etc/examples/bgpd.conf
+++ b/etc/examples/bgpd.conf
@@ -1,4 +1,4 @@
-# $OpenBSD: bgpd.conf,v 1.9 2018/06/13 09:44:57 claudio Exp $
+# $OpenBSD: bgpd.conf,v 1.10 2018/06/21 15:57:04 job Exp $
 # sample bgpd configuration file
 # see bgpd.conf(5)
 
@@ -118,6 +118,7 @@ deny from any prefix 127.0.0.0/8 prefixlen >= 8 	# localhost [RFC1122]
 deny from any prefix 169.254.0.0/16 prefixlen >= 16	# link local [RFC3927]
 deny from any prefix 172.16.0.0/12 prefixlen >= 12	# private space [RFC1918]
 deny from any prefix 192.0.2.0/24 prefixlen >= 24	# TEST-NET-1 [RFC5737]
+deny from any prefix 192.88.99.0/24 prefixlen >= 24	# 6to4 anycast [RFC7526]
 deny from any prefix 192.168.0.0/16 prefixlen >= 16	# private space [RFC1918]
 deny from any prefix 198.18.0.0/15 prefixlen >= 15	# benchmarking [RFC2544]
 deny from any prefix 198.51.100.0/24 prefixlen >= 24	# TEST-NET-2 [RFC5737]
@@ -131,6 +132,7 @@ deny from any prefix 0100::/64 prefixlen >= 64		# Discard-Only [RFC6666]
 deny from any prefix 2001:2::/48 prefixlen >= 48	# BMWG [RFC5180]
 deny from any prefix 2001:10::/28 prefixlen >= 28	# ORCHID [RFC4843]
 deny from any prefix 2001:db8::/32 prefixlen >= 32	# docu range [RFC3849]
+deny from any prefix 2002::/16 prefixlen >= 16		# 6to4 anycast [RFC7526]
 deny from any prefix 3ffe::/16 prefixlen >= 16		# old 6bone
 deny from any prefix fc00::/7 prefixlen >= 7		# unique local unicast
 deny from any prefix fe80::/10 prefixlen >= 10		# link local unicast