[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Updated prefix filtering

Subject: Updated prefix filtering
From: frederik at kriewitz.eu (Frederik Kriewitz)
Date: Sun, 10 May 2015 18:55:07 +0200
In-reply-to: <CAA93jw7NrW7D7YOM7gWj+2up3xPFZdv5u=9c3cTdm+wtaGTB6Q@mail.gmail.com>
References: <[email protected]> <CAA93jw7NrW7D7YOM7gWj+2up3xPFZdv5u=9c3cTdm+wtaGTB6Q@mail.gmail.com>

Hello Dave,

On Sun, May 10, 2015 at 1:49 AM, Dave Taht <dave.taht at gmail.com> wrote:
> I have had a piece long on the spike on how we implemented bcp38 for
> linux (openwrt) devices using the ipset facility.
>
> We had a different use case (preventing all possible internal rfc1918
> network addresses from escaping, while still allowing punching through
> one layer of nat ), but the underlying ipset facility was easily
> extendible to actually do bcp38 and fast to use, so that is what we
> ended up calling the openwrt package. Please contact me offlist if you
> would like a peek at that piece, because the article had some
> structural problems and we never got around to finishing/publishing
> it, and I would like to....
>
> has there been a bcp38 equivalent published for ipv6?

I don't see how this is related to the OPs problem.
But there's the rpfilter iptables module which can be used for BCP38
IPv4 and IPv6 implementations on linux routers.

References:
- Updated prefix filtering
  - From: chaim.rieger at gmail.com (Chaim Rieger)
- Updated prefix filtering
  - From: dave.taht at gmail.com (Dave Taht)

Prev by Date: Thousands of hosts on a gigabit LAN, maybe not
Next by Date: Updated prefix filtering
Previous by thread: Updated prefix filtering
Next by thread: Updated prefix filtering
Index(es):
- Date
- Thread