# Add unreachable routes for any prefix we don't want to route to
# the internet.
protocol static bogon_unreach {
{%- if proto == 'v4' %}
	# RFC1918, RFC 6598, APIPA, TEST nets, and stuff
	route 0.0.0.0/8		unreachable;	# Host-Subnet
	route 10.0.0.0/8	unreachable;	# RFC 1918
	route 100.64.0.0/10	unreachable;	# RFC 6598
	route 169.254.0.0/16	unreachable;	# APIPA
	route 172.16.0.0/12	unreachable;	# RFC 1918
	route 192.0.0.0/24	unreachable;	# IANA RESERVED
	route 192.0.2.0/24	unreachable;	# TEST-NET-1
	route 192.168.0.0/16	unreachable;	# RFC 1918
	route 198.18.0.0/15	unreachable;	# BENCHMARK
	route 198.51.100.0/24	unreachable;	# TEST-NET-2
	route 203.0.113.0/24	unreachable;	# TEST-NET-3
	route 224.0.0.0/3	unreachable;	# MCast + Class E
{%- else %}
	route ::/96         unreachable; # RFC 4291
	route 2001:db8::/32 unreachable; # Documentation
	route fec0::/10     unreachable; # Site Local
	route fc00::/7      unreachable; # ULA
{%- endif %}
}