RFC 1918 blocking
-
Just a question about how this works. Sorry if answered previously, my search didn't turn up anything useful in the first couple pages.
Let's say I have this option turned on on my WAN interface. If I allow, let's say, TCP 443 from any IP address on the WAN interface, will having this option turned on still block incoming connections from 10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16?
-M -
Yes. They are implemented with quick enabled (meaning processing stops and the packet is dropped) prior to user rules.
block anything from private networks on interfaces with the option set
block in log quick on $WAN from 10.0.0.0/8 to any tracker 1000001581 label "Block private networks from WAN block 10/8"
block in log quick on $WAN from 127.0.0.0/8 to any tracker 1000001582 label "Block private networks from WAN block 127/8"
block in log quick on $WAN from 100.64.0.0/10 to any tracker 1000001583 label "Block private networks from WAN block 100.64/10"
block in log quick on $WAN from 172.16.0.0/12 to any tracker 1000001584 label "Block private networks from WAN block 172.16/12"
block in log quick on $WAN from 192.168.0.0/16 to any tracker 1000001585 label "Block private networks from WAN block 192.168/16"
block in log quick on $WAN from fc00::/7 to any tracker 1000001586 label "Block ULA networks from WAN block fc00::/7"
