Commit d56ab196 authored by Benjamin Graillot's avatar Benjamin Graillot Committed by root
Browse files

Explicitely reject private IP addresses

parent 02152c60
......@@ -60,6 +60,8 @@ table inet filter {
type filter hook forward priority 0; policy accept;
ct state new log prefix "LOG_ALL "
ct state established,related accept
ip daddr 172.16.0.0/16 reject
ip6 daddr fd00::/8 reject
ip protocol icmp accept
ip protocol ipv6-icmp accept
icmpv6 type { destination-unreachable, packet-too-big, time-exceeded, parameter-problem, echo-request, echo-reply, mld-listener-query, mld-listener-report, mld-listener-done, nd-router-solicit, nd-router-advert, nd-neighbor-solicit, nd-neighbor-advert, nd-redirect, router-renumbering } accept
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment