Block private & bogon networks on OPT1



  • Hi,

    Would putting <blockpriv>and <blockbogons>on the interfaces section of /cf/conf/config.xml like this:

    		 <opt1><descr>WAN2</descr>
    			<if>rl1</if>
    			 <bridge><ipaddr>dhcp</ipaddr>
    			 <spoofmac><blockpriv><blockbogons><mtu>1492</mtu>
    			 <disableftpproxy><dhcphostname></dhcphostname></disableftpproxy></blockbogons></blockpriv></spoofmac></bridge></opt1> 
    

    and rebooting do the trick of blocking private IPs and bogons on OPT1 even if the graphical interface is not updated (neither the "interfaces" nor the firewall "rules" page)?

    Regards,

    Rigius</blockbogons></blockpriv>



  • Something that seems to work for me is creating an alias of RFC 1918 addresses and blocking that on OPT1 for WAN purposes.


Log in to reply