Block fc00::/7 out WAN just like RFC1918?
-
There’s this documentation:
https://docs.netgate.com/pfsense/en/latest/recipes/rfc1918-egress.htmlIt only refers to IPv4, but wouldn’t it also be a good idea to block fc00::/7 from going outbound the WAN as well?
-
@offstageroller Sure.
::1/128 ::ffff:0:0/96 ::ffff:0:0:0/96 100::/64 2001:20::/28 2001:db8::/32 fc00::/7 fe80::/10 -
@bob-dig said in Block fc00::/7 out WAN just like RFC1918?:
::1/128
Me thinking out loud :
An incoming packet on any interface - except 'lo' (local host) is a protocol "syntax error" anyway, and as such, are discarded even before 'filtering' begins.I don't see myself blocking "127.0.0.1" on a LAN interface neither ;)
Should I ? :) -
@gertjan I just want to make sure.
-
@bob-dig said in Block fc00::/7 out WAN just like RFC1918?:
fe80::/10
This is the one that jumps out at me, well the loop backs as well... But if you did block link-local outbound on your wan.. Quite possible your just going to break ipv6 completely..
An intelligent man is sometimes forced to be drunk to spend time with his fools
If you get confused: Listen to the Music Play
Please don't Chat/PM me for help, unless mod related
SG-4860 24.11 | Lab VMs 2.7.2, 24.11 -
@johnpoz It is working though.
Floating:
-
@bob-dig said in Block fc00::/7 out WAN just like RFC1918?:
fe80::/10
Will pfsense even attempt to route that? Link local addresses are not routeable, unlike unique local and RFC1918 addresses.
-
@johnpoz said in Block fc00::/7 out WAN just like RFC1918?:
But if you did block link-local outbound on your wan.. Quite possible your just going to break ipv6 completely..
Yep. My ISP's gateway has a link local address.
-
@jknott said in Block fc00::/7 out WAN just like RFC1918?:
Yep. My ISP's gateway has a link local address.
Mine too.
-
@bob-dig said in Block fc00::/7 out WAN just like RFC1918?:
@jknott said in Block fc00::/7 out WAN just like RFC1918?:
Yep. My ISP's gateway has a link local address.
Mine too.
Mine three.
