Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/etc/rc.d disallow packets to malicious 6to4 prefix, based on
details: https://anonhg.NetBSD.org/src/rev/c79dc61cae8e
branches: trunk
changeset: 483525:c79dc61cae8e
user: itojun <itojun%NetBSD.org@localhost>
date: Sun Mar 12 04:21:26 2000 +0000
description:
disallow packets to malicious 6to4 prefix, based on
http://playground.iijlab.net/i-d/draft-itojun-ipv6-transition-abuse-00.txt
diffstat:
etc/rc.d/network | 9 ++++++++-
1 files changed, 8 insertions(+), 1 deletions(-)
diffs (25 lines):
diff -r bea1606441e5 -r c79dc61cae8e etc/rc.d/network
--- a/etc/rc.d/network Sun Mar 12 03:49:36 2000 +0000
+++ b/etc/rc.d/network Sun Mar 12 04:21:26 2000 +0000
@@ -1,6 +1,6 @@
#!/bin/sh
#
-# $NetBSD: network,v 1.2 2000/03/11 20:13:42 veego Exp $
+# $NetBSD: network,v 1.3 2000/03/12 04:21:26 itojun Exp $
#
# PROVIDE: network
@@ -197,6 +197,13 @@
route add -inet6 ::ffff:0.0.0.0 -prefixlen 96 ::1 -reject
route add -inet6 ::0.0.0.0 -prefixlen 96 ::1 -reject
+ # disallow packets to malicious 6to4 prefix
+ #
+ route add -inet6 2002:e000:: -prefixlen 20 ::1 -reject
+ route add -inet6 2002:7f00:: -prefixlen 24 ::1 -reject
+ route add -inet6 2002:0000:0000:: -prefixlen 48 ::1 -reject
+ route add -inet6 2002:ffff:ffff:: -prefixlen 48 ::1 -reject
+
sysctl -w net.inet6.ip6.forwarding=0 >/dev/null
sysctl -w net.inet6.ip6.accept_rtadv=0 >/dev/null
Home |
Main Index |
Thread Index |
Old Index