| 123456789101112131415161718192021222324 |
- # Add unreachable routes for any prefix we don't want to route to
- # the internet.
- protocol static bogon_unreach {
- {%- if proto == 'v4' %}
- # RFC1918, RFC 6598, APIPA, TEST nets, and stuff
- route 0.0.0.0/8 unreachable; # Host-Subnet
- route 10.0.0.0/8 unreachable; # RFC 1918
- route 100.64.0.0/10 unreachable; # RFC 6598
- route 169.254.0.0/16 unreachable; # APIPA
- route 172.16.0.0/12 unreachable; # RFC 1918
- route 192.0.0.0/24 unreachable; # IANA RESERVED
- route 192.0.2.0/24 unreachable; # TEST-NET-1
- route 192.168.0.0/16 unreachable; # RFC 1918
- route 198.18.0.0/15 unreachable; # BENCHMARK
- route 198.51.100.0/24 unreachable; # TEST-NET-2
- route 203.0.113.0/24 unreachable; # TEST-NET-3
- route 224.0.0.0/3 unreachable; # MCast + Class E
- {%- else %}
- route ::/96 unreachable; # RFC 4291
- route 2001:db8::/32 unreachable; # Documentation
- route fec0::/10 unreachable; # Site Local
- route fc00::/7 unreachable; # ULA
- {%- endif %}
- }
|
