diff options
| author |   itojun <itojun@openbsd.org> | 2006-11-15 06:28:33 +0000 |
|---|---|---|
| committer | itojun <itojun@openbsd.org> | 2006-11-15 06:28:33 +0000 |
| commit | a4ee3723c00defb159eb50964faad5debfc39569 (patch) | |
| tree | a19634fadd98d5ebd090364432217f322eba81a0 | |
| parent | typo; from daniel matic (diff) | |
| download | wireguard-openbsd-a4ee3723c00defb159eb50964faad5debfc39569.tar.xz wireguard-openbsd-a4ee3723c00defb159eb50964faad5debfc39569.zip | |
reject multicast packet without scope identifier specified.
| -rw-r--r-- | etc/netstart | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/etc/netstart b/etc/netstart index c9487f36ec9..9823cffcb49 100644 --- a/etc/netstart +++ b/etc/netstart @@ -1,6 +1,6 @@ #!/bin/sh - # -# $OpenBSD: netstart,v 1.114 2006/06/29 17:23:28 todd Exp $ +# $OpenBSD: netstart,v 1.115 2006/11/15 06:28:33 itojun Exp $ # Strip comments (and leading/trailing whitespace if IFS is set) # from a file and spew to stdout @@ -261,6 +261,10 @@ if ifconfig lo0 inet6 >/dev/null 2>&1; then route -qn add -inet6 2002:0000:: -prefixlen 24 ::1 -reject > /dev/null route -qn add -inet6 2002:ff00:: -prefixlen 24 ::1 -reject > /dev/null + # Disallow packets without scope identifier. + route -qn add -inet6 ff01:: -prefixlen 16 ::1 -reject > /dev/null + route -qn add -inet6 ff02:: -prefixlen 16 ::1 -reject > /dev/null + # Completely disallow packets to IPv4 compatible prefix. # This may conflict with RFC1933 under following circumstances: # (1) An IPv6-only KAME node tries to originate packets to IPv4 |